In recent years, services which encrypt and transmit information such as a video signal have been provided as digital television broadcasting. In order to prevent the transmitted information from illegal use, a reception device used in such services decrypts encrypted information using a highly secure device including a processor and a memory which are not easily accessible from outside. Such a scheme handling encrypted video signal is referred to as a conditional access system (CAS) or a digital rights management (DRM). The CAS is implemented by a card-type system, i.e., a security card, for example.
For example, in the digital television broadcasting, a compressed video stream is encrypted with a scramble key Ks, and the scramble key Ks which is updated every several seconds to be used for decryption of the video stream is included in the broadcasting video stream. The scramble key Ks is encrypted with a work key Kw, and is generally inserted in a digital signal packet referred to as an entitlement control message (ECM). In addition, the work key Kw is encrypted with a master key Km which is known only by a broadcasting station for each individual viewer and the viewer, and is generally inserted in a digital signal packet referred to as an Entitlement Management Message (EMM). The ECM and EMM are multiplexed, for example, into a digital stream by time division multiplexing to be transmitted. The master key Km is stored in a memory embedded in a security card provided in a reception device, and it is difficult to access the master key Km from outside of the security card. A portion of program (channel) information (the above-mentioned stream) selected by a tuner is input to a security card under the control of a program running on a main processor incorporated in the system LSI. Then, the decrypted scramble key Ks is output from the security card. The decrypted scramble key Ks is received by a main processor and is input, for example, to an encryption circuit. The compressed video stream encrypted with the scramble key Ks is input to the encryption circuit together with the scramble key, and the encryption circuit decrypts the compressed video stream for output. The compressed video stream thus decrypted is input to a video processing circuit where the compressed video stream is expanded and converted into YPbPr or RGB video signals. The video signal is input into a graphics circuit. The graphics circuit inserts additional information such as a program title into the video signals, and the resulting video is output to a monitor. The monitor displays the obtained video.
An information transmission scheme using three types of encryption keys, the master key Km, the work key Kw, and the scramble key Ks as described above is referred to as a triple key scheme. The master key Km is a unique key, i.e., only one key assigned to each individual viewer. In other words, the work key Kw encrypted with the master key Km which is held only by each individual viewer is transmitted, and this enables each individual viewer to access the transmitted information. How the work key Kw is used is not limited, but the key is normally used to assign a viewing right to a specific channel. For example, in order to assign a viewing right of a pay broadcast channel to a contract viewer, the work key Kw encrypted with the master key Km unique to the viewer is transmitted. The scramble key Ks is used, for example, to encrypt the video signal of a specific channel. For example, when the viewer views the pay broadcast channel, a reception device decrypts a video signal of the channel by decrypting the scramble key Ks encrypted with the work key Kw corresponding to the channel.
In a case in which a program executed on a main processor controls processing for the above-described security card, the master key Km or the work key Kw may be stolen when the program is hacked. For example, when the program is altered (rewritten) without permission and the master key Km or the work key Kw stored in the security card is copied without permission, there is a possibility, in the worst case, that the master key Km or the work key Kw may be disclosed to the public on the Internet. In such a case, everyone can view the pay broadcast without permission.
It is preferable that the master key Km and the work key Kw are not disclosed to a third party even when the program executed on the main processor is hacked. From this reason, the master key Km and the work key Kw are stored in dedicated hardware for the security card, which is not easily accessed and altered from the main processor.
However, a possibility of hacking the above security systems becomes apparent, and an implementing method of a CAS or DRM with security level still higher than the above, has been studied. For example, it is proposed that the reception device downloads a program including CAS or DRM function, and that the program is updated in a device which handles security information, or is newly registered in a device handling security information (for example, refer to Kawakita et al., “A Downloadable Conditional Access System for Broadcasting”, Technical Report of the Institute of Image Information and Television Engineers, ITE Technical Report Vol. 36, No. 6, Feb. 9, 2012, hereinafter referred to as non-patent document 1). With this structure, even when a specific CAS or DRM is hacked, the reception device can eliminate a risk of the information leak according to the hacking by downloading a program with a new or improved CAS or DRM function.
In a scheme disclosed in the non-patent document 1, the CAS program or DRM program to be downloaded is also transmitted after being encrypted by a triple key scheme.