CN1716844A

CN1716844A - Information processing apparatus, information processing method, and information processing program

Info

Publication number: CN1716844A
Application number: CN 200510072975
Authority: CN
Inventors: 矶崎宏; 小久保隆; 金泽浩二
Original assignee: Toshiba Corp
Current assignee: Toshiba Corp
Priority date: 2004-05-18
Filing date: 2005-05-18
Publication date: 2006-01-04
Anticipated expiration: 2025-05-18
Also published as: CN100583732C

Abstract

An information processing apparatus has an authentication/key exchange unit, a round trip time measuring unit, a common key transmitter, a contents transmitter and a contents transmitter. The round trip time measuring unit sends a round trip time measuring request generated to the communication apparatus through the first communication connection to measure the round trip time, and check whether the measured round trip time is within a predetermined time and whether a transmitting source of the round trip request response is the communication apparatus sharing the first key. The common key transmitter encrypts a second key used for contents transmission by using the first key and transmits the encrypted second key through the first communication connection when the round trip time measuring unit succeeds in the checking. The contents transmitter encrypts the contents requested by the communication apparatus by using the second key and sends the encrypted contents to the communication apparatus through the second communication connection.

Description

Messaging device, the cross reference of information processing method and message handling program related application

The application is based on the No.2004-147795 of Japanese patent application formerly that proposed on May 18th, 2004 and require its priority, and the content of this application all is contained in this, for your guidance.

Technical field

The present invention relates to transmit and receive have to messaging device, message handling program and the information processing method of various contents protected by copyright.

Background technology

Along with the extensive use of computer network such as broadband and WLAN and the development of digital technology, the digital information apparatus (below be called digital household appliances) with communication function becomes common.In addition, what can imagine is that digitalized ground broadcasting will advance digital broadcasting to prepare television set, set-top box and DVD register widely-used.If the user can enjoy the enjoyment of watching or listen to content by network by a plurality of digital household appliances are connected with network, will be favourable (Japanese patent application No.2003-194491) so.

Term used herein " content " refers to various numerical datas, for example MPEG2 and MPE4 video and voice data and file data such as text data and view data.The content of being made up of this numerical data has the advantage of lossless copy easily, but on the other hand, it should be noted that the copyright of content.For example, consider that content protected by copyright is transmitted to the situation of receiving equipment from transmitter.Best described content for example in the proper authority of certain limit, in the authority of using such as the individual of Copyright Law regulation or exchanged in the narrower range, offers content the third party who exceeds this scope to forbid the user in certain scope.

But, if by utilizing IP (Internet Protocol) to transmit the AV data, because IP (Internet Protocol) allows there be not physical constraint, for example transmit data under the situation of cable length constraint so, therefore can the copyright violation method.For example, IP provides VPN (VPN (virtual private network)), and it is a kind of current techique that logic connects remote I P network.The equipment of home network that this technology allows to be connected to Mr.'s X who is arranged in regional A dwelling house is connected to the home network of Mr.'s Y who is arranged in regional B (physics is away from regional A) dwelling house, and transmits data.That is, the content of Mr.'s X family is not limited in the network range of Mr. X family, and Mr. Y who is positioned at remote site on the contrary can be connected to Mr.'s X home network, and browses the content that Mr. X holds.

Summary of the invention

Make the present invention in view of this problem, an object of the present invention is to provide a kind of illegal use that prevents content reliably, and the messaging device, information processing method and the message handling program that allow content effectively to be used.

According to one embodiment of present invention, comprise to the messaging device that communication equipment transmits the encrypted content of protection copyright by network:

Communicate to connect with this communication equipment by first and to verify/cipher key exchange, and produce checking/cipher key change unit with shared first key of this communication equipment;

The measurement of round trip time request that utilizes first key to produce is sent to communication equipment, thereby measure indication and receive two-way time about the time of the measurement request response of this request, and check two-way time of recording whether at the fixed time within and the emission source that comes and goes the request response whether be the measurement of round trip time unit of sharing the communication equipment of first key;

When the measurement of round trip time unit is successfully checked, communicate to connect the unique identification information that receives the communication equipment utilize first secret key encryption by first, and to unique ID receiver of this unique identification information deciphering;

Register the ID registration unit of unique identification information of the communication equipment of unique ID receiver deciphering;

When the measurement of round trip time unit is successfully checked, utilize first key to being used for second secret key encryption of content delivery, and communicate to connect the public keys reflector that sends second encrypted key by first;

Connect to receive the content that sends from communication equipment by second communication and send request, and utilize first key, to sending the ID decrypting device of unique identification information deciphering of the communication equipment of first secret key encryption in the request by being included in content;

Whether the unique identification information of inspection ID decrypting device deciphering is registered to the ID inspection unit in the ID registration unit; With

Utilize the content-encrypt of the second cipher key pair communication device request, and connect the content reflector that encrypted content is sent to communication equipment by second communication.

