JP2009271570A - Content distribution system, content distribution method and server program in portable terminal equipment - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To enable a user who distributes content to set restriction for every user, and to enable a user who distributes content to easily change restriction even after distributing content. <P>SOLUTION: A content distribution system includes: a server device; portable terminal equipment for server registration equipped with the input means of biometrics data; and content distribution destination portable terminal equipment. The server device includes: a content storage means; an authentication data storage means for managing terminal authentication data for authenticating the portable terminal equipment for server registration and the content distribution destination portable terminal equipment and biometrics data for authenticating a user who uses each equipment; an access policy storage means for managing an access policy showing an authentication method necessary for accessing to the content; and a content inquiry confirmation means for authenticating the user, and for distributing the content to the content distribution destination portable terminal equipment. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to a content distribution system or the like in a mobile terminal device.

  In recent years, mobile terminal devices such as mobile phones have many opportunities to handle digital contents such as music and videos, and in order to distribute digital contents to other users' mobile terminal devices, infrared, short-range wireless, SD (Secure Digital This is possible by using means of an external storage medium such as a memory card, and can be performed using a portable terminal device without restricting the exchange of digital contents between the user's portable terminal devices.

  However, a user who distributes digital content cannot restrict distribution of digital content after the distribution of digital content. Further, in this method, since digital contents are exchanged between portable terminal devices, there is a possibility that the user who distributes the digital contents will flow out to a place that is not assumed.

  Therefore, there is a means called DRM (Digital Rights Management) as a distribution restriction function for portable terminal devices. However, in most cases, the DRM function is based on the premise that the digital content is bound (related) to the mobile terminal device when the digital content is distributed, and the restriction cannot be changed by the user other than when the digital content is distributed. . Therefore, the DRM has a low degree of user freedom. For example, when it is desired to temporarily use digital content possessed by a user with another mobile terminal device, it is difficult to realize with conventional DRM.

Patent Document 1 discloses a technique in which an external terminal starts download of content provided by a content server through two-step authentication by an individual authentication server and a common authentication server via a mobile device.
JP 2004-336256 A

  However, the above-described conventional technique has a problem that a user who distributes content cannot set a limit for each user, and cannot easily change the limit after content distribution.

  Therefore, the present invention has been made in view of the above problems, and an example of the purpose is that a user who distributes content can set restrictions for each user, and a user who distributes content Another object of the present invention is to provide a content distribution system or the like that can easily change restrictions even after content distribution.

  In order to solve the above-mentioned problem, the invention according to claim 1 is a content distribution comprising a server device, a server registration portable terminal device comprising biometric authentication data input means, and a content distribution destination portable terminal device. In the system, the server device includes content storage means for managing content, terminal authentication data for authenticating the server registration portable terminal device and the content distribution destination portable terminal device, and a user who uses each of the devices. Authentication data storage means for managing biometric authentication data for authentication, access policy storage means for managing an access policy indicating an authentication method necessary for accessing the content, and content registration from the server registration portable terminal device When the inquiry is received, the terminal authentication data stored in the authentication data storage means is received. And the biometric authentication data and the biometric authentication data indicating the inquiry content from the content distribution destination mobile terminal device via the server registration mobile terminal device and the terminal authentication data are authenticated. Content inquiry confirmation means for distributing the content to the content distribution destination mobile terminal device if the content is the same, and the server registration mobile terminal device receives the biometric authentication data and the terminal authentication data. The authentication data registration means for registering in the server device and the access policy set from the server registration mobile terminal device by way of the content distribution destination mobile terminal device via the server registration mobile terminal device Authentication data indirect registration for registering terminal authentication data and the biometric authentication data in the server device And the step, characterized in that it comprises a content inquiry means to query and acquisition of content to the server device.

  In order to solve the above-mentioned problem, the invention according to claim 2 is the content distribution system according to claim 1, wherein the authentication data registration means of the server registration portable terminal device uses the short-range wireless communication. Biometric authentication data and the terminal authentication data are registered in the server device.

  In order to solve the above-described problem, the invention according to claim 3 is the content distribution system according to claim 1 or 2, wherein the authentication data indirect registration means is connected to the content distribution destination portable terminal device from a short-range wireless communication device. Registering the terminal authentication data and the biometric authentication data in the server device with the access policy set from the server registration portable terminal device by way of the server registration portable terminal device by communication. Features.

  In order to solve the above-described problem, the invention according to claim 4 is the content distribution system according to any one of claims 1 to 3, wherein the content inquiry means sends content to the server device through network communication. It is characterized by performing the inquiry and acquisition.

