JP4224321B2 - Content distribution system, distribution device, and reception device - Google Patents

Description

[0001]
BACKGROUND OF THE INVENTION
The present invention relates to a content distribution system, a distribution device, and a reception device in which a distribution device distributes content whose expiration date is determined and the reception device reproduces the content after determining whether the content can be used.
[0002]
[Prior art]
2. Description of the Related Art In recent years, a business in which contents such as movies and music are recorded and distributed on media such as a DVD (Digital Versatile Disc) and a CD (Compact Disc), and distributed using communication such as a network has been spreading.
In one of the distribution-type businesses, there is a method in which a distributor of the content sets an expiration date for the content and cancels the setting of the expiration date in exchange for receiving a usage fee related to the content. is there.
[0003]
When the content distribution device transmits the content and the expiration date related to the content, the receiving device receives the usage expiration date, determines whether the content is usable, and when the determination result is usable , Play content.
In addition, the content distribution device transmits information related to the content such as an expiration date to the receiving device after applying the digital signature, and the receiving device verifies the digital signature and confirms that the information has not been tampered with. After confirmation, the information is used to determine whether or not the content can be reproduced (see Non-Patent Document 1).
[0004]
[Non-Patent Document 1]
Tatsuaki Okamoto, Hiroshi Yamamoto Modern cryptography industrial books, 1997
[0005]
[Problems to be solved by the invention]
However, because the date and time of the clock provided by the distribution device and the clock provided by the reception device are different intentionally or due to changes over time or over time, the reception device may use the content expiration date set by the distribution device. As a result, it is impossible to accurately determine whether or not the content can be used, and the content is not used correctly as set.
[0006]
The present invention has been made in view of the above-described problems, and an object of the present invention is to provide a content distribution system, a distribution device, and a reception device that can prevent unauthorized use of content whose expiration date has been determined.
[0007]
[Means for Solving the Problems]
  In order to solve the above problems, the present inventionContent distribution comprising: a distribution device that transmits time limit information related to a content expiration date based on a clock provided; and a reception device that determines whether the content can be used by using the clock and the received time limit information. In the system, the receiving device includes a first clock that engraves a date and time, stores a difference date and time for correcting the date and time that the first clock engraves, and a difference identifier that identifies the difference date and time, A correction date and time obtained by adding the date and time of the clock, the difference date and time, and a correction identifier for identifying the correction date and time are transmitted to the distribution device, and the time limit information and the correction identifier are received from the distribution device. The date obtained by adding the difference date and time identified by the difference identifier that matches the correction identifier and the date and time carved by the first clock when determining the availability of the content However, if the date is earlier than the deadline information, the content is determined to be usable, and the distribution device includes a second clock that has a date and time different from the first clock, and the reception The correction identifier and the correction date / time are received from the device, and the difference between the correction date / time and the reference date / time engraved by the second clock when the correction date / time is received is added to the expiration date of the content. Information is generated and the time limit information and the correction identifier are transmitted.
[0010]
In order to solve the above-described problem, the present invention transmits information to a distribution device, receives time limit information related to content generated by the distribution device using the information, and uses the time limit information to transmit the content. A user date and time acquisition unit that acquires a user date and time designated by the user, and a first date and time that is engraved when the user date and time is acquired. A timepiece unit, a storage unit that stores a difference between the user date and time and the first date and time, and an identifier that identifies the difference, and a content playback request acquisition that acquires a content playback request specified by the user A transmission unit that transmits to the distribution device, a correction date and time obtained by adding the difference and the date and time that the first clock has engraved when the content reproduction request is acquired, and the distribution device A reception unit that receives the identifier and the time limit information, and a date and time obtained by adding the date and time engraved by the clock unit and the difference corresponding to the identifier when determining whether or not the content can be used. A determination unit that determines that the content is usable when the date is earlier.
[0011]
DETAILED DESCRIPTION OF THE INVENTION
Hereinafter, embodiments of the present invention will be described with reference to the drawings.
<First Embodiment>
1.1 Configuration
FIG. 1 is a block diagram showing the configuration of the content distribution system 1.
[0012]
The distribution device 10 stores the content and the expiration date of the content in advance, and communicates with the reception device 20 via the network.
The distribution device 10 receives the content distribution request from the reception device 20 and transmits the content and the time limit information obtained by correcting the use time limit of the content to the reception device 20.
[0013]
The receiving device 20 receives the time limit information, determines whether or not the content can be played back, and plays back the content when the content is playable.
The receiving device 20 includes a content processing device 21 and a tamper resistant module 25 electrically connected via a bus. The tamper resistant module 25 determines whether or not the content can be reproduced, and the content processing device 21 determines whether or not the reproduction is possible. Based on the determination, the content is reproduced.
1.1.1 Distribution device 10
FIG. 2 is a block diagram illustrating a configuration of the distribution apparatus 10.
[0014]
The distribution apparatus 10 is specifically a computer system including a microprocessor, ROM, RAM, hard disk, liquid crystal display unit, and the like. A computer program is stored in the RAM. The distribution apparatus 10 achieves its functions by the microprocessor operating according to the computer program.
(Receiver 101)
The receiving unit 101 receives information from the receiving device 20 via a network.
[0015]
The receiving unit 101 transmits the content designation information received from the receiving device 20 to the request holding unit 102 and the time limit information generating unit 107.
The content designation information is information indicating content desired to be transmitted, which is transmitted to the distribution device 10 when the reception device 20 makes a content distribution request.
In addition, the reception unit 101 transmits the reception side date and time and the reception side signature received from the reception device 20 to the signature verification unit 104.
[0016]
The receiving side date and time is a date and time generated by the receiving device 20 and is used by the distribution device 10 to correct the expiration date of the content.
The receiving side signature is a signature generated by the receiving device 20 and is used by the distribution device 10 to detect falsification of the receiving side date and time.
The reception unit 101 transmits the reception-side random number received from the reception device 20 to the signature generation unit 108.
[0017]
The receiving-side random number includes the deadline information and the digital signature sent from the delivery device 10 to a receiving device other than the receiving device 20, and the deadline information and the receiving-side signature communicated between the delivery device 10 and the receiving device 20. This information is used to prevent attacks that are replaced by.
(Request holding unit 102)
The request holding unit 102 holds the content designation information received from the receiving unit 101.
[0018]
Further, the request holding unit 102 transmits a random number generation request to the random number generation unit 103 when receiving the content designation information.
(Random number generator 103)
When the random number generation unit 103 receives the random number generation request from the request holding unit 102, the random number generation unit 103 generates a delivery-side random number that is a random number and transmits the random number to the signature verification unit 104 and the transmission unit 109.
(Signature verification unit 104)
The signature verification unit 104 verifies the signature received from the reception unit 101.
[0019]
The signature verification unit 104 stores a reception-side public key generated by the reception device 20 in advance.
The signature verification unit 104 receives the distribution-side random number from the random number generation unit 103 and stores it.
The signature verification unit 104 receives the reception side date and time and the reception side signature from the reception unit 101.
[0020]
The signature verification unit 104 verifies the validity of the reception side signature using the reception side public key, and determines whether or not the reception side date has been tampered with.
If the receiving side signature is not valid, the signature verification unit 104 determines that the receiving side date has been tampered with, and ends the process.
If the reception side signature is valid, the signature verification unit 104 determines that the reception side date has not been tampered with, and transmits the reception side date to the time limit information generation unit 107.
(Clock part 105)
The clock unit 105 is a clock that counts up every second, and counts the number of seconds from January 1, 1970.
[0021]
For example, the clock unit 105 has a value of 10433385060 at 14:11:01 on January 24, 2003.
The value carved by the clock unit 105 cannot be changed from outside the clock unit 105.
(Storage unit 106)
The storage unit 106 stores the content to be transmitted to the receiving device 20, the content identifier for identifying the content, and the expiration date of the content in association with each other.
[0022]
The expiration date is represented by the number of seconds counted from January 1, 1970.
(Time limit information generation unit 107)
The term information generation unit 107 corrects the usage term of the content.
The time limit information generation unit 107 receives the reception side date and time from the signature verification unit 104, and acquires the delivery side date and time that is the date and time engraved by the clock unit 105 when the reception side date and time is received.
[0023]
The time limit information generation unit 107 reads from the storage unit 106 the use time limit of the content corresponding to the content identifier that matches the content designation information received from the reception unit 101.
The time limit information generation unit 107 calculates a difference between the reception side date and time and the delivery side date and time, and generates time limit information obtained by adding the read expiration date and the difference.
[0024]
For example, when the receiving side date and time is 1043384880 indicating 14: 8: 0 on January 24, 2003, and the delivery side date and time is 1043338060 indicating 14: 11: 0 on January 24, 2003, The difference is 1043384880−10433885060 = −180.
When the read expiration date is 104338500 indicating 14:10:02 on January 24, 2003, the expiration date information is 104338500 + (− 180) = 10433384320.
[0025]
The time limit information generation unit 107 transmits the content designation information and the time limit information to the signature generation unit 108.
Further, the time limit information generation unit 107 instructs the transmission unit 109 to transmit the content identifier that matches the content designation information and the content corresponding to the content identifier.
(Signature generation unit 108)
The signature generation unit 108 generates a digital signature.
[0026]
The signature generation unit 108 generates a set of a distribution side public key and a distribution side private key to be used for generation and verification of a digital signature in advance.
The distribution side public key is notified to the receiving device 20 in advance.
The signature generation unit 108 uses the distribution-side secret key for information obtained by concatenating the content designation information received from the time limit information generation unit 107, the time limit information, and the reception-side random number received from the reception unit 101. A digital signature is applied to generate a distribution side signature.
[0027]
The signature generation unit 108 instructs the transmission unit 109 to transmit the time limit information and the distribution side signature to the reception device 20.
(Transmitter 109)
The transmission unit 109 transmits information to the reception device 20 in accordance with instructions from the random number generation unit 103, the time limit information generation unit 107, and the signature generation unit 108.
[0028]
The transmission unit 109 transmits the content and the content identifier to the reception device 20 in accordance with an instruction from the time limit information generation unit 107.
The transmission unit 109 transmits the distribution-side random number to the reception device 20 according to the instruction from the random number generation unit 103 and the time limit information and the distribution-side signature according to the instruction from the signature generation unit 108.
1.1.2 Content processing device 21
FIG. 3 is a block diagram showing the configuration of the content processing device 21.
[0029]
Specifically, the content processing apparatus 21 is a computer system including a microprocessor, ROM, RAM, hard disk, liquid crystal display unit, remote controller, and the like. A computer program is stored in the RAM. The content processing apparatus 21 achieves its functions by the microprocessor operating according to the computer program.
(User instruction acquisition unit 210)
The user instruction acquisition unit 210 acquires the content designation information that is designated by the user using a remote controller (not shown) and indicates the content that the user desires to reproduce.
[0030]
The user instruction acquisition unit 210 transmits the acquired content designation information to the content reproduction unit 214 and the transmission unit 216.
(Receiving unit 211)
The receiving unit 211 receives information from the distribution device 10 via the network.
