JP2007318513A - Information processor, processing method and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To protect the protection information appropriately in an environment where the protection information is delivered/received by a plurality of apparatus. <P>SOLUTION: A security manager 21 manages key data to be used as a common key in a security group 51, i.e. LE Key 61, D Key 62 and N Key 63. On the other hand, the security manager 21 manages subscription to the security group 51 for each apparatus connected thereto until now, and sets the key data managed by itself as the common key for apparatus subscribed to the security group 51, e.g. the information processors 1-5 on Fig. 1, and manages the set content. The invention is applicable to a system in which a security group is formed. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to an information processing apparatus, method, and program, and more particularly, to an information processing apparatus, method, and program capable of realizing appropriate protection of the protection information in an environment in which the protection information is exchanged between a plurality of devices.

  In recent years, a protection technology for information (hereinafter referred to as protection information) that should protect copyright and the like, for example, a content protection technology has been attracting attention.

  For example, Patent Document 1 discloses a protection technique for editing content while protecting the copyright as well as viewing the content.

  Further, for example, Patent Document 2 discloses a protection technique in which whether or not content transmission is possible is performed by performing one-to-one authentication between devices, and encrypted and transmitted.

For example, CPRM (Content Protection for Recordable Media), CSS (Content Scrambling) as content protection technology (content encryption method) for copyright protection of completed content (for example, DVD (Digital Versatile Disc) and broadcast radio waves) System, DTCP (Digital Transmission Content Protection), HDCP (High-bandwidth Digital Content Protection), OpenMG, and ARIB copy control bits have been proposed.
JP 2001-93227 A Japanese Patent No.3141942

  However, the conventional content protection technology including Patent Documents 1 and 2 is directly applied to an environment in which such protection information is exchanged by a plurality of devices, for example, for a production workflow such as a broadcasting station or a production house. It is unsuitable to do.

  For example, since the protection technique of Patent Document 1 is a technique limited to super-distributed data, it cannot be directly applied to an environment such as content production.

  Further, for example, the protection technique disclosed in Patent Document 2 requires authentication using a bidirectional path for each reproduction or recording. On the other hand, devices that are used in environments such as content production are required to have operational responsiveness, and are often connected with only a one-way interface during operation. Therefore, the protection technique of Patent Document 2 cannot be directly applied to an environment such as content production.

  In addition, for example, all of the above-mentioned content protection technologies for copyright protection of completed content are a mechanism for preventing unauthorized copying and lack of mutual connection between methods. It is difficult to apply to an environment such as content production in which a finished product is created while using a device.

  The present invention has been made in view of such a situation, and makes it possible to realize appropriate protection of protection information in an environment in which the protection information is exchanged by a plurality of devices.

  In the first information processing apparatus according to one aspect of the present invention, a plurality of devices each having a common key are subscribed, and protection information is transmitted from a predetermined one of the devices to another In this case, the predetermined unit encrypts the protection information using a common key, transmits the encrypted protection information obtained as a result, and the other unit receives the encryption protection information. An information processing apparatus that manages a security group that is defined to be decrypted using the common key, and that manages key data to be used as the common key; For each device connected to itself so far, it manages the presence / absence of subscription to the security group, and the key data managed by the key management means for the devices that have joined the security group. The set as the common key and a device management means for managing the setting content.

  In the security group, there are a plurality of types of transmission modes of the encryption protection information, and it is defined that a plurality of types of common keys are set corresponding to each of the plurality of types of transmission modes. The means manages key data to be used as each of the plurality of types of common keys, and the device management means further selects usable types of the plurality of types of transmission forms for each of the devices. For the devices that are managed and subscribed to the security group, the corresponding key data of the key data managed by the key management means is assigned to the common key for each of the usable transmission modes. Can be set, and the setting contents can be managed.

  There are a plurality of security groups, the key management unit individually manages different key data as the common keys of the plurality of security groups, and the device management unit includes the plurality of security groups. Each of the plurality of security groups is managed as the common key of the target security group by the key management means for each of the plurality of security groups. Each key data can be set and the setting contents can be managed.

  In the first information processing method according to one aspect of the present invention, a plurality of devices each having a common key are subscribed, and protection information is transmitted from one of the devices to another device. In this case, the predetermined unit encrypts the protection information using a common key, transmits the encrypted protection information obtained as a result, and the other unit receives the encryption protection information. In an information processing method of an information processing apparatus that manages a security group that is specified to be decrypted using the common key, the key data to be used as the common key is managed in an information processing method for managing the security group For each device connected to itself, the presence / absence of joining the security group is managed, and the managed key data is used as the common key for the devices joining the security group. Constant, it is possible to manage the contents of the setting.

  A first program according to one aspect of the present invention is a program corresponding to the above-described first information processing method according to one aspect of the present invention.

  In the first information processing apparatus and method and the first program according to one aspect of the present invention, a plurality of devices to which a common key is set are subscribed. When the protection information is transmitted to the base, the predetermined one encrypts the protection information using a common key, transmits the encrypted protection information obtained as a result, and the other one The following management is performed for a security group that is defined to receive encryption protection information and decrypt it using the common key. That is, key data to be used as the common key is managed, and whether or not each device connected so far is managed with or without joining the security group. On the other hand, the managed key data is set as the common key, and the setting contents are managed.

  In the second information processing apparatus according to one aspect of the present invention, a plurality of devices each having a common key are subscribed, and protection information is transmitted from a predetermined one of the devices to another In this case, the predetermined unit encrypts the protection information using a common key, transmits the encrypted protection information obtained as a result, and the other unit receives the encryption protection information. An information processing apparatus that manages a security group that is defined to be decrypted using the common key, and that manages key data to be used as the common key; A device image of a device that includes the first region indicating the security group and the other second region other than the first region and that has been connected to itself so far and that has joined the security group. Displayed in the area of Display control for controlling display of the GUI image, which is a GUI (Graphical User Interface) image in which a device image of a device not joined to a security group is displayed in the second area, and the device image can be moved. And when the movement operation from the second area to the first area of the predetermined device image is performed in the GUI image whose display is controlled by the display control means, the predetermined device image And a device management unit that manages that the corresponding device has joined the security group, sets the key data managed by the key management unit as the common key, and manages the setting contents.

  In the GUI image, when the movement operation from the first region to the second region of the predetermined device image is performed in the GUI image, the device management unit further relates to the device corresponding to the predetermined device image. It is possible to manage the withdrawal from the security group, and to cancel the setting of the common key and manage the contents of the cancellation.

  In the second information processing method according to one aspect of the present invention, a plurality of devices each having a common key are subscribed, and the protection information is transmitted from one of the devices to another device. In this case, the predetermined unit encrypts the protection information using a common key, transmits the encrypted protection information obtained as a result, and the other unit receives the encryption protection information. An information processing method of an information processing apparatus that manages a security group that is defined to be decrypted using the common key, managing key data to be used as the common key, A device image of a device that includes the first region indicating the security group and the other second region other than the first region and that has been connected to itself so far and that has joined the security group. Displayed in the area of A GUI (Graphical User Interface) image in which device images of devices not joined to a security group are displayed in the second area, the display of the GUI image capable of moving the device image being controlled, and displayed When the movement operation from the second area of the predetermined device image to the first region is performed in the GUI image in which the device is controlled, the device corresponding to the predetermined device image is transferred to the security group. It manages that it has joined, sets the managed key data as the common key, and manages the setting contents.

  The second program according to one aspect of the present invention is a program corresponding to the above-described second information processing method according to one aspect of the present invention.

  In the second information processing apparatus and method and the second program according to one aspect of the present invention, a plurality of devices each having a common key are subscribed, and a predetermined one of them is replaced with another one. When the protection information is transmitted to the base, the predetermined one encrypts the protection information using a common key, transmits the encrypted protection information obtained as a result, and the other one Management is performed as follows for a security group that is prescribed to receive encryption protection information and decrypt it using the common key. That is, key data to be used as the common key is managed. In addition, a device image of a device that has joined the security group among the devices connected to itself, including a first region indicating the security group and a second region other than the first region. A GUI (Graphical User Interface) image displayed in a first area and displaying a device image of a device that has not joined the security group in the second region, wherein the device image can be moved When the movement operation from the second area of the predetermined device image to the first region is performed in a state where the display of the GUI image is controlled, the device corresponding to the predetermined device image is The fact that the user has joined a security group is managed, the managed key data is set as the common key, and the setting contents are managed.

  As described above, according to one aspect of the present invention, protection information can be protected. Furthermore, appropriate protection of the protection information can be realized in an environment where the protection information is exchanged between a plurality of devices.

  DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Embodiments of the present invention will be described below. Correspondences between constituent features described in claims and specific examples in the specification or the drawings are exemplified as follows. This description is intended to confirm that specific examples supporting the invention described in the claims are described in the specification or the drawings. Accordingly, even if there are specific examples that are described in the specification or drawings but are not described here as corresponding to the configuration requirements, the specific examples are not included in the configuration requirements. It does not mean that it does not correspond to. On the contrary, even if a specific example is described here as corresponding to a configuration requirement, this means that the specific example does not correspond to a configuration requirement other than the configuration requirement. not.

  Further, this description does not mean that all the inventions corresponding to the specific examples described in the specification or the drawings are described in the claims. In other words, this description is an invention corresponding to a specific example described in the specification or drawings, and there is an invention that is not described in the claims of this application, that is, a divisional application may be made in the future. The existence of an invention added by amendment is not denied.

The first information processing apparatus according to one aspect of the present invention (for example, the security manager 21 in FIGS. 1 and 3)
A plurality of devices (for example, the camcorder 1, the deck 2, the material server 3, the editor 4, the monitor 5 and the like in FIG. 1) to which a common key (for example, the LE Key 61 in FIG. 1) is respectively set are joined. When the protection information is transmitted from the predetermined unit to the other unit, the predetermined unit encrypts the protection information using a common key and transmits the resulting encrypted protection information. And managing the security group (for example, the security group 51 in FIG. 1) that is prescribed that the other unit receives the encryption protection information and decrypts it using the common key. An information processing apparatus for performing
Key management means for managing key data to be used as the common key (for example, the CPU 101 in FIG. 3 that manages the key database in FIGS. 6 and 15 in the secure memory 104 in FIG. 3);
The key data managed by the key management means for each device connected to itself so as to manage whether or not to join the security group. 3 as a common key and managing the setting contents (for example, the CPU 101 in FIG. 3 that manages the device database in FIGS. 5 and 14 in the secure memory 104 in FIG. 3 and executes the processing in FIG. 7) And.

