In recent years, as digitization of image data evolves, there is a need for protection of a copyright of an image represented as digital data, since an image quality of the digital data is not degraded if duplicated. In addition, protection of the copyright of the image is closely related to control of accounting on the usage of the image data, and a conditional access method which is put into practical use in digital satellite broadcast is considered as a measure taken to protect the copyright of the image data.
As an example of a conventional method for protecting the copyright, the above-described restricted receiving method for digital satellite broadcast (“Satellite Digital Broadcast System Technology” written by Asada, Inoue, et. al, Matushita Technical Journal Vol. 44, No. 1, February 1998), will now be described with reference to figures. In this digital satellite broadcast, a compression scheme and a multiplexing scheme according to MPEG (Moving Picture Experts Group) standard are employed.
FIG. 9 is a diagram for explaining a conventional restricted receiving system and showing a data transmission/receiving system which adopts the restricted receiving method.
Turning to FIG. 9, there is shown a data transmission/receiving system 1000, which comprises a data transmission-side apparatus 81 for compressing, multiplexing, and scrambling video data Dvi and audio data Dau according to MPEG2 standard and outputting the resulting data, and a data receiving-side apparatus 91 which receives and reproduces scrambled data (transmitted data) Sg from the data transmission-side apparatus 81.
The data transmission-side apparatus 81 includes an audio encoder 82 for compressing the audio data Dau according to MPEG2 standard and outputting compressed (encoded) audio data EDau, a video encoder 83 for compressing the video data Dvi according to MPEG2 standard and outputting compressed (encoded) video data EDvi, and multiplexing means 84 for packetizing the compressed audio data EDau and compressed video data EDvi to generate a plurality of data packets such that each of them has a fixed-bit length, multiplexing the plurality of data packets, and outputting a multiplexed bit stream MB. This packetization is performed for each program such that one packet contains data of the same program, and program identification information used for identifying each program is added to a corresponding packet header.
The data transmission-side apparatus 81 further includes a scrambler 85 for scrambling a predetermined portion of each data packet included in the multiplexed bit stream MB by using a scramble key Ks(t) and outputting a scrambled (encrypted) bit stream SB, a scramble key encryption unit 86 for encrypting the scramble key Ks(t) by using a work key KW to generate an encrypted scramble key Ks(t)m, storing the encrypted scramble key Ks(t)m in an ECM (Entitlement control message) packet, and outputting the ECM packet, and a work key encryption unit 87 for encrypting the work key KW by using a master key KMm to generate an encrypted work key KWm, storing the encrypted work key KWm in an EMM (Entitlement management message) packet, and outputting the EMM packet.
The data transmission-side apparatus 81 still further includes a packet multiplexing unit 80 for multiplexing the scrambled bit stream SB (data packets), ECM packets, and EMM packets, to produce multiplexed data to-be-transmitted Sg.
Furthermore, the data transmission-side apparatus 81 includes a scramble key generation unit for generating the scramble key Ks(t) updated at regular time intervals, a work key generation unit for generating the work key KW, and a master key storage unit for storing the master key KMm to be supplied to the work key encryption unit 87, although these components are not shown in this figure.
The data receiving-side apparatus 91 includes a packet separation unit 90 which receives the multiplexed data Sg which has been transmitted, separates the multiplexed data Sg into the scrambled bit stream SB (data packet), the ECM packets, and the EMM packets.
The data receiving-side apparatus 91 further includes a work key decryption unit 97 for decrypting the encrypted work key KWm stored in the EMM packet by using the master key KMm to generate the work key KM, a scramble key decryption unit 96 for decrypting the encrypted scramble key Ks(t)m stored in the ECM packet by using the work key KW to generate the scramble key Ks(t)m, and a descrambler 92 for descrambling a scrambled portion of the data packet included in the scrambled bit stream SB by using the scramble key Ks(t) to produce a descrambled bit stream DB.
The data receiving-side apparatus 91 still further includes separation means 93 for separating and extracting the compressed audio data EDau and the compressed video data EDvi from the descrambled bit stream DB, an audio decoder for decompressing the compressed audio data EDau to provide reproduced audio data RDau, and a video decoder 95 for decompressing the compressed video data EDvi to provide reproduced video data RDvi.