  In order to solve the above-described problem, the invention according to claim 5 is the content distribution system according to any one of claims 1 to 4, wherein the content distribution destination portable terminal device is used by the authentication data indirect registration means. Even after registration in the server device via the server registration mobile terminal device, the authentication level and the access policy included in the content by the server registration mobile terminal device registered in advance in the server device The content distribution destination mobile terminal device already registered and the access policy from the user of the content distribution destination mobile terminal device are changed by changing the authentication level condition stored in the storage means. And

  In order to solve the above problem, the invention described in claim 6 is characterized in that it functions as a server device provided in the content distribution system described in any one of claims 1 to 5.

  In order to solve the above-mentioned problem, the invention according to claim 7 is a content distribution comprising: a server device; a server registration portable terminal device comprising biometric authentication data input means; and a content distribution destination portable terminal device. In the content distribution method in the system, the server device manages the content storage step, and the server device authenticates the server registration portable terminal device and the content distribution destination portable terminal device, and An authentication data storing step for managing biometric authentication data for authenticating a user who uses each of the devices, and an access policy for managing an access policy indicating an authentication method necessary for the server device to access the content A storage step; and the server registration portable terminal device includes the biometric authentication data and the Authentication data registration step for registering terminal authentication data in the server device, and the server registration mobile terminal device from the content distribution destination mobile terminal device via the server registration mobile terminal device, thereby registering the server An authentication data indirect registration step of registering the terminal authentication data and the biometric authentication data with the access policy set from the mobile terminal device for use in the server device, and the server registration mobile terminal device in the server device A content inquiry step for inquiring / acquiring content, and when the server device receives a content inquiry from the server registration portable terminal device, the terminal authentication data and the biometrics stored in the authentication data storage step Authentication data and the content that has passed through the server registration portable terminal device. Authentication is performed as to whether or not the biometric authentication data indicating the inquiry content from the distribution destination portable terminal device and the terminal authentication data are the same, and if they are the same, the content is distributed to the content distribution destination portable terminal device And a content inquiry confirmation step.

  According to the present invention, server registration is limited only by a combination of a user and a mobile terminal device registered in advance in the server device, and unauthorized registration by a third party cannot be performed. The reason for this is that registration with the server device requires a user and a mobile terminal device registered in advance in the server device, and uses short-range wireless for authentication and indirectly inquires the server device. This is because it is necessary for users to authenticate directly, and thus impersonation is difficult.

  Further, according to the present invention, a user registered in advance in the server device can freely restrict content access to other users and portable terminal devices. The reason is that the user registered in advance in the server device at the time of registration in the server device determines the access policy and sets it in the server device, so that the corresponding user is set when accessing the server device for access. This is because the access policy is applied.

  Further, according to the present invention, it is possible to change the access right even after registering the access right to the content. The reason is that since the right to access the content is managed on the server device side, the user himself / herself registered in the server device in advance can change the authority on the server device side.

  Next, preferred embodiments of the present invention will be described with reference to the drawings.

  The embodiment described below is an embodiment when the present invention is applied to a digital content distribution system in a mobile phone.

  First, the configuration and function of the content distribution system according to the embodiment of the present invention will be described with reference to FIGS. 1 is an external view showing a schematic configuration of the content distribution system according to the present embodiment, FIG. 2 is a block diagram showing a schematic configuration of the content distribution system according to the present embodiment, and FIG. It is a figure for demonstrating the information required in the content distribution system which concerns on this embodiment.

  As shown in FIGS. 1 and 2, a content distribution system S (an example of a content distribution system) according to the present embodiment includes an authentication / content management server 1 (an example of a server device) and a mobile phone 2 (a user can use). An example of a mobile terminal device for server registration) and a mobile phone 2 ′ to which content is distributed (an example of a content distribution destination mobile terminal device).

  The authentication / content management server 1 includes an NFC (Near Field Communication) authentication / processing unit 11, an authentication registration / management unit 12, a server inquiry processing unit 13 (an example of a content inquiry confirmation unit), To authenticate an access policy DB (Data Base) 14 (an example of an access policy storage unit) that manages an access policy (access condition) indicating an authentication method necessary for accessing content, and the mobile phone 2 and the mobile phone 2 ′ Authentication data DB 15 (an example of an authentication data storage unit) that manages terminal authentication data of the user and biometric authentication data for authenticating a user who uses each device, and a content DB 16 (an example of a content storage unit) that manages content ).