In the security group, there are a plurality of transmission modes of the encryption protection information (for example, transmission modes using the HD-SDI signal lines 31-1 to 31-3 in FIG. 1, that is, the HD-SDI in FIG. A first type of SDI interface, a transmission form by the recording medium 11 in Fig. 1, that is, a second type of the disk medium as shown in Fig. 9. A transmission form through the network 6 in Fig. 1, that is, a network as shown in Fig. 9 (Third type of interface) and a plurality of types of common keys are set corresponding to each of the plurality of types of transmission modes (for example, as shown in FIG. 1 and FIG. 9, for the first type) LE Key 61, D Key 62 is set for the second type, and N Key 63 is set for the third type).
The key management means manages key data to be used as each of the plurality of types of common keys (see, for example, the key database in FIGS. 6 and 15),
The device management means further manages the usable types of the plurality of types of transmission forms for each of the devices,
For each device that has joined the security group, the corresponding key data of the key data managed by the key management means is set as the common key for each of the usable transmission modes. Then, the setting contents are managed (see, for example, the device database in FIGS. 5 and 14).

There are a plurality of security groups (for example, in the example of FIG. 12, there are two types of security groups 51-A and 51-B),
The key management means individually manages different key data as each of the common keys of the plurality of security groups (for example, divided into group A and group B as in the key database of FIG. 15). Manage),
The device management means manages whether or not each of the plurality of security groups is subscribed (for example, refer to the item “security group” in the device database of FIG. 14),
For each of the plurality of security groups, the key data managed as the common key of the target security group is set by the key management unit for each device that has joined the target security group, Each setting content is managed (see, for example, “D Key”, “N Key”, and “LE Key” items in the device database of FIG. 14).

  The first information processing method and the first program according to one aspect of the present invention are each a method and a program corresponding to the above-described first information processing apparatus according to the one aspect of the present invention. For example, FIG. 8 processing is realized. The first program is executed by, for example, a computer shown in FIG.

The second information processing apparatus according to one aspect of the present invention provides:
(For example, the security manager 21 in FIGS. 1 and 3)
A plurality of devices (for example, the camcorder 1, the deck 2, the material server 3, the editor 4, the monitor 5 and the like in FIG. 1) to which a common key (for example, the LE Key 61 in FIG. 1) is respectively set are joined. When the protection information is transmitted from the predetermined unit to the other unit, the predetermined unit encrypts the protection information using a common key and transmits the resulting encrypted protection information. And managing the security group (for example, the security group 51 in FIG. 1) that is prescribed that the other unit receives the encryption protection information and decrypts it using the common key. An information processing apparatus for performing
Key management means for managing key data to be used as the common key (for example, the CPU 101 in FIG. 3 that manages the key database in FIGS. 6 and 15 in the secure memory 104 in FIG. 3);
Of each device connected to itself so far, including a first area (for example, area 154 in FIG. 4) indicating the security group and a second area (for example, area 153 in FIG. 4) other than that, A device image of a device that has joined the security group (for example, the icon 161 of “camcorder 101” in FIG. 4) is displayed in the first area, and a device image (for example, a device that has not joined the security group) 4 is a GUI (Graphical User Interface) image (for example, the GUI image of FIG. 4) displayed on the second area, and the device image can be moved. Display control means for controlling display of the GUI image;
In the GUI image whose display is controlled by the display control means, when the movement operation from the second area to the first area of a predetermined device image is performed (for example, see the arrow in FIG. 4) A device that manages that the device corresponding to the predetermined device image has joined the security group, sets the key data managed by the key management means as the common key, and manages the setting contents Management means (for example, the CPU 101 of FIG. 3 that manages the device database of FIGS. 5 and 14 in the secure memory 104 of FIG. 3 and executes the processing of FIG. 7).

  In the GUI image, the display control means displays a text portion such as the display form of the device image of the device connected to the information processing device itself (for example, the icon 161 of “Deck 441” in FIG. 4). And a display form of the device image of a device that is not connected to the information processing device itself (for example, an icon 161 of “Camcorder 101”). Different display form)

  The second information processing method and the second program according to one aspect of the present invention are each a method and a program corresponding to the above-described second information processing apparatus according to the one aspect of the present invention. For example, FIG. 8 processing is realized. The first program is executed by, for example, a computer shown in FIG.

  FIG. 1 is a diagram illustrating a configuration example of an information processing system to which the present invention is applied.

  In FIG. 1, a square surrounded by a solid line indicates a device or a block as a component thereof, and a square surrounded by a dotted line indicates predetermined information. The use of the solid and dotted squares is the same in other figures described later.

  In the example of FIG. 1, the information processing system includes information processing apparatuses 1 to 5 as devices that exchange protection information, and an information processing apparatus 21 that manages them.

  The number of devices that exchange protection information is five in the example of FIG. 1, but is not limited to the example of FIG. 1, and may be any number.

  In addition, the form of the protection information is not particularly limited, but in the present embodiment, the content includes video, more precisely, the content is converted into an electric signal, or is fixed to a recording medium as a signal. To do. However, hereinafter, for the sake of simplicity, the form in which the content is converted into an electric signal or the form in which the content is fixed as a signal will be simply referred to as content.

  In order to protect content exchanged by such a plurality of devices, an environment composed of the plurality of devices may be formed as follows. In other words, when a common key is set for each of a plurality of devices and content is transmitted from a predetermined one of the plurality of devices to another one, the predetermined one uses the common key. Then, it is only necessary to form an environment in which the content is encrypted and transmitted, and the encrypted content is decrypted by another unit using a common key. Such an environment is sometimes referred to as a peer group as a general term, but is hereinafter referred to as a security group.

  In this case, in a security group, content existing outside the plurality of devices is always encrypted using a common key that is valid only in that security group. Thereby, the interconnection operation between a plurality of devices inside the security group and another device outside the security group can be firmly prevented by the encryption technology. In other words, content leakage from the security group can be prevented.

  For example, in the example of FIG. 1, a security group 51 to which five information processing apparatuses 1 to 5 are subscribed is formed as a plurality of devices.

  In this case, when content is transmitted from a predetermined one of the five information processing apparatuses 1 to 5 to the other one, the content is the same value for each device in the security group 51. Is encrypted by using any one of LE Key 61, D Key 62, and N Key 63, which will be described later in the example of FIG. 1, and transmitted in the form of encrypted content. As a result, it is possible to prevent the eavesdropping of content outside the service area of the security group 51.

  When there are a plurality of content transmission forms in the security group 51, it is also possible to set an encryption key for each transmission form. For example, in the example of FIG. 1, the LE Key 61 is set as the encryption key for the content transmission form via the signal lines 31-1 to 31-3. In addition, D Key 62 is set as an encryption key for the content transmission form by recording on the recording medium 11. In addition, N Key 63 is set as the encryption key for the content transmission form via the network 6.

  That is, when transmitting the content to the information processing device 2, the information processing device 1 encrypts the content using the D Key 62 and records the encrypted content on the recording medium 11. The recording medium 11 on which such encrypted content is recorded is provided to the information processing apparatus 2 by a person or the like. Then, the information processing apparatus 2 reads the encrypted content from the recording medium 11 and decrypts it using the D Key 62.

  On the other hand, when transmitting the content to the information processing device 5, the information processing device 1 encrypts the content using the LE Key 61 and transmits the encrypted content to the information processing device 5 via the signal line 31-1. . Then, the information processing apparatus 5 receives the encrypted content and decrypts it using the LE Key 61. Note that content is transmitted from the information processing device 2 to the information processing device 5 via the signal line 31-2, or content is transmitted from the information processing device 4 to the information processing device 5 via the signal line 31-3. The same processing is executed also in the case of

  Further, when content is transmitted from a predetermined one of the information processing devices 2 to 4 to another one, the predetermined one encrypts the content using the N Key 63, and the encryption The encrypted content is transmitted to the other device via the network 6. Then, the other one receives the encrypted content and decrypts it using the N Key 63.

  Although the environment formed as the security group 51 is not particularly limited, in the present embodiment, it is assumed that one production environment of content, that is, one workflow such as a broadcasting station or a production house is employed. For this reason, in the example of FIG. 1, as shown in parentheses in the figure, the information processing apparatus 1 is configured by a so-called camcorder (photographing apparatus), and the information processing apparatus 2 is configured by a so-called deck (recording / reproducing apparatus). The information processing device 3 is configured by a so-called material server (content storage device), the information processing device 4 is configured by a so-called editor (nonlinear editing device), and the information processing device 5 is configured by a so-called monitor (display device). . Therefore, hereinafter, the information processing device 1 is referred to as a camcorder 1, the information processing device 2 is referred to as a deck 2, the information processing device 3 is referred to as a material server 3, the information processing device 4 is referred to as an editor 4, and the information processing device 5 is referred to as an information processing device 5. This is called a monitor 5. In other words, in the example of FIG. 1, the camcorder 1 to the monitor 5 as content production devices used in the content production environment are joined to one security group 51.

  Since the security group 51 is formed by such a workflow, the transmission form of content by the signal lines 31-1 to 31-3, that is, the transmission interface is, for example, SMPTE (Society of Motion Picture and Television Engineers) HD-SDI (Bit-Serial Digital Interface for High-Definition Television System) defined in 292M is adopted. However, such a transmission interface is not particularly limited to the example of the present embodiment, and other examples include a baseband signal of digital video and audio such as SDI (Serial Digital Interface) and SDTI-CP (Serial Data Transport Interface Content Package Format). Any interface that can transmit compressed signals is sufficient.

  The recording medium 11 is assumed to be an optical disk, for example, in the present embodiment, but is not particularly limited as long as it is a medium capable of recording image / audio data such as a tape, a hard disk, and a memory card.

  Further, the network 6 is assumed to adopt Ethernet (registered trademark) in this embodiment, for example, but in addition, IEEE 1394 (The Institute of Electrical and Electronics Engineers, Inc), FiberChannel (trademark), etc. Any network that can transmit compressed data or baseband data is not particularly limited.

  By the way, in the example of FIG. 1, there are only five devices belonging to the workflow formed as the security group 51, the camcorder 1 to the monitor 5 as described above. However, in general, workflows such as broadcasting stations and production houses sometimes manage more devices. In such a case, key setting and key management for each common key for each content transmission form, for example, key setting work and key management for each of LE Key 61, D Key 62, and N Key 63 in the example of FIG. Although manual operation is also conceivable, there is a problem that setting work may be mistaken or keys may be leaked. In addition, the number of devices in the workflow increases, and there is also a problem that if the devices are added (hereinafter also referred to as subscription) or deleted (hereinafter also referred to as withdrawal) to the workflow, the setting work will increase. To do. Accordingly, it is considered that not only all devices in the workflow have an encryption function to form a security group, but also these problems that are expected in operation need to be solved at the same time.

  In order to solve these problems, the information processing apparatus 21 that manages the security group 51 is provided in the information processing system of FIG. Hereinafter, the information processing apparatus 21 is referred to as a security manager 21 in accordance with the description in parentheses in FIG. The security manager 21 has a function of performing key setting and key management for the devices subscribing to the security group 51, in the example of FIG. 1, the camcorder 1 to the monitor 5, and a function of managing the security group 51 itself. Yes. Further details of the security manager 21 will be described later with reference to FIGS.

  FIG. 2 is a block diagram illustrating a configuration example of the deck 2 as an example of a device that can join the security group 51.

