JP5338843B2 - Server apparatus and communication method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To control illegal use of content placed managed by an end user. <P>SOLUTION: A content use control apparatus includes a function for registering/confirming an apparatus and a user so that service may not be freely used by unauthorized apparatuses and users, and a function for restricting rewriting of registered information. The restrictions protect copyright of information to be served. A concrete example of the apparatus is a server for storing content such as movies and music, and is applied to a system for supplying content according to request from a client (a cellular phone or a TV, a PC, etc. connected to the server) or a user. <P>COPYRIGHT: (C)2011,JPO&amp;INPIT

Description

  The present invention relates to a server device and a communication method for controlling the use of content under a predetermined use condition, and more particularly to a server device and a communication method for controlling the use of content provided to a user via a network or the like.

  More particularly, the present invention relates to a server device and a communication method for controlling use of content acquired via a network or the like under a specific server administrator, and in particular, content placed under the management of an end user. The present invention relates to a server device and a communication method for controlling unauthorized use of a server.

  At present, computing technologies such as information processing and information communication have improved dramatically, and computer systems have become widespread. In addition, there is a growing demand for network computing technology that interconnects computers. Under a network connection environment, it is possible to collaborate among a plurality of users who share computer resources, and to smoothly share, distribute, distribute, and exchange information contents.

  Nowadays, with the widespread use of the Internet and the advancement and lower prices of high-speed access technologies such as broadband, many users can easily transmit various information contents around the world through communication.

  On the other hand, a system that illegally copies and distributes data of a copyrighted work such as a movie or music using such an environment, such as Napster and Gnutella, has appeared and a problem related to content protection has occurred. Although the scale and performance of the network are expected to increase further in the future, the information that can be transmitted is limited without the means to prevent unauthorized use of such content, and the value of the network can be enjoyed effectively. There is a risk that it will not be possible. In addition, if content abuse is rampant, the willingness of content producers / providers will decline, which may hinder the development of the entire industry.

  Generally, when content is distributed via a wide area network such as the Internet, the content is technically protected by registering or charging users in advance and distributing the content only when proper use is ensured. be able to.

  However, recently, private networks such as home networks have become popular, and users can perform home distribution within the scope of proper use under the Copyright Act. For example, content acquired via BS digital is distributed between information devices connected via i-Link or the like. In such a case, the content must be protected by the user at the end, but there is a danger that the user registration is managed independently, and the content is distributed without restriction within the home.

  Therefore, in a system in which contents such as movies and music purchased by a user are stored in a home server and transmitted / viewed via the Internet, a mechanism for preventing access exceeding private use is required.

  At present, there is no standardized method approved by the copyright holder, and confusion has occurred in the United States, such as a lawsuit regarding the content transmission function over the Internet of broadcast recording devices.

  Methods to prevent usage beyond private use include limiting the number of devices that can use the service, or registering client identification information (eg, MAC address) to prevent access from unregistered clients. Already exists. However, these are effective when the server administrator correctly sets and does not intentionally allow unauthorized access. Even if the end user is an administrator, such as a server administrator, especially a home server, the content rights holder thinks that it is necessary to prevent unauthorized distribution to some extent. There is still no standardized method.

  For example, user information is registered by the user registration means, and when the user intends to use this system, the user authentication means authenticates whether or not the user is a registered user. Only the registered user can search for the desired content from the content registered by the content registration means by the content search means, and the user can acquire the usage right for the searched content, and the content for which the usage right has been acquired A content distribution system that monitors the user's operation with respect to the content by means of content monitoring means has been proposed (see, for example, Patent Document 1). However, this system eliminates unauthorized use by the user and does not consider allowing the user to use the content within the home or private use.

  Further, a content distribution system in which the number of people who can use the content at the same time is limited has been proposed (see, for example, Patent Document 2). In the system, the receiver that receives the content determines which content can be used according to the collation result of the user ID registered in the management table and the user ID of the receiver itself. The server and client can read out only the content that is licensed to the user ID of the receiver, and the management table matches the number of licenses with a number greater than the contract. Cannot be used simultaneously. However, the number of people that can be used at the same time varies from user to user and content (app), and the use of the content is limited to the license acquired by the user for each content rather than being restricted to home or private use. It is intended to be limited accordingly, and does not exclude unauthorized use by the user and does not allow the user to use the content within the home or private use.