In addition, according to one embodiment of present invention, the messaging device that the encrypted content of protection copyright sends communication equipment to is comprised by network:

Communicate to connect a measurement of round trip time request that produces by first and send to communication equipment, thereby measure indication and receive two-way time about the time of the measurement request response of this request, and check two-way time of recording whether at the fixed time within and the emission source that comes and goes the request response whether be the measurement of round trip time unit of sharing the communication equipment of first key;

When the measurement of round trip time unit is successfully checked, utilize first key to being used for second secret key encryption of content delivery, and communicate to connect the public keys reflector that transmits second encrypted key by first;

In addition, according to one embodiment of present invention, comprise by the messaging device of network reception from the encrypted content of the protection copyright of communication equipment transmission:

By utilizing first to communicate to connect with this communication equipment and verify/cipher key exchange, and produce checking/cipher key change unit with shared first key of this communication equipment;

The measurement of round trip time request that reception sends from communication equipment, and utilize first key to send the measurement of round trip time request responsive transmitter of measurement of round trip time request response;

When the measurement of round trip time that carries out with communication equipment satisfies predetermined condition, communicate to connect by first, the unique identification information that utilizes first secret key encryption is sent to the ID reflector of communication equipment;

When measurement of round trip time satisfied predetermined condition, received communication equipment was by the first public keys receiver that communicates to connect second key that utilizes first secret key encryption of transmission;

Connect by second communication, content is sent the content requests reflector that request sends to communication equipment; With

Reception connects the content of utilizing second secret key encryption that sends from communication equipment by second communication, and to the content receiving of described contents decryption.

Communicate to connect by first, checking request and unique identification information are sent to the ID reflector of communication equipment;

When the result of measurement of round trip time satisfied predetermined condition, received communication equipment was by the first public keys receiver that communicates to connect second key that utilizes first secret key encryption of transmission;

Connect by second communication, content requests is sent to the content requests reflector of communication equipment; With

In addition, according to one embodiment of present invention, the encrypted content of protection copyright is comprised from the information processing method that first communication equipment sends second communication equipment to by network:

Communicate to connect between first and second communication equipments by first and to verify/cipher key exchange, thereby be created in first key of sharing between first and second communication equipments;

Communicate to connect from first communication equipment to the request of second communication equipment emission measurement of round trip time by first, the two-way time about the time of the measurement request response of this request is received in the measurement indication, and share first key two-way time that inspection records whether in the given time between first and second communication equipments;

When first communication equipment is achieved success aspect these two inspections, to being used for second secret key encryption of content delivery, and communicating to connect to second communication equipment by first and to launch second key; With

Utilize the content of second secret key encryption, and connect, to the content of second communication equipment emission encryption by second communication from the second communication request.

In addition, according to one embodiment of present invention, a kind of can the execution by computer sends the encrypted content of protection copyright the message handling program of second communication equipment to from first communication equipment by network, and step comprises:

Description of drawings

Fig. 1 has represented schematically to comprise that the content according to messaging device of the present invention transmits and receives the structure of system.

Fig. 2 is the block diagram of the schematic construction of expression transmitter A according to an embodiment of the invention.

Fig. 3 represents how transmitter and receiving equipment share indivedual key " Ks " and common keys " Ks " of sharing shared.

Fig. 4 represents to be kept at an example of the unique ID tabulation 21 in unique ID administrative unit 17.

Fig. 5 is a block diagram of schematically representing the structure of receiving equipment B according to an embodiment of the invention.

Fig. 6 is an example that is illustrated in the general process of carrying out between transmitter A and the receiving equipment B.

Fig. 7 is the sequence chart that is illustrated in an example of the AKE/RTT measuring phases process of carrying out between transmitter A and the receiving equipment B.

Fig. 8 represents an example of the packet format that RTT request and the RTT that comes next respond.

Fig. 9 represents wherein only to carry out ID registration inspection, and does not carry out the sequence chart of an example of the process that RTT checks.

Figure 10 is the sequence chart that is illustrated in an example of the content delivery phase process of carrying out between transmitter A and the receiving equipment B.

Figure 11 represents wherein to be used to as the common key K s of sharing the sequence chart of an example of the process that goes wrong when unique ID to receiving equipment encrypts.

Figure 12 represents to exceed predetermined threshold if the RTT response of receiving from receiving equipment is delayed in the RTT checking process, so the sequence chart of the error handling processing of Zhi Hanging example.

Figure 13 is the sequence chart of the example of a processing of expression, and this handles the processing that improves Figure 12.

If being expression, Figure 14 in the stage, failure, the sequence chart of the error handling processing of Zhi Hanging example are so checked in the ID registration of transmitter in content delivery.

Figure 15 is the sequence chart of an example of the process of commands of expression definition unique ID from receiving equipment to receiving equipment notice transmitter that abandon.

If Figure 16 is expression MAC check in MAC-1a and MAC-1b it fails to match, send the sequence chart of an example of the process of error messages so to transmitter.