Furthermore, the data receiving-side apparatus 91 includes a master key storage unit for storing the master key KMm to be supplied to the work key decryption unit 97, although this is not shown.
FIG. 10(a) shows a structure of the multiplexed data Sg, FIG. 10(b) shows a structure of a data packet included in the scrambled bit stream SB, FIG. 10(c) shows a structure of the ECM packet, and FIG. 10(d) shows a structure of the EMM packet.
Turning to FIG. 10(a), the multiplexed data Sg includes data packets 100a(i) [i=1, 2, 3, . . . , 6, 7, 8, . . . ], ECM packets 110a(t) [t=1, 2, . . . ], and an EMM packet 120a. 
The data packets 100a(1), 100a(2), 100a(3), . . . , 100a(6), 100a(7), and 100a(8) are 1st to 8th data packets included in the scrambled bit stream SB. The multiplexed bit stream MB includes data packets including compressed video data and compressed audio data corresponding to various types of program data. Therefore, the multiplexed data Sg shown in FIG. 10(a) includes the data packets included in the scrambled bit stream, the ECM packets, and the EMM packets for various program data.
A description will be made to explain structures of the respective packets in brief.
Turning to FIG. 10(b), the data packet 100a(i) is composed of a header 100 at the head thereof, an adaptation field 101 which follows the header 100 and represents attribute information and the like of corresponding data, and a data part called “Pay Load” 102 which follows the adaptation field 101.
The compressed audio data Dau or the compressed video data EDvi is stored in the Pay Load 102 of each data packet 100a(i), which corresponds to a scrambled region in each data packet 100a(i).
The ECM packet 110a(t), which is shown in FIG. 10(c), is composed of a header 110 and a key storage unit 111 which contains the encrypted scramble key Ks(t)m. The EMM packet 120a, which is shown in FIG. 10(d), is composed of a header 120 and a key storage unit 121 which contains the encrypted work key KWm. The scramble key Ks(t) is updated with elapse of time (t). Encrypted scramble keys Ks(1)m and Ks(2)m are obtained by encrypting a scramble key Ks(1) and a scramble key Ks(2) updated at time t=t1 and t=t2, respectively, by using the work key KW.
By the way, in the above data transmission/receiving system 1000, accounting on each program data is controlled. Specifically, for a charged program which requires a contract, corresponding program data is scrambled so that only a specified (intended) viewer which made the contract utilizes this program. Thereby, copyright of specified program data is protected. Therefore, it is difficult for viewers that have not made the contract to normally reproduce and watch the content of such charged program.
More specifically, the Pay Load 102 of the data packet corresponding to the charged program which is included in the scrambled bit stream SB, is scrambled, and thereby general (unintended) viewers who have not made the contract, cannot watch the charged program. To the header 100 of each data packet 100a(i), a scramble identifier Fs(i) indicating whether or not corresponding Pay load 102 is scrambled is affixed.
Operation will now be described.
When the video data Dvi and the audio data Dau corresponding to various types of programs are input to the data transmission-side apparatus 81, the video encoder 83 and the audio encoder 82 compress these data according to MPEG2 standard, to produce the compressed video data EDvi and compressed audio data EDau, respectively. The multiplexing means 84 multiplexes these compressed data EDvi and EDau according to MPEG2 standard such that each of them is stored in a corresponding data packet having a fixed-packet length, i.e., a fixed-bit length and the respective data packets 100a(i) are multiplexed to provide the multiplexed bit stream MB.
When the multiplexed bit stream MB is input to the scrambler 85, the scrambler 85 scrambles the Pay Load 102 of the data packet 100a(i) corresponding to program data for which accounting is to be controlled, and outputs accounting-controlled bit stream (scrambled bit stream) SB.
Hereinafter, the above scrambling will be explained in detail.
As described above, the compressed audio data EDau and the compressed video data EDvi corresponding to individual programs are multiplexed on a packet basis and the resulting multiplexed bit stream MB is scrambled (encrypted) by the scrambler 85 by using the scramble keys Ks(t) to create the scrambled bit stream SB, which is output to the packet multiplexing unit 80. For security, the scramble keys Ks(t) are updated by a generator (not shown) at intervals ranging from several to several-ten seconds. The scramble key Ks(t) represents a set of time-series data, i.e., scramble keys Ks(1) and Ks(2) updated at regular time intervals.