JP 2001-306528 A JP 2001-350862 A

  An object of the present invention is to provide an excellent server device and communication method capable of controlling the use of content acquired via a network or the like under a specific server administrator.

  A further object of the present invention is to provide an excellent server device and communication method capable of controlling unauthorized use of content placed under the control of an end user.

  A further object of the present invention is to perform control so that content is not distributed and distributed indefinitely beyond a predetermined use condition when the content is managed by an end user such as a home network. It is possible to provide an excellent server device and communication method.

The present invention has been made in consideration of the above problems, and the first aspect thereof is
A content distribution unit that distributes content information to a plurality of client devices;
A registration unit for performing registration processing of the client device;
When the registration unit executes the registration process, when the number of already registered client devices exceeds a predetermined number, a failure end unit that ends the registration process as a failure,
A change processing unit for performing processing for changing the registration content of the registration unit;
A registration change limiting unit that limits the number of times the change processing unit performs the change processing within a predetermined period;
Is a server device.

  The present invention is effective in preventing unauthorized use by a user who does not have the authority to use the content by restricting the user of the content by a device capable of outputting paid content such as movies and music. That is, according to the content use control device or content use restriction method of the present invention, it is necessary to register the identification information of the device or user to be used prior to the use of the provided service. This can eliminate unauthorized use by devices and users that cannot be registered.

  According to the invention described in claim 2 of the present application, the registration change restriction unit of the server device described in claim 1 is configured to impose a restriction that can be changed only once within a predetermined time.

  According to invention of Claim 3 of this application, the registration change restriction | limiting part of the server apparatus of Claim 2 is comprised so that a change possibility may be confirmed via the internet.

  According to invention of Claim 4 of this application, the server apparatus of Claim 3 is further provided with the content memory | storage part which memorize | stores content information.

  According to the invention described in claim 5 of the present application, the registration change limiting unit of the server apparatus described in claim 1 is configured to store the changeable number of times in hardware having tamper resistance.

  According to the invention described in claim 6 of the present application, the change processing unit of the server apparatus described in claim 1 is configured to change the registered content based on a predetermined button operation.

The invention according to claim 7 of the present application is
A content distribution step of distributing content information to a plurality of client devices;
A registration step of performing registration processing of the client device;
When executing the registration process in the registration step, when the number of already registered client devices exceeds a predetermined number, a failure end step for terminating the registration process by failure;
A change processing step for changing the registration content of the registration unit;
A registration change limiting step for limiting the number of times the change process is performed within a predetermined period in the change processing step;
Is a communication method.

  ADVANTAGE OF THE INVENTION According to this invention, the outstanding server apparatus and communication method which can control use regarding the content acquired via the network etc. under a specific server administrator can be provided.

  Further, according to the present invention, it is possible to provide an excellent server device and communication method capable of controlling unauthorized use of content placed under the management of an end user.

  Further, according to the present invention, when content is placed under the control of an end user such as a home network, control is performed so that the content is not distributed and distributed indefinitely beyond a predetermined use condition. It is possible to provide an excellent server device and communication method.

  According to the present invention, by restricting the number of times of changing registered contents, it is possible to restrict the distribution of contents to more client apparatuses than the registered number, and to prevent copying exceeding private use.

  The present invention is effective in preventing unauthorized use by a user who does not have the authority to use the content by restricting the user of the content by a device capable of outputting paid content such as movies and music.

  First, the server device and the communication method according to the present invention need to register the identification information of the device or user to be used prior to the use of the provided service. This can eliminate unauthorized use by devices and users that cannot be registered.