The receiving unit 211 transmits the distribution-side random number, the time limit information, and the distribution-side signature received from the distribution device 10 to the transmission unit 215.
[0031]
The receiving unit 211 receives the content and the content identifier from the distribution device 10 and stores the content and the content identifier in the content storage unit 213 in association with each other.
(Receiver 212)
The reception unit 212 receives information from the tamper resistant module 25 that is electrically connected via a bus.
[0032]
The reception unit 212 transmits the reception side date and time, the reception side signature, and the distribution side random number received from the tamper resistant module 25 to the transmission unit 216.
In addition, the reception unit 212 transmits to the content reproduction unit 214 reproduction propriety information that is received from the tamper resistant module 25 and that indicates whether the content can be reproduced.
(Content accumulation unit 213)
The content storage unit 213 stores the content received from the reception unit 211 in association with the content identifier.
(Content playback unit 214)
The content reproduction unit 214 performs reproduction control of the content based on the reproduction availability information received from the reception unit 212.
[0033]
When the reproduction permission / inhibition information indicates that content reproduction is possible, the content reproduction unit 214 reads out the content corresponding to the content identifier that matches the content designation information received from the user instruction acquisition unit 210 from the content accumulation unit 213 and reproduces it. .
When the reproduction permission / inhibition information indicates that the content reproduction is not possible, the content reproduction unit 214 reproduces the content if the content corresponding to the content identifier matching the content designation information received from the user instruction acquisition unit 210 is being reproduced. To stop.
(Transmitter 215)
The transmission unit 215 transmits information to the tamper resistant module 25 according to instructions from the user instruction acquisition unit 210 and the reception unit 211 via the bus.
[0034]
The transmission unit 215 transmits the user date and time received from the user instruction acquisition unit 210, the distribution-side random number received from the reception unit 211, the time limit information, and the distribution-side signature to the tamper resistant module 25.
(Transmitter 216)
The transmission unit 216 transmits information to the transmission device 10 via the network in accordance with instructions from the user instruction acquisition unit 210 and the reception unit 212.
[0035]
The transmission unit 216 transmits the content designation information received from the user instruction acquisition unit 210, the reception side date and time received from the reception unit 212, the reception side signature, and the distribution side random number to the distribution device 10.
1.1.3 Tamper resistant module 25
The tamper resistant module 25 includes a CPU, ROM, RAM, and the like as hardware. The ROM stores a computer program, and the CPU operates according to the computer program. Realize the function.
[0036]
The tamper resistant module 25 includes a mechanism that prevents direct access to data in the ROM and the RAM from outside the tamper resistant module 25.
The tamper resistant module is described in detail in Japanese Patent Laid-Open No. 2000-164810.
FIG. 4 is a block diagram showing a configuration of the tamper resistant module 25.
(Receiver 251)
The receiving unit 251 receives information from the content processing device 21 electrically connected via the bus.
[0037]
The reception unit 251 transmits the distribution-side random number received from the content processing device 21 to the reception-side date and time generation unit 253.
In addition, the reception unit 251 transmits the time limit information and the distribution-side signature received from the content processing device 21 to the signature verification unit 256.
(Clock part 252)
The clock unit 252 is a clock that counts up every second, and counts the number of seconds from January 1, 1970.
(Receiver date / time generator 253)
The reception side date and time generation unit 253 receives the distribution side random number from the reception unit 251.
[0038]
The reception-side date and time generation unit 253 transmits the reception-side date and time and the distribution-side random number, which are the dates and times engraved by the clock unit 252 when the distribution-side random number is received, to the signature generation unit 254.
(Signature generation unit 254)
The signature generation unit 254 generates a digital signature.
[0039]
The signature generation unit 254 previously generates and stores a set of the reception side public key and the reception side secret key to be used for generation and verification of a digital signature.
The receiving side public key is notified to the distribution apparatus 10 in advance.
The signature generation unit 254 applies a digital signature to information obtained by concatenating the reception side date and time received from the reception side date and time generation unit 253 and the distribution side random number, and generates the reception side signature.
[0040]
The signature generation unit 254 transmits the reception side date and time and the reception side signature to the transmission unit 258.
The signature generation unit 254 generates a reception side signature and then transmits a random number generation request to the random number generation unit 255.
(Random number generator 255)
When the random number generation unit 255 receives the random number generation request from the signature generation unit 254, the random number generation unit 255 generates the reception-side random number that is a random number and transmits it to the transmission unit 258.
(Signature verification unit 256)
The signature verification unit 256 verifies the received delivery side signature.
[0041]
The signature verification unit 256 stores the distribution-side public key generated by the distribution apparatus 10 in advance.
The signature verification unit 256 receives the time limit information and the distribution side signature from the reception unit 251.
The signature verification unit 256 verifies the validity of the distribution-side signature using the distribution-side public key, and determines whether or not the deadline information has been tampered with.
[0042]
If the distribution side signature is not valid, the signature verification unit 256 determines that the time limit information has been tampered with, and ends the process.
If the delivery-side signature is valid, the signature verification unit 256 determines that the time limit information has not been tampered with, and transmits the time limit information to the reproducibility determination unit 257.
(Reproduction availability determination unit 257)
The reproducibility determination unit 257 acquires a determination date and time that is a date and time engraved by the clock unit 252 when the time limit information is received.
[0043]
The playability determination unit 257 determines that the content can be played back when the determination date / time is the same as the date / time information, or when the determination date / time indicates a date / time before the time limit information, and the determination date / time is determined as the time limit. If it is after the information, it is determined that the content cannot be reproduced.
The reproducibility determination unit 257 instructs the transmission unit 258 to transmit the determination result as reproducibility information to the content reproduction device 21.
(Transmitter 258)
The transmission unit 258 transmits information received from the signature generation unit 254, the random number generation unit 255, and the playability determination unit 257 to the content processing apparatus 21.
[0044]
The transmission unit 258 includes the reception side date and time received from the signature generation unit 254, the reception side signature, the reception side random number received from the random number generation unit 255, and the playback availability information received from the playback availability determination unit 257. It transmits to the processing apparatus 21.
1.2 Operation
The operation of the content distribution system in the first embodiment will be described with reference to the drawings.
[0045]
FIG. 5 is a diagram showing a flow of content distribution processing in the content distribution system.
It is assumed that the distribution apparatus 10 holds the first content whose content identifier is 1.
It is assumed that the user of the receiving device 20 desires to reproduce the first content whose content identifier is 1.
[0046]
The expiration date of the first content is assumed to be 10433385600 representing January 24, 2003 14: 20: 0.
The user of the content processing device 21 uses the remote controller to input a value 1 that is a content identifier desired to be reproduced as the content designation information (step S101).
[0047]
The content processing device 21 acquires the content designation information.
The content processing device 21 transmits the content designation information to the distribution device 10 (step S102).
The distribution apparatus 10 receives the content designation information, stores the value 1 of the content designation information, and generates the distribution side random number (step S103).
The distribution device 10 transmits the distribution-side random number to the content processing device 21 (step S104).
The content processing device 21 receives the distribution-side random number (step S105).
[0048]
The content processing device 21 transmits the received distribution-side random number to the tamper resistant module 25 (step S106).
The tamper resistant module 25 generates the reception side date and time, and applies a digital signature to the reception side date and time and the distribution side random number to generate a reception side signature (step S107).
[0049]
It is assumed that the generated reception date and time is 1043384880 indicating 14: 8: 00 on January 24, 2003.
The tamper resistant module 25 generates the receiving side random number.
The tamper resistant module 25 transmits the reception side date and time, the reception side signature, and the reception side random number to the content processing device 21 (step S108).
[0050]
The content processing apparatus 21 receives the receiving side date and time, the receiving side signature, and the receiving side random number (step S109).
The content processing device 21 transmits the receiving side date and time, the receiving side signature, and the receiving side random number to the distribution device 10 (step S110).
The distribution apparatus 10 receives the reception side date and time, the reception side signature, and the reception side random number, and verifies the reception side signature (step S111).
[0051]
If the distribution apparatus 10 determines that the reception-side date / time has not been falsified as a result of the verification, the distribution apparatus 10 determines the date and time of the clock section 252 that is the clock of the reception apparatus 20 and the clock section 105 that is the clock of the distribution apparatus 10. The expiration date of the content is corrected using the deviation.
For example, assuming that the delivery side date and time engraved by the clock unit 105 of the delivery device 10 when receiving the reception side date and time is 10433385060 indicating 14: 11: 0 on January 24, 2003, the time limit information is: The expiration date of the first content + (the date and time on the receiving side−the date and time on the delivery side), which is 10433385600+ (1043348880−1043338060) = 10433385420.
[0052]
The distribution apparatus 10 applies a digital signature to information obtained by concatenating the time limit information and the reception side random number, and generates the distribution side signature.
The distribution apparatus 10 transmits the distribution side signature and the time limit information to the content processing apparatus 21 (step S112).
The content processing device 21 receives the distribution side signature and the time limit information (step S113).
[0053]
The content processing device 21 transmits the distribution side signature and the time limit information to the tamper resistant module 25 (step S114).
The tamper resistant module 25 receives the distribution side signature and the time limit information (step S115).
The tamper resistant module 25 verifies the delivery side signature and confirms that the time limit information has not been tampered with.
[0054]
The tamper resistant module 25 compares the time limit information with the date and time carved by the clock unit 252 when the time limit information is received when the time limit information has not been tampered with.
For example, if the date and time carved by the clock unit 252 when receiving the time limit information is 1043384880 indicating 14: 8: 0 on January 24, 2003, the time limit information is 104338485420. Therefore, it is determined that the content can be reproduced.
[0055]
In addition, when the date and time carved by the clock unit 252 when receiving the time limit information is 1043385680 indicating January 24, 2003, 14:18:00, the time limit information is 1043385420, so the time limit information Is smaller, it is determined that the content cannot be reproduced.
The tamper resistant module 25 transmits a reproduction availability result indicating whether the content is reproducible or not reproducible to the content processing device 21 based on the determination result (step S116).
[0056]
The content processing device 21 receives the reproduction permission / inhibition result (step S117).
The content processing device 21 reproduces the content when the reproduction availability result indicates that the content can be reproduced.
Further, the content processing device 21 stops the reproduction of the content when the reproduction availability result indicates that the content cannot be reproduced.
Second Embodiment
2.1 Configuration
FIG. 6 is a block diagram illustrating a configuration of the content distribution system 2.
[0057]
The distribution device 30 stores the content and the expiration date of the content in advance, and communicates with the reception device 40 via the network.
The distribution device 30 receives a content distribution request from the reception device 40, and transmits the content and time limit information obtained by correcting the content expiration date to the reception device 40.
[0058]
The receiving device 40 receives the time limit information, determines whether or not the content can be played back, and plays back the content when the content is playable.
The receiving device 40 includes a content processing device 41 and a tamper resistant module 45 electrically connected via a bus. The tamper resistant module 45 determines whether or not the content can be reproduced, and the content processing device 41 determines whether or not the reproduction is possible. Based on the determination, the content is reproduced.