  In FIG. 2, a CPU (Central Processing Unit) 71 executes various processes according to a program stored in a ROM (Read Only Memory) 73 or the like. A RAM (Random Access Memory) 72 appropriately stores programs executed by the CPU 71 and data. In the device ID memory 74, a device ID as an identifier for the deck 2 is recorded. These CPU 71, RAM 72, ROM 73, and device ID memory 74 are connected to each other by a bus 84.

  The CPU 71 is also connected with an I / F 75 to an MPEG2 Encoder 83 via a bus 84.

  A security manager 21 is connected to the I / F 75. The form of the I / F 75 is not particularly limited, and for example, a predetermined network connection interface, serial interface, memory card, or the like can be employed.

  The key register 76 is composed of a secure memory, for example, a non-volatile memory, and stores a common key set by the security manager 21 for the security group 51 of FIG. 1, that is, LE Key 61, D Key 62, and N Key 63.

  A DMAC (Direct Memory Access Controller) 77 copies information provided from a block connected to the bus 84 to the RAM 72, or provides information copied to the RAM 72 to another block connected to the bus 84.

  The Data Decryptor 78 decrypts the data read from the recording medium 11 by the Disc Drive 85, that is, the encrypted content using the D Key 62, and provides the resulting content to the RAM 72 and the like based on the control of the DMAC 77. On the other hand, the Data Encryptor 79 encrypts data to be written to the recording medium 11, that is, the content using the D Key 62, and provides the resulting encrypted content to the Disc Drive 85. The D Key 62 is read from the key register 76 and provided to the Data Decryptor 78 and the Data Encryptor 79 via the key supply path K2.

  The Disc Drive 85 writes the encrypted content from the Data Encrypter 79 to the recording medium 11, and reads the encrypted content from the recording medium 11 and provides it to the Data Decryptor 78.

  In the present embodiment, the data recorded on the recording medium 11 is data (hereinafter referred to as MPEG data) that has been compression-encoded according to the MPEG-2 (Moving Picture Experts Group-2) standard. . In other words, in the present embodiment, the content is stored in the RAM 72 in the form of MPEG data.

  In this case, the MPEG data recorded in the RAM 72 is converted into a network packet by the CPU 71 as necessary, and the resulting packet is provided to the Packet Encryptor 80 by the DMAC 77. Then, the Packet Encryptor 80 encrypts the packet using the N Key 63, and provides the encrypted packet obtained as a result to the Network I / F 86.

  In the above-described example, the MPEG data output from the Data Decryptor 78 is once copied onto the RAM 72. If possible, however, the MPEG data is transferred to the Packet Encryptor 80 after being networked without going through the RAM 72. It may be transferred directly.

  On the other hand, when the content is received by the Network I / F 86 in the form of an encrypted packet, the Packet Decryptor 81 decrypts the encrypted packet using the N Key 63 and outputs the resulting packet. The packet output from the Packet Decryptor 81 is converted into MPEG data by the CPU 71 and then provided to the RAM 72 and the like under the control of the DMAC 77.

  The N Key 63 is read from the key register 76 and provided to the Packet Encryptor 80 and the Packet Decryptor 81 via the key supply path K3.

  The Network I / F 86 transmits the encrypted packet from the Packet Encryptor 80 to the network 6, receives the encrypted packet transmitted from the network 6, and provides it to the Packet Decryptor 81.

  The MPEG data recorded in the RAM 72 is also provided to the MPEG2 Decoder 82 as necessary. Then, the MPEG2 Decoder 82 decompresses and decodes the MPEG data according to the MPEG-2 standard, and provides the resulting baseband data to the Stream Encrypter 87. The Stream Encrypter 87 encrypts the baseband data using the LE Key 61, and provides the resulting encrypted baseband data to the HD-SDI OUT I / F 88. The HD-SDI OUT I / F 88 outputs the encrypted baseband data in the form of an HD-SDI signal via the terminal 89.

  In the above example, the MPEG data output from the Data Decryptor 78 is temporarily copied on the RAM 72. However, if possible, the MPEG data may be directly transferred to the MPEG2 Decoder 82 without going through the RAM 72.

  On the other hand, the HD-SDI IN I / F 91 receives encrypted baseband data provided in the form of an HD-SDI signal via the terminal 90 and provides it to the Stream Decryptor 92. Then, the Stream Decryptor 92 decrypts the encrypted baseband data using the LE Key 61, and provides the resulting baseband data to the MPEG2 Encoder 83. The MPEG2 Encoder 83 compresses and encodes the baseband data in accordance with the MPEG-2 standard, and outputs the resulting MPEG data. Such MPEG data is provided by the DMAC 77 to the RAM 72 or the like.

  The LE Key 61 is read from the key register 76 and provided to the Stream Encryptor 87 and the Stream Decryptor 92 through the key supply path K1.

  The configuration of the deck 2 has been described above. It should be noted that the content recording / reproducing operation among the operations of the deck 2 can be easily understood by appropriately referring to the above description, and thus the description of the content recording / reproducing operation will be omitted.

  Of the operations of the deck 2, the operations for the security manager 21 will be described later with reference to FIGS. 10 and 11.

  1 is not shown in the figure, but in this embodiment, for example, the camcorder 1 to the monitor 6 (except for the deck 2) have the following functions. It is assumed that it is configured to have. That is, the camcorder 1 has at least the same functions as those of the key register 76, I / F 75, Data Encryptor 79, and Stream Encryptor 87 of FIG. 2 in addition to the same functions as the conventional camcorder. The material server 3 has at least the same functions as those of the key register 76, I / F 75, Packet Encryptor 80, and Packet Decryptor 81 of FIG. It is assumed that the editor 4 has at least the same functions as those of the key register 76, I / F 75, Packet Encryptor 80, Packet Decryptor 81, and Stream Encryptor 87 in FIG. It is assumed that the monitor 5 has at least the same functions as those of the key register 76, the I / F 75, and the Stream Decryptor 92 of FIG.

  The security group 51 of FIG. 1 to which each device having such a function is joined is managed by the security manager 21 as described above. Therefore, the security manager 21 will be described in detail below with reference to FIGS.

  FIG. 3 is a block diagram illustrating an example in which the security manager 21 is configured by a computer.

  In FIG. 3, the CPU 101 executes various processes according to programs stored in the ROM 102 or the storage unit 109. The RAM 103 appropriately stores programs executed by the CPU 101 and data. Further, the secure memory 104 configured by a nonvolatile memory or the like appropriately stores, for example, a device database shown in FIG. 5 or FIG. 14 described later, a key database shown in FIG. 6 or FIG. . These CPU 101, ROM 102, RAM 103, and secure memory 104 are connected to each other by a bus 105.

  As described above, in the example of FIG. 3, a dedicated secure memory 104 is provided in order to ensure the confidentiality of a key database or the like described later. However, the method for ensuring the confidentiality of a key database or the like, which will be described later, is not particularly limited to the example of FIG. 3. For example, even if a method such as mounting a secure OS (Operating System) such as Linux (trademark) is adopted. Good.

  An input / output interface 106 is also connected to the CPU 101 via the bus 105. Connected to the input / output interface 106 are an input unit 107 such as a keyboard, a mouse, and a microphone, and an output unit 108 such as a display and a speaker. The CPU 101 executes various processes in response to commands input from the input unit 107. Then, the CPU 101 outputs the processing result to the output unit 108. For example, the output unit 108 performs image output in FIGS.

  A storage unit 109 connected to the input / output interface 106 includes, for example, a hard disk, and stores programs executed by the CPU 101 and various data.

  The communication unit 110 communicates with an external device via a network such as the Internet or a local area network. For example, in the present embodiment, the communication unit 110 communicates with each device that can join the security group 51 in FIG. 1, for example, each of the camcorder 1 to the monitor 5. In this case, as described in the description of the I / F 75 in FIG. 2, for example, communication is performed using a predetermined network connection interface, serial interface, memory card, or the like. Further, the communication unit 110 may acquire a program from an external device and store the program in the storage unit 109 based on the control of the CPU 101.

  The drive 111 connected to the input / output interface 106 drives a removable medium 112 such as a magnetic disk, an optical disk, a magneto-optical disk, or a semiconductor memory, and drives the program or data recorded therein. Get etc. The acquired program and data are transferred to and stored in the storage unit 109 as necessary.

  Next, the operation of the security manager 21 configured as described above will be described with reference to FIGS.

  When an administrator or the like of the security group 51 in FIG. 1 joins a new device to the security group 51 or leaves a device that has already joined the security group 51, the administrator or the like connects the target device to the security manager 21. Then, GUI (Graphical User Interface) operation on the security manager 21 is performed. An example of a GUI image displayed by the security manager 21 in this case is shown in FIG.

  The GUI image in the example of FIG. 4 includes a window 151 named “security manager”. In an area 153 of the window 151, a window 152 named “security group” is displayed. In the area 154 of this window 152, devices that have joined the security group 51 are displayed as icons 161. The icon 161 is composed of a picture of a device and text indicating the device category and device ID. Hereinafter, when the icons 161 are distinguished, the text is used. For example, an icon 161 with an arrow 161 is referred to as an “camcorder 101” icon 161.

  In the example of FIG. 4, the “camcorder 101” icon 161, the “monitor 211” icon 161, and the “editor 321” icon 161 are displayed in the area 154 of the window 152. As a result, the administrator or the like knows that the camcorder whose device ID is 101, the monitor whose device ID is 211, and the editor whose device ID is 321 are devices that have already joined the security group 51. That is, in contrast to the example of FIG. 1, the camcorder with the device ID 101 is already subscribed as the camcorder 1, the monitor with the device ID 211 is already subscribed as the monitor 5, and the editor with the device ID 321 is the editor. 4, the state in which the deck 2 and the material server 3 are not yet joined is the state shown in FIG.

  The parentheses enclosed in the text portion of the icon 161 indicate that the device indicated by the icon 161 is not connected to the security manager 21. That is, in the example of FIG. 4, since the text portion of the icon 161 of “camcorder 101” and the icon 161 of “monitor 211” is enclosed in parentheses, the camcorder with device ID 101 and the monitor with device ID 211 That is, it can be seen that the camcorder 1 and the monitor 5 in the example of FIG. 1 are not connected to the security manager 21. On the other hand, since the text portion of the icon 161 of “editor 321” is not enclosed in parentheses, the editor of the device ID 321, that is, the editor 4 in the example of FIG. 1 is connected to the security manager 21. I understand.

  What should be noted here is that whether or not the text portion of the icon 161 is enclosed in parentheses, in other words, whether or not it is connected to the security manager 21 does not affect the encryption function of the device. That is, as will be described later, when a new device joins the security group 51, if the new device is connected to the security manager 21, the security manager 21 sets a key for the new device. . Therefore, for a device once joined to the security group 51, the encryption function using the key set by the security manager 21 continues to work even after the connection with the security manager 21 is disconnected. As a result, it is possible to protect a device that is difficult to operate while connected to the security manager 21, such as the camcorder 1 shown in FIG. Of course, if the usage environment of the device permits, any device may be always connected to the security manager 21.

