In recent years network technology for making connections between audio visual systems has come into common use. As one of such networks, a serial bus (hereinafter referred to as IEEE 1394 bus) of the IEEE 1394-1995 standard (hereinafter referred to as IEEE 1394) exists. IEEE 1394 is a standard of high speed bus system for carrying out a serial transmission, wherein data can be synchronously transmitted so that a real time transmission of audio visual data, or the like, is possible. This IEEE 1394 has begun to be installed in a variety of digital video and sound apparatuses, such as digital audio visual apparatuses for home use, as an external interface.
On the other hand, in the case that data requiring copyright protection such as newly released movies or TV programs, music of paid broadcasts is handled, it is necessary to protect the copyright. As an effective method for protecting copyright, there is a method of the encrypting of data requiring copyright protection so as to limit the utilization of the data.
For example, when video and sound data (hereinafter referred to as AV data) is transmitted utilizing an IEEE 1394 bus, such AV data is encrypted at the time of transmission in the case that copyright protection of the AV data is required. As an example of this, the DTCP (digital transmission content protection) system has become a standard.
The DTCP system is provided with an authentication function and a key nullification function so that copyright protection is implemented by encrypting and transmitting data requiring copyright protection, such as AV data, while excluding unauthorized apparatuses at the time of data transmission over an IEEE 1394.
A transmitter for transmitting content data encrypts content data with a content key. This content key is periodically updated by the transmitter. The transmitter encrypts the content key with a key called an exchange key and transmits the content key to a receiver in order to safely pass the updated content key to the receiver.
The authentication function is required for passing the key for decrypting the encrypted data to only the receiver that has received a DTCP license and a full authentication utilizing public key encryption technology and a limited authentication utilizing common key encryption are used in accordance with copy limitation information (such as “copy once” or “copy never”) added to the data and in accordance with the characteristics of the apparatuses (such as inclusion of a recording function, inclusion of a display function only, whether or not format analysis and decoding are possible within data). An apparatus compatible with the full authentication system has certificate data including a signature added by a licensing organization. At the time of authentication, the certificate data is transmitted and received so that the signature is determined to be correct by utilizing an algorithm of an electronic signature using public key encryption technology. Random numbers are transmitted to each other together with the certificate data and, thereby, an authentication key that is effective only between the two apparatuses wherein authentication is carried out can be produced within the respective apparatuses by using the random numbers from both sides.
An apparatus compatible with the limited authentication system has common secret information and a processing function. At the time of authentication, challenging random numbers are transmitted. The apparatus that has received the random numbers carries out processing according to a predetermined function and sends back the result. The apparatus, which has transmitted the challenging random numbers, compares the response and the value that is processed within the apparatus and, thereby, confirms that the other apparatus is the authorized apparatus. An authentication key that is effective only between the two apparatuses that carry out the authentication can be produced within the respective apparatuses by using random numbers from both sides.
When the authorized apparatus can be confirmed through the above described authentication process, the transmitter encrypts the exchange key with the authentication key and transmits the exchange key to the receiver. Thereby, a content key can be gained at the receiver side so that the received encrypted contents can be decrypted and utilized.
In the following, the IEEE 1394 bus system is described in reference to FIG. 12.
In FIG. 12, IEEE 1394 bus #1 (50) and IEEE 1394 bus #2 (51) are, respectively, different IEEE 1394 buses and are connected to each other by a bridge unit 52.
Devices such as device #0 (53) and device #1 (54) are connected to IEEE 1394 bus #1 (50).
Devices such as device #0 (58) and device #1 (59) are connected to IEEE 1394 bus #2 (51).
Device #0 (53), device #1 (54), device #0 (58), device #1 (59), and the like, are apparatuses for transmitting or receiving data by utilizing IEEE 1394 bus #1 (50) or IEEE 1394 bus #2 (51) and are, for example, an STB (set top box) or a TV (television).
In addition, bridge unit 52 is a unit that receives data, which is transmitted from device #2 (55), or the like, connected to IEEE 1394 bus #1 (50), and transmits the data to IEEE 1394 bus #2 (51).