[0059]
The receiving device 40 includes a clock inside and has a function of presenting the date and time to the user of the receiving device 40.
When the user desires to change the date and time presented, the user designates the user date and time to the receiving device 40 using a remote controller (not shown).
When receiving the user date and time, the receiving device 40 does not replace the date and time stamped by the clock with the user date and time, and the date and time stamped by the internal clock when the user date and time is acquired. The difference with the person's date is stored.
[0060]
When the receiving device 40 presents the date and time to the user after holding the difference, the receiving device 40 receives the date and time presentation request from the user and the date and time that the clock has engraved. Present the date and time.
2.1.1 Distribution device 30
FIG. 7 is a block diagram illustrating a configuration of the distribution device 30.
[0061]
The distribution device 30 is specifically a computer system including a microprocessor, ROM, RAM, hard disk, liquid crystal display unit, and the like. A computer program is stored in the RAM. The distribution apparatus 30 achieves its functions by the microprocessor operating according to the computer program.
(Receiver 301)
The receiving unit 301 receives information from the receiving device 40 via the network.
[0062]
The receiving unit 301 transmits the content designation information received from the receiving device 40 to the request holding unit 302 and the time limit information generating unit 307.
The content designation information is information indicating content desired to be transmitted, which is transmitted to the distribution device 30 when the reception device 40 makes a content distribution request.
In addition, the reception unit 301 transmits the reception side date and time, the difference designation information, and the reception side signature received from the reception device 40 to the signature verification unit 304.
[0063]
The receiving side date and time is a date and time generated by the receiving device 40, and is used by the distribution device 30 to correct the expiration date of the content.
The difference designation information is an identifier used by the receiving device 40 for internal information processing.
The receiving side signature is a signature generated by the receiving device 40, and is used by the distribution device 30 to detect alteration of the receiving side date and time and the difference designation information.
[0064]
The reception unit 301 transmits the reception-side random number received from the reception device 40 to the signature generation unit 308.
The reception-side random number includes the time-limit information and the digital signature sent from the distribution device 30 to a reception device other than the reception device 40. The time-limit information and the reception-side signature communicated between the distribution device 30 and the reception device 40. This information is used to prevent attacks that are replaced by.
(Request holding unit 302)
The request holding unit 302 holds the content designation information received from the receiving unit 301.
[0065]
Further, when the request holding unit 302 receives the content designation information, the request holding unit 302 transmits a random number generation request to the random number generation unit 303.
(Random number generator 303)
When the random number generation unit 303 receives the random number generation request from the request holding unit 302, the random number generation unit 303 generates a delivery-side random number that is a random number, and transmits it to the signature verification unit 304 and the transmission unit 309.
(Signature verification unit 304)
The signature verification unit 304 verifies the signature received from the reception unit 301.
[0066]
The signature verification unit 304 stores the reception side public key generated by the reception device 40 in advance.
The signature verification unit 304 receives the distribution-side random number from the random number generation unit 303 and stores it.
The signature verification unit 304 receives the reception side date and time, the difference designation information, and the reception side signature from the reception unit 301.
[0067]
The signature verification unit 304 verifies the validity of the reception-side signature using the reception-side public key, and determines whether the reception-side date and the difference designation information have been tampered with.
If the receiving side signature is not valid, the signature verification unit 304 determines that the receiving side date and time and the difference designation information have been tampered with, and ends the process.
[0068]
When the receiving side signature is valid, the signature verification unit 304 determines that the receiving side date and the difference designation information have not been tampered with, and transmits the receiving side date and time to the time limit information generation unit 307. The difference designation information is transmitted to the signature generation unit 308.
(Clock part 305)
The clock unit 305 is a clock that counts up every second, and counts the number of seconds from January 1, 1970.
[0069]
For example, the clock unit 305 has a value of 10433385060 at 14: 11: 0 on January 24, 2003.
(Storage unit 306)
The storage unit 306 stores in advance the content to be transmitted to the receiving device 40, the content identifier for identifying the content, and the expiration date of the content in association with each other.
[0070]
The expiration date is represented by the number of seconds counted from January 1, 1970, as in the first embodiment.
(Time limit information generation unit 307)
The time limit information generation unit 307 corrects the use time limit of the content.
The time limit information generation unit 307 receives the reception side date and time from the signature verification unit 304, and acquires the distribution side date and time that is the date and time engraved by the clock unit 305 when the reception side date and time is received.
[0071]
The term information generation unit 307 reads the term of use corresponding to the content identifier that matches the content designation information received from the receiving unit 301.
The time limit information generation unit 307 calculates a difference between the reception side date and time and the delivery side date and time, and generates time limit information obtained by adding the read expiration date and the difference.
For example, when the receiving side date and time is 1043384880 indicating 14: 8: 0 on January 24, 2003, and the delivery side date and time is 1043338060 indicating 14: 11: 0 on January 24, 2003, The difference is 1043384880−10433885060 = −180.
[0072]
When the read expiration date is 104338500 indicating January 24, 2003, 14: 10: 0, the expiration date information is 104338500 + (− 180) = 104338320.
The term information generation unit 307 transmits the content designation information and the term information to the signature generation unit 308.
[0073]
In addition, the time limit information generation unit 307 instructs the transmission unit 309 to transmit the content identifier that matches the content designation information and the content corresponding to the content identifier.
(Signature generation unit 308)
The signature generation unit 308 generates a digital signature.
[0074]
The signature generation unit 308 previously generates a set of a distribution side public key and a distribution side secret key to be used for generation and verification of a digital signature.
The distribution side public key is notified to the receiving device 40 in advance.
The signature generation unit 308 includes the content specification information received from the time limit information generation unit 307, the time limit information, the difference specification information received from the signature verification unit 304, and the reception-side random number received from the reception unit 301. A digital signature is applied to the concatenated information using the distribution side private key to generate a distribution side signature.
[0075]
The signature generation unit 308 instructs the transmission unit 309 to transmit the time limit information, the difference designation information, and the distribution side signature to the reception device 40.
(Transmitter 309)
The transmission unit 309 transmits information to the reception device 40 in accordance with instructions from the random number generation unit 303, the time limit information generation unit 307, and the signature generation unit 308.
[0076]
The transmission unit 309 transmits the content and the content identifier to the reception device 40 in accordance with an instruction from the time limit information generation unit 307.
The transmission unit 309 transmits the distribution-side random number according to an instruction from the random number generation unit 303, the time limit information, the difference designation information, and the distribution-side signature according to an instruction from the signature generation unit 308 to the reception device 40. .
2.1.2 Content processing apparatus 41
FIG. 8 is a block diagram showing the configuration of the content processing device 41.
[0077]
The content processing device 41 is specifically a computer system including a microprocessor, ROM, RAM, hard disk, liquid crystal display unit, remote controller, and others. A computer program is stored in the RAM. The content processing apparatus 41 achieves its functions by the microprocessor operating according to the computer program.
(User instruction acquisition unit 410)
The user instruction acquisition unit 410 acquires the content designation information indicating the user date and time and the content that the user desires to reproduce, which is designated by the user using a remote controller (not shown).
[0078]
The user instruction acquisition unit 410 transmits the acquired user date and time to the transmission unit 415.
The user instruction acquisition unit 410 transmits the acquired content designation information to the content reproduction unit 414 and the transmission unit 416.
(Receiver 411)
The receiving unit 411 receives information from the distribution device 30 via the network.
[0079]
The reception unit 411 transmits the distribution-side random number, the time limit information, the difference designation information, and the distribution-side signature received from the distribution device 30 to the transmission unit 415.
The receiving unit 411 receives the content and the content identifier from the distribution device 30, and stores the content and the content identifier in the content storage unit 413 in association with each other.
(Receiver 412)
The reception unit 412 receives information from the tamper resistant module 45 that is electrically connected via the bus.
[0080]
The reception unit 412 transmits the reception side date and time, the difference designation information, the reception side signature, and the distribution side random number received from the tamper resistant module 45 to the transmission unit 416.
In addition, the receiving unit 412 transmits to the content reproduction unit 414 reproduction propriety information received from the tamper resistant module 45 and indicating whether or not the content can be reproduced.
(Content storage unit 413)
The content storage unit 413 stores the content received from the reception unit 411 in association with the content identifier.
(Content playback unit 414)
The content reproduction unit 414 performs reproduction control of the content based on the reproduction availability information received from the reception unit 412.
[0081]
When the reproduction permission / inhibition information indicates that content reproduction is possible, the content reproduction unit 414 reads out the content corresponding to the content identifier that matches the content designation information received from the user instruction acquisition unit 410 from the content storage unit 413 and reproduces it. .
When the reproduction permission / inhibition information indicates that the content reproduction is impossible, the content reproduction unit 414 reproduces the content if the content corresponding to the content identifier matching the content designation information received from the user instruction acquisition unit 410 is being reproduced. To stop.
(Transmitter 415)
The transmission unit 415 transmits information to the tamper resistant module 45 according to instructions from the user instruction acquisition unit 410 and the reception unit 411 via the bus.
[0082]
The transmission unit 415 transmits the user date and time received from the user instruction acquisition unit 410, the distribution-side random number received from the reception unit 411, the time limit information, the difference designation information, and the distribution-side signature to the tamper resistant module 45. To do.
(Transmitter 416)
The transmission unit 416 transmits information to the distribution apparatus 30 via the network in accordance with instructions from the user instruction acquisition unit 410 and the reception unit 412.
[0083]
The transmission unit 416 distributes the content designation information received from the user instruction acquisition unit 410, the reception side date and time received from the reception unit 412, the difference designation information, the reception side signature, and the distribution side random number. To device 30.
2.1.3 Tamper resistant module 45
The tamper resistant module 45 includes a CPU, a ROM, a RAM, and the like as hardware. The ROM stores a computer program, and the CPU operates according to the computer program. Realize the function.
[0084]
The tamper resistant module 45 includes a mechanism that prevents direct access to data in the ROM and the RAM from outside the tamper resistant module 45.
FIG. 9 is a block diagram showing a configuration of the tamper resistant module 45.
(Receiver 451)
The receiving unit 451 receives information from the content processing device 41 electrically connected via the bus.
[0085]
The reception unit 451 transmits the user date and time received from the content processing device 41 to the difference generation unit 453.
In addition, the reception unit 451 transmits the distribution-side random number received from the content processing device 41 to the reception-side date and time generation unit 455.
In addition, the reception unit 451 transmits the time limit information, the difference designation information, and the distribution side signature received from the content processing device 41 to the signature verification unit 458.
(Clock part 452)
The clock unit 452 is a clock that counts up every second, and counts the number of seconds from January 1, 1970.
(Difference generation unit 453)
The difference generation unit 453 receives the user date and time from the reception unit 451.
[0086]
The difference generation unit 453 generates a difference date and time that is a difference between the date and time engraved by the clock unit 452 and the user date and time when the user date and time is received, and generates a difference identifier that identifies the difference date and time. The difference date and time and the difference identifier are associated with each other and stored in the storage unit 454.
(Storage unit 454)
The storage unit 454 stores the difference identifier and the difference date and time in association with each other.