  In the example of FIG. 4, in addition to the window 152, an icon 161 of “deck 450” and an icon 161 of “deck 441” are also displayed in the area 153. In other words, the icon 161 of “Deck 450” and the icon 161 of “Deck 441” are not included in the window 152. As described above, the icon 161 not included in the window 152 indicates a device that is not currently subscribed to the security group 51. Here, the description of a device that is not currently subscribed includes not only devices that have never joined the security group 51 but also devices that have previously joined the security group 51 but have subsequently withdrawn. It is. In addition, the icon 161 displayed in the area 153 indicates that the device corresponding to the icon 161 has been recognized by the security manager 21, that is, the device corresponding to the icon 161 has been displayed to the security manager 21 at least once. It means that you are connected.

  In this state, for example, when the administrator or the like wants to join the deck having the device ID 441 to the security group 51, the icon 161 “Deck 441” is displayed in the area of the window 152 as shown by the arrow in FIG. An operation of dragging into 154 may be performed. Then, in synchronization with the operation, the security manager 21 rewrites the contents of the key register in the deck whose device ID is 441, that is, the contents of the key register 76 in FIG. 2, and stores it in the secure memory 104 in FIG. For example, the device database is rewritten as shown in FIG. Thereby, the joining of the deck having the device ID 441 to the security group 51 is completed.

  That is, FIG. 5 shows an example of a device database managed by the security manager 21 and corresponds to the state shown in FIG.

  In the device database of the example of FIG. 5, a predetermined row relates to a predetermined one device managed by the security manager 21, that is, a predetermined one device that has been connected to the security manager 21 once. Information is described. In the example of FIG. 5, the information related to the predetermined single device includes items of “device ID”, “device category”, “security group”, “D Key”, “N Key”, and “LE Key”. Each piece of information is described.

  The item “device ID” in a predetermined line describes the device ID of the device corresponding to the predetermined line. The device ID is information embedded in the content encryption compatible device in advance, and is information stored in the device ID memory 74 in the deck 2 of FIG. The device ID is not particularly limited as long as it is information prohibited to be rewritten by the user, and for example, a model name, a serial number, a version, or the like can be adopted.

  In the item “device category” in a predetermined line, the device category of the device corresponding to the predetermined line is described. In this embodiment, in addition to the camcorder, the monitor, the editor, and the deck shown in FIG. 5, a material server not shown in FIG. 5 is adopted as the equipment category.

  In the item of “security group” in a predetermined line, the name of the group to which the device corresponding to the predetermined line is subscribed is described. That is, the number of security groups managed by the security manager 21 is only one such as the security group 51 in the example of FIG. 1, but may be plural as will be described later. Therefore, the management of a plurality of security groups is realized by providing such a “security group” item. However, since FIG. 5 is an example corresponding to the state of FIG. 4, only “Group A” is illustrated in FIG. 5. That is, “Group A” is the name of the security group 51 in FIG. In addition, since the device corresponding to the lowermost row in FIG. 5, that is, the deck whose device ID is 450, does not belong to any security group, in such a case, “does not belong to the group”. Information is described in the item “security group”.

  Each item of “D Key”, “N Key”, and “LE Key” in a predetermined line includes the setting contents of D Key 62, N Key 63, and LE Key 61 for the device corresponding to the predetermined line. Described. The setting contents include “V (check mark)” indicating that the key has been set, “−” indicating that the key setting is not required, and “not filled” indicating that the key has not been set. Note that “−” indicating that key setting is not required is described for a device that does not have a function of encrypting content using the key.

  An example of a key database for the D Key 62, N Key 63, and LE Key 61 managed by the security manager 21 is shown in FIG. However, FIG. 6 shows an example corresponding to the state of FIG. 4, that is, an example in which only one security group exists.

  The security manager 21 generates the values of the D key 62, N key 63, and LE key 61 (hereinafter also referred to as key data) and registers them in the key database as shown in FIG. Such a key database is stored in the secure memory 104 in the example of FIG. At that time, a random value is usually used as the key data in order to make it difficult to break the content. That is, the key data is generated by a random number generator (not shown) or the like built in the security manager 21 and stored safely with integrity and confidentiality.

  Note that the key length is 64 bits in the example of FIG. 6, but other lengths may be selected according to the required encryption strength. For example, when AES (Advanced Encryption Standard) 128 bits is adopted as the encryption method, the key length is adopted 128 bits.

  Moreover, the security manager 21 can update the key data as needed. In this case, the security manager 21 may leave the update history in the key database or the like.

  Next, a processing example of the security manager 21 will be described in more detail with reference to the flowchart of FIG.

  In step S1, the security manager 21 determines whether a new device is connected.

  If it is determined in step S1 that a new device is not connected, the process returns to step S1, and it is determined again whether a new device is connected. That is, until the new device is connected to the security manager 21, the security manager 21 enters a standby state by repeating the determination process in step S1.

  Thereafter, when a new device is connected to the security manager 21, it is determined as YES in Step S1, and the process proceeds to Step S2.

  In step S2, the security manager 21 issues a device ID read request to a new device.

  Then, as shown in steps S41 and S42 of FIG. 10 described later, the new device receives the device ID read request and transmits the device ID to the security manager 21.

  Therefore, in step S3, the security manager 21 receives the device ID to acquire the device ID of the new device.

  In step S4, the security manager 21 determines whether or not the device ID has been registered in the device database (FIG. 5 and the like).

  If it is determined in step S4 that the device ID has not been registered in the device database, the security manager 21 registers the device ID in the device database in step S5. If the device category can be determined from the device ID, the device category is also registered in the device database. Thereafter, the process proceeds to step S10. However, the processing after step S10 will be described later.

  On the other hand, if it is determined in step S4 that the device ID has been registered in the device database, the process proceeds to step S6. In step S6, the security manager 21 issues a key hash value read request to a new device.

  Then, as shown in steps S43 and S44 of FIG. 10 described later, the new device receives the key hash value read request, calculates the key hash value from the key data that it has, and calculates the key hash value. It is sent to the security manager 21.

  Therefore, in step S7, the security manager 21 receives the key hash value to obtain the key hash value of the new device.

  In step S8, the security manager 21 determines whether or not the key hash value matches the key hash value calculated from the key data included in its own key database (FIG. 6 and the like).

  If it is determined in step S8 that they do not match, the security manager 21 executes predetermined error processing in step S9.

  The reason for the execution of such predetermined error handling may be that the contents of the key register in the new device have been overwritten by another security manager (not shown) or destroyed for other reasons. Etc. Therefore, as an example of the predetermined error processing, after presenting the assumed cause of the occurrence of inconsistency of the key hash value to the operator (administrator, etc.) of the security manager 21, the operator is given a key based on the contents of the device database. For example, a process of selecting whether or not to overwrite data and performing a process corresponding to the operation is included.

  After execution of the predetermined error process in step S9, the process proceeds to step S13. However, the processing after step S13 will be described later.

  On the other hand, if it is determined in step S8 that they match, the process proceeds to step S10.

  Note that the use of the key hash value instead of the key data in the processing of steps S6 to S8 in FIG. 7 as described above prevents the key data itself from being read from the outside of the device in order to maintain the confidentiality of the key. Because it is. Note that in a state where no key is set in the device, the key data is assumed to be zero, and a hash value corresponding to the zero is read and transmitted to the security manager 21.

  Although not included in the step of FIG. 7, the security manager 21 can recognize the state of the new connected device when it is determined as YES in step S8. The new device icon 161 is displayed in the area 153 or 154 of the GUI image in FIG. 4 described above. That is, for example, if a new device has not joined the security group 51, the icon 161 is displayed on the area 153. At this time, since the new device is connected to the security manager 21, the text composed of the device category and the device ID is displayed without being enclosed in parentheses. On the other hand, for example, if a new device has already joined the security group 51, the text display of the corresponding icon 161 on the area 154 of the window 152 is updated from having parentheses to being absent.

  In this way, if it is determined as YES in the process of step S8, the security manager 21 determines whether or not an instruction to join / change / withdraw from the security group 51 is given in step S10.

  If none of these instructions are given, it is determined as NO in step S10, and the process proceeds to step S12. However, the processing after step S12 will be described later.

  On the other hand, for example, when the drag operation for moving the icon 156 of a new device from the area 153 to the area 154 is performed in the state where the GUI image of FIG. 4 is displayed, the security group 51 is assigned in step S10. If it is determined that an instruction to join has been issued, the process proceeds to step S11.

  Further, for example, when a drag operation for moving the new device icon 161 from the region 154 to the region 153 is performed in the state where the GUI image of FIG. 4 is displayed, the user is withdrawn from the security group 51 in step S10. The process proceeds to step S11.

  The instruction to change the security group will be described later with reference to FIG.

  In step S11, the security manager 21 performs key setting by updating the key data in the key register in the new device according to the instruction made in step S10, and updates the device database in accordance with the key setting. . Hereinafter, such processing in step S11 is referred to as device database update / key setting processing. Details of the device database update / key setting process will be described later with reference to FIG.

  When the device database update / key setting process in step S11 is completed, or when it is determined NO in step S10 as described above, the process proceeds to step S12. In step S12, the security manager 21 determines whether or not the connection of a new device has been disconnected.

  If it is determined in step S12 that the connection of the new device has not been disconnected, the process returns to step S10, and the subsequent processes are repeated.

  On the other hand, if it is determined in step S12 that the connection of the new device has been disconnected, the process proceeds to step S13. Further, as described above, also when the process of step S9 is executed, the process proceeds to step S13. In step S13, the security manager 21 determines whether or not an instruction to end the process has been issued.

  If it is determined in step S13 that the process has not been instructed yet, the process returns to step S1 and the subsequent processes are repeated.

  On the other hand, if it is determined in step S13 that the process has been instructed, the process of the security manager 21 ends.

  FIG. 7 shows an example in which the number of new devices connected to the security manager 21 is one, but when two or more devices are simultaneously connected to the security manager 21, What is necessary is just to make the process of S2 thru | or S11 respond | correspond by a thread starting form etc.

  Next, a detailed example of the device database update / key setting process in step S11 of FIG. 7 will be described with reference to the flowchart of FIG.

  In step S21, the security manager 21 sets the encrypted channel i = 1.

  As shown in FIG. 9, the encrypted channel i is an identifier indicating the transmission form of the encrypted content, and uniquely corresponds to the key used for encrypting the content transmitted in the transmission form. It is attached. That is, in the example of FIG. 9, the encrypted channel i = 1 indicates disk media, for example, the recording medium 11 in the example of FIG. 1, and is therefore associated with the D Key 62. The encrypted channel i = 2 indicates a network interface. For example, in the example of FIG. 1, the encrypted channel i = 2 indicates an interface by the network 6, and is therefore associated with the N Key 63. The encrypted channel i = 3 indicates an HD-SDI interface. For example, the encrypted channel i = 3 indicates an interface by signal lines 31-1 to 31-3, and is therefore associated with the LE Key 61. 9 is preliminarily stored in the security manager 21, for example, in the secure memory 104 or the ROM 102 in FIG.

