JP2003018146A - Digital broadcast receiver and digital broadcast receiving system - Google Patents

Abstract

(57) [Summary] [Problem] There is a problem that an operation of a system bus is observed by a tool, and a value of an encryption key may be analyzed. A local cryptographic processing IC for encrypting and decrypting broadcast content locally in a receiver.
The local cryptographic processing IC 20 has a plurality of key registers 101 to 104 for dividing and setting an encryption key, and the software side for setting the divided encryption key value 105 in the key registers 101 to 104 And a division rule indicating which part of which key register corresponds to which part of the divided encryption key, as an implicit understanding,
Receives the value of the encryption key set in the key register.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a storage type digital broadcast receiver and a digital broadcast receiving system for performing encryption / decryption when storing broadcast contents in the receiver.

[0002]

2. Description of the Related Art FIG. 6 is a diagram showing a configuration example of a general conventional digital broadcast receiver (non-storage type) capable of receiving pay broadcasts in real time. In FIG. 6, 1 is an antenna for receiving broadcast radio waves, 2 is a tuner unit for demodulating and error correcting the broadcast radio waves received by the antenna 1 to the original digital signal, and outputting as an MPEG2 transport stream, 3 is MPEG
This is a descrambler that releases the scrambled (encrypted) part of the two transport streams on the broadcast station side. A DEMUX unit 4 separates and extracts video data, audio data, program data, and the like. Reference numeral 5 is a video decoding unit for decoding video data, 6 is an audio decoding unit for decoding audio data, 7 is a video D / A circuit for converting a digital signal into an analog signal, and 8 is a digital signal. Voice D / A for conversion from analog to analog signal
Circuit. An IC card interface unit 9 is provided between the system bus 15 and the IC card 10.
Reference numeral 10 is an IC card in which the encryption key is in plain text. Reference numeral 11 is a modem provided between the telephone line and the system bus 15, and 12 is a CPU for controlling the digital broadcast receiver. Reference numeral 13 is a RAM that stores data and the like processed by the digital broadcast receiver, and 14 is a ROM that stores a program and the like representing the control procedure of the digital broadcast receiver performed by the CPU 12.

Next, the operation will be described. MPE that receives the broadcast radio wave from the antenna 1 and demodulates and corrects the radio wave to the original digital signal by the tuner unit 2
Output as a G2 transport stream. This M
The PEG2 transport stream is a packet-multiplexed packet of data such as video data, audio data, program attribute data, and conditional access information such as encryption keys and contract information included in broadcast waves. . Each packet contains a PID (Packet).
A header "ID)" is attached.

Next, the MPEG2 transport stream is sent to the descrambling unit 3, and in the descrambling unit 3, PID of video data and audio data for pay broadcasting.
Is specified to decode the video data and audio data, and the conditional access information is passed through (passing as it is without doing anything). At this time, the descrambling unit 3 cancels the scrambled (encrypted) portion on the broadcast station side.
Decryption processing using the encryption key is performed. The encryption key is MPEG2
Although it is sent to the transport together with the broadcast contents, it is encrypted by a different encryption algorithm from the scrambling encryption algorithm.
Hereinafter, this encryption process is referred to as a key distribution encryption.

The DEMUX unit 4 separates and extracts video data, audio data, program data, etc. from the MPEG2 transport stream. Here, the encryption key data is also extracted.

The video data extracted by the DEMUX unit 4 is sent to the video decoding unit 5, and the audio data is sent to the audio decoding unit 6.
The encryption key data is sent to the CPU 1 via the system bus 15.
2 respectively.

Video data sent to the video decoding unit 5,
And the audio data sent to the audio decoding unit 6 are respectively subjected to decoding processing corresponding to encoding, and are sent to the video D / A circuit 7 and the audio D / A circuit 8 to convert digital signals to analog signals. Are converted into a video signal and an audio signal and output.

The encryption key data sent to the CPU 12 is I
It is transferred to the IC card 10 via the C card interface unit 9, the key distribution cipher of the cipher key data is unwound, the cipher key therein is taken out, and the cipher key made into a plain text is the CPU 12
Returned to. At this time, since these data accesses are executed via the system bus 15, there is a risk that a tool such as a software debugger such as a logic analyzer or an in-circuit emulator can easily be used for snooping.

However, since this encryption key exposure problem occurs after a subscription contract for pay broadcasting, it is not desirable but it is not a direct illegal viewing.