  The NFC authentication / processing unit 11 has a function of performing short-range wireless communication with the mobile phone 2. When receiving an authentication data registration request 8 from the NFC authentication registration unit 21 described later, the NFC authentication / processing unit 11 delivers the authentication data to the authentication registration / management unit 12. Further, upon obtaining the connection destination information 6 and the content information 7 from the authentication registration / management unit 12, the NFC authentication / processing unit 11 sends them to the NFC authentication registration unit 21.

  In response to the authentication data registration request 8 received from the NFC authentication / processing unit 11, the authentication registration / management unit 12 receives biometric authentication data 81 (an example of biometric authentication data) and a terminal authentication ID (Identification Data) 82 (terminal authentication data). 1), an authentication ID is added to each of them and stored in the authentication data DB 15 as master authentication information 4. Further, the content information 7 is created from the content name of the content in the content DB 16 and the connection destination information, and is transmitted to the NFC authentication / processing unit 11.

  Further, the authentication registration / management unit 12 responds to the authentication data indirect registration request 9 from the server inquiry processing unit 13 with the master authentication information 4 included in the authentication data DB 15, the biometric authentication data 91, and the inquiry terminal. Authentication is performed using the authentication ID 92, and only when it matches, the authentication data DB 15 is stored in the authentication data DB 15 as authentication information 4 in which the authentication ID 41 is added to the registered terminal authentication ID 94. At the same time, the same authentication ID is added to the authentication policy 95 and registered in the access policy DB 14 as the access policy 5. If the registration is successful, the server inquiry processing unit 13 is notified of the completion of registration.

  Further, the authentication registration / management unit 12 searches the authentication data DB 15 for authentication information 4 that matches the terminal authentication ID 101 and the biometric authentication data 102 in response to the content inquiry request 10 from the server inquiry processing unit 13. The authentication ID 41 included in the authentication information 4 is acquired. The access policy 5 that matches the acquired authentication ID 41 is retrieved from the access policy DB 14 and acquired. The acquired access policy 5 is delivered to the server inquiry processing unit 13.

  The server inquiry processing unit 13 has a function of performing network communication with the mobile phone 2. When receiving the authentication data indirect registration request 9 from the authentication / inquiry communication unit 23, the server inquiry processing unit 13 performs authentication data indirect registration in the authentication registration / management unit 12. Deliver request 9. When the registration completion notification is received, the registration completion notification is returned to the authentication / inquiry communication unit 23. When the server inquiry processing unit 13 receives the content inquiry request 10 from the authentication / inquiry communication unit 23, the server inquiry processing unit 13 acquires the content 3 matching the content name 103 from the content DB 16.

  Further, the server inquiry processing unit 13 delivers the content inquiry request 10 to the authentication registration / management unit 12 and acquires the access policy 5.

  Then, the server inquiry processing unit 13 searches for an authentication level condition 522 that matches the authentication level 33 included in the acquired content 3, and determines whether the content can be sent.

  When the server inquiry processing unit 13 determines that the content can be output, the server inquiry processing unit 13 sends the content body 32 to the authentication / inquiry communication unit 23. On the other hand, if it is determined that the content cannot be output, the authentication / inquiry communication unit 23 sends a result indicating that the content cannot be output.

  The access policy DB 14 is a database that stores the access policy 5 registered / referenced by the authentication registration / management unit 12.

  The authentication data DB 15 is a database that stores master authentication information and authentication information 4 registered / referenced by the authentication registration / management unit 12.

  The content DB 16 is a database that holds the content 3 referred to by the server inquiry processing unit 13 and connection destination information indicating an inquiry method to the server.

  The mobile phone 2 includes an NFC authentication registration unit 21 (an example of an authentication data registration unit and an authentication data indirect registration unit), a biometric authentication input unit 22 (an example of an input unit), and an authentication / acquisition inquiry communication unit 23 (a content inquiry). An example), a content management unit 24, a terminal authentication ID 25, a connection destination information DB 26, a content information DB 27, a content use function 28, and a content cache 29.

  The NFC authentication registration unit 21 has a function of performing short-range wireless communication with the authentication / content management server 1 and the mobile phone 2 ′, and starts operation by starting short-range wireless communication with the NFC authentication / processing unit 11. Then, a biometric authentication data input request is made to the biometric authentication input unit 22, and an authentication registration request 8 is created from the input biometric authentication data and the terminal authentication ID 25 and sent to the NFC authentication / processing unit 11. As a result, when the connection destination information 6 and the content information 7 are acquired from the NFC authentication / processing unit 11, the connection destination information 6 is stored in the connection destination information DB 6, and the content information 7 is stored in the content information DB.

