1. Field of the Invention
The present invention relates to a data transmission method, a data receiving method, a data transmission system, and a program recording medium used for transmitting and receiving, for example, digital data.
2. Description of the Related Art
Conventional data transfer method includes one employing IEEE 1394 Standard (IEEE: The Institute of Electrical and Electronic Engineers, Inc.) (reference: IEEE 1394 High Performance Serial Bus). Data transfer in IEEE 1394 Standard includes isochronous communication suitable for transfer of isochronous data such as video or sound signals, and asynchronous communication suitable for transfer of asynchronous data such as control signals, and both communications can simultaneously exist on an IEEE 1394 bus.
The isochronous communication is so-called broadcasting type communication. Isochronous packets output from a device on the IEEE 1394 bus can be received by all other devices on the bus.
On the other hand, the asynchronous communication includes peer-to-peer communication and a broadcasting type communication. Then, an asynchronous packet output from a device on the bus contains an identifier identifying a device receiving that packet. If the identifier indicates a specific device, the device specified by the identifier receives the asynchronous packet, and, if the identifier indicates broadcast, all devices on the bus receive the asynchronous packet.
In addition, IEC (International Electrotechnical Commission) is studying IEC 61883 Standard (hereinafter called an xe2x80x9cAV protocolxe2x80x9d) as a standard for transferring a digital audio or video signal employing IEEE 1394 Standard, or managing connections of a data transmission path between equipment attached on the IEEE 1394 bus. In the AV protocol, video/audio data is arranged and transmitted in an isochronous packet. In addition, an isochronous packet contains a CIP (Common Isochronous Packet) header. The CIP header contains identification information indicating a type of video/audio data, and information such as a device number of source device transmitting an isochronous packet.
For a data transmission system employing such conventional data transfer method, a data transmission system is proposed to limit the number of copies of data to be transferred with data protection information in view of protection of copyright of data to be transmitted. Digital data requiring such copy limiting mechanism includes video data which is digitized video images, audio data which is digitized sound, and digital data which is a combination of them.
Now, such conventional data transmission system is described for its arrangement with reference to FIG. 6.
FIG. 6 is a format of isochronous packet used in the conventional data transmission system.
As shown in the figure, the isochronous packet 101 comprises an isochronous packet header 900, a header CRC 901, an isochronous payload 902, and data CRC 903.
The isochronous packet header 900 contains an Sy field 910 for storing data protection information. If the value stored in the most significant two bits of the Sy field 910 is 00, it indicates that data to be transmitted (real data 905 described later) is data freely copied. If it is 10, it indicates that the data can be copied only once, while, if it is 11, it indicates that the data is copy prohibited.
In addition, the isochronous packet header 900 contains a two-bit tag 907. If the tag 907 has a value of 01, it indicates that the isochronous packet is an isochronous packet conforming to the AV protocol. When the tag 907 has a value of 01, that is, when the isochronous packet is an isochronous packet conforming to the AV protocol, a CIP header 904 is contained at the top of an isochronous payload 902.
The CIP header 904 contains a source ID 906 which is an identifier of the device outputting the isochronous packet. The CIP header 904 also contains FMT 908 or FDF 909. indicating what type data the real data 905 contained in the isochronous payload 902 is.
Data such as video or audio to be transmitted is contained in the real data 905. The real data 905 is encrypted data if the data protection information is 10 or 11, and not encrypted if it is 00 indicating copy-freely. The data protection information is also contained in the real data 905, and generally called SCMS for CD and CGMS for DV.
Now, operation is described for such arrangement.
When a source device transmits digital data, it embeds data protection information indicating a condition whether or not the data can be copied in the Sy field 910 in the isochronous packet header 900, and transmits the information together with the real data 905. A sink device retrieves the data protection information from the Sy field 910 in the received data, and changes over the operation of equipment in recording the digital data based on the result of interpretation on the data protection information. In addition, except for a case where it is copy-freely data, since the real data is encrypted, the sink device sends a transfer request for decryption information necessary for decrypting it to the source device. Upon receipt of the request, the source device sends decryption information to the requesting device. The sink device decrypts the received real data 905 using the decryption information sent from the source device. The real data 905 thus decrypted is displayed on a display device. On the other hand, an operation for recording the decrypted real data is appropriately changed over based on content of the data protection information.
That is, when the sink device is, for example, a VTR, and the retrieved data protection information means xe2x80x9ccopy-one-generationxe2x80x9d, the decrypted data is recorded on video tape loaded in the VTR. If it means xe2x80x9ccopy-prohibitedxe2x80x9d, the recording operation is not performed even if a recording button has been pressed.