Figure 17 is the sequence chart of the example of the error handling processing carried out of expression receiving equipment.

Embodiment

Below with reference to the accompanying drawings, embodiments of the invention are described.

(first embodiment)

Fig. 1 represents schematically to comprise that the content according to messaging device of the present invention transmits and receives the structure of system.It is the AV data that are used for mainly transmitting and receiving the individual's use that is used in the limited range that content shown in Fig. 1 transmits and receives system, comprise the transmitter A and receiving equipment B and the C that are connected with local area network (LAN) 1, and the receiving equipment D that is connected with local area network (LAN) 1 by the internet.The receiving equipment D that is connected with the internet can be connected with local area network (LAN) by the router (not shown).Among transmitter A and the reception B-D at least one is an embodiment according to messaging device of the present invention.

The physical layer of local area network (LAN) and link layer can be taked any form, for example observe the WLAN of IEEE802.11, Ethernet  or IEEE 1394 networks.If local area network (LAN) 1 uses Internet Protocol (below abbreviate IP as), the network layer of local area network (LAN) 1 can be IPv4 or IPv6 so.Except transmitter A and receiving equipment B and C, miscellaneous equipment can be connected with local area network (LAN) 1, for for simplicity, and not shown these miscellaneous equipments.

Term content used herein refers to digital content, comprises the video data such as MPEG2 or mpeg 4 video data, voice data such as the MP3 voice data and the file data such as text data and view data.For the purpose of simplifying the description, will illustrate that wherein content is before being launched, guarantee the digital content (below abbreviate content as) of its copyright.

Consideration transmits the situation of content to receiving equipment B, C and D from transmitter A.Must be noted that the copyright of content.As mentioned above, be preferably in certain scope, for example in the proper scope of authority, in the authority that the individual who stipulates such as the Copyright Law uses, perhaps exchanging contents in the narrower range provides content to forbid the third party outside this scope of third direction.Content is allowed to send receiving equipment B and C to from Mr.'s X transmitter A, yet forbids that content is transmitted to the receiving equipment D that is had by different people from transmitter A.

Present embodiment has three principal characters.

(first feature)

If use the IP channel, data can not be subjected to the restriction of physical transfer distance to be sent out and to receive so.Therefore, content can send receiving equipment outside the household IP network to from transmitter.

So,, be used to guarantee that distance between transmitter and the receiving equipment is within a certain scope two-way time (below abbreviate RTT as) according to present embodiment.Before content sends receiving equipment to from transmitter, measure the RTT between transmitter and the receiving equipment, if the RTT that records is less than or equal to a certain threshold value, content is allowed to send so.If RTT exceeds this threshold value, refuse the transmission of content so.

(second feature)

Some home network architectures have router or the bridger between transmitter and receiving equipment.For example, communicate by letter with receiving equipment, so generally use WAP (wireless access point) to come bridge media with wave point if having the transmitter of wireline interface.

If a large amount of traffics is by the WAP (wireless access point) between the miscellaneous equipment except that transmitter and receiving equipment, so the WAP (wireless access point) bridge joint they will need a large amount of time, thereby the quantity of the RTT that the quantity of the RTT of the measurement between transmitter and the receiving equipment will be greater than without any the traffic time.

If the threshold value of RTT is set to great value,,, thereby can not reach first feature so with the transmitter of home-network linkups with to be arranged on communicating by letter between the receiving equipment outside the family will be possible to avoid this problem.Thereby, if in the last layer of IP layer, stipulate RTT, be difficult to determine the threshold value of RTT so, because RTT is subject to the traffic influence on the transmission channel.

So, in case the RTT between transmitter and the receiving equipment is successfully measured, unique ID of having of one of equipment is registered in another equipment so, if content will be transmitted to the equipment of registration, the measurement of RTT can be omitted so, rather than when transmitting content, by transmitter and receiving equipment measure R TT at every turn.Thereby, in case on home network without any in the traffic, RTT is successfully measured, and unique ID is registered, no matter content can transmit between the equipment of registration so, and state of traffic when connecting between them next time.

(the 3rd feature)

If have only by checking whether unique ID is registered, just allow the transmission of content, by just making transmitter and receiving equipment approaching mutually, can make the communication between transmitter and the receiving equipment become possibility so in order to register unique ID, and no matter the physical distance between them.That is, if transmitter and receiving equipment are set in the mutually approaching scope, measure R TT subsequently, and register unique ID, receiving equipment can be taken out of family so, and is used to the subsequent communications with transmitter.

So the output time and/or the data volume of content that sends receiving equipment from transmitter to is measured, and when content was sent out preset time (perhaps the content of predetermined quantity is transmitted), unique ID of registration was deleted.Thereby, can realize first and second features, and can realize the 3rd feature, and can not lose convenience.