  The NFC authentication registration unit 21 also starts operation by starting short-range wireless communication with the mobile phone 2 ′, and acquires biometric authentication data and a terminal authentication ID from the NFC authentication registration unit 21 ′ of the mobile phone 2 ′. Then, the biometric authentication data of the mobile phone 2 and the terminal authentication ID 25 are acquired from the biometric authentication input unit 22.

  An indirect authentication registration request 9 is created from these data and transmitted to the authentication / acquisition inquiry communication unit 23. When the connection destination information 6 and the content information 7 are acquired as a result of the indirect authentication registration request 9, they are delivered to another mobile phone 2 '.

  The biometric authentication input unit 22 includes a biometric authentication input device, and inputs biometric authentication data input requests from the NFC authentication registration unit 21 and the authentication / acquisition inquiry communication unit 23.

  The authentication / acquisition inquiry communication unit 23 has a function of performing network communication with the authentication / content management server 1, and in response to the indirect authentication registration request 9 from the NFC authentication registration unit 21, the authentication level is given to the user of the mobile phone 2. Each access authority is obtained, and the authentication policy 95 is added to the indirect authentication registration request 9 and transmitted to the server inquiry processing unit 13.

  Upon receiving the registration completion notification from the server inquiry processing unit 13, the authentication / acquisition inquiry communication unit 23 acquires the connection destination information 6 and content information 7 of the corresponding authentication / content management server from the content management unit 24, and NFC Delivered to the authentication registration unit 21.

  Further, when the authentication / acquisition inquiry communication unit 23 receives the content name and the connection destination information 6 from the content management unit 24 as a content acquisition request, the authentication / acquisition inquiry communication unit 23 acquires biometric authentication data and terminal authentication ID 25 from the biometric authentication input unit 22. An inquiry request 10 is created.

  The authentication / acquisition inquiry communication unit 23 sends the created content inquiry request 10 to the server inquiry processing unit 13. The result acquired from the server inquiry processing unit 13 is delivered to the content management unit 24.

  When a content use request is made from the content use function 28, the content management unit 24 acquires the content information 7 from the content information DB 27 and causes the user to select a content that can be inquired.

  When the content with the selected content name exists in the content cache 29, the content management unit 24 delivers the content in the content cache 29 to the content use function.

  When the content with the selected content name does not exist in the content cache 29, the content management unit 24 acquires the content connection destination of the selected content information 7 from the connection destination information DB 26, and the content name and connection as a content acquisition request. The destination information is sent to the authentication / acquisition inquiry communication unit 23.

  The content management unit 24 receives the inquiry result, and if it is a content main body, the content management unit 24 stores the content in the content cache 29 and also sends the content to the content use function 28. On the other hand, if the notification is that content acquisition is not possible, the content usage function 28 is notified that content acquisition is not possible.

  The terminal authentication ID 25 indicates an identifier for uniquely identifying the mobile phone 2.

  The connection destination information DB 26 is a database that stores the connection destination information 6 of the authentication / content management server 1.

  The content information DB 27 is a database that stores content information 7 stored in the authentication / content management server 1.

  The content use function 28 indicates a function of using content such as a music player or a video viewer that is conventionally installed in a mobile phone.

  The content cache 29 is a cache for temporarily storing the content body. The content in the content cache has a function of being deleted from the cache if it is not used for a certain period of time.

  As shown in FIG. 3, the content 3 includes a content name 31, a content body 32, and an authentication level 33.

  The authentication information 4 includes an authentication ID 41 and authentication data 42. Here, the authentication ID 41 is an ID uniquely set in the authentication / content management server 1. The authentication data 42 indicates terminal authentication ID or biometric authentication data that is authentication data for the authentication ID.

  The access policy 5 includes an authentication ID 51 and an authentication policy 52. Here, the authentication ID 51 is the same as the authentication ID 41. The authentication policy 52 includes an authentication level 521 and an authentication level condition 522. The authentication policy 52 indicates a content use condition for the authentication ID 51. The authentication level 521 indicates the level of content usage conditions for authentication. An authentication level condition 522 indicates a content use condition for the authentication level 521.

  The content information 7 includes a content name 71 and connection destination information 72. Here, the content name 71 indicates the content name of the content managed by the authentication / content management server 1. The connection destination information 72 indicates a connection destination of the authentication / content management server 1.