  Furthermore, even if the user of the server apparatus according to the present invention intentionally registers an apparatus or a user who does not have the authority to use the service, the change is limited, and thus unlimited unauthorized use is not possible. In addition, if other users or their devices are registered, there is a possibility that the use by themselves or their families may be hindered. Therefore, the restriction of the change can be expected to suppress the unauthorized registration.

  On the other hand, by setting restrictions on the use of services in this way, it is possible to prevent unlimited unauthorized use, so that the requirements of content providers will be fully satisfied, and various services and content can be used. .

  In addition, by making it possible to change the restrictions on the replacement of registered information, it is possible to obtain an option to relax the restriction to a level at which the end user does not feel inconvenience. The range of unauthorized use can be controlled.

  Other objects, features, and advantages of the present invention will become apparent from more detailed description based on embodiments of the present invention described later and the accompanying drawings.

It is the figure which showed typically the basic composition of the content use control apparatus 100 provided for implementation of this invention. It is the figure which showed the registration processing sequence which the content usage control apparatus 100 (server) performs with respect to a client apparatus. 5 is a flowchart showing a procedure of registration processing executed on the content usage control apparatus 100. It is the figure which showed the operation | movement sequence for a client apparatus to perform a service request with respect to the content usage control apparatus 100 as a server. It is the flowchart which showed the procedure of the service availability determination processing which the content use control apparatus 100 performs when providing a service. It is the figure which showed the operation | movement sequence at the time of making it perform even the registration process of a client within a service request sequence. It is the figure which showed the structural example of the registration information database which the content use control apparatus 100 hold | maintains. It is the flowchart which showed the processing procedure of the change confirmation of registration content. It is the figure which showed typically the modification of the content use control apparatus 100 which can perform the process which restrict | limits the frequency replaced with another apparatus or the information for user identification. FIG. 4 is a flowchart showing a processing procedure for imposing a restriction that can be changed only once within a predetermined time in the registration possibility confirmation processing shown in FIG. 3. It is the flowchart which showed the process sequence for restrict | limiting the frequency | count of a change within predetermined time by using the present date. FIG. 4 is a flowchart showing a processing procedure for requesting password input in the registration possibility confirmation processing shown in FIG. 3. It is the figure which showed the example of a sequence of the process in which the user of the content use control apparatus 100 requests | requires the password which enables a change with respect to the issuer of change permission information. It is the figure which showed the structural example of the password. It is the flowchart which showed the processing procedure of the validity judgment of a password. It is the figure which showed the example of a sequence of the process in which the user of the content use control apparatus 100 requests | requires the password which enables a change with respect to the issuer of change permission information. It is the figure which showed the structural example of the password. It is the flowchart which showed the processing procedure of the validity judgment of a password.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

  FIG. 1 schematically shows a basic configuration of a content use control apparatus 100 provided for implementing the present invention.

  The content usage control apparatus 100 operates in a form in which a CPU (Central Processing Unit) 101 as a main controller executes a predetermined program code under a program execution environment provided by an operating system (OS). The CPU 101 is interconnected with other devices via a bus.

  In the present embodiment, the CPU 101 controls content provision (distribution / distribution, etc.) under a predetermined use condition, and restricts content provision destination registration and registration content modification. Execute.

  The storage unit 102 includes, for example, a semiconductor memory such as a RAM (Random Access Memory) and a ROM (Read Only Memory), an external storage device such as a hard disk device and a CD / DVD read / write device, and the like.

  The RAM is used for loading a program code to be executed by the CPU 101 and temporarily storing work data of the execution program. In the present embodiment, a content use restriction application for controlling content provision (distribution / distribution, etc.) under a predetermined use condition, or restricting registration of content provision destinations or changes in registered contents is provided on the RAM. To be loaded.

  The ROM is a semiconductor memory for permanently storing data. For example, a self-diagnostic test (POST: Power On Self Test) at startup and a program code (BIOS: Basic Input / Output System) for hardware input / output. ) Etc. are written.