  Returning to FIG. 8, in step S22, the security manager 21 determines whether or not the new device employs the encrypted channel i.

  For example, in the determination process of step S22 after the process of step S21, since the encrypted channel i = 1 is set, it is determined to be YES when a new device adopts a disk medium. That is, in the example of FIG. 1, when the camcorder 1 or the deck 2 having the read / write function of the recording medium 11 is connected to the security manager 21 as a new device, it is determined as YES. On the other hand, if the new device does not employ the disk medium, it is determined as NO. That is, in the example of FIG. 1, when the material server 3 to the monitor 5 that do not have the read / write function of the recording medium 11 are connected to the security manager 21 as new devices, it is determined NO.

  If it is determined as NO in step S22, the process proceeds to step S26. However, the processing after step S26 will be described later.

  On the other hand, when it determines with it being YES in step S22, a process progresses to step S23. In step S23, the security manager 21 generates key data for the key corresponding to the encrypted channel i.

  That is, when joining a new device to the security group 51, in step S23, the security manager 21 reads out the key data of the key corresponding to the encrypted channel i from the key database (FIG. 6). Generate a key. For example, when the encrypted channel i = 1, the key data of D Key 62, that is, “a4-3f-dd-9e-d7-0b-f3-91” in the example of FIG. 6 is read.

  On the other hand, when a new device is withdrawn from the security group 51, the security manager 21 generates zero as key data for the key corresponding to the encrypted channel i. In this case, zero is set as the key data for the new device, but the device set to zero in this way encrypts / decrypts the content by bypassing the functions of the Encryptor and Decryptor. Suppose that the conversion process is not executed.

  In step S24, the security manager 21 transmits key data and a key setting command to a new device.

  In step S25, the security manager 21 determines whether or not a key setting completion response has been received from the new device.

  If it is determined in step S25 that the key setting completion response has not been received from the new device, the process returns to step S25 to determine again whether or not the key setting completion response has been received from the new device. The That is, until the key setting completion response is made from a new device, the determination process in step S25 is repeated, so that the security manager 21 enters a standby state.

  During this time, as shown in steps S45 to S47, S48 to S50, or S51 to S53 in FIG. 11 described later, the new device receives the key data and the key setting command, and stores the key data in the key register. After that, the key setting completion response is transmitted to the security manager 21.

  Therefore, the security manager 21 receives the key setting completion response, determines that the answer is YES in step S25, and advances the process to step S26.

  In step S26, the security manager 21 increments the encrypted channel i by 1 (i = i + 1).

  In step S27, the security manager 21 determines whether i> 3.

  When the encrypted channel i is 2 or 3 at the time after the process of step S26, it is determined as NO in step S27, the process returns to step S22, and the processes of steps S22 to S26 are repeated. .

  On the other hand, if the encrypted channel i becomes 4 at the time after the process of step S27, it is determined as YES in step S27, and the device database update / key setting process ends. That is, the process of step S11 in FIG. 7 ends, and the process proceeds to step S12.

  As for the update of the device database, every time a key setting completion response is made to each encrypted channel i, that is, every time it is determined YES in the process of step S25, the encrypted channel i is updated. The item of the key data corresponding to may be updated, or may be updated collectively after the process of step S27.

  1 is a flowchart showing an example of the relationship between the security manager 21 and the deck 2 when the deck 2 of FIG. 1 is connected to the security manager 21 as a new device for which key setting is performed by the processing of the security manager 21 described above. Is shown in FIGS. 10 and 11.

  Therefore, an example of processing on the deck 2 side where key setting is performed by the processing of the security manager 21 described above will be described below with reference to FIGS. 10 and 11.

  In FIG. 10, when a device ID read request is issued from the security manager 21 in the process of step S2 as described above, the deck 2 receives the device ID read request in step S41, and in step S42, The device ID is read from the device ID memory 74 (FIG. 2) and transmitted to the security manager 21.

  Thereafter, when the key hash value read request is issued from the security manager 21 in the process of step S6 as described above, the deck 2 receives the key hash value read request in step S43, and in step S44, the key register A key hash value is read (calculated) from the key data stored in 76 (FIG. 2) and transmitted to the security manager 21.

  After that, when device database update / key setting processing is performed by the security manager 21, the deck 2 executes the processing shown in FIG. 11 correspondingly.

  That is, as described above, after the encryption channel i = 1 is set by the security manager 21 in step S21, the processing of steps S22 and S23 is performed, and the key data and key setting of D Key 62 are performed in the processing of step S24. The command is sent to deck 2.

  Then, the deck 2 receives the key data of the D Key 62 and the key setting command in Step S45, stores the key data in the key register 76 in Step S46, and sends a key setting completion response to the security manager 21 in Step S47. Send to.

  Then, as described above, the security manager 21 determines YES in step S25. Then, after the encrypted channel i = 2 is set in step S26, the processes of steps S27, S22, and S23 are performed. In the next process of step S24, the key data of N Key 63 and the key setting command are changed to the deck. 2 is sent.

  Then, the deck 2 receives the key data of N Key 63 and the key setting command in step S48, stores the key data in the key register 76 in step S49, and sends a key setting completion response to the security manager 21 in step S50. Send to.

  Then, as described above, the security manager 21 determines YES in step S25. Then, after the encrypted channel i = 3 is set in step S26, the processes of steps S27, S22, and S23 are performed. In the next process of step S24, the key data of LE Key 61 and the key setting command are now displayed in the deck. 2 is sent.

  Then, the deck 2 receives the LE key 61 key data and key setting command in step S51, stores the key data in the key register 76 in step S52, and sends a key setting completion response to the security manager 21 in step S53. Send to.

  Then, as described above, the security manager 21 determines YES in step S25. This time, since the encrypted channel i = 4 is set in step S26, it is determined YES in the process of step S27, and the device database update / key setting process ends.

  Although steps are not shown in the flowchart, the security manager 21 may transmit the above-described correspondence table data in FIG. 9 to the deck 2 as necessary. In this case, the CPU 71 of the deck 2 can easily perform the process of providing each key data stored in the key register 76 to an appropriate block by referring to the correspondence table.

  By the way, in the above-described example, only one security group 51 is mentioned, but a plurality of security groups 51 may be formed.

  In such a case, a dedicated security manager 21 may be provided for each of the plurality of security groups 51, and management may be performed by the dedicated security manager 21.

  Alternatively, a single security manager 21 may manage a plurality of security groups 51 collectively. For example, in FIG. 12, when two security groups 51-A and 51-B are formed, one security manager 21 collectively manages the two security groups 51-A and 51-B. An example is shown. In FIG. 12, the signal line 32-A is the connection line of each device that has joined the security group 51-A, for example, the connection lines 32-1 to 32-5 in the example of FIG. Is. Similarly, the signal line 32-B is a collection of the connection lines of the devices that have joined the security group 51-B.

  When two security groups 51-A and 51-B are formed as in the example of FIG. 12, the security manager 51 uses, for example, a GUI image as shown in FIG. In the GUI image of FIG. 13, a window 152-1 for the security group 51-A and a window 152-2 for the security group 52-B are displayed in the area 153, respectively.

  In this case, the user operation is basically the same as the operation described with reference to FIG. Here, it is basically described that the user can change the icon 161 displayed in the area 154-1 of the window 152-1 for the security group 51-A to the window for the security group 51-B. By performing a drag operation to move to the area 154-2 of 152-2, it is also possible to withdraw a device that has joined the security group 51-A and join the security group 51-B. is there. Similarly, the user moves the icon 161 displayed in the area 154-2 of the window 152-2 for the security group 51-B to the area 154-1 of the window 152-1 for the security group 51-A. This is because, by performing a drag operation, a device that has joined the security group 51-B can be withdrawn from the device and joined to the security group 51-A. The instruction based on such a drag operation is the security group change instruction in step S10 in FIG.

  When two security groups 51-A and 51-B are formed as in the example of FIG. 12, the device database is as shown in FIG. 14, for example. Here, in the item “security group”, “group A” indicates the security group 51-A, and “group B” indicates the security group 51-B.

  When two security groups 51-A and 51-B are formed as in the example of FIG. 12, the key database is as shown in FIG. 15, for example.

  The following two points should be noted here. That is, the first point is that it is necessary to use different key data between different security groups for each of the security groups 51-A and 51-B in order to prevent outflow of contents to the outside. .

  On the other hand, the second point is that each key data of D Key 62, N Key 63, and LE Key 61 directly leads to content leakage to different security groups even if the same value is used in the same security group. There is no point. However, in the event that one of the D Key 62, N Key 63, and LE Key 61 is forgotten, in order to minimize the impact on the entire encryption-compatible production environment, It is desirable to use different values for the key data of D Key 62, N Key 63, and LE Key 61 in the same security group. However, since these keys only need to be managed by the security manager 21 rather than manually, even if key data having different values are used, there is no increase in the time and labor of the administrator or user.

  In the above-described embodiment, the joining and withdrawal of the device to / from the security group 51 is performed by the GUI operation on the security manager 21. However, the device is not limited to the GUI, but the command line operation, the table operation, the mail Command transmission / reception may be possible.

  Further, the security manager 21 is configured by a personal computer in the above-described example of FIG. 3, but is not particularly limited to the example of FIG. 3, and may be, for example, a portable information terminal. Alternatively, one of the content encryption compatible devices subscribed to the security group 51 may be determined as a master device, and the master device may have the function of the security manager 21.

  Further, in the above-described embodiment, the encryption function using the key once set by the security manager 21 is valid for the devices that are joined to the predetermined security group 51. However, the present invention is not limited to this. Instead, for example, the key register of the device may be cleared at a time limit.

  In the above-described embodiment, all the functions of the Encryptor and Decryptor in the device are operated simultaneously. However, the present invention is not limited to this, and unencrypted content from outside the security group 51 to which the device is subscribed. Decryptor functions may be bypassed for importing.

  Further, in the above-described embodiment, in a device that has joined the predetermined security group 51, the value of the key register in the device set by the security manager 21 is directly supplied to the Encryptor or Decryptor for encryption / decryption. However, the present invention is not limited to this. For example, the device Encryptor or Decryptor uses a key or key list generated / stored by a method different from the present invention, and uses the key data in the device key register for encryption to further conceal this. You may make it do. Alternatively, authentication may be performed between devices using key data in the key register, and key exchange may be performed. Alternatively, the unique ID of the media and the key data of the key register may be combined using a hash function, and the resulting value may be used for encryption / decryption operations of the Encryptor or Decryptor.

