A digital bidirectional communication system, typified by a bidirectional CATV system, is constructed by a bidirectional communication network wherein a plurality of terminal devices are connected to a center device. Each terminal device has a MAC (Media Access Control) function for controlling bidirectional communication which includes downstream communication from the center device to the terminal devices and upstream communication from the terminal devices to the center device. In general, the processing function is realized by encrypting a protocol which has a MAC-specific structure buried in communication data as a sub-layer.
An example of the MAC structure is DOCSIS (Data Over Cable Service Interface Specifications) system proposed by MCNS (Multimedia Cable Network Systems partners), which is the organization established by cable operators and TV-set suppliers in U.S., and is currently the defacto standard. Details of this system are disclosed in the specification, Data-Over-Cable Service Interface Specifications, “Radio Frequency Interface Specification SP-RFIv1.1-I06-001215”, supplied by Cable Labs (Cable Television Laboratories Inc.) of U.S.
In general, video data is mainly transferred by the downstream communication. Thus, although communication data has an MPEG structure, a MAC structure is defined as a sub-layer of the communication data. In the downstream communication, the communication channel frequency is allocated to a relatively wide band, and therefore, communication control itself is relatively simple. However, it is necessary to process an enormous amount of data for video data transfer, and thus, it is required to process the data in real time according to a predetermined procedure without causing an error.
On the other hand, in the upstream communication, control data is mainly transferred in general. This control data includes an instruction request from a terminal device and state indication data which indicates the state of each terminal device. Receiving the control data transferred through the upstream communication, the center device responds to a request instruction from each terminal device or transmits various information for appropriately controlling terminal devices as control data of the downstream communication. Since in the upstream communication a large number of communication channel frequencies are allocated to a narrow band, a collision occurs among a plurality of terminal devices in some cases. In other cases, a necessary communication channel frequency cannot be obtained. For such reasons, the upstream communication requires complicated control, and the function for realizing the complicated control greatly affects the communication performance of the bidirectional communication.
The DOCSIS MAC structure basically has the same structure as that of the Ethernet communication in order to improve the compatibility with IP communication based on the Ethernet but has various header fields which are DOCSIS-specific regions. Among the header fields, a field called “extension header”, which is a region having a variable length, defines the cryptographic function and other additional functions. The extension header is a feature of the DOCSIS MAC structure.
In order to realize the MAC function, it is necessary to perform various processes at appropriate timings after the data structure having a complicated multi-layered structure is analyzed as defined in the above specification. Implementing a large number of processes for an enormous number of combinations and verifying the operation for each combination are fairly arduous and entail an enormous amount of data processing.
Each of the processes that constitute the MAC function is mainly arithmetic processing for a control system. Specifically, the processes are basically filtering (dividing) of data, synchronous processing, sorting, formatting, etc., and combinations thereof. Each of these processes itself is not by any means a burdensome process.
However, the MAC function includes a security function for protecting data indispensable for the communication system. As for the DOCSIS system, the details of the specifications are disclosed in the specification, Data-Over-Cable Service Interface Specifications, “Baseline Privacy Plus Interface Specifications SP-BPI+-I07-010829” Supplied by Cable Labs of U.S.
The security function of the MAC function is called “Baseline Privacy”, which uses a protocol called “BPKM (Baseline Privacy Key Management)”. BPKM has a function for transferring an encrypted cryptographic key for achieving safe key exchange and a message authentication function for confirming whether or not a message of cryptographic key exchange is from a true sender, whether or not the message has been tampered, or the like. In BPKM, key distribution is carried out using “Authorization Key” which functions as a master key, and “DES encryption key (Traffic Encryption Key (TEK))” which is actually used for encryption and decryption of data.
A terminal device receives the Authorization Key encrypted based on the RSA public key system and decrypts the Authorization Key using a RSA public key. Then, the decrypted Authorization Key is subjected to some other processes for TEK decryption and authentication to obtain TEK data. At the final step, decryption of actual communication data is carried out using the obtained TEK data. Also in the process of decrypting a RSA cipher used for decryption of Authorization Key and the process of decrypting a DES cipher used for decryption of TEK data, mathematical computations of a plurality of pieces of 64-bit data need to be repeatedly carried out in a parallel fashion. Thus, it can be said that each process is considerably burdensome.
Such processes need to be carried out in combination in order to realize the MAC function for achieving bidirectional control in digital bidirectional communication.
Problems to be Solved
In general, the MAC function is realized using a general purpose processor (CPU). This is because the CPU flexibly deals with complicated processes and is capable of relatively readily realizing verification and function correction for establishment of system reliability.
However, a high performance CPU is indispensable for the MAC function in order to realize an enormous amount of data processing. Further, all of desired functions exceed the capacity of a single CPU, i.e., are extremely difficult to realize with a single CPU. Thus, the circuit size required for realizing all of the MAC function is considerably large, resulting in an impracticably expensive device.
In view of the above, an objective of the present invention is to provide digital bidirectional communication control wherein the burden of CPU processing is reduced, and the entire circuit size of the device is optimized.