In MPEG-2 Systems (ISO/IEC13818-1), which is a standard conditional access system, the distributor transmits contents including images and audio after scrambling them with a scrambling key Ks. The receiver plays back the contents after descrambling them with a scrambling key Ks. At this time, the distributor and the receiver each need to have the same scrambling key Ks.
The distributor therefore stores the scrambling key Ks into a piece of information called ECM (Entitlement Control Messages), and transmits the ECM after encrypting them with a work key Kw. Further, the distributor stores the work key Kw into a piece of information called EMM (Entitlement Management Messages), and transmits the EMM after encrypting them with a master key Km which is unique to each playback apparatus.
The receiver decrypts the EMM using the master key Km that is of its own to obtain the work key Kw, and then decrypts the ECM using the work key Kw to obtain the scrambling key Ks. This way, the distributor and the receiver each have the same scrambling key Ks.
FIG. 1 shows the general structure of the conditional access system.
The broadcast apparatus 101 multiplexes and transmits to the playback apparatus 102 by broadcast, various kinds of information including scrambled contents, ECM, EMM. The playback apparatus 102 descrambles/decrypts the information and displays it on a display monitor 103. At this time, the playback apparatus 102 performs decryption with use of an ID and a master key Km stored in the playback apparatus itself, and then descrambles the scrambled contents. A different ID is assigned to each playback apparatus, each manufacturer, or else, as necessary. Also, a different master key Km is assigned to each playback apparatus, each manufacturer, or else, as necessary. The master keys correspond one-to-one with the IDs.
FIG. 2 shows the structure of the playback apparatus in the conditional access system.
In the playback apparatus 201, the receiving unit 202 receives various kinds of information including scrambled contents, ECM, EMM, and the type judging unit 203 judges the types of information. The type judging unit 203 transfers information to different units depending on what type of information it is; for example, it transfers scrambled contents to the content descrambling unit 211, ECM to the ECM decrypting unit 208, and EMM to the EMM decrypting unit 205.
The ID/Km storing unit 204 stores an ID and a master key that are unique to the playback apparatus 201. The EMM decrypting unit 205 decrypts EMM with the master key Km, and inputs, to the Kw updating unit 206, a work key Kw which has been a part of the decrypted EMM. The Kw updating unit 206 obtains the work key Kw from the EMM decrypting unit 205 and updates the existing work key Kw. The Kw storing unit 207 stores the work key Kw that has been updated by the Kw updating unit 206.
There is also another example where, in order to update an existing work key, a new work key is obtained through a bi-directional communication system. (e.g. see Japanese Unexamined Patent Application Publication No. 2002-16901)
The ECM decrypting unit 208 decrypts ECM with the work key Kw, and inputs, to the Ks updating unit 209, a scrambling key Ks which has been a part of the decrypted ECM. The Ks updating unit 209 obtains the scrambling key Ks from the ECM decrypting unit 208 and updates the existing scrambling key Ks.
Here, updating of the work key Kw and the scrambling key Ks usually means to overwrite them; however, it is acceptable to make additions to the work key and the scrambling key.
The Ks storing unit 210 stores the scrambling key Ks that has been updated by the Ks updating unit 209. The content descrambling unit 211 descrambles the scrambled contents using the scrambling key Ks, and inputs the descrambled contents to the content outputting unit 212. The content outputting unit 212 transmits the contents to the display monitor.
FIG. 3 shows the operation of the playback apparatus in the conditional access system.
The playback apparatus receives EMM from the broadcast apparatus (S301). The EMM include (i) an ID of a playback apparatus that is to receive the EMM and (ii) an encrypted work key E(Kw, Km) which is a work key Kw encrypted with a master key Km that corresponds to the ID. Here and hereafter, E(X, Y) denotes “information X encrypted with the key Y” or “information X scrambled with the key Y”.
The playback apparatus decrypts E(Kw, Km) using a Km stored in the playback apparatus itself, if the ID included in EMM coincides with the ID stored in the playback apparatus itself. As a result, the playback apparatus obtains the work key Kw (S302).
Next, the playback apparatus receives ECM from the broadcast apparatus (S303). The ECM include an encrypted scrambling key E (Ks, Kw) which is a scrambling key Ks encrypted with a work key Kw.