  The authentication registration request 8 includes biometric authentication data 81 and a terminal authentication ID 82. Here, the biometric authentication data 81 indicates the biometric authentication data of the user registered in the authentication / content management server 1 input from the mobile phone 2. The terminal authentication ID 82 indicates an identifier for uniquely identifying the mobile phone 2 registered in the authentication / content management server 1.

  The indirect authentication registration request 9 includes inquiry biometric authentication data 91, inquiry terminal authentication ID 92, registered biometric authentication data 93, registration terminal authentication ID 94, and authentication policy 95. Here, the inquiry biometric authentication data 91 includes the master authentication information registered in the authentication / content management server 1 and the biometric authentication data for authentication in order to confirm whether the user is registered by the authentication registration request 8. Show. The inquiry terminal authentication ID 92 indicates the master authentication information registered in the authentication / content management server 1 and the terminal authentication ID for authentication in order to confirm whether the mobile phone is registered by the authentication registration request 8. . The registered biometric authentication data 93 indicates biometric authentication data for authenticating a user who performs registration indirectly. The registered terminal authentication ID 94 indicates a terminal authentication ID for identifying a mobile phone that performs registration indirectly. The authentication policy 95 indicates content access conditions for a user who registers indirectly and a mobile phone.

  The content inquiry request 10 includes a terminal authentication ID 101, biometric authentication data 102, and a content name 103. Here, the terminal authentication ID 101 indicates an identifier uniquely set in the mobile phone 2 in order to confirm registration in the authentication / content management server 1. The biometric authentication data 102 indicates biometric authentication data input by the mobile phone 2 in order to confirm registration in the authentication / content management server 1. The content name 103 indicates the content name to be inquired.

  Next, the operation of the content distribution system S according to the present embodiment will be described in detail with reference to FIGS.

  FIG. 4 is a diagram illustrating a user operation that is a trigger for the operation of the content distribution system S according to the present embodiment, and FIG. 5 is a flowchart illustrating a process when the operation A is performed. FIG. 6 is a flowchart showing processing when the operation B is performed, and FIG. 7 is a flowchart showing processing when the operation C is performed.

  In FIG. 4, operation A shows a case where the user using the mobile phone 2 brings the mobile phone 2 close to the communication range of the NFC receiving unit of the authentication / content management server 1 in order to register authentication data. In addition, the operation B shows a case where the mobile phone 2 that has been authenticated by the operation A and the mobile phone 2 ′ that makes an inquiry for registration in the authentication / content management server 1 start short-range wireless communication. . Further, the operation C shows a case where the content to be used is selected by the content use function 28 on the cellular phone 2 ′ registered by the operation B.

  Here, the operation A will be specifically described with reference to FIG.

  In FIG. 5, when the operation A is performed, the NFC authentication registration unit 21 starts operation and makes a biometric authentication data input request to the biometric authentication input unit 22.

  The biometric authentication input unit 22 input unit acquires biometric authentication data 81 from the user in response to a biometric authentication data input request, and delivers the biometric authentication data 81 to the NFC authentication registration unit 21.

  The NFC authentication registration unit 21 creates an authentication registration request 8 from the delivered biometric authentication data 81 and the terminal authentication ID 82 (step A1), and sends it to the NFC authentication / processing unit 11.

  Next, upon receiving the authentication data registration request 8 from the NFC authentication registration unit 21, the NFC authentication / processing unit 11 delivers the authentication registration request 8 to the authentication registration / management unit 12. The authentication ID is added to each of 81 and terminal authentication ID 82 and stored in the authentication data DB 15 as master authentication information 4. Further, the content name and the connection destination information 6 are acquired from the content 3 stored in the content DB 16, and the content information 7 is created (step A2). Then, the authentication registration / management unit 12 transmits the created content information 7 and connection destination information 6 to the NFC authentication / processing unit 11. Next, the NFC authentication / processing unit 11 transmits the content information 7 to the NFC authentication registration unit 21. When the NFC authentication registration unit 21 acquires the connection destination information 6 and the content information 7 from the content authentication registration / management unit 12, The connection destination information 6 is stored in the connection destination information DB 6, and the content information 7 is stored in the content information DB (step A3).

  Thereby, the registration of the mobile phone 2 serving as the master in the authentication / content management server 1 is completed.

  Next, the operation B will be specifically described with reference to FIG.