  In the above-described embodiment, the key data transmitted from the security manager 21 to the device in the process of step S24 in FIG. 8 and the like is not encrypted, but the present invention is not limited to this. You may make it transmit. For example, if a device has a public key cryptographic operation function and a public key certificate is embedded in the device instead of the device ID, communication between the security manager 21 and the device uses public key cryptography. And can be kept confidential.

  As described above, it is possible to realize the security group 51 that can encrypt the recording / transmission data and strongly protect the content without changing the conventional operation. Furthermore, by employing the security manager 21, the security group 51 can be easily managed.

  Specifically, for example, by realizing the security group 51 in a movie production environment, it has become possible to produce a video in a content protection environment that balances confidentiality and availability. It is possible to produce video in a content protection environment without changing the operation method at all compared to before the introduction of encryption-compatible devices, and since the encryption key is embedded in the device in advance, the device is ready to use at any time. As a result, it has become possible to strongly prevent the outflow of content in the total process from material shooting to so-called complete package creation without impairing usability.

  Further, for example, since the security key 21 is automatically set by the security manager 21, it is not necessary to manually manage encryption keys or security groups when the security manager 21 is not employed, that is, in the conventional case. It was.

  Also, for example, after the encryption key is set, the device can be freely separated from the security manager 21, so that it is freed from the place restrictions of the device installation. For example, the same security group 51 can be operated even in remote locations connected by HD-SDI dedicated lines.

  By the way, when the example of FIG. 12, that is, the case where one security manager 21 collectively manages two security groups 51-A and 51-B is adopted, the security group 51-A and the security group 51- In many cases, B is in a mutual trust relationship. In such a case, for example, a request (hereinafter referred to as inter-security group transfer request) that content output from a deck subscribed to the security group 51-A should be recorded on a deck subscribed to the security group 51-B. It is not difficult to imagine. However, as described above, the security group 51-A and the security group 51-B execute encryption / decryption processing independently using key data of different values, and therefore, as shown in FIG. In the state of the example, the transfer request between security groups cannot be satisfied.

  Thus, for example, a method shown in FIG. 16 is conceivable as a method for responding to a transfer request between security groups. That is, the deck of the security group 51-A and the Link Decryptor device 201 are connected by the HD-SDI interface signal line 31-a, and the Link Decryptor device 201 and the Link Encryptor device 202 are connected by the HD-SDI interface signal line 31-a. b, and the Link Encryptor device 202 and the deck of the security group 51-B are connected by the signal line 31-c of the HD-SDI interface, that is, the two security groups 51-A and 51-B are routed. By adopting this method, it becomes possible to meet the transfer request between security groups.

  That is, the deck of the security group 51-A encrypts the content using the LE Key 61-A, and the encrypted content obtained as a result is transmitted in the form of an HD-SDI signal via the signal line 31-a. To the device 201. The Link Decryptor device 201 decrypts this encrypted content by using the LE Key 61-A effective in the security group 51-A, and the resulting content is converted into a signal line 31-b in the form of an HD-SDI signal. To the Link Encryptor device 202. The Link Encryptor device 202 encrypts this content by using the LE Key 61-B effective in the security group 51-B, and the resulting encrypted content is converted into a signal line 31-c in the form of an HD-SDI signal. To the deck of the security group 51-B. The security group 51-B decrypts this encrypted content using the LE Key 61-B, and records the resulting content. In this way, it becomes possible to meet the transfer request between security groups.

  However, in the method of FIG. 16, the content transmitted as the HD-SDI signal on the signal line 31-b is not encrypted, that is, the unencrypted content is assigned to the security groups 51-A and 51-B. There is a problem that the content may be wiretapped from the external signal line 31-b (hereinafter referred to as an external wiretap problem).

  Further, as another method for responding to a request for transferring between security groups, for example, as shown in FIG. 17, two security groups using a Link Encryptor / Link Decryptor integrated device 211 capable of bidirectional transmission with one device. A method of routing 51-A and 51-B can also be employed.

  In this case, the deck of the security group 51-A encrypts the content using the LE Key 61-A, and the encrypted content obtained as a result is transmitted through the signal line 31-a in the form of an HD-SDI signal. Send to 211 Link Decryptor. The Link Decryptor decrypts the encrypted content using the LE Key 61-A effective in the security group 51-A, and the resulting content is transmitted in the form of an HD-SDI signal via the signal line 31-b. To the Link Encryptor of the same device 211. The Link Encryptor encrypts this content using the LE Key 61-B effective in the security group 51-B, and the resulting encrypted content is transmitted in the form of an HD-SDI signal via the signal line 31-c. To the deck of the security group 51-B. The deck of the security group 51-B decrypts this encrypted content using the LE Key 61-B, and records the resulting content. In this way, it becomes possible to meet the transfer request between security groups.

  However, in the method of FIG. 17, as in the method of FIG. 16, the content transmitted as the HD-SDI signal on the signal line 31-b is not encrypted, that is, the unencrypted content is the security group. Since it goes out of 51-A and 51-B, content may be wiretapped from this external signal line 31-b. That is, even with the method of FIG. 17, an external wiretapping problem occurs.

  Accordingly, the present inventor has invented an information processing apparatus having the following first function and second function in order to meet the transfer request between security groups and also to solve the problem of external eavesdropping. In other words, the first function is that when the encrypted content is input from the transmission source in order to transfer the content from the transmission source to the transmission destination in an encrypted state, the encrypted content is adopted by the transmission source. A series of processes such as decrypting using a common key, re-encrypting the decrypted content using the common key adopted at the destination, and outputting the re-encrypted content to the destination The function to execute. The second function is a function for executing the series of processes described above while transmitting content via a route in the information processing apparatus.

  For example, FIG. 18 shows an embodiment in which the information processing apparatus having the first function and the second function is realized as a router.

  The router 301 in the example of FIG. 18 includes a Link Decryptor 311 and a Link Encryptor 313, and the Link Decryptor 311 and the Link Encryptor 313 are connected by a transmission unit 312 inside the router 301. The form of the transmission unit 312 is not particularly limited as long as information can be transmitted without outputting information to the outside of the router 301. For example, the transmission unit 312 may be configured by a signal line or a bus. The configuration may be such that the RAM is used as in the second example.

  The operation of the router 301 is as follows. That is, the deck of the security group 51-A encrypts the content using the LE Key 61-A, and the resulting encrypted content is transmitted in the form of an HD-SDI signal via the signal line 31-a through the router 301-a. To the Link Decryptor 311. The Link Decryptr 311 decrypts the encrypted content using the LE Key 61-A effective in the security group 51-A, and transmits the content obtained as a result to the Link Encryptor 313 via the transmission unit 312. The Link Encryptor 313 encrypts this content using the LE Key 61-B effective in the security group 51-B, and the resulting encrypted content is transmitted in the form of an HD-SDI signal via the signal line 31-c. To the deck of the security group 51-B. The deck of the security group 51-B decrypts this encrypted content using the LE Key 61-B, and records the resulting content. In this way, it becomes possible to meet the transfer request between security groups.

  In this case, content as a plaintext signal obtained as a result of the HD-SDI signal being decrypted by the Link Decryptor 311 does not go outside the router 301, so that eavesdropping of the plaintext signal from the outside of the router 301 can be prevented. it can. That is, the external wiretapping problem can be solved.

  The setting of the LE Key 61-A and LE Key 61-B in the router 301 is not shown in FIG. 18, but may be executed by the security manager 21 shown in FIG. 12, for example.

  Further, for example, although not shown, a tamper sensor that detects that the chassis of the router 301 has been opened or broken is added, and when the sensor is detected, the content as a plaintext signal transmitted through the transmission unit 312 is protected. Therefore, the operation of the Link Decryptor 311 is stopped, the LE Key 61-A and LE Key 61-B held in the router 301 are deleted to protect the key, and the detection event is notified to notify the administrator of the router 301. It may be recorded in a log.

  Furthermore, by expanding the function of the HD-SDI signal router 301 in the example of FIG. 18, it is possible to realize a router that supports encrypted network transfer files and recording media data such as disks. An example of the configuration of such a router is shown in FIG.

  The router 321 in the example of FIG. 19 includes a Link Decryptor 311 and a Link Encryptor 313 as with the router 301 in the example of FIG. The form of the transmission unit 312 is not particularly limited as long as information can be transmitted without outputting information to the outside of the router 321. For example, the transmission unit 312 may be configured with a signal line or a bus. The configuration may be such that the RAM is used as in the second example. Further, all or part of the other transmission units 332 and 342 described later may be used.

  The router 321 includes a Data Decryptor 331 and a Data Encryptor 333, and the Data Decryptor 331 and the Data Encryptor 333 are connected by a transmission unit 332 inside the router 321. The form of the transmission unit 332 is not particularly limited as long as information can be transmitted without outputting information to the outside of the router 321. For example, the transmission unit 332 may be configured with a signal line or a bus. The configuration may be such that the RAM is used as in the second example. Further, all or part of the other transmission units 312 and 342 may be used.

  The router 321 includes a Packet Decryptor 341 and a Packet Encryptor 343, and the Packet Decryptor 341 and the Packet Encryptor 343 are connected by a transmission unit 342 inside the router 321. The form of the transmission unit 342 is not particularly limited as long as information can be transmitted without outputting information to the outside of the router 321. For example, the transmission unit 342 may be configured by a signal line or a bus. The configuration may be such that the RAM is used as in the second example. Further, all or part of the other transmission units 312 and 332 may be used.

  Hereinafter, the operation of the router 321 will be described. However, the operations by the Link Decryptor 311 to Link Encryptor 313 are the same as the operations of the router 301 in FIG. That is, hereinafter, of the operations of the router 321, the operations by the Data Decryptor 331 to Data Encryptor 333 and the operations by the Packet Decryptor 341 to Packet Encryptor 343 will be described individually in that order.

  The operation by the Data Decryptor 331 to Data Encryptor 333 is as follows.

  That is, the deck of the security group 51-A encrypts the content using the D Key 62-A, and records the encrypted content obtained as a result on the first recording medium (not shown).

  The first recording medium on which such encrypted content is recorded is provided to the router 321 by a person or the like.

  Then, the router 321 reads the encrypted content from the first recording medium and provides it to the internal Data Decryptor 331. The Data Decryptr 331 decrypts the encrypted content using the D Key 62-A effective in the security group 51-A, and transmits the content obtained as a result to the Data Encryptor 333 via the transmission unit 332. The Data Encryptor 333 encrypts this content using the D Key 62-B effective in the security group 51-B, and outputs the encrypted content obtained as a result. The router 321 records this encrypted content on a second recording medium (not shown).

  Note that the first recording medium and the second recording medium may be the same medium, or may be separate (two sheets) media.

  The second recording medium on which the encrypted content is recorded is provided to the deck of the security group 51-B by a person or the like.

  The deck or the like of the security group 51-B reads out the encrypted content from the second recording medium and decrypts it using the D Key 62-B.