In the case of pay-per-use pay-per-view broadcasting, the CPU 12 operates the modem 11,
The billing information stored in the C card 10 is periodically transmitted by data communication to a billing data collection center (not shown).

In addition, an RO for storing software
It is common to have M14 and RAM13 for execution.

In actual mounting, a plurality of these parts are often integrated into one IC, but they are considered to be the same in terms of processing and control.

On the other hand, it is assumed that future digital broadcast receivers will be equipped with a large-capacity hard disk drive (hereinafter referred to as HDD) to store programs as digital signals. In this case, from the viewpoint of copyright protection, it is desired to store the content in an encrypted form instead of the plain text.

FIG. 7 is a diagram showing a configuration example of such a storage type digital broadcast receiver. In FIG. 7, 20 is D
This is a local cryptographic processing IC that performs cryptographic processing on a recording MPEG2 transport stream from the EMUX unit 4. Reference numeral 21 is an HDD interface unit that controls the interface between the local cryptographic processing IC 20 and the HDD 22.
Reference numeral 22 denotes an HDD that stores the program as a digital signal. Other components are the same as the general configuration of the digital broadcast receiver shown in FIG.

Next, the operation will be described. The MPEG2 transport stream for recording is input from the DEMUX unit 4 to the local encryption processing IC 20.

The local cipher processing IC 20 performs cipher processing on the MPEG2 transport stream passed in plaintext. The encryption key used at that time is set in the key register of the local encryption processing IC 20 by the CPU 12. Furthermore,
The encrypted MPEG2 transport stream is H
The data is written in the HDD 22 via the HDD interface unit 21 that controls the interface with the DD 22.

On the other hand, when reading from the HDD 22, the HD
MPE from HDD 22 via D interface unit 21
G2 transport stream is a local encryption processing IC
Passed to 20.

In the local cryptographic processing IC 20, the CPU 1
MPEG2 using the decryption key (= encryption key) set by 2
The transport stream is returned to plain text and passed to the DEMUX unit 4. The DEMUX unit 4 performs the same processing as the real-time MPEG2 transport stream from the antenna 1 and outputs it to the subsequent decoding unit (video decoding unit 5 and audio decoding unit 6).

In the case of storing in the HDD 22 as described above, recording is not always performed after the contract with the viewer. For example, it is conceivable to automatically record the content that the viewer does not know whether to watch at midnight when the radio wave is available, and then take it out from the HDD 22 at the request of the viewer. In this case,
Since the encryption process is performed before the contract with the viewer, if the encryption key for that is exposed, the risk of unauthorized use increases. When the encryption key is in plain text and is operated from the CPU 12 via the system bus 15, it can be easily snooped by using a tool such as a software debugger such as a logic analyzer or an in-circuit emulator as described above. I will end up.

FIG. 8 is a block diagram of an interface between a cryptographic processing IC and an external storage element described in Japanese Patent Laid-Open No. 2000-83019, which can be applied as an example of a defense measure against such a tool. In FIG.
Reference numeral 501 is a semiconductor element, and 502 is an internal logic block of the cryptographic processing device. 503 is an address signal, which is 5
Reference numeral 04 is a data signal. Reference numeral 505 is an external storage element control circuit, 506 is an output buffer, and 507 is an input / output buffer. A data conversion unit 508
Reference numeral 9 is a gate, and 510 is an external storage element. 51
Reference numeral 1 is an external storage element address bus, and 512 is an external storage element data bus. Reference numeral 513 is an external storage element access signal, and 514 is an external storage element write signal.

Next, the operation will be described. The address signal 503 and the data signal 504 in the cryptographic processor internal logic block 502 are input to the external storage element control circuit 505, and the external storage element address bus 511 is passed through the output buffer 506 to the external storage element data bus 512. Is
Connection is made through the input / output buffer 507.

As the output buffer 506, one having a control line for increasing the output impedance is used, the control line is connected to the external storage element access signal 513a, and the address of the semiconductor element 501 is connected only when the storage element 510 is accessed. Use a structure that outputs to the outside.

To the output side buffer of the input / output buffer 507, the logical product of the external storage element write control signal 514a and the external storage element access signal 513a obtained by the gate 509 is input, and the external storage element is accessed and written. Only in this case, the data is output to the outside of the semiconductor element 501.

Further, the data converter 508 rearranges the bits of the data bus to make it difficult to analyze the data exchanged with the external storage element.