[0087]
The storage unit 454 stores the difference identifier stored last in time as the latest difference information.
(Receiving date / time generator 455)
The reception-side date and time generation unit 455 receives the distribution-side random number from the reception unit 451. The reception-side date and time generation unit 455 acquires a reference date and time that is the date and time engraved by the clock unit 452 when the distribution-side random number is received from the clock unit 452, and uses the reference date and time as a difference identifier that matches the latest difference information. The reception side date and time generated by adding the corresponding difference date and time, the difference designation information that is a difference identifier that matches the latest difference information, and the distribution side random number are transmitted to the signature generation unit 456.
(Signature generation unit 456)
The signature generation unit 456 generates a digital signature.
[0088]
The signature verification unit 456 previously generates and stores a set of the reception side public key and the reception side secret key to be used for generation and verification of a digital signature.
The receiving side public key is notified to the distribution apparatus 30 in advance.
The signature generation unit 456 applies a digital signature to information obtained by concatenating the reception side date and time received from the reception side date and time generation unit 455, the difference designation information, and the distribution side random number, and generates the reception side signature.
[0089]
The signature generation unit 456 transmits the reception side date and time, the difference designation information, and the reception side signature to the transmission unit 460.
In addition, the signature generation unit 456 transmits a random number generation request to the random number generation unit 457 after generating the receiving side signature.
(Random number generator 457)
When the random number generation unit 457 receives the random number generation request from the signature generation unit 456, the random number generation unit 457 generates the reception-side random number that is a random number and transmits it to the transmission unit 460.
(Signature verification unit 458)
The signature verification unit 458 verifies the received signature.
[0090]
The signature verification unit 458 stores the distribution side public key generated by the distribution apparatus 30 in advance.
The signature verification unit 458 receives the time limit information, the difference designation information, and the distribution side signature from the reception unit 451.
The signature verification unit 458 verifies the validity of the distribution-side signature using the distribution-side public key, and determines whether or not the time limit information and the difference designation information are falsified.
[0091]
If the distribution side signature is not valid, the signature verification unit 458 determines that the time limit information or the difference designation information has been tampered with, and ends the process.
If the delivery side signature is valid, the signature verification unit 458 determines that the time limit information and the difference designation information have not been tampered with, and the time limit information and the difference designation information can be reproduced. Send to.
(Reproduction availability determination unit 459)
The reproducibility determination unit 459 acquires a determination date and time that is the date and time engraved by the clock unit 452 when the time limit information is received.
[0092]
The playability determination unit 459 reads from the storage unit 454 the difference date and time corresponding to the difference designation information received from the signature verification unit 453 from the storage unit 454, and adds the determination date and time to generate the playback date and time.
When the playback date / time is the same as the time limit information, or when the playback date / time indicates a date / time prior to the time limit information, the playability determination unit 459 determines that the content can be played back. If it is after the information, it is determined that the content cannot be reproduced.
[0093]
The reproducibility determination unit 459 instructs the transmission unit 460 to transmit the determination result to the content reproduction device 41 as reproducibility information.
(Transmitter 460)
The transmission unit 460 transmits the information received from the signature generation unit 456, the random number generation unit 457, and the playability determination unit 459 to the content processing apparatus 41.
[0094]
The transmission unit 460 receives the reception side date and time received from the signature generation unit 456, the difference designation information, the reception side signature, the reception side random number received from the random number generation unit 457, and the reproduction availability determination unit 459. The playability information is transmitted to the content processing device 41.
2.2 Operation
The overall operation of the content distribution system in the second embodiment will be described with reference to the drawings.
[0095]
FIG. 10 is a diagram showing the flow of content distribution processing in the content distribution system 2.
It is assumed that the distribution device 30 holds the first content whose content identifier is 1.
It is assumed that the user of the receiving device 40 desires to reproduce the first content whose content identifier is 1.
[0096]
It is assumed that the expiration date of the first content is 1043385000 representing January 24, 2003 14: 10: 0.
The user inputs the user date and time to the content processing device 41 using the remote controller (step S201).
It is assumed that the user date and time is 10433384400 representing January 24, 2003, 14: 00: 0.
[0097]
The content processing apparatus 41 transmits the user date and time to the tamper resistant module 45 (step S202).
The tamper resistant module 45 receives the user date and time from the content processing device 41 (step S203).
The tamper resistant module 45 acquires the date and time engraved by the clock unit 454 when the user date and time is received.
[0098]
It is assumed that the date and time acquired from the clock unit 454 is 10433385300 representing January 24, 2003, 14: 15: 0.
The tamper resistant module 45 calculates a difference date that is a difference between the acquired date and the user date.
The difference date and time is 10433484400-1043385300 = -900.
[0099]
The tamper resistant module 45 generates a difference identifier that identifies the difference date and time.
The value of the difference identifier is 1.
The tamper resistant module 45 stores the difference identifier and the difference date and time in association with each other.
Further, the tamper resistant module 45 stores the latest difference identifier value as the latest difference information.
[0100]
Steps S201, S202, and S203 may be repeated. In this case, the tamper resistant module 45 stores and calculates the difference date and time each time the user date and time input from the user is received. A difference identifier whose value does not overlap with the difference identifier is generated, and a set of the generated difference date and difference identifier is stored up to a predetermined number.
[0101]
The user of the content processing apparatus 41 who desires to reproduce the content notifies the content processing apparatus 41 of the content identifier value 1 of the content desired to be reproduced as content designation information using the remote controller (step S204). .
The content processing device 41 acquires the content designation information.
[0102]
The content processing device 41 transmits the acquired content designation information to the distribution device 30 (step S205).
The distribution device 30 receives the content designation information from the content processing device 41. (Step S206).
The distribution device 30 generates a distribution-side random number used for requesting acquisition of the reception-side date and time used for correcting the content expiration date.
[0103]
The distribution device 30 transmits the distribution-side random number to the content processing device 41 (step S207).
The content processing device 41 receives the distribution-side random number (step S208).
The content processing device 41 transmits the distribution-side random number to the tamper resistant module 45 (step S209).
[0104]
The tamper resistant module 45 receives the delivery side random number (step S210).
The tamper resistant module 45 generates a reference date and time that is the date and time engraved by the clock unit 452 when the distribution-side random number is received.
The reference date and time is assumed to be 1043385360 representing January 24, 2003 14: 16: 0.
[0105]
The tamper resistant module 45 uses the value that matches the latest difference information as difference designation information, adds the reference date and time and the difference date and time corresponding to the difference designation information, and generates a reception date and time.
Since the latest difference information is 1 and the difference date and time corresponding to the difference designation information is −900, the reception side date and time is 1043385360−900 = 1043384460.
[0106]
The tamper resistant module 45 applies a digital signature to the distribution-side random number, the reception-side date and time, and the difference identification information to generate a reception-side signature.
Further, the tamper resistant module 45 generates a reception-side random number.
The tamper resistant module 45 transmits the difference designation information, the reception side date, the reception side signature, and the reception side random number to the content processing apparatus 41 (step S211).
[0107]
The content processing device 41 receives the difference designation information, the receiving side date and time, the receiving side signature, and the receiving side random number (step S212).
The content processing device 41 receives the difference designation information, the reception side date and time, the reception side signature, and the reception side random number to the distribution device 30 (step S213).
[0108]
The distribution apparatus 30 receives the difference designation information, the reception side date and time, the reception side signature, and the reception side random number (step S214).
The distribution apparatus 30 verifies the receiving side signature.
When the receiving side signature is correct, the distribution device 30 generates time limit information using the receiving side date and time, the distribution side date and time engraved by the clock unit 305 when the receiving side date and time is received, and the expiration date. To do.
[0109]
Assuming that the delivery side date and time is 10433585420, the deadline information = expiration date + (reception side date and time-delivery side date and time).
The distribution device 30 applies a digital signature to the time limit information and the difference designation information to generate a distribution side signature.
[0110]
The distribution device 30 transmits the time limit information, the difference designation information, and the distribution side signature to the content processing device 41 (step S215).
The content processing apparatus 41 receives the time limit information, the difference designation information, and the distribution side signature (step S216).
The content processing device 41 transmits the time limit information, the difference designation information, and the distribution side signature to the tamper resistant module 45 (step S217).
[0111]
The tamper resistant module 45 receives the time limit information, the difference designation information, and the delivery side signature (step S218).
The tamper resistant module 45 verifies the delivery side signature and confirms that the time limit information has not been tampered with.
The tamper resistant module 45 stores the time limit information and the difference designation information in association with each other when the time limit information has not been falsified.
[0112]
The tamper resistant module 45 determines whether or not the content can be reproduced when the time limit information is not falsified.
The tamper resistant module 45 adds the date and time stamped by the clock unit 452 when the deadline information is received and the difference date and time corresponding to the difference designation information to generate a reproduction date and time.
[0113]
The tamper resistant module 45 determines that the content can be played back when the playback date / time is the same as the date / time information, or when the playback date / time indicates a date / time before the time limit information, and the playback date / time is determined as the time limit information. If it is later, it is determined that the content cannot be reproduced.
The tamper resistant module 45 determines that the content can be played back when the playback date and time is the same as or smaller than the above-mentioned example of the time limit information, 10433884040.
[0114]
The tamper resistant module 45 transmits a reproduction availability result indicating whether the content is reproducible or not reproducible to the content processing device 41 (step S219).
The content processing apparatus 41 receives the result of reproduction permission / inhibition (step S220).
[0115]
The content processing apparatus 41 reproduces the content when the reproduction permission / inhibition result indicates that the content reproduction is possible.
The content processing device 41 stops the reproduction of the content when the reproduction availability result indicates that the content cannot be reproduced.
<Third Embodiment>
3.1 Configuration
FIG. 11 is a block diagram showing a configuration of the content distribution system 3.
[0116]
The distribution device 50 and the distribution device 60 store the content and the expiration date of the content in advance, and communicate with the reception device 70 via the network.
The distribution device 50 receives the content distribution request from the receiving device 70, and the distribution device that has received the content distribution request transmits the content and the expiration date of the content to the receiving device 70.
[0117]
Similarly, the distribution device 60 receives the content distribution request from the receiving device 70, and the distribution device that has received the content distribution request transmits the content and the expiration date of the content to the receiving device 70.
The receiving device 70 receives the content and the content expiration date, determines whether or not the content can be reproduced using the content expiration date, and reproduces the content when the content is reproducible.
[0118]
The receiving device 70 includes a content processing device 71 and a tamper resistant module 75 electrically connected via a bus. The tamper resistant module 75 determines whether or not the content can be reproduced, and the content processing device 71 determines whether or not the reproduction is possible. Based on the determination, the content is reproduced.
3.1.1 Distribution device 50
FIG. 12 is a block diagram illustrating a configuration of the distribution device 50.
[0119]
The distribution device 50 is specifically a computer system including a microprocessor, ROM, RAM, hard disk, liquid crystal display unit, and the like. A computer program is stored in the RAM. The distribution apparatus 50 achieves its functions by the microprocessor operating according to the computer program.