In order to realize first to the 3rd feature, the method of the scope that is transmitted as limiting content, present embodiment provides a kind of process, wherein from transmitter before receiving equipment transmits content, measure the two-way time between transmitter and the receiving equipment, check whether they are positioned at approaching scope mutually, if unique ID quilt " registration " of one of unique ID of these two equipment or these two equipment is in another equipment so.In addition, provide a kind of mechanism, wherein when transmitting content, determine whether registration is finished, and set the time endowment of unique ID of registration.

An example will be described below, and wherein the request of the receiving equipment B shown in Fig. 1 transmitter A sends content, and receives described content.

Fig. 2 is the block diagram of the schematic construction of expression transmitter A according to an embodiment of the invention.As shown in Figure 2, transmitter A comprises network interface unit 11, packet processing unit 12, data connection management unit 3, checking/cipher key change connection management unit 14, checking/cipher key change unit 15, RTT measuring unit 16, unique ID administrative unit 17, transmission Data Management Unit 18, ciphering unit 19 and content providing unit 20.

Network interface unit 11 is carried out the physical layer process and the data link layer deals of communicating by letter with receiving equipment B.Packet processing unit 12 is carried out the network layer/transport layer process of communicating by letter with receiving equipment B.Checking and cipher key change are carried out with receiving equipment B in checking/cipher key change unit 15.13 management of data connection management unit are used for the connection of content delivery.14 management and being connected of checking/cipher key change connection management unit in checking/cipher key change.

If the success of checking/cipher key change, checking/cipher key change unit 15 use indivedual shared keys " Kp " and the common key " Ks " of sharing as being used for and the privacy key of each receiving equipment to the content encryption and decryption.Indivedual keys " Kp " of sharing represent that each transmitter and receiving equipment are by utilizing during checking/key exchange process the random number that exchanges, the key that calculates separately and produce between them.Common share key " Ks " expression and successfully verify with it/all receiving equipment cipher key shared of cipher key change.Ks is used to the content encryption and decryption.Kp is launched equipment and is used for its Ks is sent to receiving equipment, and the equipment that perhaps is received is used for its unique ID is encrypted and send it to transmitter.Fig. 3 represents how transmitter and receiving equipment share indivedual key " Ks " and common keys " Ks " of sharing shared.

Checking/cipher key change is that wherein each is confirmed that this equipment is proper and obtains the permission of issue licenses mechanism in transmitter and the receiving equipment, and if they by good authentication, produce the process of sharing key so.Known method such as ISO/IEC 9798-3 or ISO/IEC 97982 methods can be used to this checking.

Ciphering unit 19 uses by checking/cipher key change cipher key shared to come content, random number and unique ID are encrypted.To the cryptographic algorithm of these data item encryption and decryption can be known algorithm such as AES.Content providing unit 20 provides content to ciphering unit 19.

RTT measuring unit 16 and receiving equipment B measure R TT are determined whether measured value is less than or equal to threshold value, and the result are offered checking/cipher key change unit 15.Has unique ID tabulation 21 in unique ID administrative unit 17.

Fig. 4 represents to be kept at an example of the unique ID tabulation 21 in unique ID administrative unit 17.Unique ID tabulation 21 is made up of entry required and option.Entry required is unique ID of other communication equipment (receiving equipment B), and option comprises record date and the time of the unique ID in unique ID tabulation 21, and the exclusive information of the communication equipment such as the MAC Address of network interface unit 11.

Unique ID tabulation can include the unique ID of limited number (for example N unique ID).That is, unique ID administrative unit 17 has the RAM district that preserves unique ID tabulation 21.

Unique ID is received from communication parter, and has only when determining that the measured RTT of the RTT measuring unit 16 and the RTT measurement of receiving equipment execution is less than or equal to predetermined threshold, and this unique ID just is added in unique ID tabulation 21.

Unique ID that best transmitter A and receiving equipment B have is based on unique ID of licence, and is irrelevant with manufacturer.If unique ID has been included in unique ID tabulation 21, this fact is apprised of in checking/cipher key change unit so.

If unique ID tabulation 21 record date and time fields that comprise as the selectable items field, when unique ID was registered, described date and time can be updated so.In addition, if registered N unique ID, can show a piece of news so, it is the adding of the new unique ID of refusal that the prompting user selects, still delete record date and time unique ID the earliest, add new unique ID (if comprising record date and time term) subsequently, perhaps point out the user to select unique ID that will delete.Any unique ID can be deleted.Unique ID administrative unit 1 is searched for unique ID tabulation 21 about the unique ID that receives from receiving equipment.

Transmission Data Management Unit 18 is receiving equipment ground transmission time of measuring and writing down the content that sends to receiving equipment one by one, perhaps the data volume of content.In order to discern the receiving equipment that content is transmitted to, can use unique ID of receiving equipment in unique ID tabulation.The content-encrypt that 19 couples of transmitter A of ciphering unit will transmit.

Supposition utilizes Internet Protocol to transmit the information that packet processing unit 12 is handled in the example below.