Further, the data in the external storage element 510 is
Rather than accessing as much as needed, when necessary, all data is first transferred to a storage element such as RAM in the semiconductor element 501 which is the cryptographic processing device of the invention of the prior art, and then only in the semiconductor element. Perform processing.

As a result, the external storage element address bus 5
11. Observing the external storage element data bus 512 makes it impossible to guess the internal cryptographic processing device.

In the interface between the cryptographic processing IC of this prior art and the external storage element, analysis is made difficult by the processing such as rearrangement of bits in the data conversion unit 508 and inversion of specific bits. However, since the data disturbance is static within the same data, it cannot be said to be a very complicated disturbance, and the safety is not high.

[0028]

Since the conventional storage type digital broadcast receiver is constructed as described above, the CPU sets the encryption key in the key register of the IC for the local encryption processing IC. Since the operation to be performed can be observed by tools such as a software analyzer such as a logic analyzer and an in-circuit emulator attached to the system bus, there is a problem that there is a risk of illegal use of the encryption key.

The present invention has been made to solve the above problems, and makes it difficult to analyze the value of the encryption key even if the operation of the system bus is observed by the above tools. It is an object of the present invention to obtain a storage-type digital broadcast receiver and a digital broadcast receiving system that can be used.

It is another object of the present invention to obtain a storage type digital broadcast receiver and a digital broadcast receiving system which allow a user to select a rule from among a plurality of rules for disturbing the behavior on the system bus.

Further, according to the present invention, when the CPU and the local cryptographic processing IC are mounted as the same IC, dummy data is returned for the access to the key register in the embedded ROM monitor for software debugging. Therefore, it is an object of the present invention to obtain a storage-type digital broadcast receiver and a digital broadcast receiving system capable of improving safety without affecting the original function of the embedded ROM monitor.

[0032]

A digital broadcast receiver according to the present invention has a local encryption processing IC for locally encrypting and decrypting broadcast contents in the receiver, and the local encryption processing IC is an encryption key. Has a plurality of key registers for dividing and setting, and the local cryptographic processing IC divides which part of which key register is divided with the software side which sets the value of the divided encryption key in the key register. The value of the encryption key set in the key register is received by using a division rule that indicates which part of the encryption key that is generated.

The digital broadcast receiver according to the present invention uses a plurality of signal pins of the cryptographic processing IC for the purpose of determining one rule from a plurality of division rule candidates.

A digital broadcast receiver according to the present invention comprises a real time clock IC for a calendar function,
By using the date and time value provided by the real-time clock IC after reset, one rule is determined from a plurality of division rule candidates.

The digital broadcast receiver according to the present invention is C
It has an encryption processing IC with a built-in CPU, which has a PU and an encryption processing function for locally encrypting and decrypting broadcast contents in the receiver, and the encryption processing IC with a CPU has an embedded ROM monitor for software debugging. In the embedded ROM monitor, when trying to monitor a portion corresponding to the address of the key register for setting the encryption key, a meaningless value is monitored instead of the original value.

In the digital broadcast receiver according to the present invention, the division rule is determined based on the pseudo random number sequence.

In the digital broadcast receiver according to the present invention, the encryption key is divided into a plurality of fields having different bit numbers.

The digital broadcast receiving system according to the present invention is
It has a local cryptographic process for locally encrypting and decrypting broadcast contents in the receiver. In the local cryptographic process, a plurality of key registers for dividing and setting an encryption key are used, and the local cryptographic process is performed. Then, using the division rule that indicates which part of which key register corresponds to which part of the original encryption key with the software side that sets the value of the divided encryption key in the key register,
It receives the value of the encryption key set in the key register.

[0039]

BEST MODE FOR CARRYING OUT THE INVENTION An embodiment of the present invention will be described below. Embodiment 1. 1 is a diagram showing a configuration example of a key register of a local cryptographic processing IC according to a first embodiment of the present invention and a method of using the key register. In FIG. 1, 101, 102, 10
3 and 104 are a key register 1, a key register 2, a key register 3, and a key register 4, which are used when the encryption key is set from the CPU 12. 105
Is the value of the encryption key. 106a is a division boundary for dividing the value of the encryption key.

In the first embodiment, the local encryption process I which is a constituent element of the storage type digital broadcast receiver will be described below.
The configuration and usage of the C key register will be explained.
The configuration of the storage type digital broadcast receiver may be the general configuration of the storage type digital broadcast receiver shown in FIG. 7, for example. In that case, the configuration and usage of the key register described below is performed by the CPU 12 and the local cryptographic processing IC 20 as in the case of the storage type digital broadcast receiver shown in FIG.