[0120]
Since the distribution device 60 has the same configuration as the distribution device 50, a description thereof will be omitted.
(Receiver 501)
The receiving unit 501 receives information from the receiving device 70 via the network.
The receiving unit 501 transmits the content designation information received from the receiving device 70 to the request holding unit 502.
[0121]
The content designation information is information that is transmitted when the receiving device 70 requests content distribution to the distribution device 50.
In addition, the reception unit 501 transmits the reception side date and time and the reception side signature received from the reception device 70 to the signature verification unit 503.
The receiving side date and time is a date and time generated by the receiving device 70 and is used to confirm that the clocks of the distribution device 50 and the receiving device 70 are synchronized.
[0122]
The receiving side signature is a signature generated by the receiving device 70 and is used for detecting falsification of the receiving side date and time.
(Request holding unit 502)
The request holding unit 502 holds the content designation information received from the receiving unit 501.
[0123]
Further, when receiving the content designation information, the request holding unit 502 instructs the transmission unit 508 to transmit a reception side date / time request in order to request the reception device 70 to transmit the reception side date / time.
(Signature verification unit 503)
The signature verification unit 503 verifies the signature received from the reception unit 501.
[0124]
The signature verification unit 503 stores a reception-side public key generated by the reception device 70 in advance.
The signature verification unit 503 receives the reception side date and time and the reception side signature from the reception unit 501.
The signature verification unit 503 verifies the validity of the reception-side signature using the reception-side public key, and determines whether or not the reception-side date / time has been tampered with.
[0125]
If the receiving side signature is not valid, the signature verification unit 503 determines that the receiving side date has been tampered with, and ends the process.
If the reception side signature is valid, the signature verification unit 503 determines that the reception side date has not been tampered with, and transmits the reception side date to the synchronization verification unit 506.
(Clock part 504)
The clock unit 504 is a clock that counts up every second, and counts the number of seconds from January 1, 1970.
(Accumulation unit 505)
The storage unit 505 stores in advance a content to be transmitted to the receiving device 70, a content identifier for identifying the content, and an expiration date of the content in association with each other.
[0126]
The expiration date is represented by the number of seconds counted from January 1, 1970.
(Synchronization verification unit 506)
The synchronization verification unit 506 determines whether or not the difference between the date and time stamped by the clock unit 504 and the date and time stamped by the clock of the receiving device 70 is within a predetermined time difference.
The synchronization verification unit 506 receives the reception side date and time from the signature verification unit 503, and acquires the delivery side date and time that is the date and time engraved by the clock unit 504 when the reception side date and time is received.
[0127]
The synchronization verification unit 506 calculates a difference between the reception date and time and the delivery date and time, and compares the difference with a predetermined time difference of 5 minutes.
The synchronization verification unit 506 determines that the difference is synchronous when the difference is a value indicating 5 minutes or less, and determines that the difference is asynchronous when the difference is a value indicating a time greater than 5 minutes.
For example, when the receiving side date and time is 1043384880 indicating January 24, 2003 14: 8: 0, and the distributing side date and time is 1043338060 indicating January 24, 2003 14: 11: 0, The difference is 1043384880−10433885060 = −180, and since the absolute value of the difference is 300 or less indicating 5 minutes, the determination result is synchronous.
[0128]
If the result of the determination is synchronous, the synchronization verification unit 506 reads from the storage unit 505 the content expiration date corresponding to the content identifier that matches the content designation information held by the request holding unit 502, and Distribution side information is generated from the read expiration date and content identification information.
When the result of the determination is asynchronous, the synchronization verification unit 506 acquires a delivery side date and time which is the date and time engraved by the clock unit 504 when the determination is performed, and distributes the delivery side date and time from the content identification information. Generate side information.
[0129]
The content identification information is information representing whether the delivery side information includes the expiration date or the delivery side date and time.
For example, the value of the content identification information is 1 when the delivery side information includes the expiration date, and is 2 when the delivery side information includes the delivery date and time.
The synchronization verification unit 506 transmits the distribution side information to the signature generation unit 507.
(Signature generation unit 507)
The signature generation unit 507 generates a digital signature.
[0130]
The signature generation unit 507 previously generates a set of a distribution side public key and a distribution side private key to be used for generation and verification of a digital signature.
The distribution side public key is notified to the receiving device 70 in advance.
The signature generation unit 507 applies a digital signature to the distribution side information received from the synchronization verification unit 506 using the distribution side secret key, and generates a distribution side signature.
[0131]
The signature generation unit 507 instructs the transmission unit 508 to transmit the distribution side information and the distribution side signature.
(Transmitter 508)
The transmission unit 508 transmits information to the reception device 70 via the network in accordance with instructions from the request holding unit 502 and the signature generation unit 507.
[0132]
The transmission unit 508 transmits the reception side date / time request to the reception device 70 in accordance with an instruction from the request holding unit 502.
The transmission unit 508 transmits the distribution side information and the distribution side signature to the reception device 70 in accordance with an instruction from the signature generation unit 507.
3.1.2 Content processing device 71
FIG. 13 is a block diagram showing the configuration of the content processing device 71.
[0133]
Specifically, the content processing device 71 is a computer system including a microprocessor, ROM, RAM, hard disk, liquid crystal display unit, remote controller, and the like. A computer program is stored in the RAM. The content processing device 71 achieves its functions by the microprocessor operating according to the computer program.
(Storage unit 711)
The storage unit 711 stores a content identifier for identifying content in association with device identification information indicating a distribution device that holds the content.
(User instruction acquisition unit 712)
The user instruction acquisition unit 712 acquires content designation information that is designated by the user using a remote controller (not shown) and indicates the content that the user desires to reproduce.
[0134]
The user instruction acquisition unit 712 refers to information stored in the storage unit 711 and acquires device identification information associated with a content identifier that matches the content designation information.
The user instruction acquisition unit 712 transmits the device identification information and the content designation information to the transmission unit 718.
(Receiver 713)
The receiving unit 713 receives information from the distribution device 50 or the distribution device 60 via the network.
[0135]
The receiving unit 713 receives the reception side date / time request from the distribution device 50 or the distribution device 60.
The receiving unit 713 transmits to the transmitting unit 717 the device identification information corresponding to the distribution device 50 or the distribution device 60 that has performed communication, and the reception side date / time request.
In addition, the receiving unit 713 receives the distribution-side information and the distribution-side signature received from the distribution device 50 or the distribution device 60, and the distribution device 50 or the distribution that communicated when receiving the distribution-side information and the distribution-side signature. The device identification information that matches the device identifier corresponding to the device 60 is transmitted to the transmission unit 717.
[0136]
The receiving unit 713 receives the content and the content identifier from the distribution device 50 or the distribution device 60, and stores the content and the content identifier in the content storage unit 715 in association with each other.
(Receiving unit 714)
The receiving unit 714 receives information from the tamper resistant module 75 electrically connected via the bus.
[0137]
The reception unit 714 transmits the device identification information received from the tamper resistant module 75, the reception side date and time, and the reception side signature to the transmission unit 718.
In addition, the receiving unit 714 transmits to the content reproduction unit 716 reproduction propriety information indicating whether the content received from the tamper resistant module 75 is reproducible.
(Content accumulation unit 715)
The content storage unit 715 stores the content received from the reception unit 713 in association with the content identifier.
(Content playback unit 716)
The content reproduction unit 716 performs reproduction control of the content based on the reproduction availability information received from the reception unit 714.
[0138]
The content reproduction unit 716 holds the content designation information received from the user instruction acquisition unit 712.
The content reproduction unit 716 receives the reproduction availability information from the reception unit 714. When the reproduction permission / inhibition information indicates that content reproduction is possible, the content reproduction unit 716 reads the content corresponding to the content identifier that matches the held content designation information from the content storage unit 715 and reproduces the read content I do.
[0139]
When the reproduction permission / inhibition information indicates that content reproduction is not possible, the content reproduction unit 716 stops reproduction of the content if the content corresponding to the content identifier that matches the held content designation information is being reproduced.
(Transmitter 717)
The transmission unit 717 transmits information to the tamper resistant module 75 according to an instruction from the reception unit 713 via the bus.
[0140]
The transmission unit 717 transmits the device identification information received from the reception unit 713 and the reception side date / time request to the tamper resistant module 75.
The transmission unit 717 transmits the device identification information, the distribution side information, and the distribution side signature received from the reception unit 713 to the tamper resistant module 75.
(Transmitter 718)
The transmission unit 718 transmits information to the transmission device 50 via the network in accordance with instructions from the user instruction acquisition unit 712 and the reception unit 714.
[0141]
The transmission unit 718 receives the device identification information and the content designation information from the user instruction acquisition unit 712.
The transmission unit 718 transmits the content designation information to the distribution device 50 or the distribution device 60 corresponding to the device identification information.
The transmission unit 718 receives the device identification information, the reception side date and time, and the reception side signature from the reception unit 714, and sends the reception side to the distribution device 50 or the distribution device 60 corresponding to the device identification information. The date and time and the receiving side signature are transmitted.
3.1.3 Tamper resistant module 75
The tamper resistant module 75 includes a CPU, a ROM, a RAM, and the like as hardware. The ROM stores a computer program, and the CPU operates according to the computer program. Realize the function.
[0142]
The tamper resistant module 75 includes a mechanism that prevents direct access to data in the ROM and the RAM from outside the tamper resistant module 75.
FIG. 14 is a block diagram showing a configuration of the tamper resistant module 75.
(Receiver 751)
The receiving unit 751 receives information from the content processing device 71 electrically connected via the bus.
[0143]
The reception unit 751 receives the device identification information and the reception side date / time request from the content processing device 71, and transmits the device identification information and the reception side date / time request to the reception side date / time generation unit 754.
The receiving unit 751 transmits the device identification information, the distribution side information, and the distribution side signature received from the content processing device 71 to the signature verification unit 756.
(Clock part 752)
The clock unit 752 is a clock that counts up every second, and counts the number of seconds from January 1, 1970.
(Storage unit 753)
The storage unit 753 stores a device identifier that identifies the distribution device, a trust identifier, and a difference date and time in association with each other.
[0144]
In the storage unit 753, the trust identifier indicates a dependency relationship between distribution devices, and is stored in advance in association with the device identifier.
The storage unit 753 receives the device identification information and the difference date / time from the difference generation unit 758.
The storage unit 753 replaces the difference date and time corresponding to the device identifier that matches the received device identification information with the received difference date and time.
[0145]
Further, the storage unit 753 replaces the difference date and time corresponding to the trust identifier that matches the received device identification information with the received difference date and time.
(Reception-side date and time generation unit 754)
The reception side date and time generation unit 754 receives the device identification information and the reception side date and time request from the reception unit 751.
[0146]
The reception side date and time generation unit 754 holds the device identification information.
The reception date and time generation unit 754 receives the reception side date and time request from the reception unit 751 or receives the reception side date and time transmission instruction from the difference generation unit 758 and the date and time engraved by the clock unit 752 and the device The reception date and time are generated by adding the difference date and time corresponding to the device identifier that matches the identification information, and the device identification information and the reception date and time are transmitted to the signature generation unit 755.