  A hard disk device is an external storage device in which a magnetic disk as a storage carrier is fixedly mounted (well-known), and is superior to other external storage devices in terms of storage capacity and data transfer speed. Placing the software program on the hard disk device in an executable state is called “installation” of the program in the system. Normally, hard disk devices store operating system program codes, application programs, device drivers, and the like to be executed by the CPU 101 in a nonvolatile manner. For example, a content use restriction application for controlling the provision (distribution / distribution) of content under a predetermined use condition or restricting registration of content provision destinations or changes in registration contents on a hard disk device Can be installed on. Further, the content to be provided and the information on the content providing destination that is registered and the registered content is changed by the content use restriction application may be stored on the hard disk device.

  The CD / DVD read / write device is a device for loading a portable medium such as a CD-ROM, CD-R, or DVD and accessing the data recording surface. The portable media is mainly used for the purpose of backing up software programs, data files, and the like as data in a computer-readable format, and for moving them between systems (that is, including sales, distribution, and distribution). For example, content usage restriction applications for controlling the provision (distribution, distribution, etc.) of content under predetermined usage conditions, and restricting the registration of content provision destinations and changes in registration details, etc. are portable. It can be physically distributed and distributed among multiple devices using media. In addition, portable media can be used to exchange information to be provided or information on a content provider to which registration and registration contents are changed by a content use restriction application with other devices. .

  The output unit 103 includes a user output device (not shown) such as a display, a speaker, and a printer, a communication interface that transmits content and other information to other devices, and provides predetermined services such as content to client devices. Used to do. In addition, the output unit 103 can be used to present information when registration processing of a client device that is a content providing destination of content or a use request for a predetermined service cannot be satisfied.

  The input unit 104 receives a registration request and a request for using a predetermined service from the client device, and is used to obtain identification information of the client device. In addition, an operation for changing registration contents and registration restrictions is performed via the input unit 104. Specifically, the input unit 104 includes a communication interface, a user input device (not shown) such as a keyboard or a mouse, or a switch, sensor, camera, or the like that can accept user requests and identification information.

  Downloading a content use restriction application to the apparatus 100 for controlling the provision (distribution / distribution) of the content under a predetermined use condition, or restricting the registration of the content provision destination or the change of the registered content, etc. The communication interface can be used for exchanging information of content providing destinations whose registration and registration contents are changed by the content use restriction application with other devices.

  An example of the content use control device 100 as shown in FIG. 1 is a compatible computer or a successor of IBM's personal computer “PC / AT (Personal Computer / Advanced Technology)”. Of course, a computer having another architecture can be applied as the content use control apparatus 100 according to the present embodiment. Another example is a broadcast receiver with a hard disk device. As described above, there may be a case where the content use control device 100 itself has a function of holding the content and supplying the content to the client device at the same time.

  A client device that uses a predetermined service provided by the content usage control device 100 first requests the device 100 to register its identification information. On the other hand, the content use control apparatus 100 checks whether or not the number of registrations and the restriction on the registration change do not conflict, and performs registration processing if registration is possible. By limiting the number of registrations and registration changes in this way, it is possible to prevent a situation in which user registration or registered user changes are performed indefinitely and content is illegally distributed / distributed.

  FIG. 2 shows a registration processing sequence performed by the content use control apparatus 100 (server) for the client apparatus.

  At the time of registration, the client sends a registration request with its identification information to the server. Receiving this, the server starts the registration process and sends the result information as a response to the client.

  Further, FIG. 3 shows a procedure of registration processing executed on the content use control apparatus 100 in the form of a flowchart. This processing procedure is actually realized in a form in which the CPU 101 executes a predetermined program code.

  First, it is confirmed whether or not the requesting client has already been registered (step S1). If so, registration is unnecessary and the process ends successfully.

  On the other hand, if the request source is not registered, it is further confirmed whether new registration is possible by referring to the number of registrations imposed on the content use control apparatus 100 (step S2), and if possible, registration processing is performed. Finish successfully.

  If new registration is impossible, it is checked whether or not already registered can be replaced by referring to the contents of restriction of registration change imposed on the content use control apparatus 100 (step S3). In this case, the processing routine ends in failure (step S8).