The playback apparatus decrypts E (Ks, Kw) using the work key Kw stored in the playback apparatus itself. As a result, the playback apparatus obtains the scrambling key Ks (S304).
Further, the playback apparatus receives a scrambled content E(Content, Ks) from the broadcast apparatus (S305).
The playback apparatus descrambles E(Content, Ks) using the scrambling key Ks stored in the playback apparatus itself. As a result, the playback apparatus obtains the content (S306) and the user is able to view the content.
FIG. 4 shows the general structure of the conditional access system in which there are a plurality of playback apparatuses.
The playback apparatus 1 and the playback apparatus 2 receive various kinds of information transmitted from the broadcast apparatus 101. A display monitor is omitted from the drawing. The ID1 and the ID2 are assigned to each of the playback apparatuses respectively and are different from each other. Since IDs correspond one-to-one with master keys Kms, Km1 and Km2 are different from each other as well. Here, a different ID is assigned to each playback apparatus, but it is also acceptable if a different ID is assigned to each manufacturer, each model of playback apparatuses, each production lot, or each specific group. In such cases, a plurality of playback apparatuses within a group have the same IDs and master keys Kms, but those IDs and master keys are different from IDs and master keys owned by playback apparatuses in another group.
FIG. 5 shows the operation of the plurality of playback apparatus in the conditional access system.
The playback apparatus 1 selectively receives EMM 1 from the broadcast apparatus (S501). EMM 1 includes the ID1 and an encrypted work key E(Kw, Km1) which is a work key Kw encrypted with the master key Km1 that corresponds to the ID1. Because of the ID1 included in EMM 1, the playback apparatus 1 is able to identify that this particular set of EMM is addressed to the playback apparatus 1 itself.
The playback apparatus 1 decrypts E(Kw, Km1) using the Km1 stored in the playback apparatus 1 itself. As a result, the playback apparatus 1 obtains the work key Kw (S502).
The playback apparatus 2 selectively receives EMM 2 from the broadcast apparatus (S503). EMM 2 include ID2 and an encrypted work key E(Kw, Km2) which is the work key Kw encrypted with the master key Km2 that corresponds to ID2. Because of the ID2 included in EMM 2, the playback apparatus 2 is able to identify that this particular set of EMM is addressed to the playback apparatus 2 itself.
The playback apparatus 2 decrypts E(Kw, Km2) using the Km2 stored in the playback apparatus 2 itself. As a result, the playback apparatus 2 obtains the work key Kw (S504).
This is how the playback apparatus 1 and the playback apparatus 2 each obtain the work key Kw. The procedure after this is the same as the one described in FIG. 3; therefore, explanation will be omitted.
The following describe a method of preventing an unauthorized apparatus from playing back contents, when there is one.
FIG. 6 shows the general structure of the conditional access system in which there is an unauthorized apparatus.
The unauthorized playback apparatus is a playback apparatus that disguises itself as the playback apparatus 2 with ID2 and the master Key Km2 having been obtained in an unauthorized fashion. In this situation, the unauthorized apparatus is able to pretend as if it was the playback apparatus 2 and play back the contents, by the same procedure of operations shown in FIG. 5.
Here is a method by which the broadcast apparatus does hot transmit EMM that include the ID2 so that it is possible to prevent unauthorized playback of contents when it has been learned that an unauthorized apparatus exists.
FIG. 7 shows the operation of the playback apparatuses at times of preventing an unauthorized apparatus from performing unauthorized playback of contents.
FIG. 7 differs from FIG. 5 in that the broadcast apparatus transmits only EMM 1 intended for the playback apparatus 1 (S501), and does not transmit EMM2 which are intended for the playback apparatus 2. This way, the unauthorized apparatus is not able to obtain the work key Kw. As a result, the unauthorized playback apparatus is not able to obtain a scrambling key Ks (S701), and is not able to receive the contents, either (S702).
There is, however, a problem in this method since the broadcast apparatus does not transmit EMM that include the ID2. —The playback apparatus 2, being an authorized apparatus, will not be able to play back the contents, either.
The first object of the present invention, therefore, is to provide a technique that makes it possible to eliminate content playback by unauthorized playback apparatus, and enable only authorized playback apparatuses to play back contents properly.
The second object of the present invention is to provide a technique that enables only authorized playback apparatus to play back contents properly by utilizing the channel through which the contents are transmitted.