(Signature generation unit 755)
The signature generation unit 755 generates a digital signature.
[0147]
The signature generation unit 755 generates and stores a set of the reception side public key and the reception side secret key for use in generating and verifying a digital signature in advance.
The receiving side public key is notified to the distribution apparatus 50 in advance.
The signature generation unit 755 receives the device identification information and the reception side date and time from the reception side date and time generation unit 754.
[0148]
The signature generation unit 755 applies a digital signature to the reception side date and time to generate the reception side signature.
The signature generation unit 755 transmits the device identification information, the reception side date and time, and the reception side signature to the transmission unit 760.
(Signature verification unit 756)
The signature verification unit 756 verifies the received signature.
[0149]
The signature verification unit 756 stores the distribution-side public key generated by the distribution device 50 in advance.
The signature verification unit 756 receives the device identification information, the distribution side information, and the distribution side signature from the reception unit 751.
The signature verification unit 756 verifies the validity of the distribution-side signature using the distribution-side public key, and determines whether or not the distribution-side information has been tampered with.
[0150]
If the delivery side signature is not valid, the signature verification unit 756 determines that the delivery side information has been tampered with, and ends the process.
If the distribution side signature is valid, the signature verification unit 756 determines that the distribution side information has not been tampered with, and transmits the device identification information and the distribution side information to the information determination unit 757.
(Information determination unit 757)
The information determination unit 757 receives the device identification information and the distribution side information from the signature verification unit 756.
[0151]
The information determination unit 757 verifies the content identification information acquired from the distribution side information, and when the information included in the distribution side information is determined to be the expiration date, the information determination unit 757 sets the expiration date to the availability determination unit 759. Send.
In addition, the information determination unit 757 verifies the content identification information included in the distribution side information, and determines that the information included in the distribution side information is the distribution side date and time, the distribution side date and time, The device identification information is transmitted to the difference generation unit 758.
(Difference generation unit 758)
The difference generation unit 758 receives the device identification information and the delivery side date and time from the information determination unit 757.
[0152]
The difference generation unit 758 transmits the date and time engraved by the clock unit 752 when the delivery side date and time are received, the difference date and time between the received delivery side date and time, and the device identification information to the storage unit 753, and the reception side A date and time transmission instruction is transmitted to the reception side date and time generation unit 754.
(Reproduction availability determination unit 759)
The reproducibility determination unit 759 acquires a determination date and time that is the date and time engraved by the clock unit 752 when the expiration date is received.
[0153]
When the determination date / time is the same as the expiration date or when the determination date / time indicates a date / time prior to the expiration date, the playback possibility determination unit 759 determines that the content can be played back. If it is after the expiration date, it is determined that the content cannot be reproduced.
The reproducibility determination unit 759 instructs the transmission unit 760 to transmit the determination result to the content reproduction device 71 as reproducibility information.
(Transmitter 760)
The transmission unit 760 transmits the information received from the signature generation unit 755 and the playability determination unit 759 to the content processing device 71.
[0154]
The transmission unit 760 transmits the device identification information received from the signature generation unit 755, the reception side date and time, the reception side signature, and the reproduction availability information received from the reproduction availability determination unit 759 to the content processing device 71.
3.2 Operation
The overall operation of the content distribution system in the third embodiment will be described with reference to the drawings.
[0155]
FIG. 15 is a diagram showing a flow of content distribution processing in the content distribution system 3.
It is assumed that the distribution device 50 holds the first content whose content identifier is 1.
It is assumed that the user of the receiving device 70 desires to reproduce the first content whose content identifier is 1.
[0156]
The expiration date of the first content is assumed to be 10433385600 representing January 24, 2003 14: 20: 0.
The user of the content processing apparatus 71 uses the remote controller to input value 1 that is a content identifier desired to be reproduced as content designation information (step S301).
[0157]
The content processing device 71 transmits the content designation information to the distribution device 50 (step S302).
The distribution device 50 receives the content designation information and stores the value 1 of the content designation information (step S303).
The distribution device 50 transmits the reception side date / time request to the content processing device 71 (step S304).
[0158]
The content processing apparatus 71 receives the receiving side date / time request (step S305).
The content processing device 71 transmits the reception side date / time request to the tamper resistant module 75 (step S306).
The tamper resistant module 75 receives the reception side date / time request (step S307).
[0159]
The tamper resistant module 75 generates the receiving side date and time and generates the receiving side signature.
The tamper resistant module 75 transmits the reception side date and time and the reception side signature to the content processing device 71 (step S308).
The content processing apparatus 71 receives the receiving side date and time and the receiving side signature (step S309).
[0160]
The content processing device 71 transmits the receiving side date and time and the receiving side signature to the distribution device 50 (step S310).
The distribution apparatus 50 receives the reception side date and time and the reception side signature (step S311).
The distribution device 50 verifies the receiving side signature.
[0161]
If the distribution device 50 determines that the reception date / time has not been tampered with as a result of the verification, the difference between the date / time engraved by the clock unit 505 and the reception date / time when the reception date / time is received. It is determined whether it is within 300 representing 5 minutes.
When the difference is a value indicating 5 minutes or less, the distribution apparatus 50 determines that the synchronization is synchronous, and when the difference is a value indicating a time greater than 5 minutes, the distribution device 50 determines that the difference is asynchronous.
[0162]
When the result of the determination is synchronous, the distribution device 50 generates distribution side information using the content expiration date and the content identification information corresponding to the content identifier that matches the content designation information.
When the result of the determination is asynchronous, the synchronization verification unit 506 acquires a delivery side date and time which is the date and time engraved by the clock unit 504 when the determination is performed, and distributes the delivery side date and time from the content identification information. Generate side information.
[0163]
The distribution device 50 applies a digital signature to the distribution side information and generates a distribution side signature.
The distribution device 50 transmits the distribution side information and the distribution side signature to the content processing device 71 (step S312).
The content processing device 71 receives the distribution side information and the distribution side signature (step S313).
[0164]
The content processing apparatus 71 transmits the distribution side information and the distribution side signature to the tamper resistant module 75 (step S314).
The tamper resistant module 75 receives the distribution side information and the distribution side signature (step S315).
The tamper resistant module 75 verifies the delivery side signature.
[0165]
The tamper resistant module 75 analyzes the contents of the distribution side information when the distribution side signature is correct.
When the delivery side information is the delivery side date and time, the tamper resistant module 75 stores the difference date and time between the date and time stamped by the clock unit 752 when the delivery side date and time is received and the delivery side date and time. Execute again from S307.
[0166]
The tamper resistant module 75 determines whether or not the content can be reproduced when the distribution side information is a content expiration date.
The tamper resistant module 75 transmits the content reproducibility information to the content processing device 71 (step S316).
The content processing device 71 receives the reproduction permission / inhibition information (step S317).
[0167]
When the reproduction permission / inhibition information indicates that content reproduction is possible, the content processing device 71 reproduces the content.
When the reproduction permission / inhibition information indicates that the content cannot be reproduced, the content processing device 71 stops the reproduction of the content.
The distribution device 60 performs the same operation as the distribution device 50, but is subordinate to the distribution device 50.
[0168]
As described above, when the receiving device 70 synchronizes the respective clocks between the distribution device 50 and the receiving device 70, the receiving device 70 stores the distribution device 60 and the clock of the receiving device 70. However, a process of rewriting the difference between the dates and times with the difference between the dates and times engraved by the clocks of the distribution device 50 and the receiving device 70 is performed.
<Other variations>
(1) The present invention may be a method including the steps described in the embodiments. Further, the present invention may be a computer program that realizes these methods by a computer, or may be a digital signal composed of the computer program.
[0169]
The present invention also provides a computer-readable recording medium such as a flexible disk, hard disk, CD-ROM, MO, DVD, DVD-ROM, DVD-RAM, BD (Blu-ray Disc). ), Recorded in a semiconductor memory or the like. Further, the present invention may be the computer program or the digital signal recorded on these recording media.
[0170]
In the present invention, the computer program or the digital signal may be transmitted via an electric communication line, a wireless or wired communication line, a network represented by the Internet, or the like.
The present invention may be a computer system including a microprocessor and a memory, wherein the memory stores the computer program, and the microprocessor operates according to the computer program.
[0171]
In addition, the program or the digital signal is recorded on the recording medium and transferred, or the program or the digital signal is transferred via the network or the like, and is executed by another independent computer system. It is good.
(2) When the user wishes to reproduce the content, the content and the time limit information relating to the content are transmitted from the distribution device to the receiving device. It may be accumulated in.
(3) The distribution device and the reception device are connected and communicated via a network. However, the distribution device and the reception device may be connected via a network, and the distribution device and the reception device are electrically connected via a bus. The structure connected to may be sufficient.
(4) In the embodiment, the distribution device and the reception device detect falsification of the communicated information using a signature. However, the distribution device and the reception device perform mutual authentication and key sharing in advance to perform communication. Information to be encrypted may be encrypted using the shared key and then communicated with each other.
(5) In the third embodiment, the receiving device holds the trust identifier in advance, but the trust identifier may be transmitted from the distribution device to the receiving device.
(6) The tamper resistant module may be composed of a portable memory card such as an IC card and separable from the receiving device or the content processing device.
(7) The above embodiment and the above modifications may be combined.
[0172]
【The invention's effect】
(1) A content distribution system according to the present invention includes a distribution device that transmits content and time limit information related to the expiration date of the content, and a reception device that determines whether the received content can be used by using the time limit information. The receiving device includes a first clock that records a date and time, transmits the first date and time that the first clock records, and the distribution device uses a date and time that is different from the first clock. A second clock that engraves the first time and date, and the difference between the first date and time and the second date and time engraved by the second time when the first date and time is received; The expiration date information generated by adding the expiration date of the content based on is transmitted to the receiving device.
[0173]
According to this configuration, since the expiration date of the content is corrected using the difference between the dates and times engraved by the clocks respectively provided in the reception device and the distribution device, it is possible to accurately determine whether or not the content can be used.
(2) The distribution device of the present invention is a distribution device that transmits the content and the time limit information to a reception device that determines whether or not the content can be used based on time limit information related to a content use time limit. A receiving unit that receives a first date and time engraved by a clock included in the receiving device from a device; a clock unit that engraves the date and time and outputs a second date and time engraved when the first date and time is received; and the second date and time And a transmission unit that transmits the time limit information generated by adding the difference between the first date and time and the use time limit of the content to the receiving device.
[0174]
According to this configuration, since the expiration date of the content is corrected using the difference between the dates and times engraved by the clocks respectively provided in the reception device and the distribution device, it is possible to accurately determine whether or not the content can be used.