  In this case, the content as a plaintext signal obtained as a result of decrypting the encrypted content read from the first recording medium in the Data Decryptor 331 does not go out of the router 321. Eavesdropping of plaintext signals can be prevented. That is, the external wiretapping problem can be solved.

  Note that the setting of the D Key 62-A and D Key 62-B to the router 321 is not shown in FIG. 19, but may be executed by, for example, the security manager 21 shown in FIG.

  Further, for example, although not shown, a tamper sensor that detects that the chassis of the router 321 has been opened or broken is added, and when the sensor is detected, the content as a plaintext signal transmitted through the transmission unit 332 is protected. Therefore, the operation of the Data Decryptor 331 is stopped, the D Key 62-A and D Key 62-B held in the router 321 are deleted to protect the key, and the detection event is notified to notify the administrator of the router 321. It may be recorded in a log.

  In contrast to such operations by Data Decryptor 331 to Data Encryptor 333, operations by Packet Decryptor 341 to Packet Encryptor 343 are as follows.

  That is, the device connected to the first network in the security group 51-A encrypts the content using the N Key 63-A, and the encrypted content obtained as a result is routed to the router via the first network. 321 is transmitted.

  Then, the router 321 receives the encrypted content via the first network and provides it to the internal packet decryptor 341. The Packet Decryptr 341 decrypts the encrypted content using the N Key 63-A effective in the security group 51-A, and transmits the content obtained as a result to the Packet Encryptor 343 via the transmission unit 342. The Packet Encryptor 343 encrypts this content using the N Key 63-B effective in the security group 51-B, and outputs the encrypted content obtained as a result. The router 321 transmits this encrypted content to the second network in the security group 61-B.

  Then, the device connected to the second network in the security group 51-B receives the encrypted content and decrypts it using the N Key 63-B.

  In this case, the content as a plaintext signal obtained as a result of decryption of the encrypted content transmitted from the first network in the Packet Decryptor 341 does not go out of the router 321. Eavesdropping on plaintext signals can be prevented. That is, the external wiretapping problem can be solved.

  The setting of the N Key 63-A and N Key 63-B to the router 321 is not shown in FIG. 19, but may be executed by the security manager 21 shown in FIG. 12, for example.

  In addition, for example, although not shown, a tamper sensor that detects that the chassis of the router 321 has been opened or broken is added, and when the sensor is detected, the content as a plaintext signal transmitted through the transmission unit 342 is protected. Therefore, the operation of the Packet Decryptor 341 is stopped, the N Key 63-A and N Key 63-B held in the router 321 are deleted to protect the key, and the detection event is notified to notify the administrator of the router 321. It may be recorded in a log.

  The router 321 is not limited to the one-way routing function from the security group 51-A to the security group 51-B, and may have a two-way routing function.

  By the way, as described above, the number of security groups to which contents are exchanged may be three or more. In this case, relaying of contents exchanged between the security groups can be performed by the routing switcher. However, if the conventional routing switcher is applied as it is, it is difficult to meet the above-mentioned transfer request between security groups, and the above-described external wiretapping problem also occurs.

  In this case, for example, a routing switcher as shown in FIG. 20 is realized as the information processing apparatus invented by the present inventor, that is, the information processing apparatus having the first function and the second function described above. By doing so, it is possible to meet the transfer request between security groups and to solve the external wiretapping problem.

  The routing switcher 351 in the example of FIG. 20 is configured as a routing switcher for HD-SDI signals so as to correspond to the router 301 for HD-SDI signals in FIG. In other words, the routing switcher 351 includes input terminals 361-a through 361-d, link decoders 362-a through 362-d, crosspoint switch 363, link encryptors 364-a through 364-d, and output terminals 365-a through 365-d. It is comprised so that it may contain.

  Hereinafter, the operation of the routing switcher 351 will be described.

  When encrypted content is output from the predetermined security group in the form of an HD-SDI signal and input to the input terminal 361-k (k is one of alphabets a to d), the encrypted content is Provided to Link Decryptor 362-k.

  Link Decryptr 362-k decrypts this encrypted content by using LE Key 61-m (m is any alphabet of A to D) that is effective in the predetermined security group that output it, and the result The resulting content is provided to input i of crosspoint switch 363. The input i is any one of 1 to 4, and in the example of FIG. 20, each of the inputs i = 1 to 4 corresponds to each of the Link Decrypters 362-k = a to d.

  The input i of the crosspoint switch 363 is preset to be connected to the output K. K is an alphabet of any one of A to D. In the example of FIG. 20, K = B corresponds to i = 1, and K = C corresponds to i = 2. , I = 3 corresponds to K = D. Therefore, the content input to the input i of the cross point 363 is output from the output K and provided to the Link Encryptor 364-k. Each of Link Encryptor 364-k = a to d corresponds to each of outputs K = A to D.

  The Link Encryptor 364-k encrypts the content from the crosspoint switch 363 using the LE Key 61-p (p is one of alphabets A to D) valid in the output destination security group, and the result The obtained encrypted content is output from the output terminal 365-k in the form of an HD-SDI signal. Then, the encrypted content is transmitted to the output destination security group. In this way, it is possible to meet the transfer request between security groups.

  In this case, since the content as a plaintext signal obtained as a result of decoding the HD-SDI signal in the Link Decryptor 362-k does not go outside the routing switcher 351, the plaintext signal is wiretapped from outside the routing switcher 351. Can be prevented. That is, the external wiretapping problem can be solved.

  The setting of the LE Keys 61-A to 61-D in the routing switcher 351 is not shown in FIG. 20, but may be executed by the security manager 21 shown in FIG. Further, when viewed from the side of the routing switcher 351, each value (key data) of the LE Keys 61-A to 61-D that can be set may be arbitrary. Different key data may be set for all -k, or the same key data may be set for some or all of them.

  In addition, for example, although not shown, a tamper sensor that detects that the chassis of the routing switcher 351 has been opened or broken is added, and when that sensor is detected, a plaintext signal transmitted to the crosspoint switch 363 or the like is provided. In order to protect the contents of the network, the operation of the Link Decryptor 362-k is stopped, the LE Keys 61-A to 61-D held in the routing switcher 351 are deleted to protect the key, and the administrator of the routing switcher 351 The detection event may be recorded in a log to notify the user.

  In this way, by applying the routing switcher 351, up to 4 security groups can be handled simultaneously for IN and OUT bidirectional routing, and up to 8 security groups can be handled simultaneously for IN or OUT unidirectional routing. .

  Further, for example, by setting the routing switcher 351 as follows, the flow of the HD-SDI signal as the encrypted content is changed from the input terminal 361-a → the output terminal 365-b → the input terminal 361-b → The output terminal 365-c can be limited to the input terminal 361-c → the output terminal 365-d.

  That is, LE Key 61-A is set for Link Decryptor 362-a connected to input terminal 361-a and Link Encryptor 364-a connected to output terminal 365-a. LE Key 61-B is set for Link Decryptor 362-b connected to input terminal 361-b and Link Encryptor 364-b connected to output terminal 365-b. The LE Key 61-C is set for the Link Decryptor 362-c connected to the input terminal 361-c and the Link Encryptor 364-c connected to the output terminal 365-c. LE Key 61-D is set for Link Decryptor 362-d connected to input terminal 361-d and Link Encryptor 364-d connected to output terminal 365-d. Further, the cross point switch 363 is set so that the input 1 and the output B are connected, the input 2 and the output C are connected, and the input 3 and the output D are connected. By performing such setting, for example, the flow of the HD-SDI signal as the encrypted content is changed from the input terminal 361-a → the output terminal 365-b → the input terminal 361-b → the output terminal 365-c → the input terminal 361-. It can be limited to c → output terminal 365-d.

  Therefore, for example, as shown in FIG. 21, the input terminal 361-a is connected to the security group 51-A, the input terminal 361-b and the output terminal 365-b are connected to the security group 51-B, and the input terminal By connecting the output terminal 365-c and the output terminal 365-c to the security group 51-C and connecting the output terminal 365-d to the security group 51-D, the flow of the HD-SDI signal as the encrypted content Can be limited to security group 51-A → security group 51-B → security group 51-C → security group 51-D, as indicated by the white arrows in FIG. In other words, it is possible to control the flow of signals between security groups while protecting the HD-SDI signal with encryption, which enables workflow control in the production environment.

  In this case, even if the devices are directly connected via an HD-SDI cable across security groups, the key data of the encryption key is different, so the video cannot be delivered using the HD-SDI signal. That is, as long as the key data and the setting of the crosspoint switch 363 of the routing switcher 351 are managed safely, the workflow cannot be broken and the video cannot be distributed.

  The routing switcher 351 has been described above with reference to FIGS. 20 and 21. However, the embodiment is not limited to the examples of FIGS. 20 and 21 and can take various forms.

  For example, in the example of FIG. 21, only four Link Decryptors 362-a to 362-d and four Link Encryptors 364-a to 364-d are mounted on the routing switcher 351. This is because the number of switches of the cross point switch 363 is four. That is, according to the number of switches of the crosspoint switch 363, the number of Link Decryptors and Link Encryptors mounted on the routing switcher 351 can be increased or decreased.

  Further, the routing switcher 351 may be provided with a function capable of individually turning on / off the Link Decryptor function and the Link Encryptor function if possible.

  In the routing switcher 351, the transmission format to be routed may be a real-time transmission format other than HD-SDI.

  Further, in the routing switcher 351, operator authentication using a password or the like may be performed in order to give the setting authority to an operator who performs operations such as key setting and crosspoint switch 363 operation.

  In addition, in this embodiment, for example, in this embodiment, a network port may be provided to perform key distribution from the security manager 21 to the routing switcher 351 in FIG.

  Further, in order to conceal network communication and perform device authentication from the security manager 21, a public key certificate may be provided.

  By the way, the series of processes described above can be executed by hardware or can be executed by software. When a series of processing is executed by software, a program constituting the software executes various functions by installing a computer incorporated in dedicated hardware or various programs. For example, it is installed from a program recording medium in a general-purpose personal computer or the like.

  FIG. 22 is a block diagram showing an example of the configuration of a personal computer that executes the above-described series of processing by a program. That is, for example, when the above-described series of processing is executed by a program, each of the devices, routers, and routing switches that belong to the security group can be configured by a personal computer having the configuration shown in FIG. 22 or a part thereof. is there. As for the security manager, the processing can be executed by a program by adopting the computer configuration of FIG. 3 described above.

  In FIG. 22, a CPU (Central Processing Unit) 401 executes various processes according to a program stored in a ROM (Read Only Memory) 402 or a storage unit 409. A RAM (Random Access Memory) 403 appropriately stores programs executed by the CPU 401 and data. Further, data to be protected such as key data is stored in a secure memory 404 constituted by a nonvolatile memory or the like. The CPU 401, ROM 402, RAM 403, and secure memory 404 are connected to each other via a bus 405.

  An input / output interface 406 is also connected to the CPU 401 via the bus 405. The input / output interface 406 is connected to an input unit 407 including a keyboard, a mouse, and a microphone, and an output unit 408 including a display and a speaker. The CPU 401 executes various processes in response to commands input from the input unit 407. Then, the CPU 401 outputs the processing result to the output unit 408.