  If the registered contents can be replaced, it is confirmed whether or not a predetermined process is necessary for that purpose (step S4). In particular, if the process is unnecessary, nothing is performed. If necessary, the process is performed (step S5), the registration content replacement registration process is performed (step S6), and the process routine is completed successfully (step S7).

  A client device that wants to use a predetermined service provided by the content use control device 100 requests the device 100 for the predetermined service. On the other hand, the content use control device 100 checks whether or not the requesting device or user identification information is registered, and provides a predetermined service if it is registered, and does not provide it if it is not registered. .

  FIG. 4 shows an operation sequence for the client apparatus to make a service request to the content usage control apparatus 100 as a server.

  When using the service, the client sends a service request with its own identification information to the server. Upon receiving this, the server activates the service availability determination process and sends the result information to the client as a response. If the service is available, the server supplies the service to the client.

  FIG. 5 shows a procedure of service availability determination processing performed when the content use control apparatus 100 provides a service in the form of a flowchart. This processing procedure is actually realized in a form in which the CPU 101 executes a predetermined program code.

  First, it is confirmed whether or not the identification information sent by the service use requester is registered (step S11).

  If it has been registered, it is determined that the service can be provided (step S12), and this processing routine is completed successfully. If it is not registered, it is determined that the service cannot be provided (step S13), and this processing routine fails. finish.

  FIG. 6 shows an operation sequence in the case where the pre-processing corresponding to the registration sequence as described with reference to FIGS. 2 and 3 is omitted and the client registration processing is performed in the service request sequence. Is shown.

  When using the service, the client sends a service request with its own identification information to the server.

  Receiving this, the server activates the registration process, subsequently activates the service availability determination process, and sends the result information to the client as a response. If the service is available, the server supplies the service to the client.

  Since the procedures of the registration process and service availability determination process started on the server are the same as those in the flowcharts shown in FIGS. 3 and 5, description thereof is omitted here.

  FIG. 7 shows a configuration example of a registration information database held by the content usage control apparatus 100 as a server.

  A value indicating how many new identification information of the client device can be newly registered is written in the number of newly registerable number field. When a maximum of n registrations are possible, the initial value is n, and the value is decreased by 1 each time one is registered, and becomes 0 after n registrations. When it is confirmed in step S2 of the flowchart shown in FIG. 3 whether there is a surplus in the number that can be registered, it is referred to whether this value is not zero. Note that this value does not change when a registered item is changed and registered.

  In a field called client identification information, identification information of a registered client is stored. In step S1 of the flowchart shown in FIG. 3 and step S11 of the flowchart shown in FIG. 5, when it is confirmed whether the client has been registered, the information stored here is referred to, and the registration request source or service use request source Compared with identification information. In the registration process of FIG. 3, the identification information is stored in an unregistered area at the time of new registration, and the new identification information is overwritten in the already registered area at the time of registration change.

  The invalid flag field is information for controlling service provision to a client having registered identification information. For example, when the value of this flag is 0, the service is not permitted, and when the flag is 1, the service is permitted.

  If the change of the registration contents of the registration information database described above is allowed without limitation, there is a risk that the contents will be distributed and distributed beyond the home (within the copyright protection range). Therefore, the content use control apparatus 100 according to the present embodiment limits identification information change procedures for replacing identification information once registered in the registration information database, that is, replacing other devices and users that can use the service with different ones. be able to. A specific example of the registration change restriction method will be described below.

Specific example (1)
The number of times the registered identification information is replaced with identification information of another device or user is limited to a predetermined number. Further changes are prohibited after a predetermined number of changes.

  The changeable number of times is set as a predetermined value in advance, and is stored in a nonvolatile rewritable memory (NVRAM, EEPROM, HDD, etc.) such as the storage unit 102. Then, in the changeable confirmation process in step S3 of the flowchart shown in FIG. 3, the held value may be referred to.

  FIG. 8 shows a processing procedure for confirming whether registration contents can be changed in the form of a flowchart. This processing procedure is actually realized in a form in which the CPU 101 executes a predetermined program code.