(3) The content distribution system of the present invention uses the content using the distribution device that transmits the time limit information related to the expiration date of the content based on the clock provided, the clock provided, and the received time limit information. A content distribution system comprising a receiving device that determines whether or not it is acceptable, the receiving device including a first clock that records a date and time, and a difference date and time for correcting the date and time that the first clock records, and the difference date and time A difference identifier for identifying, storing the date and time of engraving of the first clock, the correction date and time of adding the difference date and time, and the correction identifier for identifying the correction date and time are transmitted to the distribution device, from the distribution device, When receiving the time limit information and the correction identifier, and determining the difference date and time identified by the difference identifier that matches the correction identifier and the availability of the content When the date and time added to the date and time carved by the first clock is a date and time before the deadline information, the content is determined to be usable, and the distribution device A second clock engraved with another date and time, receiving the correction identifier and the correction date and time from the receiving device, and the difference between the correction date and the reference date and time engraved by the second clock when receiving the correction date and time Is added to the expiration date of the content to generate the time limit information, and the time limit information and the correction identifier are transmitted.
[0175]
According to this configuration, since the expiration date of the content is corrected using the difference between the dates and times engraved by the clocks respectively provided in the reception device and the distribution device, it is possible to accurately determine whether or not the content can be used.
(4) The distribution device of the present invention is a distribution device that transmits the content and the time limit information to a receiving device that determines whether the content can be used by using time limit information related to a content use time limit. A receiving unit that receives the first date and time engraved by the receiving device and the identification information related to the first date and time, and the second date and time engraved when the first date and time are received from the receiving device A transmitting unit that transmits the difference information between the first date and time and the second date and time and the expiration date of the content, and the identification information to the receiving device. Is provided.
[0176]
According to this configuration, since the expiration date of the content is corrected using the difference between the dates and times engraved by the clocks respectively provided in the reception device and the distribution device, it is possible to accurately determine whether or not the content can be used.
(5) The receiving device of the present invention transmits information to the distribution device, receives the time limit information related to the content generated by the distribution device using the information, and uses the time limit information to A receiving device that determines whether or not it can be used, a user date and time acquisition unit that acquires a user date and time specified by a user, and a clock that outputs a first date and time that is engraved when the user date and time is obtained A storage unit that stores a difference between the user date and time and the first date and time and an identifier for identifying the difference, and a content reproduction request acquisition unit that acquires a content reproduction request designated by the user A transmission unit that transmits the date and time that the first clock was engraved when the content reproduction request was acquired, the correction date and time when the difference was added, and the identifier to the distribution device, and the distribution device, in front A receiving unit that receives an identifier and the time limit information, and a date and time that is added to the date and time engraved by the clock unit and the difference corresponding to the identifier when determining whether or not the content can be used is earlier than the time limit information. A determination unit that determines that the content is usable when the date and time are reached;
[0177]
According to this configuration, since the expiration date of the content is corrected using the difference between the dates and times engraved by the clocks respectively provided in the reception device and the distribution device, it is possible to accurately determine whether or not the content can be used.
(6) The content distribution system according to the present invention receives a content delivery device that transmits an expiration date based on a clock included in the content, and uses the received clock and the received expiration date to determine whether the content can be used. A content distribution system comprising: a device, wherein the distribution device includes a first clock engraved with a date and time, and transmits the first date and time engraved by the first clock; A second clock engraved with another date and time, receiving the first date and time, storing the difference between the first date and time and the second date and time engraved by the second clock when receiving the first date and time; It is determined that the content can be used when the date and time when the second clock is engraved and the date and time when the difference is added are determined before the expiration date. .
[0178]
According to this configuration, since the receiving device determines the expiration date of the content after the difference between the dates and times engraved by the clocks included in the receiving device and the distribution device falls within a predetermined value, the content usage determination Can be performed accurately.
(7) The receiving device of the present invention receives the expiration date of the content based on the clock provided in each of the first and second delivery devices from the first and second delivery devices each provided with a clock and delivering the content. A receiving device that determines whether or not content can be used by using the received expiration date, from the first device, a first identifier indicating the first device, and a first date and time carved by the clock provided. When receiving the first identifier from the second device and receiving the second identifier indicating the second device and the second date and time engraved by the clock provided, and the first date and time A clock unit that outputs the third date and time that is engraved and outputs the fourth date and time that is engraved when the second date and time is received, the difference between the first date and time and the third date and time, and the first identifier And store the second date and time and the fourth It comprises a difference between the time, and a storage unit that stores in association with the second identifier.
[0179]
According to this configuration, since the receiving device determines the expiration date of the content after the difference between the dates and times engraved by the clocks included in the receiving device and the distribution device falls within a predetermined value, the content usage determination Can be performed accurately.
(8) The receiving device of the present invention includes a clock, and content based on the clock included in each of the first distribution device that distributes the content and the second distribution device subordinate to the first distribution device. A first identifier indicating the first distribution device from the first distribution device, and the clock provided therein. And a receiving unit that receives a second identifier indicating the second delivery device from the second delivery device, and a second time that is engraved when the first date and time is received. When the receiving unit receives the first identifier and the first date, the difference between the first date and the third date and the second identifier is output. And a storage unit for storing the information in association with each other .
[0180]
According to this configuration, since the receiving device determines the expiration date of the content after the difference between the dates and times engraved by the clocks included in the receiving device and the distribution device falls within a predetermined value, the content usage determination Can be performed accurately.
(9) The distribution device according to the present invention provides the expiration date of the content based on the second clock provided to the receiving device that determines whether or not the content can be used by using the expiration date of the content and the first clock provided. A transmission device for transmitting, a receiver for receiving synchronization information indicating that the first clock and the second clock are engraved with the same date and time from the receiving device; and when receiving the synchronization information And a transmission unit for transmitting the content and the expiration date.
[0181]
According to this configuration, since the distribution apparatus transmits the expiration date of the content after being notified that the difference between the dates and times engraved by the clocks included in the reception apparatus and the distribution apparatus is within a predetermined value, The receiving apparatus can accurately determine whether or not the content can be used.
(10) The distribution method of the present invention is a distribution method for transmitting the content and the time limit information to a receiving device that determines whether or not the content can be used based on time limit information related to a content use time limit. A receiving step for receiving a first date and time engraved by a clock included in the receiving device from an apparatus; a clock step for engraving the date and time and outputting a second date and time engraved when the first date and time are received; and the second date and time And a transmission step of transmitting the time limit information generated by adding the difference between the first date and time and the use time limit of the content to the receiving device.
[0182]
According to this configuration, since the expiration date of the content is corrected using the difference between the date and time of the clock provided in the receiving device and the date and time of the clock step, it is possible to accurately determine whether or not the content can be used.
(11) The distribution method of the present invention is a distribution method for transmitting the content and the time limit information to a receiving device that determines whether or not the content can be used by using time limit information related to a content use time limit. A receiving step for receiving the first date and time engraved by the receiving device and the identification information related to the first date and time from the receiving device, and the second date and time engraved when receiving the first date and time are output. A transmitting step of transmitting the time limit information generated by adding a difference between the first date and time and the second date and time, and a use time limit of the content, and the identification information to the receiving device; including.
[0183]
According to this configuration, since the expiration date of the content is corrected using the difference between the date and time of the clock provided in the receiving device and the date and time of the clock step, it is possible to accurately determine whether or not the content can be used.
(12) In the distribution method of the present invention, the expiration date of the content based on the second clock provided to the receiving device that determines the availability of the content using the expiration date of the content and the first clock provided. A distribution method for transmitting, wherein a reception step of receiving synchronization information indicating that the first clock and the second clock are engraved with the same date and time from the receiving device; and when the synchronization information is received And transmitting the content and the expiration date.
[0184]
According to this configuration, since it is notified that the difference between the date and time of the clock included in the receiving device and the date and time of the clock step is within a predetermined value, the expiration date of the content is transmitted. The receiving apparatus can accurately determine whether or not the content can be used.
(13) In the reception method of the present invention, information is transmitted to the distribution device, the time limit information related to the content generated by the distribution device is received using the information, and the content information is transmitted using the time limit information. A reception method for determining whether or not a user can use a user date and time acquisition step for acquiring a user date and time specified by a user, and a clock that outputs a first date and time that is engraved when the user date and time is obtained. A storage step of storing a step, a difference between the user date and time and the first date and time, and an identifier for identifying the difference, and a content playback request acquisition step of acquiring a content playback request designated by the user A transmission date and time that the first clock has been engraved when the content reproduction request is acquired, a correction date and time obtained by adding the difference, and the identifier are transmitted to the distribution device. And the reception step of receiving the identifier and the time limit information from the distribution device, the date and time carved by the clock unit when determining the availability of the content, and the difference corresponding to the identifier A determination step of determining that the content is usable when the date and time is before the deadline information.
[0185]
According to this configuration, since the expiration date of the content is corrected by using the difference between the date / time stamped by the clock step and the date / time stamped by the clock provided in the distribution device, it is possible to accurately determine whether the content can be used.
(14) According to the receiving method of the present invention, the expiration date of the content based on the clock provided in each of the first and second delivery devices is received from the first and second delivery devices each provided with a clock and delivering the content. A reception method for determining whether or not a content can be used by using the received expiration date, wherein a first identifier indicating the first device and a first date and time engraved by the clock included in the first device are obtained from the first device. A receiving step of receiving and receiving from the second device a second identifier indicating the second device and a second date and time engraved by the clock provided; and when receiving the first date and time A clock step that outputs the third date and time that is engraved and outputs the fourth date and time that is engraved when the second date and time is received, the difference between the first date and time and the third date and time, and the first identifier And remember the second Including a difference between when the the time-fourth day, and a storage step for association with each said second identifier.
[0186]
According to this configuration, after the difference between the date and time engraved by the clock step and the date and time engraved by the clock included in the distribution device falls below a predetermined value, the receiving device determines the expiration date of the content. Usability determination can be performed accurately.
(15) The reception method of the present invention includes a clock based content that is provided from each of the first distribution device that distributes the content and the second distribution device that is subordinate to the first distribution device. A receiving method for determining whether or not content can be used by using the received expiration date, from the first distribution device to a first identifier indicating the first distribution device, and the clock provided Receiving the first date and time, and receiving a second identifier indicating the second distribution device from the second distribution device; and the first time and date when the first date and time are received. A clock step for outputting three dates and times, and when the receiving unit receives the first identifier and the first date and time, a difference between the first date and time and the third date and time, and the second identifier Associate and remember And a 憶 step.
[0187]
According to this configuration, after the difference between the date and time engraved by the clock step and the date and time engraved by the clock included in the distribution device falls below a predetermined value, the receiving device determines the expiration date of the content. Usability determination can be performed accurately.
(16) The program of the present invention is a program applied to a distribution device that transmits the content and the time limit information to a receiving device that determines whether or not the content can be used based on time limit information related to the content use time limit. A receiving step for receiving from the receiving device a first date and time engraved by a clock included in the receiving device; a clock step for engraving the date and time and outputting a second date and time engraved when receiving the first date and time; A computer is caused to execute each step of transmitting the time limit information generated by adding the difference between the second date and time and the first date and time and the expiration date of the content to the receiving device.
[0188]
According to this configuration, since the expiration date of the content is corrected using the difference between the date and time of the clock provided in the receiving device and the date and time of the clock step, it is possible to accurately determine whether or not the content can be used.