Fig. 5 is the block diagram that schematically illustrates the structure of receiving equipment B according to an embodiment of the invention.As shown in Figure 5, receiving equipment B comprises network interface unit 31, packet processing unit 32, data connection management unit 33, checking/cipher key change connection management unit 34, checking/cipher key change unit 35, RTT response unit 36, unique ID administrative unit 37, ciphering unit 38 and contents processing unit 39.

Network interface unit 31 is carried out and is used for the physical layer process and the data link layer deals of communicating by letter with transmitter A.Packet processing unit 32 is carried out and is used for the network layer/transport layer process of communicating by letter with transmitter A.Checking/cipher key change is carried out with transmitter A in checking/cipher key change unit 35.Data connection management unit 33 management is used to send and being connected of received content.34 management and being connected of checking/cipher key change connection management unit in checking/cipher key change.RTT response unit 36 is carried out the response that relates to RTT and is handled according to the RTT request of sending from transmitter.Unique ID administrative unit 37 is preserved unique ID of receiving equipment B, and unique ID is sent to transmitter A.The contents decryption of 38 pairs of receptions of ciphering unit, and to unique ID encryption.Contents processing unit 39 outputs to the content that receives display or preserves the content that receives.

Network interface unit 31, packet processing unit 32 can have the structure identical with the corresponding unit of transmitter A with checking/cipher key change unit 35.

(process sequence: the AKE/RTT measuring phases)

Fig. 6 is the sequence chart that is illustrated in an example of the general process of carrying out between transmitter A and the receiving equipment B.In the present embodiment, when from transmitter A when receiving equipment B transmits content, carry out two stages, " AKE/RTT measuring phases " and " content delivery stage ".

" AKE/RTT measuring phases " is transmitter A and receiving equipment B stage of carrying out checking/cipher key change and RTT measurement wherein.

" content delivery stage " is wherein before carrying out content delivery, carries out the ID registration and checks, whether has the stage of unique ID of receiving equipment B to determine transmitter A.

" AKE/RTT measuring phases " always carried out between " content delivery stage ".Being used for connecting the TCP that is different from the content delivery that is used for the content delivery stage at the TCP of AKE/RTT measuring phases execution checking/cipher key change connects.That is, different numbering is assigned to and is used to verify/tcp port of cipher key change and be used for the tcp port of content delivery.

Transmitter is at first carried out checking/cipher key change (step S1) with receiving equipment.Thereby transmitter and receiving equipment produce and share and share key K p (step S2 and S3) individually.Subsequently, transmitter and receiving equipment measure R TT (step S4).If RTT falls within a certain threshold value, receiving equipment sends to transmitter (step S5) to its unique ID so.Transmitter receives this ID, and it is registered in its unique ID tabulation 21.At last, transmitter produces the common key K s (step S6) of sharing, and with Kp it is encrypted, and the Ks that encrypts is sent to receiving equipment (step S7 and S8).Thereby receiving equipment and transmitter are shared the common key K s of sharing.The summary of the process of carrying out in the stage at AKE/RTT is described.

Subsequently, carry out the content delivery stage.At first, receiving equipment sends content to transmitter and sends request (step S9).Afterwards, receiving equipment sends to transmitter (step S10) to its unique ID, and transmitter is searched for unique ID tabulation 21, determines whether this unique ID is registered in unique ID tabulation 21 (step S11).Be registered in the transmitter if determine unique ID of receiving equipment, what the transmitter utilization produced in the AKE/RTT measuring phases so shares key K s jointly to content-encrypt, and sends it to receiving equipment.

To describe " AKE/RTT measuring phases " and " content delivery stage " below in detail.

(first example of AKE/RTT measuring phases)

Fig. 7 is the sequence chart that is illustrated in an example of the AKE/RTT measuring phases of carrying out between transmitter A and the receiving equipment B.In the AKE/RTT measuring phases shown in Fig. 7, the RTT between transmitter A and the receiving equipment B is measured, and unique ID of receiving equipment B is registered among the transmitter A.

At first, transmitter A and receiving equipment B carry out checking/cipher key change, determining whether they are effective equipment (step S21) mutually, and share indivedual shared key K p (step S22 and S23).If authentication failed is carried out predetermined error handling processing so, and does not carry out the further part of this process.

In addition, transmitter and receiving equipment all can use during checking/key exchange process, and the version number of the certificate that exchanges between them determines whether the opposing party has the ability of carrying out RTT measuring process as described below.If write on version number on the certificate more than or equal to a certain version number, after checking/key exchange process, carry out the RTT measuring process so.Otherwise transmitter produces the common key K s of sharing, and with Kp it is encrypted, and the Ks that encrypts is sent to receiving equipment, and do not carry out the RTT measuring process.