However, in such conventional data transmission system, there is a problem that, if the data protection information contained in the Sy field 910 is tampered on a transmission path between the source device and the sink device by a person intending to conduct an unauthorized action, the decrypted data is unauthorizedly copied.
That is, for example, it is assumed that, when the data protection information contained in the Sy field 910 of the isochronous packet header 900 has a value of 11 indicating xe2x80x9ccopy-prohibitedxe2x80x9d in the stage when the data is transmitted from the source device, a person conducting an illegal action tampers the value of data protection information to 10 indicating xe2x80x9ccopy-one-generationxe2x80x9d on the transmission path. This case is described in detail in the following.
In this case, the VTR at the sink device checks the data protection information contained in the Sy field 910, and detects that its value is 10. In this case, since the real data 905 is encrypted as described above, the sink device sends a transmission request for decryption information for decrypting it to the source device. Upon receipt of the request, the source device sends the decryption information to the sink device. The sink device decrypts the real data 905 using the decryption information being sent, and then displays the decrypted real data on the display device or the like. Then, there arises a problem that, since the VTR has detected the fact that the data protection information contained in the Sy field 910 has a value of 10, it determines that the received real data 905 is copy-one-generation although it is originally copy-prohibited data, and records the decrypted real data on the video tape.
The present invention is intended to provide a data transmission method, a data receiving method, a data transmission system, and a program recording medium in which transmission data can be more surely protected than in the prior art by taking into account such problems in the conventional data transmission system.
The 1st aspect of the present invention is a data transmission method comprising the steps of:
determining a type of encryption applied to transmission of data depending on management information for said data to be transmitted;
encrypting said data based on said determined type of encryption; and
transmitting said encrypted data and said data management information.
The 2nd invention of the present invention is a data receiving method comprising the steps of:
receiving transmission data transmitted from the data transmission method as set forth in said 1st invention;
retrieving said data management information from said received data; and
sending said retrieved data management information to the source of said transmitted data and requesting decryption information corresponding to said transmitted data management information.
The 3rd aspect of the present invention is the data transmission method as set forth in said 1st invention, further comprising the step of, when said decryption information is requested by the data receiving method as set forth in said 2nd aspect, transmitting said decryption information corresponding to said data management information to said requesting device.
The 4th aspect of the present invention is the data receiving method, further comprising the steps of:
decrypting said received data based on said decryption information transmitted by the data transmission method as set forth in said 3rd invention; and
determining how to process said decrypted received data according to said retrieved data management information.
The 5th aspect of the present invention is a data transmission method, further comprising the steps of:
updating said type of encryption by time even if said data management information is identical;
encrypting said data to be transmitted with said updated type of encryption; and
transmitting previous notification information previously notifying that said update is performed before transmitting said encrypted data.
The 6th of the present invention is a data transmission method, further comprising the steps of:
updating said type of encryption by time even if said data management information is identical;
transmitting information indicating that said update has been performed; and
when decryption information corresponding to said data management information is requested, transmitting both decryption information to be used at the moment and decryption information to be used the next time.
The 7th aspect of the present invention is a data transmission method wherein, when said type of encryption is updated by time, said updated type of encryption does not overlap said another type of encryption determined according to said data management information.
The 8th aspect of the present invention is a data receiving method, further comprising the steps of, when said previous notification information transmitted by said data transmission method as set forth in said 5th invention is received, sending said data management information to the source of said transmitted data according to the previous notification information, and requesting said decryption information.
The 9th aspect of the present invention is a data receiving method further comprising the step of, when information transmitted by said data transmission method as set forth in said 6th invention indicating that said update has been performed is received, requesting said decryption information for the source of said information based on the received information.
The 10th aspect of the present invention is a data receiving method wherein sending said data management information is to send said retrieved data management information as is, or to send said retrieved data management information after predetermined conversion.
The 11th aspect of the present invention is a data transmission method, wherein determining the type of. encryption applied to transmission of said data according to said data management information is to make a key used for encryption different depending on said data management information.
The 12th aspect of the present invention is a data transmission method, wherein determining the type of encryption applied to transmission of said data according to said data management information is to make an algorithm used for encryption different depending on said data management information.
The 13th aspect is the present invention is a data transmission method, wherein said data management information is copy management information which includes information indicating that said data is copy-freely, copy-one-generation, or copy-prohibited.
The 14th aspect of the present invention is a data transmission method wherein
said information indicating copy-prohibited includes two types of information, one indicating that the data is originally copy-prohibited, the other indicating no-more-copies meaning that the data is prohibited for subsequent copy as it is originally copy-one-generation and the one generation is performed, and
said type of encryption differs depending on these two types of information.