Next, the operation will be described. Embodiment 1
In this example, the length of the encryption key used is 32 bits for simplicity of explanation. One 32-bit key register is sufficient to set a 32-bit encryption key. However, in the first embodiment, since the value of the encryption key is disturbed, the 32-bit length encryption key is divided into four parts, and the key register (32-bit length) corresponding to each divided part is used. Therefore, four key registers are used in total.

FIG. 1 shows a simple example. The 32-bit length encryption key is divided into four parts in 8-bit byte units, as indicated by the division boundary 106a. The first byte, the second byte, the third byte, and the fourth byte are arranged in 8-bit units from the upper bit.

Next, each byte formed by dividing the encryption key into four is arranged in the key register as follows.

That is, the first byte is the key register 1 (1
01) are assigned to bits 31 to 24, and meaningless values are assigned to the other bits (bits shown by hatching in FIG. 1) of the key register 1 (101).

The second byte is allocated from bit 23 to bit 16 of key register 2 (102), and key register 2
Meaningless values are assigned to the other bits of (102) (the shaded bits in FIG. 1).

The third byte is allocated to bit 15 to bit 8 of key register 3 (103), and key register 3
Meaningless values are assigned to the other bits of (103) (bits indicated by hatching in FIG. 1).

The fourth byte is allocated from bit 7 to bit 0 of the key register 4 (104), and the key register 4 (1
A meaningless value is assigned to the other bits of 04) (bits indicated by hatching in FIG. 1).

In this way, the correspondence relation indicating which part of which key register corresponds to which part of the original encryption key is a division rule.

This division rule can be fixed to be the same as the previous one or set to a variable to be different from the previous one when the next encryption key is set. . As an example of the variable, the first byte is allocated to bits 31 to 24 of the key register 2 (102), the second byte is allocated to bits 23 to 16 of the key register 3 (103), and so on. It is possible to shift one register.

The division rule representing the correspondence between the four bytes of each key register and the four bytes formed by dividing the encryption key may be implicitly understood.

Since each key register has four bytes of 8 bits, if each byte is compared to one container, the encryption key is divided into four parts for a total of 16 containers. It can be thought of as assigning a value of 4 bytes (1st byte to 4th byte). Therefore,
In the case of a variable example, the four bytes from the first byte to the fourth byte are randomly assigned to all 16 bytes of each key register, which is likened to 16 containers, so that the value of the encryption key is not disturbed. It can be more complicated. Also in this case, the pattern of the division rule representing the correspondence between the four bytes of each key register randomly assigned each time and the four bytes formed by dividing the encryption key may be implicitly understood. . In this case, it is not limited to assigning any of the first byte to the fourth byte to all of the four key registers.

FIG. 2 shows that the division boundary is not in bytes.
It is a figure which shows the example which makes a disturbance more complicated by making it variable per bit. In FIG. 2, 106b is a division boundary for dividing the encryption key value 105. Other symbols are
It is equal to the reference numeral in FIG.

In the modification of the first embodiment shown in FIG. 2, if the fixed pattern is implicitly understood as in the example shown in FIG. 1, the overhead for storing the pattern increases, so Randomization is performed based on the numerical values generated by the random number series.

Next, the operation will be described. In order to perform randomization, both the local cryptographic processing IC and the software that sets the cryptographic key executed by the CUP 12 have the logic to generate the same random number sequence. Here, a case where an integer random number generated between 1 and 31 is used will be described.

For example, if the pseudo-random number sequence is 11, 5, 24,
20,8,3,17,15,6,29,21,31 ...
Suppose that

In the first encryption key set, first, three random numbers are used to determine three division boundaries 106b. Here, three random numbers 11, 5, and 24 are used,
The boundary between the bit corresponding to each of the three random numbers and the bit on the right side thereof is treated as a boundary, and the division boundary 10 shown in FIG.
It becomes a form like 6b. That is, boundaries are set between bit 24 and bit 23, between bit 11 and bit 10, and between bit 5 and bit 4.

In this way, the four parts formed by dividing the encryption key by the division boundary 106b are
For convenience of description, they are referred to as A field, B field, C field, and D field in order from the left.