Subsequently, receiving equipment and transmitter all use initial value, and random number and indivedual key K p of sharing produce Message Authentication Codes (below abbreviate MAC as) (step S24 and S25).The MAC that exchanges between transmitter and receiving equipment can be high-order X position and the low order Y position with indivedual key K p of sharing value of generation to being encrypted by the initial value N of following equation (1) and (2) expression and random number R a and Rb.MAC-1a and MAC-2a produce on transmitter, and MAC-1b and MAC-2b produce on receiving equipment.Transmitter sends to receiving equipment to MAC-1a, and compares at receiving equipment and MAC-1b.Receiving equipment sends to transmitter to MAC-2b, and compares at transmitter and MAC-2a.

MAC-1a=MAC1b=encrypts (Kp, Ra ψ Rb ψ N) high-order X position (1)

MAC-2a=MAC2b=encrypts (Kp, Ra ψ Rb ψ N) low order Y position (2)

Wherein symbol " ψ " expression is connected in series (concatenation).

The random number of using in the checking/key exchange process can be by again as random number R a and Rb, and perhaps Ra and Rb can be produced by transmitter and receiving equipment respectively, and before producing MAC, cryptographically do not exchange between transmitter and receiving equipment.N is the initial value of sharing between transmitter and receiving equipment in advance.Because not need to be keep secret of N, so or be shared as the value that writes such as in the class file of specification sheet, and, notify to receiving equipment by transmitter by before producing MAC, cryptographically not sending the value of N.Following N is called as sequence number.

The algorithm that is used for random number R a and Rb and initial value N encryption can be a known algorithm such as AES.If MAC-1 and MAC-2 require the bit length greater than cryptographic block, can use the known technology such as the CBC pattern to link cryptographic block so.

Though shares key K p generation MAC individually by in above-mentioned equation (1) and (2), utilizing, but can use the common key K s of sharing, rather than shared individually key K p produces MAC.

The preparation that receiving equipment has completed successfully the calculating of indication MAC receives the RTT notice and sends to transmitter (step S26).The reason that reception RTT is prepared in emission is that receiving equipment must return the RTT response that the RTT from transmitter is asked immediately.If when calculating MAC, receiving equipment is received the RTT request, compares when not having any computational load so, before returning the RTT response, can need more time.So best calculated in advance MAC of receiving equipment.So receiving equipment sends to transmitter and prepare to receive the RTT state notifying, so that the notice transmitter, the receiving equipment RTT request that is ready to make an immediate response.

When receiving this state notifying, transmitter inserts the MAC-1a that utilizes sequence number N to calculate in the RTT request, and sends RTT request (step S27).Begin the measurement (step S28) of RTT time this moment.

Response RTT request has been received that the receiving equipment of RTT request inserts the MAC-2a corresponding to the sequence number N that receives in the RTT response, and the RTT response has been sent to transmitter (step S29).

Fig. 8 represents an example of the packet format that RTT request and the RTT that comes next respond.As shown in Figure 8, the form with UDP datagram sends RTT.The pay(useful) load of the UDP datagram of the usefulness of confession RTT is made up of entry required and option.Entry required comprises three: instruction type, sequence number and data.Option comprises version number.Instruction type is used to discern RTT request or response.Sequence-number field is used to discern from transmitter issues the RTT request of receiving equipment or RTT request or the response the response, and comprises the value N that is used to calculate MAC.When each transmitter sent the UDP datagram that is used for the RTT request, it increased progressively a constant amount (for example increasing 1) to the value of N.The data field of RTT request comprises by utilizing sequence number N, as in equation (1) the MAC-1a of Ji Suaning.For the RTT response, data field comprises the MAC-2b by utilizing sequence number N to calculate as in equation (2).

When receiving the RTT response, transmitter time count halted, and the time (step S30) in measurement past since it sends the RTT request.Whether if the time that records is less than or equal to predetermined threshold, transmitter is checked so, with the MAC-2a that determines to receive in RTT response conform to the MAC-2b that calculates in transmitter (step S31).

If check successfully, transmitter sends the message (MAC checks request) (step S32) of the sequence number (N) of indication coupling MAC to receiving equipment so.

Receiving equipment is received this message, and checks MAC-1a in the data field be included in the RTT request whether conform to precalculated MAC-1b (step S33).MAC-1b utilizes the value of calculating from the N of transmitter reception (step S32); MAC-1a is included in the value from the pay(useful) load with sequence number N that transmitter receives.If their couplings, receiving equipment is to message (MAC the checks response) encryption of unique ID of indicating described coupling and receiving equipment so, and sends this message (step S34).Indivedual key K p that share are used to described encryption.Transmitter is to this unique ID deciphering, and it is registered in unique ID tabulation 21 in unique ID administrative unit (step S35).

At last, transmitter produces the common key K s (step S36) of sharing, and with Kp it is encrypted, and sends it to receiving equipment (step S37 and S38).Though sharing the transmission (step S37 and S38) of key K s jointly is defined by independently ordering in the sequence shown in Fig. 7, but just must just send Ks when the affirmation of measuring threshold value inspection and MAC at transmitter one side RTT success, the Ks that utilizes sequence number N and Kp to encrypt can check that request is sent out (step S32) together with MAC.