(17) The program of the present invention is a program applied to a distribution device that transmits the content and the time limit information to a receiving device that determines whether or not the content can be used by using time limit information related to the content use time limit. A receiving step of receiving from the receiving device a first date and time engraved by the receiving device and identification information relating to the first date and time; and a first time engraved when the first date and time are engraved. A clock step for outputting two date and time, the time limit information generated by adding the difference between the first date and time and the time limit for use of the content, and the identification information are transmitted to the receiving device. The computer executes each step of the transmission step.
[0189]
According to this configuration, since the expiration date of the content is corrected using the difference between the date and time of the clock provided in the receiving device and the date and time of the clock step, it is possible to accurately determine whether or not the content can be used.
(18) The program according to the present invention transmits the expiration date of the content based on the second clock provided to a receiving device that determines whether the content can be used by using the expiration date of the content and the first clock provided. A receiving step for receiving synchronization information indicating that the first clock and the second clock are engraved with the same date and time from the receiving device; and When received, the computer causes the computer to execute each step of transmitting the content and the expiration date.
[0190]
According to this configuration, since it is notified that the difference between the date and time of the clock included in the receiving device and the date and time of the clock step is within a predetermined value, the expiration date of the content is transmitted. The receiving apparatus can accurately determine whether or not the content can be used.
(19) The program of the present invention transmits information to the distribution device, receives the time limit information related to the content generated by the distribution device using the information, and uses the content using the time limit information. A program that is applied to a receiving device that determines whether it is possible or not, a user date acquisition step that acquires a user date specified by a user, and a first date that was recorded when the user date was acquired , A storage step for storing a difference between the user date and time and the first date and time and an identifier for identifying the difference, and a content for obtaining a content reproduction request designated by the user A reproduction request acquisition step, a date and time that the first clock engraved when the content reproduction request is acquired, a correction date and time that is added to the difference, and the identifier. Corresponding to the transmitting step for transmitting to the device, the receiving step for receiving the identifier and the time limit information from the distribution device, the date and time stamped by the clock unit when determining whether or not the content can be used, and the identifier When the date and time when the difference is added is a date and time before the deadline information, the computer is caused to execute each step of the determination step of determining that the content is usable.
[0191]
According to this configuration, since the expiration date of the content is corrected by using the difference between the date / time stamped by the clock step and the date / time stamped by the clock provided in the distribution device, it is possible to accurately determine whether the content can be used.
(20) The program of the present invention receives the expiration date of the content based on the clock provided in each of the first and second delivery devices from the first and second delivery devices each having a clock and delivering the content, A program applied to a receiving device that determines whether or not a content can be used by using the received expiration date, wherein a first identifier indicating the first device and a clock provided by the first device are engraved from the first device. Receiving a first date and time, receiving from the second device a second identifier indicating the second device and a second date and time engraved by the clock provided; and engraving the first date and time; A clock step of outputting a third date and time engraved when the second date and time are received, and outputting a fourth date and time engraved when the second date and time are received, a difference between the first date and time and the third date and time, Pair with identifier Association and stored, the difference between when the fourth day and when the second day, to execute the steps of a storage step stores an association with the second identifier to the computer.
[0192]
According to this configuration, after the difference between the date and time engraved by the clock step and the date and time engraved by the clock included in the distribution device falls below a predetermined value, the receiving device determines the expiration date of the content. Usability determination can be performed accurately.
(21) The program of the present invention includes a clock, and each of the content based on the clock provided by each of the first distribution device that distributes the content and the second distribution device that is subordinate to the first distribution device. A program applied to a receiving device that receives an expiration date and uses the received expiration date to determine whether or not content can be used, from the first distribution device, a first identifier indicating the first distribution device, Receiving the first date and time engraved by the clock provided, receiving a second identifier indicating the second delivery device from the second delivery device, and receiving the first date and time engraving the date and time A clock step that outputs a third date and time, and a difference between the first date and time and the third date and time when the receiving unit receives the first identifier and the first date and time; 2 identification To execute the steps of a storage step stores an association bets on a computer.
[0193]
According to this configuration, after the difference between the date and time engraved by the clock step and the date and time engraved by the clock included in the distribution device falls below a predetermined value, the receiving device determines the expiration date of the content. Usability determination can be performed accurately.
[Brief description of the drawings]
FIG. 1 is a block diagram showing a configuration of a content distribution system.
FIG. 2 is a block diagram illustrating a configuration of a distribution device.
FIG. 3 is a block diagram illustrating a configuration of a content processing apparatus.
FIG. 4 is a block diagram showing a configuration of a tamper resistant module.
FIG. 5 is a diagram showing a flow of content distribution processing in the content distribution system.
FIG. 6 is a block diagram showing a configuration of a content distribution system.
FIG. 7 is a block diagram illustrating a configuration of a distribution apparatus.
FIG. 8 is a block diagram illustrating a configuration of a content processing apparatus.
FIG. 9 is a block diagram showing a configuration of a tamper resistant module.
FIG. 10 is a diagram illustrating a flow of content distribution processing in the content distribution system.
FIG. 11 is a block diagram illustrating a configuration of a content distribution system.
FIG. 12 is a block diagram illustrating a configuration of a distribution device.
FIG. 13 is a block diagram illustrating a configuration of a content processing apparatus.
FIG. 14 is a block diagram showing a configuration of a tamper resistant module.
FIG. 15 is a diagram showing a flow of content distribution processing in the content distribution system.
[Explanation of symbols]
1 Content distribution system
2 Content distribution system
3 Content distribution system
10 Distribution device
20 Receiver
21 Content processing device
25 Tamper resistant module
30 Distribution device
40 Receiver
41 Content processing device
45 Tamper resistant module
50 Distribution device
60 Distribution device
70 Receiver
71 Content processing device
75 Tamper resistant module
101 Receiver
102 Request holding part
103 Random number generator
104 Signature verification unit
105 Clock part
106 Accumulator
107 Time limit information generation unit
108 Signature generator
109 Transmitter
210 User instruction acquisition unit
211 Receiver
212 Receiver
213 Content storage unit
214 Content playback unit
215 Transmitter
216 Transmitter
251 Receiver
252 Clock part
253 Receiving date / time generator
254 Signature generator
255 Random number generator
256 Signature verification unit
257 Playability determination unit
258 transmitter
301 Receiver
302 Request holding unit
303 Random number generator
304 Signature verification unit
305 clock
306 Storage unit
307 Time limit information generation unit
308 Signature generator
309 transmitter
410 User instruction acquisition unit
411 receiver
412 Receiver
413 Content storage unit
414 Content playback unit
415 transmitter
416 Transmitter
451 receiver
452 Watch part
453 Difference generator
454 storage unit
455 Receiving date / time generator
456 Signature generation unit
457 random number generator
458 Signature verification unit
459 Playability determination unit
460 transmitter
501 Receiver
502 Request holding unit
503 Signature verification unit
504 Clock part
505 Accumulator
506 Synchronization verification unit
507 Signature generation unit
508 transmitter
711 storage unit
712 User instruction acquisition unit
713 Receiver
714 Receiver
715 Content storage unit
716 Content playback unit
717 Transmitter
718 Transmitter
751 Receiver
752 Watch part
753 storage unit
754 Receiving date / time generator
755 Signature generator
756 Signature verification unit
757 Information determination unit
758 Difference generator
759 Playability determination unit
760 Transmitter

Claims (4)

Content distribution comprising: a distribution device that transmits time limit information related to a content expiration date based on a clock provided; and a reception device that determines whether the content can be used by using the clock and the received time limit information. A system,
The receiving device includes a first clock that records a date and time, stores a difference date and time for correcting the date and time recorded by the first clock, and a difference identifier that identifies the difference date and time, and the first clock clocks A correction date and time obtained by adding the date and time and the difference date and time and a correction identifier for identifying the correction date and time are transmitted to the distribution device, the deadline information and the correction identifier are received from the distribution device, and the correction identifier and When the date and time obtained by adding the difference date and time identified by the matching difference identifier and the date and time carved by the first clock when determining whether or not the content can be used is a date and time before the deadline information , Determine that the content is usable,
The distribution device includes a second clock that has a date and time that is different from the first clock, receives the correction identifier and the correction date and time from the reception device, and receives the correction date and time when the correction date and time are received. A content distribution system comprising: adding a difference from a reference date and time engraved by a second clock to an expiration date of the content to generate the expiration date information, and transmitting the expiration date information and the correction identifier. A receiving device that transmits information to a distribution device, receives time limit information about the content generated by the distribution device using the information, and determines whether the content can be used using the time limit information. ,
A user date and time acquisition unit for acquiring the user date and time specified by the user;
A clock unit that ticks the date and time and outputs a first date and time that is engraved when the user date and time is acquired, a difference between the user date and time and the first date and time, and an identifier that identifies the difference are stored in association with each other A storage unit to
A content playback request acquisition unit for acquiring a content playback request specified by the user;
A transmission unit that transmits the date and time that the first clock is engraved when the content reproduction request is acquired, the correction date and time that are added to the difference, and the identifier to the distribution device;
A receiving unit that receives the identifier and the time limit information from the distribution device;
It is determined that the content can be used when the date and time obtained by adding the date and time engraved by the clock unit and the difference corresponding to the identifier when determining whether or not the content can be used is a date and time before the time limit information. And a determination unit. A receiving method for transmitting information to a distribution device, receiving time limit information relating to the content generated by the distribution device using the information, and determining whether the content can be used or not using the time limit information. ,
A user date and time acquisition step for acquiring the user date and time specified by the user;
A clock step of ticking the date and time and outputting a first date and time ticked when the user date and time is acquired;
A storage step of storing the difference between the user date and time and the first date and time in association with an identifier for identifying the difference;
A content playback request acquisition step for acquiring a content playback request specified by a user;
A transmission step of transmitting the date and time that the first clock was engraved when the content reproduction request was acquired, the correction date and time obtained by adding the difference, and the identifier to the distribution device;
A receiving step of receiving the identifier and the time limit information from the distribution device;
It is determined that the content can be used when the date and time obtained by adding the date and time engraved by the clock unit and the difference corresponding to the identifier when determining whether or not the content can be used is a date and time before the time limit information. A receiving method comprising: a determination step. The present invention is applied to a receiving apparatus that transmits information to a distribution apparatus, receives time limit information relating to content generated by the distribution apparatus using the information, and determines whether the content can be used using the time limit information. A program
A user date and time acquisition step for acquiring the user date and time specified by the user;
A clock step of ticking the date and time and outputting a first date and time ticked when the user date and time is acquired;
A storage step of storing the difference between the user date and time and the first date and time in association with an identifier for identifying the difference;
A content playback request acquisition step for acquiring a content playback request specified by a user;
A transmission step of transmitting the date and time that the first clock was engraved when the content reproduction request was acquired, the correction date and time obtained by adding the difference, and the identifier to the distribution device;
A receiving step of receiving the identifier and the time limit information from the distribution device;
It is determined that the content is usable when the date and time obtained by adding the date and time engraved by the clock unit and the difference corresponding to the identifier when determining whether or not the content can be used is a date and time before the time limit information. A program for causing a computer to execute each of the determination steps.

Images