  First, on the basis of the client identification information transmitted from the requesting client, the entry of the corresponding client held in the registration information database is referred to and it is determined whether or not the number of registration contents that can be changed is 0 (step) S21).

  If the changeable count is not 0, the changeable count is decremented by 1 (step S22), the requested registration content is changed (step S23), and this processing routine is completed successfully.

  On the other hand, if the possible number of changes is 0, the requested registration contents are not allowed to be changed (step S24), and the processing routine ends in failure.

  The changeable number of times shall be protected so that the end user cannot tamper. For example, using tamper-resistant hardware such as the CPU 101 incorporating the storage unit 102, the processing as shown in FIG. 8 and storage of the number of changeable times are held inside the CPU 101, and physical rewriting from the outside of the chip is performed. To make it impossible.

Specific example (2)
The frequency of replacing the registered identification information with the identification information of another device or user is limited.

  FIG. 9 schematically shows a modification of the content use control apparatus 100 that can execute such processing. As shown in the figure, the content use control apparatus 100 is further provided with a timer unit 105 having a time counting function in addition to the apparatus configuration shown in FIG. Alternatively, a function of obtaining time information supplied from another device (not shown) via the input unit 104 instead of the timer unit 105 may be provided.

  FIG. 10 shows, in the form of a flowchart, a processing procedure for imposing a restriction that can be changed only once within a predetermined time in the registration confirmation process shown in FIG. This processing procedure is actually realized in a form in which the CPU 101 executes a predetermined program code.

  The predetermined time limit is determined by the value set in the timer and the down count period of the timer. Note that the timer counter is set to 0 in the initial state.

  First, it is determined whether the timer counter has already reached 0 (step S31).

  If the counter value of the timer has not yet reached 0, the registration content cannot be changed (step S32), and the processing routine is failed.

  On the other hand, if the timer counter is 0, a limit value is set in the timer counter (step S33), the timer countdown is started (step S34), and the change of the registration contents is permitted (step S34). S35) The process routine is successfully processed.

  The counter value during timer operation shall be protected against tampering. For example, when the CPU 101 with a built-in timer function is used, or when the timer value is periodically read and stored in a register in the CPU 101, the read value is compared with the immediately previous stored value, and the read value is larger A method such as resetting the stored value in the timer is used.

  In addition, when canceling the change, it is possible to implement that the timer is not initialized. In order to realize this, it is possible to cope with the problem by initializing the timer when making a change after the final cancel confirmation process.

  FIG. 11 shows, in the form of a flowchart, a processing procedure for limiting the number of changes within a predetermined time by using the current date and time instead of using the timer function as shown in FIGS. 9 and 10. . This processing procedure is actually realized in a form in which the CPU 101 executes a predetermined program code.

  First, it is determined whether or not the change date and time and the current interval are greater than or equal to the time limit (step S41).

  If the change date and time and the current interval are less than the time limit, the registration contents cannot be changed (step S42), and the processing routine is failed.

  On the other hand, if the interval between the change date and the current time is equal to or greater than the time limit, the current time is stored as the change date (step S43), the change of the registered content is permitted (step S44), and the processing routine is processed successfully. .

  When the current date and time is obtained from another device, falsification is prevented by a method such as encrypted transmission with a shared key or an electronic signature using a public key encryption technique.

Specific example (3)
When replacing the registered identification information, a predetermined operation is requested. For example, input of a password, predetermined button pressing operation (for example, pressing some buttons in a predetermined order), and the like.

  FIG. 12 shows a processing procedure for requesting password input in the form of a flowchart in the registration possibility confirmation processing shown in FIG. This processing procedure is actually realized in a form in which the CPU 101 executes a predetermined program code.

  First, a password input process is performed via the input unit 104 (step S51), and it is determined whether or not the input password is correct (step S52).

  If the password is incorrect, the registration contents cannot be changed (step S52), and the processing routine is failed.

  On the other hand, if the password is correct, the registration content is allowed to be changed (step S53), and this processing routine is processed successfully.