The 15th aspect of the present invention is a data receiving method, further comprising the step of:
when the data management information sent by the data transmission method as set forth in said 13th invention indicates copy-one-generation,
in recording data with said information indicating copy-one-generation as the data management information in a predetermined recording medium, changing the content of said data management information from said copy-one-generation to copy-prohibited, and performing said recording together with the data management information indicating said copy-prohibited.
The 16th aspect of the present invention is a data receiving method, further comprising the step of:
when the data management information sent by the data transmission method as set forth in said 14th invention indicates copy-one-generation,
in recording data with said information indicating copy-one-generation as the data management information in a predetermined recording medium, changing the content of said data management information from said copy-one-generation to said no-more-copies, and performing said recording together with the data management information indicating said no-more-copies.
The 17th aspect of the present invention is a data transmission system comprising;
mode determination means for determining a type of encryption applied to transmission of data depending on management information for said data to be transmitted;
encryption means for encrypting said data based on said determined type of encryption;
data transmission means for transmitting said encrypted data and said data management information;
data receiving means for receiving the transmission data transmitted by said data transmission means;
data management information retrieving means for retrieving said data management information from said received data;
decryption information requesting means for sending said retrieved data management information to the source of said transmitted data and requesting decryption information corresponding to said transmitted data management information;
decryption information transmitting means for transmitting said decryption information corresponding to said data management information to said requesting device when said decryption information is requested;
decryption means for decrypting said received data based on said decryption information being sent; and
processing method determination means for determining how to process said decrypted received data according to said retrieved data management information.
The 18th aspect of the present invention is a data transmission system, wherein sending said data management information is to send said retrieved data management information as is, or to send said retrieved data management information after predetermined conversion.
The 19th aspect of the present invention is a data transmission system, wherein determining the type of encryption applied to transmission of said data according to said data management information is to make a key used for encryption different depending on said data management information.
The 20th aspect of the present invention is a data transmission system, wherein determining the type of encryption applied to transmission of said data according to said data management information is to make an algorithm used for encryption different depending on said data management information.
The 21st aspect of the present invention is a data transmission system, further comprising:
encryption type updating means for updating said type of encryption by time even if said data management information is identical; and
previous notification information generation means for generating previous notification information for previously notifying that said update is performed, wherein
when said encryption means encrypts data to be transmitted, said encryption means encrypts it according to said updated type of encryption, and
said generated previous notification information is transmitted before said data encrypted according to said updated type of encryption is transmitted.
The 22nd aspect of the present invention is a data transmission system, further comprising:
encryption type updating means for updating said type of encryption by time even if said data management information is identical; and
update execution information generation means for generating update information for notifying that said update has been performed, wherein
when said encryption means encrypts data to be transmitted, said encryption means encrypts it according to said updated type of encryption, and
said update information is transmitted when the data encrypted according to said updated type of encryption is started to be transmitted.
The 23rd aspect of the present invention is a data transmission system, wherein said decryption information requesting means requests said decryption information to said source of said transmitted data in response to said received previous notification information.
The 24th aspect of the present invention is a data transmission system wherein said decryption information requesting means requests said decryption information for said source of said transmitted data in response to change of said received update information.
The 25th aspect of the present invention is a data transmission system, wherein, when said type of encryption is updated by time, said updated type of encryption does not overlap said another type of encryption determined according to said data management information.
The 26th aspect of the present invention is a data transmission system, wherein said data management information is copy management information which includes information indicating that said data is copy-freely, copy-one-generation, or copy-prohibited.
The 27th aspect of the present invention is a data transmission system, wherein said information indicating copy-prohibited includes two types of information, one indicating that the data is originally copy-prohibited, the other indicating no-more-copies meaning that the data is prohibited for subsequent copy as it is originally copy-one-generation and the one generation is performed, and said type of encryption depends on these two types of information.
The 28th aspect of a data transmission system, further comprising the step of:
when the data management information sent by said data transmission means indicates copy-one-generation,
in recording data with said information indicating copy-one-generation as the data management information in a predetermined recording medium, changing the content of said data management information from said copy-one-generation to copy-prohibited, and performing said recording together with the data management information indicating copy-prohibited.
The 29th invention of the present invention is a data transmission system, further comprising the step of:
when the data management information sent by said data transmission means indicates copy-one-generation,
in recording data with said information indicating copy-one-generation as the data management information in a predetermined recording medium, changing the content of said data management information from said copy-one-generation to to no-more-copies, and performing said recording together with the data management information indicating no-more-copies.
The 30th aspect of the present invention is a program recording medium recording a program for causing a computer to execute all or parts of steps as set forth above.
The 31st aspect of the present invention is a program recording medium recording a program for causing a computer to execute all or parts of functions of each means as set forth above.
With the above arrangement, the present invention has an advantage that transmission data can be more surely protected than in the prior art.