The scramble key encryption unit 86 encrypts the scramble key Ks(t) by using the work key KW. The encrypted scramble key Ks(t)m is stored in the ECM packet 110a(t) different from the data packet 100a(i) of the scrambled bit stream SB and output to the packet multiplexing unit 80. The work key encryption unit 87 encrypts the work key KW by using the master key KMm stored in the key storage unit (not shown) of the data processing apparatus 1000. The encrypted work key KWm is stored in the EMM packet 120a different from the data packet 100a(i) and the ECM packet 110a(t), and output to the packet multiplexing unit 80. The master key KMm varies from viewer to viewer, and is distributed to a receiver (data receiving-side apparatus) 91 by using a physical medium such as an IC card, and stored in a key storage unit (not shown) in the receiver 91. Therefore, one work key KW is encrypted by different master keys KMm for plural receivers (viewers).
The packet multiplexing unit 80 multiplexes the data packets 100a(i), the ECM packets 110a(t), the EMM packets 120a, and outputs “multiplexed data to-be-transmitted” (multiplexed data)Sg.
When the data receiving-side apparatus (receiver) 91 receives the multiplexed data Sg including the scrambled program data to be broadcast in real time and the encrypted scramble keys Ks(t)m, the packet separation unit 90 separates data packets 100a(i), ECM packets 110a(t), and an EMM packet 120a for a desired program from the multiplexed data Sg. The work key decryption unit 97 decrypts the encrypted work key KWm stored in the EMM packet 120a by using the master key KMm held by the receiver. The resulting decrypted work key KW is held in the receiver.
Also, the scramble key decryption unit 96 decrypts the encrypted scramble key Ks(t)m by using the work key KW held in the receiver and outputs the decrypted scramble key Ks(t) to the descrambler 92. The descrambler 92 descrambles the Pay Load 102 of the data packet 100a(i) of the scrambled bit stream SB to produce the descrambled bit stream DB. The separation means 93 extracts the compressed audio data Dau and the compressed video data EDvi from the descrambled bit stream DB.
Thereafter, the compressed audio data EDau and the compressed video data EDvi are input to the audio decoder 94 and the video decoder 95, which decompress these data, respectively, and output reproduced audio data RDau and reproduced video data RDvi, respectively.
Using the above conventional data transmission/receiving system, the following problem arises.
In a coding scheme according to MPEG4 which is currently standardized as an international standard for an image compression technique, an image signal corresponding to a scene (image corresponding to a frame) is divided into image signals respectively corresponding to a plurality of objects composing the scene, and the image signals are compressed object by object.
On the other hand, in a coding scheme according to MPEG2 standard (MPEG2), one video object composes one scene. When an audio object is handled as a scene object, it is assumed that two objects (video object and audio object) compose the scene. Considering that the audio accompanies the image and the scene is reproduced by reusing the image corresponding to the scene, the scene according to MPEG2 is taken as being composed of one video object.
In the coding scheme according to MPEG4 (MPEG4), the image signal corresponding to the scene is coded for each of the objects composing the scene, and in a decoding scheme according to MPEG4, coded data of respective objects is decoded for each object. Therefore, it is necessary to manage a copyright for each of the objects composing the scene instead of managing it for the whole scene. This is because some of the objects composing the scene do not require protection of their copyrights, and may be copied. So, MPEG4 requires object-based copyright management.
When the plurality of objects composing the scene includes at least one object requiring protection of its copyright, like data handled in MPEG2, object data corresponding to all the objects composing the scene could be scrambled.
In this case, however, respective object data is descrambled only by one-decryption of the object data corresponding to all the objects. Since the object data corresponding to all the objects is individually separatable, a target object having a copyright to-be-protected can be extracted from the scene after descrambling. It is easy to use the target object which has been extracted as one of a plurality of objects composing another scene.
In the data transmission/receiving system according to MPEG4, if the object having the copyright to-be-protected is used although this is unauthorized (illegal), it is difficult to prove this unauthorized usage. As a consequence, the copyright of the object might be often violated.
Thus, using the method in which all the objects composing the scene including the objects having copyrights to-be-protected are scrambled indiscriminately, in the data transmission/receiving system according to MPEG4, the unauthorized usage of the objects having copyrights to-be-protected is not prevented satisfactorily.