  A storage unit 409 connected to the input / output interface 406 includes, for example, a hard disk, and stores programs executed by the CPU 401 and various data. The communication unit 410 communicates with an external device via a network such as the Internet or a local area network. Alternatively, the communication unit 410 communicates with an external device through a predetermined interface (for example, HD-SDI). Alternatively, the program may be acquired via the communication unit 410 and stored in the storage unit 409.

  The encryption / decryption unit 411 executes encryption / decryption processing for content and the like.

  A drive 412 connected to the input / output interface 406 drives a removable medium 413 such as a magnetic disk, an optical disk, a magneto-optical disk, or a semiconductor memory, and drives them to store programs and data recorded therein. Get etc. The acquired program and data are transferred to and stored in the storage unit 409 as necessary.

  As shown in FIG. 3 and FIG. 22, a program recording medium for storing a program that is installed in a computer and can be executed by the computer is a magnetic disk (including a flexible disk), an optical disk (CD-ROM (Compact The removable media 112 in FIG. 3, the removable media 413 in FIG. 22 or the program temporarily, which is a package media made up of a disc-read only memory (DVD) (including a digital versatile disc (DVD)), a magneto-optical disc, or a semiconductor memory. 3 and the ROM 402 shown in FIG. 22, the storage unit 109 shown in FIG. 3, and the hard disk constituting the storage unit 409 shown in FIG. The program is stored in the program recording medium as necessary, such as a local area network, the Internet, or digital satellite broadcasting via the communication unit 110 in FIG. 3 or the communication unit 410 in FIG. This is performed using a wired or wireless communication medium.

  In the present specification, the step of describing the program stored in the program recording medium is not limited to the processing performed in time series in the order described, but is not necessarily performed in time series. Or the process performed separately is also included.

  Further, in this specification, the system represents the entire apparatus constituted by a plurality of apparatuses.

It is a block diagram which shows the structural example of the information processing system to which this invention is applied. It is a block diagram which shows the structural example of the deck which has joined the security group formed in the information processing system of FIG. It is a block diagram which shows the structural example of the security manager in the information processing system of FIG. It is a figure which shows the example of the GUI image of the security manager of FIG. It is a figure which shows the example of the apparatus database which the security manager of FIG. 3 hold | maintains. It is a figure which shows the example of the key database which the security manager of FIG. 3 hold | maintains. It is a flowchart explaining the example of a process of the security manager of FIG. 8 is a flowchart illustrating a detailed example of device database update / key setting processing in the security manager processing of FIG. 7. It is a figure which shows the example of a response | compatibility of an encryption channel and an encryption key. 9 is a flowchart showing an example of processing on the deck side with respect to the processing of the security manager of FIGS. 7 and 8. 9 is a flowchart showing an example of processing on the deck side with respect to the processing of the security manager of FIGS. 7 and 8. It is an information processing system to which the present invention is applied, and is a block diagram showing a configuration example when two or more security groups are formed. It is a figure which shows the example of the GUI image of the security manager of FIG. It is a figure which shows the example of the apparatus database which the security manager of FIG. 12 hold | maintains. It is a figure which shows the example of the key database which the security manager of FIG. 12 hold | maintains. It is a figure explaining the example of a technique for protecting a content in the content transmission by HD-SDI between the two security groups of FIG. It is a figure explaining another example of a technique for protecting contents in contents transmission by HD-SDI between two security groups of Drawing 12. FIG. 18 is a diagram for explaining another example of a technique for protecting content that can solve the problems of FIG. 16 and FIG. 17 in HD-SDI content transmission between the two security groups of FIG. 1 is a diagram including a configuration example of a router to which is applied. FIG. 19 is a block diagram illustrating a configuration example different from the example of FIG. 18, which is a router to which the present invention is applied. It is a block diagram which shows the structural example of the routing switch with which this invention is applied. It is a figure which shows the example of application of the routing switch of FIG. It is a block diagram which shows the structural example of the personal computer which executes the program with which this invention is applied.

Explanation of symbols

  1 camcorder, 2 decks, 3 material server, 4 editor, 5 monitor, 6 network, 11 recording media, 21 security manager, 31 HD-SDI transmission line, 51 security group, 61 LE Key, 62 D Key, 63 N Key, 71 CPU, 72 RAM 72 ROM, 74 Device ID memory, 75 I / F, 76 Key register, 77 DMAC, 78 Data Decryptor, 79 Data Encryptor, 80 Packet Encryptor, 81 Packet Decryptor, 82 MPEG2 Decoder, 83 MPEG2 Encoder, 84 bus , 85 Disc Drive, 86 Network I / F, 87 Stream Encryptor, 88 HD-SDI OUT I / F, 89 Output Terminal, 90 Input Terminal, 91 HD-SDI IN I / F, 92 Stream Decryptor, 101 CPU, 102 ROM , 104 Secure memory, 109 Storage unit, 112 Removable media, 01 router, 311 Link Decryptor, 312 transmission line, 313 Link Encryptor, 321 router, 331 Data Decryptor, 332 transmission line, 333 Data Encryptor, 341 Packet Decryptor, 342 transmission line, 343 Packet Encryptor, 361 input terminal, 362 Link Decryptor, 363 Crosspoint switch, 364 Link Encryptor, 365 output terminal, 401 CPU, 402 ROM, 404 secure memory, 409 storage unit, 413 removable media

Claims (10)

When a plurality of devices each set with a common key are subscribed and protection information is transmitted from a predetermined one of them to another, the predetermined one uses the common key. And encrypting the protection information, transmitting the resulting encrypted protection information, and receiving the encrypted protection information by the other device and decrypting it using the common key. An information processing apparatus for managing a security group,
Key management means for managing key data to be used as the common key;
The key data managed by the key management means for each device connected to itself so as to manage whether or not to join the security group. An information processing apparatus comprising: device management means for setting the password as the common key and managing the set content. In the security group, there are a plurality of types of transmission forms of the encryption protection information, and it is defined that a plurality of types of common keys are set corresponding to each of the plurality of types of transmission forms,
The key management means manages key data to be used as each of the plurality of types of common keys,
The device management means further manages the usable types of the plurality of types of transmission forms for each of the devices,
For each device that has joined the security group, the corresponding key data of the key data managed by the key management means is set as the common key for each of the usable transmission modes. The information processing apparatus according to claim 1, wherein the setting contents are managed. There are a plurality of security groups,
The key management means individually manages different key data as each of the common keys of the plurality of security groups,
The device management means manages presence / absence of each of the plurality of security groups;
For each of the plurality of security groups, the key data managed as the common key of the target security group is set by the key management unit for each device that has joined the target security group, The information processing apparatus according to claim 1, wherein each setting content is managed. When a plurality of devices each set with a common key are subscribed and protection information is transmitted from a predetermined one of them to another, the predetermined one uses the common key. And encrypting the protection information, transmitting the resulting encrypted protection information, and receiving the encrypted protection information by the other device and decrypting it using the common key. In an information processing method of an information processing apparatus that manages a security group,
Managing key data to be used as the common key;
For each of the devices connected to itself so far, manage whether or not to join the security group,
An information processing method including a step of setting the managed key data as the common key for a device that joins the security group and managing the setting contents. When a plurality of devices each set with a common key are subscribed and protection information is transmitted from a predetermined one of them to another, the predetermined one uses the common key. And encrypting the protection information, transmitting the resulting encrypted protection information, and receiving the encrypted protection information by the other device and decrypting it using the common key. A program executed by a computer that manages a security group,
Managing key data to be used as the common key;
For each of the devices connected to itself so far, manage whether or not to join the security group,
A program including a step of setting the managed key data as the common key for a device that joins the security group, and managing the setting contents. When a plurality of devices each set with a common key are subscribed and protection information is transmitted from a predetermined one of them to another, the predetermined one uses the common key. And encrypting the protection information, transmitting the resulting encrypted protection information, and receiving the encrypted protection information by the other device and decrypting it using the common key. An information processing apparatus for managing a security group,
Key management means for managing key data to be used as the common key;
A device image of a device that includes the first region indicating the security group and the other second region other than the first region and that has been connected to itself so far and that has joined the security group. A GUI (Graphical User Interface) image displayed in the second area, and a device image of a device that has not yet joined the security group is displayed in the second region, and the GUI image capable of moving the device image Display control means for controlling the display of
In the GUI image whose display is controlled by the display control unit, when the movement operation from the second region to the first region of a predetermined device image is performed, a device corresponding to the predetermined device image An information processing apparatus comprising: device management means for managing the joining of the security group, setting the key data managed by the key management means as the common key, and managing the set contents. In the GUI image, when the movement operation from the first region to the second region of the predetermined device image is performed in the GUI image, the device management unit further relates to the device corresponding to the predetermined device image. The information processing apparatus according to claim 6, managing that the security group has been withdrawn, canceling the setting of the common key, and managing the cancellation content. In the GUI image, the display control unit includes a display form of the device image of a device connected to the information processing device itself, and a device image of the device not connected to the information processing device itself. The information processing apparatus according to claim 6, wherein the display form is different. When a plurality of devices each set with a common key are subscribed and protection information is transmitted from a predetermined one of them to another, the predetermined one uses the common key. And encrypting the protection information, transmitting the resulting encrypted protection information, and receiving the encrypted protection information by the other device and decrypting it using the common key. An information processing method for an information processing apparatus that manages a security group,
Managing key data to be used as the common key;
A device image of a device that includes the first region indicating the security group and the other second region other than the first region and that has been connected to itself so far and that has joined the security group. A GUI (Graphical User Interface) image displayed in the second area, and a device image of a device that has not yet joined the security group is displayed in the second region, and the GUI image capable of moving the device image Control the display of
In the GUI image whose display is controlled, when the movement operation from the second area to the first area of a predetermined device image is performed, the security group is set for the device corresponding to the predetermined device image. An information processing method comprising the steps of: managing that the key data being managed is set as the common key, and managing the set contents. When a plurality of devices each set with a common key are subscribed and protection information is transmitted from a predetermined one of them to another, the predetermined one uses the common key. And encrypting the protection information, transmitting the resulting encrypted protection information, and receiving the encrypted protection information by the other device and decrypting it using the common key. A program executed by a computer that manages a security group,
Managing key data to be used as the common key;
A device image of a device that includes the first region indicating the security group and the other second region other than the first region and that has been connected to itself so far and that has joined the security group. A GUI (Graphical User Interface) image displayed in the second area, and a device image of a device that has not yet joined the security group is displayed in the second region, and the GUI image capable of moving the device image Control the display of
In the GUI image whose display is controlled, when the movement operation from the second area to the first area of a predetermined device image is performed, the security group is set for the device corresponding to the predetermined device image. A program comprising the steps of: managing that the user has joined the service, setting the managed key data as the common key, and managing the set contents.

Images