Next, in order to determine which key register is to be assigned to each field, four random numbers following the three random numbers "11, 5, 24" used for defining the division boundary are used. Here, four random numbers of 20, 8, 3, 17 are used, and the numerical values corresponding to the A field, B field, C field, and D field are arranged in the order of arrangement of the four random numbers used, and the numerical values of the corresponding random numbers are set. The key registers 1 to 4 are assigned in ascending order. The correspondence is: A field → 20 → 4th → key register 4 B field → 8 → 2nd → key register 2 C field → 3 → 1st → key register 1 D field → 17 → 3rd → key register 3 . This completes the first encryption key set.

In the second set of encryption keys, the random number, 15 following the four random numbers "20, 8, 3, 17" used for defining the first field to determine the division boundary is again used. , 6,29 are used to follow the three random numbers “15,6,29” to define the second field 4
Use one random number. Hereinafter, similar processing is continued for the third and subsequent encryption key sets.

The use of the pseudo-random number sequence as described above increases the complexity of the disturbance.

Further, although the above-mentioned first embodiment describes the case where the encryption key is 32 bits, it goes without saying that the same method can be adopted for other bit lengths.

As described above, the digital broadcast receiver according to the first embodiment has the local encryption processing IC 2 for locally encrypting and decrypting broadcast contents in the receiver.
0, the local cryptographic processing IC 20 has a plurality of key registers 101 to 104 for dividing and setting the cryptographic key.
And the local cryptographic processing IC 20 has the key register 10
It is possible to determine which part of which key register corresponds to which part of the divided encryption key with the software side (software executed by the CPU 12) which sets the value 105 of the divided encryption key to 1 to 104. The value of the encryption key set in the key register is received using the division rule represented.

In the digital broadcast receiver according to the first embodiment, the division rule is determined based on the pseudo random number sequence.

Further, in the digital broadcast receiver according to the first embodiment, the encryption key is divided into a plurality of fields A, B, C and D having different bit numbers.

In the above description, the case where the first embodiment is implemented as a digital broadcast receiver has been described, but the first embodiment is implemented as a digital broadcast receiving system executed by the digital broadcast receiver. Good.

That is, the digital broadcast receiving system according to the first embodiment has a local encryption processing step for locally encrypting and decrypting the broadcast content in the receiver, and the encryption key is divided in the local encryption processing step. Using a plurality of key registers 101 to 104 for setting
In the local encryption process, the software (CPU 12 that sets the value 105 of the divided encryption key in the key register).
(The software executed by the software) receives the value of the encryption key set in the key register using the division rule that indicates which part of which key register corresponds to which part of the original encryption key. It is a thing.

Further, in the digital broadcast receiving system according to the first embodiment, the division rule is determined based on the pseudo random number sequence.

Further, in the digital broadcast receiving system of the first embodiment, the encryption key is divided into a plurality of fields A, B, C and D having different bit numbers.

As described above, according to the first embodiment, the 32-bit length encryption key is divided into four parts, and the four key registers (32-bit length) corresponding to the respective divided parts are set. Since it is used, the effect of disturbing the value of the encryption key and making it difficult to analyze the value of the encryption key even if the operation of the system bus is observed by the tool is obtained.

Further, according to the first embodiment, the division rule indicating which part of which key register corresponds to which part of the divided encryption key is determined based on the pseudo-random number sequence. , The effect of increasing the complexity of the perturbation of the value of the encryption key is obtained.

Further, according to the first embodiment, since the encryption key is divided into four fields having different lengths, the effect of increasing the complexity of the encryption key perturbation can be obtained.

Embodiment 2. In the first embodiment, the complexity of the disturbance is increased by using the pseudo random number sequence. However, if the local cryptographic processing IC is a local cryptographic processing I such as CUP,
Assuming that an unspecified number of devices other than C are used, there is a danger that the safety will be reduced with only one random number sequence. Therefore, it is important to change the seed of random numbers (hereinafter referred to as “SEED”) in order to maintain security.

Therefore, in the second embodiment of the present invention, a plurality of SEED candidates are prepared on the side of the local cryptographic processing IC 20, and the SEED candidates are selected by an external signal pin.

FIG. 3 is a diagram showing a local cryptographic processing IC used in the second embodiment of the present invention. In FIG. 3, 110 is a BGA (Ball Grid Arra).
This is a local cryptographic processing IC having a form of an IC package called y). Reference numeral 111 is an input signal pin for selecting SEED. 120 is a local encryption process I
This is a board on which C is mounted.