  In FIG. 6, when the operation B is performed, the NFC authentication registration units 21 and 21 ′ mounted on the mobile phones 2 and 2 ′ request biometric authentication data input to the biometric authentication input unit 22.

  The biometric authentication input unit 22 requests the user of each mobile phone 2 and 2 'to input authentication data.

  The biometric authentication data (registered biometric authentication data 93) input by the mobile phone 2 ′ is transmitted to the NFC authentication registration unit 21 of the mobile phone 2 together with the terminal authentication ID (registered terminal authentication ID 94) of the mobile phone 2 ′. .

  Further, the biometric authentication data (inquiry biometric authentication data 91) input by the cellular phone 2 is delivered to the NFC authentication registration unit 21 together with the terminal authentication ID (inquiry terminal authentication ID 92). An indirect inquiry registration request 9 is created from these transferred data (step B1) and transmitted to the authentication / acquisition inquiry communication unit 23.

  Upon obtaining the indirect inquiry registration request 9, the authentication / acquisition inquiry communication unit 23 requests the access authority for each authentication level from the user of the mobile phone 2, adds an authentication policy 95 to the indirect authentication registration request 9, It transmits to the matching processing unit 13.

  Upon receiving the authentication data indirect registration request 9 from the authentication / inquiry communication unit 23, the server inquiry processing unit 13 delivers the authentication data indirect registration request 9 to the authentication registration / management unit 12.

  When receiving the authentication data indirect registration request 9, the authentication registration / management unit 12 determines whether the master authentication information 4 included in the authentication data DB 15, the inquiry biometric authentication data 91, and the inquiry terminal authentication ID 92 are the same. It authenticates about (step B2).

  In step B2, if it is authenticated that the master authentication information 4, the query biometric authentication data 91 and the query terminal authentication ID 92 match (step B2: YES), each of the registered biometric authentication data 93 and the registered terminal authentication ID 94 is uniquely authenticated. Authentication information 4 to which ID 41 is added is created and stored in the authentication data DB 15. At the same time, the same authentication ID is added to the authentication policy 95 and registered as the access policy 5 in the access policy DB 14 (step B3). If the registration is successful, the server inquiry processing unit 13 is notified of the completion of registration.

  On the other hand, if the master authentication information 4, the query biometric authentication data 91, and the query terminal authentication ID 92 do not match in step B2 (step B2: NO), this process ends.

  Upon receiving the registration completion notification, the server inquiry processing unit 13 returns a registration completion notification to the authentication / inquiry communication unit 23.

  Upon receiving the registration completion notification, the authentication / inquiry communication unit 23 acquires the connection destination information 6 and the content information 7 of the corresponding content management server from the content management unit 24 and delivers them to the NFC authentication registration unit 21.

  The NFC authentication registration unit 21 transmits the acquired connection destination information 6 and content information 7 of the authentication / content management server 1 to the NFC authentication registration unit 21 ′ of the mobile terminal 2 ′ as they are. The NFC authentication registration unit 21 'of the mobile phone 2' stores the acquired connection destination information 6 and content information 7 in the connection destination information DB 26 and the content information DB 27, respectively (step B4).

  Thereby, the authentication data of the mobile phone 2 ′ can be registered in the authentication / content management server 1, and the content information 7 and the connection destination information 6 for content acquisition can be acquired.

  Next, the operation C will be specifically described with reference to FIG.

  In FIG. 7, when a content use request is made from the content use function 28 such as a music player or a video viewer, the content information 7 is acquired from the content information DB 27 and the user can select a content that can be inquired. Then, by performing the selection, it is confirmed whether or not the corresponding content is stored in the content cache 29, and the operation C starts when the content is not stored.

  When the operation C is performed, the authentication / acquisition inquiry communication unit 23 receives the content name 103 and the connection destination information 6 as a content inquiry request from the content management unit 28, and performs biometric authentication to the biometric authentication input unit 22. Prompt for data input.

  The biometric authentication input unit 22 acquires the biometric authentication data 102 from the user in response to a biometric authentication data input request, and delivers it to the authentication / acquisition inquiry communication unit 23.

  The biometric authentication input unit 22 creates the content inquiry request 10 from the terminal authentication ID 101, the biometric authentication data 102, and the content name 103 acquired by delivery (step C1), and sends them to the server inquiry processing unit 13.

  Upon receiving the content inquiry request 10 from the authentication / inquiry communication unit 23, the server inquiry processing unit 13 searches the content DB 16 for the content 3 that matches the content name 103, and acquires the authentication level 33 included in the content 3 (Step C2).