In the IEEE 1394 standard there is a limitation wherein a maximum of sixty-three devices can be simultaneously connected to one bus. Accordingly, a maximum of sixty-three devices can be simultaneously connected to IEEE 1394 bus #1 (50) and, in addition, a maximum of sixty-three devices can be simultaneously connected to IEEE 1394 bus #2 (51).
For example, in the example of FIG. 12, seven devices, including bridge unit 52, are connected to IEEE 1394 bus #1 (50) and, therefore, fifty-six additional devices can be connected.
Device 53 transmits data at a transmission rate of 20 Mbps through a synchronous transmission called an isochronous transmission to channel 1 of IEEE 1394 bus #1 (50). Then, device #1 (54) receives the data that is transferred to channel 1 of IEEE 1394 bus #1 (50).
In addition, device #4 (56) transmits data at a transmission rate of 40 Mbps to channel 63 of IEEE 1394 bus #1 (50). Then, device #5 (57) receives the data transmitted over channel 63.
Device #0 (58) transmits data at a transmission rate of 30 Mbps to channel 2 of IEEE 1394 bus #2 (51) in the same manner and device #1 (59) receives the data transmitted to channel 2. In addition, device #3 (61) transmits data at 30 Mbps to channel 1 and device #4 (62) and device #5 (63) simultaneously receive data transmitted to channel 1.
On the other hand, device #2 (55) transmits data at a transmission rate of 20 Mbps to channel 0 of IEEE 1394 bus #1 (50). Bridge unit 52 receives data transmitted to channel 0 of IEEE 1394 bus #1(50), which is transmitted to channel 0 of IEEE 1394 bus #2 (51). Then, device #2 (60) receives data that is transmitted to channel 0 of IEEE 1394 bus #2 (51).
Thus, it is possible to transmit data in real time by utilizing an isochronous transmission and the data transmitted by a device can be received in real time by a device connected to a different bus through a bridge unit when the two different IEEE 1394 buses are connected via bridge unit 52.
Furthermore, copyright holders have a desire for the number of reception apparatuses that can receive a signal from the apparatus that becomes a signal source to be limited at the time when video and sound data (AV data) requiring copyright protection, or the like, is transmitted.
As described above, there is a limitation wherein a maximum of only sixty-three apparatuses can be simultaneously connected to one IEEE 1394 bus. Accordingly, the number of reception units that can simultaneously receive data transmitted from the apparatus that becomes a signal source is sixty-two at the maximum.
When different IEEE 1394 buses are connected via a bridge unit as described above, however, it becomes impossible to grasp how many reception apparatuses receive the signal, from the apparatus that becomes a signal source, through the other bus connected to the apparatus that becomes a signal source via bridge unit 52. For example, a case can occur wherein an additional bridge unit is connected to the other bus connected to the apparatus that becomes a signal source via bridge unit 52. When bridge unit 52 is connected to an IEEE 1394 bus in such a manner, there is a risk that a very large number of reception apparatuses may receive the signal transmitted from the apparatus that becomes a signal source. In addition, the same may be said concerning the case of a network, such as USB, in addition to the IEEE 1394 bus.
That is to say, in the case that a bridge unit is connected to a network, such as the IEEE 1394 bus, there is a risk that a very large number of reception apparatuses may receive a signal requiring copyright protection sent from the apparatus that becomes a signal source so that there is a problem (first problem) wherein the desire of copyright holders to limit the number of apparatuses that can receive the signal cannot be met.
In addition, in the case that a bridge unit is not connected to an IEEE 1394 bus, the desire of copyright holders cannot be met when six, or more, reception apparatuses are simultaneously connected to the IEEE 1394 bus even in the case wherein the copyright holders desire that only up to five reception apparatuses be able to receive the signal. In addition, this is not limited to the IEEE 1394 bus but, rather, the same can be said concerning a network such as USB.
That is to say, even in the case that copyright holders desire to designate and limit the number of reception apparatuses that can receive the signal, there is a problem (second problem) wherein the desire cannot be met.