In the second embodiment, an I-type called BGA, which is a constituent element of a storage-type digital broadcast receiver, will be described below.
Local cryptographic processing IC 110 in the form of C package
The configuration of the storage type digital broadcast receiver may be the general configuration of the storage type digital broadcast receiver shown in FIG. 7, for example. Further, the configuration and use method of the key register in the local cryptographic processing IC 110 can be the same as the configuration and use method of the key register using random numbers in the above-described first embodiment.

Next, the operation will be described. As shown in FIG. 3, the BGA type local cryptographic processing IC 110 is provided with signal pins indicated by black circles, and three signal pins among these signal pins are input signal pin 1
Select 11 and select SEED from 2 ³ = 8 SEED candidates.

When the local cryptographic processing IC 110 is mounted on the substrate 120 as shown in FIG. 3B, the signal pin of the BGA type local cryptographic processing IC 110 is IC
Since it is crimped to the substrate 120 so as to be sandwiched between the package and the substrate 120, the local cryptographic processing IC
Since it is not exposed to the outside of the substrate 120 on which the 110 is mounted, what High / Lo is set for each signal pin?
It is difficult to visually analyze from the outside of the substrate 120 whether w is set.

As described above, the digital broadcast receiver of the second embodiment is different from the digital broadcast receiver of the first embodiment in that the cryptographic processing IC 110 is used to determine one rule from a plurality of division rule candidates. The plurality of input signal pins 111 are used for that purpose.

Although the case where the second embodiment is implemented as a digital broadcast receiver has been described, the second embodiment may be implemented as a digital broadcast receiving system executed by the digital broadcast receiver.

That is, the digital broadcast receiving system according to the second embodiment is the cryptographic process used in the cryptographic process in order to determine one rule from the candidates of the plural division rules in the digital broadcast receiving system according to the first embodiment. IC110
The plurality of input signal pins 111 are used for that purpose.

As described above, according to the second embodiment, the signal pin of the local cryptographic processing IC for setting the SEED candidate cannot be seen from the outside by sandwiching it between the local cryptographic processing IC and the substrate. Therefore, it becomes difficult to analyze the setting of SEED candidates for increasing the complexity of the encryption key perturbation, and the effect of maintaining security can be obtained.

Third Embodiment Embodiment 3 of the present invention
Is to take in the random number SEED from an external information source and share it with both the software and the local cryptographic processing IC.

FIG. 4 is a diagram showing a storage type digital broadcast receiver according to the third embodiment. In FIG. 4, reference numeral 30 is a real-time clock IC for managing the date and time.
Other components are the same as the general configuration of the storage-type digital broadcast receiver shown in FIG. 7. Further, the configuration and use method of the key register in the local cryptographic processing IC can be the same as the configuration and use method of the key register using random numbers in the above-described first embodiment.

Next, the operation will be described. The storage-type digital broadcast receiver according to the third embodiment uses a real-time clock IC 30 for managing the date and time. When the digital broadcast receiver is reset, both the software and the local cryptographic processing IC 20 are real-time clock ICs.
30 is accessed, and the data indicating the year, month, day, hour, and minute at that time are adopted as the common random number SEED.

The random number SEED is taken in from the real time clock IC for managing the date and time.
Since ED is changed, there is an effect that safety can be maintained without using a dedicated element for changing SEED of random numbers.

As described above, the digital broadcast receiver according to the third embodiment has the real time clock IC 30 for the calendar function in the digital broadcast receiver according to the first embodiment, and the real time clock I after reset is I.
By using the date and time value provided by C30, one rule is determined from a plurality of division rule candidates.

Also, the case where the third embodiment is implemented as a digital broadcast receiver has been described, but the third embodiment may be implemented as a digital broadcast receiving system executed by the digital broadcast receiver.

That is, the digital broadcast receiving system of the third embodiment is different from the digital broadcast receiving system of the first embodiment in that the real time clock I for the calendar function is used.
After C30 is reset, the real time clock I
One rule is determined from a plurality of division rule candidates based on the date and time value provided by C30.

As described above, according to the third embodiment, since the random number SEED is changed so that the random number SEED is taken in from the real-time clock IC for managing the date and time, the random number SEED is changed. It is possible to obtain the effect that the safety can be maintained without using the dedicated element of.