  Then, after obtaining the authentication level 33, the server inquiry processing unit 13 delivers the content inquiry request 10 to the authentication registration / management unit 12.

  Upon receiving the content inquiry request 10, the authentication registration / management unit 12 searches the authentication data DB 15 for authentication information 4 that matches the terminal authentication ID 101 and the biometric authentication data 102 (step C 3), and is included in the corresponding authentication information 4. Authentication ID 41 is acquired.

  In step C3, when the authentication ID 41 is acquired (step C3: YES), the access policy 5 matching the authentication ID 41 is searched from the access policy DB 14 and acquired (step C4). Then, the acquired access policy 5 is delivered to the server inquiry processing unit 13.

  When the server inquiry processing unit 13 acquires the access policy 5 from the authentication registration / management unit 12, the server inquiry processing unit 13 searches the authentication level condition 522 corresponding to the previously acquired authentication level 33 and determines whether or not the content can be accessed (step C5). ).

  If it is determined in step C5 that the content can be accessed (step C5: YES), the content body 32 is sent to the authentication / inquiry communication unit 23 (step C6-1).

  On the other hand, when it is determined in step C5 that the content cannot be accessed (step C5: NO), or in step C3, a notification indicating that there is no authentication ID 41 is received from the authentication registration / management unit 12 ( Step C3: NO), the result that access is impossible is sent to the authentication / inquiry communication unit 23 (step C6-2).

  Then, the authentication / inquiry communication unit 23 delivers the result acquired from the server inquiry processing unit 13 to the content management unit 24.

  When the acquired result is the content main body, the content management unit 24 stores the content in the content cache 29 and also sends the content to the content use function 28. On the other hand, if it is a notification that the content cannot be acquired, the content use function 28 is notified that the content cannot be acquired.

  As a result, the authentication / content management server 1 is inquired by selecting the content, and only the authenticated content is acquired and the content can be used.

  As described above, the master mobile phone 2 is registered in advance in the authentication / content management server 1 by the operation A, and the authentication / content management server 1 is registered via the mobile phone 2 in which the master registration is performed in the operation A by the operation B. The content contained in the authentication / content management server 1 can be accessed from the cellular phone 2 ′ registered in the operation B under the conditions set by the cellular phone 2.

  As described above, according to the present embodiment, digital content that has been stored in a conventional mobile phone cannot be stored in the mobile phone 2 or 2 ', and is managed by the authentication / content management server 1, and authentication / content is managed. Access is made possible by performing terminal / biometric authentication with the management server 1, and authentication / content registration for access to the authentication / content management server 1 is performed using the mobile phone 2 of the content distributor and direct short-range wireless communication. Registration to the management server 1 can prevent unauthorized authentication / registration to the content management server 1 and unauthorized access to content by a user who is not intended by the content distributor. Therefore, it is possible to more safely restrict distribution of digital content.

  Further, according to the present embodiment, server registration is limited only to a combination of a user registered in advance in the authentication / content management server 1 and the mobile phone 2, and unauthorized registration by a third party cannot be performed. The reason is that registration to the authentication / content management server 1 requires the user and the mobile phone 2 registered in the authentication / content management server 1 in advance, and the authentication uses indirect radio communication and is indirect. In order to make an inquiry to the authentication / content management server 1, it is necessary for users to directly authenticate, and thus impersonation is difficult.

  Further, according to the present embodiment, the user registered in advance in the authentication / content management server 1 can freely restrict the access of content to other users and the mobile phone 2 ′. The reason is that the user registered in the authentication / content management server 1 in advance at the time of registration in the authentication / content management server 1 determines the access policy and sets it in the authentication / content management server 1. This is because the access policy set at the time of access to the authentication / content management server 1 is applied to the authentication user / content management server 1.

  Further, according to the present embodiment, it is possible to change the access right even after registering the access right to the content. The reason is that the access right to the content is managed on the authentication / content management server 1 side, so the authority on the authentication / content management server 1 side is changed in advance by the user who is registered in the authentication / content management server 1 in advance. Because it can.

  In addition, this invention is not limited to the said embodiment, It can change in the range which does not deviate from the summary.

1 is an external view showing a schematic configuration of a content distribution system according to the present embodiment. 1 is a block diagram showing a schematic configuration of a content distribution system according to the present embodiment. It is a figure for demonstrating the information required in the content distribution system which concerns on this embodiment. It is a figure which shows user operation used as the trigger of operation | movement of the content distribution system which concerns on this embodiment. It is a flowchart which shows the process at the time of operation of operation A being performed. It is a flowchart which shows the process at the time of operation B operation being performed. It is a flowchart which shows the process when operation C of operation is performed.