  It is assumed that what kind of password is valid is stored in the storage unit 102 in advance. If the password in the figure is a predetermined operation, a processing procedure relating to a button pressing operation is performed.

Specific example (4)
When replacing the registered identification information, it is requested to obtain change permission information from another device or administrator. For example, a password or key data is obtained by telephone, the Internet, mail, a recording medium, orally, and can be changed when the apparatus confirms it directly or indirectly.

  FIG. 13 shows a sequence example of a process in which the user of the content usage control apparatus 100 requests a password that enables a change to the issuer of the change permission information.

  The user sends a password request with the device's unique identification information (eg, stamped on the device). On the other hand, the issuer creates a password based on the obtained device identification information and the password / serial number managed by the issuer.

  FIG. 14 shows a configuration example of the password. In the example shown in the figure, the password includes device identification information, a password / serial number, and signature data. Here, the signature data is, for example, an electronic signature based on public key encryption technology for device identification information and a password / serial number.

  The user performs an operation for changing the registered contents by inputting the received password into the apparatus. Then, the content usage control apparatus 100 side determines whether or not the registered content can be changed according to the processing procedure as shown in FIG.

  FIG. 15 shows a processing procedure for determining the validity of the password created as described above in the form of a flowchart. Here, the content use control device 100 holds information necessary for verifying signature data (such as the authorized person's public key) and device identification information in the storage unit 102 in advance, and the password / serial number is stored as 0 in the initial state. Shall be retained.

  First, it is determined whether or not the signature data corresponds to the device identification information and the password / serial number (step S61). If this determination result is negative, the change of the registered contents is not permitted (step S66), and this processing routine is terminated with failure.

  Next, it is determined whether or not the device identification information in the password matches a value stored in advance (step S62). If this determination result is negative, the change of the registered contents is not permitted (step S66), and this processing routine is terminated with failure.

  Next, it is determined whether or not the password / serial number is larger than the stored value (step S63). If this determination result is negative, the change of the registered contents is not permitted (step S66), and this processing routine is terminated with failure.

  On the other hand, if all the above determination results are affirmative, the stored contents of the password / serial number are updated (step S64), the change of the registered contents is permitted (step S65), and the processing routine is completed successfully. To do.

By this flow processing, the password can be used only once by a specific device.

  The frequency management in the above-described specific example (1) and the frequency management in the specific example (2) are performed not by the content usage control apparatus 100 installed on the end user side such as at home but by the password issuer. The application is also conceivable. In this case, the password issuer has a database that holds the number of changes and the date and time of change for each device identification information, and executes the processing procedure shown in FIGS. 8 to 11 each time the registered contents are changed. become.

  It is also conceivable to implement a combination of two or more of the processes given in the specific examples (1) to (4). For example, every time a change permission is obtained, the change can be made up to three times.

Specific example (5)
Change the contents of the registration change restrictions. For example, it is possible to change the change limit number from 5 times to 10 times with a paid service.

Specific example (6)
When changing the registration restriction content, it is requested to obtain change permission information from another device or a predetermined administrator. For example, a password or key data is obtained by telephone, the Internet, mail, a recording medium, orally, and can be changed when the apparatus confirms it directly or indirectly.

  FIG. 16 shows a sequence example of a process in which the user of the content usage control apparatus 100 requests the change permission information issuer for a password that can be changed.

  The user sends a password request with the device's unique identification information (eg, stamped on the device). On the other hand, the issuer creates a password based on the obtained device identification information and the password / serial number managed by the issuer.

  FIG. 17 shows a configuration example of the password. In the example shown in the figure, the password includes device identification information, a password / serial number, registration change restriction contents, and signature data. Here, the signature data is, for example, an electronic signature based on public key encryption technology for device identification information and a password / serial number.

  The user performs an operation for changing the registered contents by inputting the received password into the apparatus. Then, the content usage control apparatus 100 side determines whether or not the registered content can be changed according to the processing procedure as shown in FIG.