Except MAC checks the unique ID that sends in the response, can be contained in checking/key exchange process the unique ID in the certificate that between transmitter and receiving equipment, exchanges according to the alternative methods registration.

UDP is used to above-mentioned RTT request and RTT response.So, must can receive the destination port numbers notice transmitter of the port numbers of RTT request to receiving equipment in advance as the RTT request.This can utilize following any one method to realize: the method for the value of stipulating in (1) prior class file that is shared between transmitter and receiving equipment such as standard, (2) preparing to receive in the RTT message, the method of port numbers notice transmitter, (3) the definition receiving equipment is the order of udp port number notice transmitter, before the RTT request, receiving equipment uses this order the method for udp port number notice transmitter, number is used to the identical udp port of (4) and use in TCP is connected verify/method of cipher key change.

(second example of AKE/RTT measuring phases)

Second example of AKE/RTT measuring phases is characterised in that unique ID of receiving equipment is registered in unique ID tabulation 21 of transmitter, and receiving equipment and transmitter execution checking/cipher key change under the situation of not carrying out the RTT inspection.As described in previous crops is second feature, in case the RTT between transmitter and the receiving equipment checks and succeeds, and unique ID of receiving equipment has been registered in unique ID tabulation 21 of transmitter, whether RTT checks and can be omitted so, only need the unique ID that checks receiving equipment to be registered subsequently.

Fig. 9 represents only to carry out ID registration inspection, and does not carry out the sequence chart of an example of the process that RTT checks.Checking/cipher key change produces to transmitter and receiving equipment that indivedual to share the processing (step S41-S45) of keys identical with step S21-S25 among Fig. 7.

Though in the processing in Fig. 7, receiving equipment sends and prepares to receive the RTT notice subsequently, but in the present embodiment, receiving equipment B comprises that the ID searching request of its unique ID sends to transmitter A, rather than send described notice (step S46).The unique ID that is included in the ID searching request can be encrypted, also can be not encrypted.

Transmitter receives this ID searching request, and searches for its unique ID tabulation 21 (step S47) about unique ID of the receiving equipment in the communication, returns the result (step S48) of conduct to the response of ID searching request.

Supposition had been finished the RTT inspection in this example between transmitter and receiving equipment before checking/cipher key change.Therefore, the message of indicating this unique ID to be comprised in the described tabulation is returned as the result that ID searches for.If be included in be used for verifying/unique ID of the certificate of cipher key change is used as this unique ID, unique ID of receiving equipment can be sent to transmitter in checking/key exchange process so, so transmitter can be during checking/cipher key change, determine it whether in unique ID tabulation, have unique ID of the receiving equipment that it communicates by letter with it.In addition, unique ID of receiving equipment can be included in the ID searching request.In this case, unique ID can cryptographically not sent.

When receiving equipment knew that its unique ID is included in the unique ID tabulation 21 of transmitter, receiving equipment sends to transmitter did not need RTT notice (step S49).Do not need RTT when notice when receiving, transmitter produces the common key K s (step S50) of sharing, and with indivedual key K p that share it is encrypted, and the Ks of encryption is sent to receiving equipment (step S51 and S52).

If receiving equipment comprises its unique ID by unique ID tabulation 21 of the known road of another means transmitter, ID Search Results and ID search response afterwards can be skipped so, do not need the RTT notice directly to be sent out.

When receiving equipment sends when not needing the RTT notice to transmitter, receiving equipment can be included in its unique ID not to be needed in the RTT notice, and transmitter can be searched for unique ID tabulation about this unique ID.

(content delivery stage)

Below with the description transmit stage.Figure 10 is the sequence chart that is illustrated in an example in the content delivery stage of carrying out between transmitter A and the receiving equipment B.At first, receiving equipment sends checks Ks number request, whether has the common key K s (step S61) of sharing that receiving equipment is held so that check transmitter.Ks number (step S62) of the Ks correspondence that transmitter transmission and transmitter are held.Receiving equipment checks, with the Ks number coupling of determine to send from transmitter Ks number whether holding with receiving equipment (step S63).

AKE/RTT measuring phases and content delivery stage are not always carried out continuously.They can be separated from each other in time.If transmitter is guided again, and Ks is updated in the time interval between them, and receiving equipment can not detect Ks so.In order to determine whether receiving equipment will hold identical Ks with receiving equipment to the transmitter of its request content, and receiving equipment is carried out aforesaid Ks and checked.If under the content delivery stage is right after situation after the AKE/RTT measuring phases, receiving equipment can determine that transmitter and receiving equipment obviously share identical Ks, can omit Ks so and check.

Subsequently, receiving equipment sends content and sends request (step S64).Content sends unique ID that request comprises the receiving equipment of encrypting with indivedual key K p of sharing.If HTTP is used as the AV host-host protocol of content, content sends and asks to be equal to HTTP GET request so.The unique ID that encrypts can be used as an entity and is included in the request header of GET request.