Explanation of symbols

1 Authentication / Content Management Server 11 NFC Authentication / Processing Unit 12 Authentication Registration / Management Unit 13 Server Query Processing Unit 14 Access Policy DB
15 Authentication data DB
16 Content DB
2 Mobile phone 21 NFC authentication registration unit 22 Biometric authentication input unit 23 Authentication / acquisition communication unit 24 Content management unit 25 Terminal authentication ID
26 Connection destination information DB
27 Content information DB
28 Content Usage Function 29 Content Cache

Claims (7)

In a content distribution system comprising a server device, a mobile terminal device for server registration provided with biometric authentication data input means, and a content distribution destination mobile terminal device,
The server device
Content storage means for managing content;
Authentication data storage means for managing terminal authentication data for authenticating the mobile terminal device for server registration and the content distribution destination mobile terminal device, and biometric authentication data for authenticating a user who uses each device;
Access policy storage means for managing an access policy indicating an authentication method required for accessing the content;
Upon receiving a content inquiry from the server registration portable terminal device, the terminal authentication data and the biometric authentication data stored in the authentication data storage means, and the content distribution via the server registration portable terminal device Authentication is performed as to whether or not the biometric authentication data indicating the inquiry content from the destination mobile terminal device and the terminal authentication data are the same, and if they are the same, the content is distributed to the content distribution destination mobile terminal device. Content inquiry confirmation means;
With
The portable terminal device for server registration is
Authentication data registration means for registering the biometric authentication data and the terminal authentication data in the server device;
The terminal authentication data and the biometric authentication data with the access policy set from the server registration portable terminal device are passed through the server registration portable terminal device from the content distribution destination portable terminal device to the server. Authentication data indirect registration means for registering with the device;
Content inquiry means for inquiring / acquiring content to the server device;
A content distribution system comprising: The content distribution system according to claim 1,
The content distribution system, wherein the authentication data registration means of the server registration portable terminal device registers the biometric authentication data and the terminal authentication data in the server device by short-range wireless communication. The content distribution system according to claim 1 or 2,
The authentication data indirect registration means includes the access policy set from the server registration mobile terminal device by passing through the server registration mobile terminal device by short-range wireless communication from the content distribution destination mobile terminal device. A content distribution system, wherein the terminal authentication data and the biometric authentication data are registered in the server device. The content distribution system according to any one of claims 1 to 3,
A content distribution system, wherein the content inquiry means inquires and acquires content from the server device through network communication. The content distribution system according to any one of claims 1 to 4,
The server for mobile registration registered in advance in the server device even after registration in the server device via the mobile terminal device for server registration from the content distribution destination mobile terminal device by the authentication data indirect registration means The content distribution destination mobile terminal device and the content distribution destination mobile terminal device already registered by changing the authentication level included in the content and the authentication level condition stored in the access policy storage means by the terminal device A content distribution system for changing the access policy from the user.   6. A server program that functions as a server device provided in the content distribution system according to claim 1. In a content distribution method in a content distribution system comprising a server device, a mobile terminal device for server registration provided with biometric authentication data input means, and a content distribution destination mobile terminal device,
A content storage step in which the server device manages content;
Authentication in which the server device manages terminal authentication data for authenticating the server registration portable terminal device and the content distribution destination portable terminal device, and biometric authentication data for authenticating a user who uses each device A data storage process;
An access policy storage step in which the server device manages an access policy indicating an authentication method necessary for accessing the content;
An authentication data registration step in which the portable terminal device for server registration registers the biometric authentication data and the terminal authentication data in the server device;
The terminal authentication data with the access policy set from the server registration mobile terminal device when the server registration mobile terminal device passes through the server registration mobile terminal device from the content distribution destination mobile terminal device. And an authentication data indirect registration step of registering the biometric authentication data with the server device,
A content inquiry step in which the mobile terminal device for server registration inquires and acquires content from the server device;
When the server device receives a content inquiry from the server registration portable terminal device, the terminal authentication data and the biometric data stored in the authentication data storage step, and the server registration portable terminal device Authentication is performed as to whether or not the biometric authentication data and the terminal authentication data indicating the inquiry content from the content distribution destination mobile terminal device via the same are the same. Content inquiry confirmation process to be distributed to terminal devices;
A content distribution method comprising:

Images