  FIG. 18 is a flowchart showing the processing procedure for determining the validity of the password created as described above. Here, the content use control device 100 holds information necessary for verifying signature data (such as the authorized person's public key) and device identification information in the storage unit 102 in advance, and the password / serial number is stored as 0 in the initial state. Shall be retained.

  First, it is determined whether or not the signature data corresponds to the device identification information and the password / serial number (step S71). If this determination result is negative, the change of the registered contents is not permitted (step S76), and this processing routine is terminated with failure.

  Next, it is determined whether or not the device identification information in the password matches a value stored in advance (step S72). If this determination result is negative, the change of the registered contents is not permitted (step S76), and this processing routine is terminated with failure.

  Next, it is determined whether or not the password / serial number is larger than the stored value (step S73). If this determination result is negative, the change of the registered contents is not permitted (step S76), and this processing routine is terminated with failure.

  On the other hand, if all the determination results described above are affirmative, the stored contents of the password / serial number are updated (step S74), the registration change restriction is updated to the restricted contents (step S75), and this processing routine is executed. To finish successfully.

Specific example (7)
The registration information is not changed, and permission / non-permission of use of a predetermined service by a registered client device can be controlled.

  In such a case, in the unlikely event that a registered device is stolen, lost, or transferred to another person's hand, unauthorized use can be stopped by prohibiting the use of the service.

  For example, as shown in FIG. 7, it is possible to set an invalid flag for each registered device or user to the user, and the content use control device 100 refers to this to perform permission control of use.

  The present invention has been described in detail above with reference to specific embodiments. However, it is obvious that those skilled in the art can make modifications and substitutions of the embodiment without departing from the gist of the present invention. That is, the present invention has been disclosed in the form of exemplification, and the contents described in the present specification should not be interpreted in a limited manner. In order to determine the gist of the present invention, the description of the scope of claims should be considered.

DESCRIPTION OF SYMBOLS 100 ... Content use control apparatus 101 ... CPU
102 ... Storage unit 103 ... Output unit 104 ... Input unit

Claims (8)

A content distribution unit that distributes content information to a plurality of client devices;
A registration unit for performing registration processing of the client device;
When the registration unit executes the registration process, when the number of already registered client devices exceeds a predetermined number, a failure end unit that ends the registration process as a failure,
A change processing unit for performing processing for changing the registration content of the registration unit;
A registration change limiting unit that limits the number of times the change processing unit performs the change processing within a predetermined period;
A server device comprising: The registration change restriction unit imposes a restriction that can be changed only once within a predetermined time.
The server device according to claim 1. The registration change restriction unit confirms whether or not change is possible via the Internet.
The server device according to claim 2. A content storage unit for storing content information;
The server device according to claim 3. The registration change restriction unit stores the changeable number of times in tamper-resistant hardware.
The server device according to claim 1. The change processing unit changes registered contents based on a predetermined button operation.
The server device according to claim 1. A communication method for communicating with a client device in a server device constructed on a computer,
A content distribution step in which the content distribution means included in the computer distributes content information to a plurality of client devices;
A registration step in which the registration means provided in the computer performs a registration process of the client device;
When the failure processing means provided in the computer executes the registration process in the registration step, if the number of already registered client devices exceeds a predetermined number, a failure end step of causing the registration process to end in failure When,
Change processing means provided in the computer, a change processing step for performing a change processing of the registered content in the registration step;
A registration change restriction step in which the registration change restriction means provided in the computer restricts the number of times change processing is performed within a predetermined period in the change processing step;
A communication method comprising: A server device that communicates with a client device,
A content distribution unit that distributes content to a plurality of client devices under usage conditions based on copyrights;
A registration unit for performing registration processing of the client device that distributes content;
When the registration unit executes the registration process, when the number of already registered client devices exceeds a predetermined number, a failure end unit that ends the registration process as a failure,
A change processing unit for performing processing for changing the registration content of the registration unit;
A registration change limiting unit that limits the number of times the change processing unit performs the change processing within a predetermined period;
A server device comprising:

Images