Fourth Embodiment Embodiment 4 of the present invention
Is for improving the security when the local cryptographic processing IC 20 and the CPU 12 are mounted in the form of the same integrated IC and the ROM monitor for software debugging is embedded.

FIG. 5 is a diagram showing a storage type digital broadcast receiver according to the fourth embodiment. In FIG. 5, 23 is D
EMUX unit 4, local cryptographic processing IC 20, and HDD
Integrated IC including interface unit 21 and CPU 12
Is a cryptographic processing IC with a built-in CPU. 24 is a CPU
Reference numeral 25 denotes an embedded ROM monitor provided in the CPU 12, reference numeral 25 denotes an address comparison unit provided in the CPU 12,
Is a switching unit provided in the CPU 12. 27 is CP
Reference numeral 28 is a debugger connected to U12 by a cable, and 28 is a personal computer connected to the debugger 27. Other components are the same as the general configuration of the storage-type digital broadcast receiver shown in FIG. 7.

Also in the fourth embodiment, the configuration and use method of the key register in the local cryptographic processing IC 20 can be the same as the configuration and use method of the key register in the first embodiment described above.

Next, the operation will be described. Embedded ROM
The monitor 24 has functions equivalent to those of an external software debugger, and provides functions such as program execution stop control, breakpoints, and CPU register and memory read / write. Generally, these functions are operated from the control software on the personal computer 28 via the debugger 27 connected by a cable.

Cryptographic processing IC with built-in CPU as integrated IC
There are various internal registers in 23 as well, and it is desirable that the register values can be read from the viewpoint of debugging. However, in the case of the key register value, it is illegally connected, so it is important to prevent reading.

Therefore, an address comparison unit 25 for detecting whether or not the debug target is a key register is provided outside the embedded ROM monitor 24, and when an attempt is made to refer to the key register value, an instruction from the address comparison unit 25 is issued. The switching unit 26 is controlled by the so that the original value becomes a meaningless value (for example, the value of the built-in free-running counter).

As described above, the digital broadcast receiver according to the fourth embodiment has the CPU built-in cryptographic processing IC 23 having both the CPU 12 and the cryptographic processing function for locally encrypting and decrypting the broadcast content in the receiver. Then C
The PU built-in cryptographic processing IC 23 has an embedded ROM monitor 24 for software debugging, and when the embedded ROM monitor 24 attempts to monitor a portion corresponding to the address of the key register for setting the encryption key, the original It is intended to monitor meaningless values instead of values.

Further, although the case where the fourth embodiment is implemented as a digital broadcast receiver has been described, the fourth embodiment may be implemented as a digital broadcast receiving system executed by the digital broadcast receiver.

That is, the digital broadcast receiving system according to the fourth embodiment has a CPU built-in cryptographic process having both a CPU 12 and a cryptographic processing function for locally encrypting and decrypting broadcast contents in the receiver. In the encryption process, the embedded ROM monitor 24 for software debugging is used.
When the portion corresponding to the address of the key register for setting the encryption key is to be monitored, the meaningless value is monitored instead of the original value.

As described above, according to the fourth embodiment, when an attempt is made to refer to the key register value, the switching unit is controlled by an instruction from the address comparison unit, and the key address register value is meaningless. Since the value is referred to, the value of the internal register other than the key register can be referred to while the value of the key register is not read.

[0100]

As described above, according to the present invention, the encryption key is divided into four parts, and the four key registers corresponding to the respective divided parts are used. Even if the operation of the system bus is observed by the tool by disturbing it, it is possible to make it difficult to analyze the value of the encryption key.

According to the present invention, since the signal pin of the local cryptographic processing IC for setting the SEED candidate is sandwiched between the local cryptographic processing IC and the board so that it cannot be seen from the outside, the encryption key is disturbed. It becomes difficult to analyze the setting of the SEED candidates for increasing the complexity of, and there is an effect that the safety can be maintained.

According to the present invention, the random number SEED is changed so that the random number SEED is fetched from the real-time clock IC for managing the date and time.
There is an effect that the safety can be maintained without using a dedicated element for changing the EED.

According to the present invention, when it is attempted to refer to the key register value, the switching unit is controlled by an instruction from the address comparison unit so that a meaningless value other than the key address register value is referred to. Therefore, there is an effect that the value of the key register is not read while the value of the internal register other than the key register can be referred to.

According to the present invention, the division rule representing which part of which key register corresponds to which part of the divided encryption key is determined based on the pseudo-random number sequence. This has the effect of increasing the complexity of the disturbance.

According to the present invention, since the encryption key is divided into four fields having different lengths, there is an effect that the complexity of the encryption key is increased.

[Brief description of drawings]

FIG. 1 is a diagram showing a configuration and an operation of a key register of a local cryptographic processing IC according to a first embodiment of the present invention.

FIG. 2 is a diagram showing a configuration and an operation of a key register of a local cryptographic processing IC according to a modification of the first embodiment of the present invention.

FIG. 3A is a plan view of a local cryptographic processing IC used in the second embodiment of the present invention.
FIG. 3B is a side view of the local cryptographic processing IC shown in FIG.

FIG. 4 is a diagram showing a configuration of a third embodiment of the present invention.

FIG. 5 is a diagram showing a configuration of a fourth embodiment of the present invention.

FIG. 6 is a diagram showing a configuration of a conventional digital broadcast receiver.

FIG. 7 is a diagram showing a general configuration of a storage-type digital broadcast receiver.

FIG. 8 is a diagram showing a configuration example of a conventional cryptographic processing device.

[Explanation of symbols]

1 antenna, 2 tuner section, 3 descrambling section, 4 DEMUX section, 5 video decoding section, 6 audio decoding section, 7 video D / A circuit, 8 audio D / A circuit, 9 IC card interface section, 10 IC card, 11 modem, 12 CPU, 13 RAM, 14
ROM, 20 Local cryptographic processing IC, 21 HDD
Interface part, 22 HDD, 23 integrated IC, 2
4 Embedded ROM monitor, 25 Address comparison unit, 26
Switching unit, 27 debugger, 28 personal computer, 101 key register 1, 102 key register 2, 103 key register 3, 104 key register 4, 105 encryption key value, 1
06a, 106b division boundary, 110 local cryptographic processing IC, 111 input signal pin, 120 board.

─────────────────────────────────────────────────── ─── Continuation of front page (51) Int.Cl. ⁷ Identification code FI theme code (reference) H04N 7/167 H04N 7/167 Z (72) Inventor Koichi Nakajima 2-3-2 Marunouchi, Chiyoda-ku, Tokyo Sanryo Electric Co., Ltd. F term (reference) 5C025 AA25 AA30 BA30 DA01 DA04 DA10 5C064 CA14 CA18 CB01 CC02 5J104 AA16 BA03 EA13 NA02 NA04 NA22 PA05 5K061 AA12 BB07 JJ06 JJ07

Claims (7)

[Claims] 1. A local cryptographic processing IC for locally encrypting and decrypting broadcast contents in a receiver, wherein the local cryptographic processing IC includes a plurality of key registers for dividing and setting an encryption key. The local cryptographic processing IC has, between the software side that sets the value of the divided cryptographic key in the key register,
A digital broadcast receiver characterized by receiving the value of the encryption key set in the key register by using a division rule indicating which part of which key register corresponds to which part of the divided encryption key. . 2. A plurality of signal pins of a cryptographic processing IC are used for the purpose of determining one rule from a plurality of division rule candidates, for that purpose.
The described digital broadcast receiver. 3. A real-time clock IC for a calendar function is provided, and one rule is determined from a plurality of division rule candidates using a date and time value provided by the real-time clock IC after reset. Item 1. A digital broadcast receiver according to item 1. 4. A cryptographic processing IC with a built-in CPU, which has both a CPU and a cryptographic processing function for locally encrypting and decrypting broadcast contents within a receiver, wherein the cryptographic processing IC with a built-in CPU is used for software debugging. When the embedded ROM monitor has a portion corresponding to the address of the key register for setting the encryption key, the embedded ROM monitor should monitor a meaningless value instead of the original value. A digital broadcast receiver characterized in that 5. The digital broadcast receiver according to claim 1, wherein the division rule is determined based on a pseudo random number sequence. 6. The digital broadcast receiver according to claim 1, wherein the encryption key is divided into a plurality of fields each having a different number of bits. . 7. A local cryptographic process for locally encrypting and decrypting broadcast content in a receiver, wherein the local cryptographic process comprises a plurality of key registers for dividing and setting an encryption key. In the above-mentioned local cryptographic process, it indicates which part of which key register corresponds to which part of the original encryption key with the software side that sets the value of the divided encryption key in the above key register. A digital broadcast receiving system characterized by receiving a value of the encryption key set in the key register using a division rule.