The transmitter received content sends request, uses indivedual key K p of sharing to the unique ID deciphering of the encryption of receiving equipment, and searches for its unique ID tabulation 21 (step S65) about this unique ID.If this unique ID is included in the tabulation, mean that so the RTT between the receiving equipment that transmitter and transmitter communicate by letter just with it is examined.So, transmitter with the common key K s that shares to content-encrypt, and send it (step S66).Indication ID registration checks that successful message can be used as an entity and is included in the header of the http response that sends together with content.

Here importantly receiving equipment only uses that cipher key shared Kp comes its unique ID that will send is encrypted between transmitter and receiving equipment.If only need can not be sent unique ID by the mode that the equipment except that transmitter and receiving equipment is guessd out, can use by transmitter so and successfully verified with this transmitter/value Ks that each receiving equipment of cipher key change is shared according to unique ID.Yet Ks can not be used to for this reason purpose and encrypt only ID, and is because transmitter needs it to measure it which receiving equipment is content be transmitted into, as described below.

Process sequence among Fig. 9 has been described above, has wherein carried out the ID registration and check, do not checked and do not carry out RTT.As described in previous crops is the 3rd feature, transmitter is preserved receiving equipment in unique ID tabulation 21 limited a period of time of unique ID.That is, transmitter is measured the duration that sends content to receiving equipment, perhaps just is being sent to the quantity of the content of receiving equipment.When reach predetermined expiration time after the transmission of beginning content, when perhaps the content of predetermined quantity had been transmitted, transmitter was deleted unique ID of the receiving equipment of registration.Can measure the registration period of unique ID of receiving equipment for transmitter, before it sent content, transmitter must determine which receiving equipment sends content and sends request.

The sequence chart of the example of Figure 11 process that to be expression go wrong when using the common key K s of sharing to the unique ID encryption of receiving equipment.Supposition among Figure 11 is that receiving equipment A and B and transmitter share the common key K s of sharing.

At first, receiving equipment A encrypts its unique ID with Ks, and sends content transmission request (step S81).Suppose unique ID that rogue device X is copying encrypted and this copy is stored in wherein (step S82).

Subsequently, receiving equipment B with identical Ks to its unique ID encrypting and transmitting it (step S83).Equipment X replaces this ID with unique ID A of its previous acquisition, and sends it to transmitter (step S84).Subsequently, transmitter determines that content sends request and sends from receiving equipment A, and begins to measure the quantity of the data that just are being transmitted to receiving equipment A, and no matter this request sends the fact (step S85) from receiving equipment B.Encrypt and be sent out (step S86) because key K s is shared in the content utilization jointly, the receiving equipment B that therefore has Ks can be to contents decryption.

According to present embodiment, connect to be connected at TCP that AKE/RTT used in the stage and differ from one another, as previously mentioned with the TCP that uses in the stage in content delivery.Previous T CP connects the equipment that is received and is used to utilize the value of sharing separately between transmitter and receiving equipment that its unique ID is encrypted, and send it to transmitter, and the equipment that is launched is used for checking whether unique ID that it is received is registered in its specific I D table.If check successfully, transmitter uses back one TCP to connect content-encrypt so, and the content of encrypting is sent to receiving equipment.

Though illustrated with reference to figure 9 whether unique ID of definite receiving equipment is registered in a kind of method in the unique ID tabulation 21 of transmitter, but can use other method of definition ID searching request and ID Search Results: (1) wherein said definition is comprised that wherein they are defined as verifying/method of one of cipher key change order for method in the http header and (2).

Be included in the method for http header in described definition, the ID searching request is defined as an entity in the http request header, unique ID of receiving equipment is encrypted by indivedual key K p of sharing, and the unique ID after the encryption is inserted in the HTTP HEAD request, and this request is sent to transmitter.The HEAD request is the acquisition additional information for the receiving equipment definition, one of HTTP order of for example byte length of content, rather than content itself.If unique ID of receiving equipment is comprised in unique ID tabulation 21, this true response code of indication is returned in transmitter response HTTPHEAD request so.Otherwise it returns HTTP error messages code.This process and being used to shown in Figure 10 send be connected with the TCP of received content identical because a HTTP request is sent out.So content transmitter unit and ID search unit can be realized as individual unit, thereby the structure of equipment can be simplified.

As what illustrated, in the present embodiment by utilizing RTT, the scope that can limiting content can be transmitted.Because RTT is according to the physical layer of transmission channel, perhaps the traffic on the transmission channel changes, even therefore transmitter and receiving equipment are connected on the home network, RTT checks also be not successes during maiden attempt.So, consider that RTT request and response are carried out repeatedly continuously, sequence number is assigned to each RTT request and response, so that can know that having carried out how many times RTT measures retry.

In addition, the indivedual shared keys of sharing between transmitter and receiving equipment by checking/cipher key change are used to produce and confirm MAC, respond from the effective equipment that will communicate by letter with it with RTT so that guarantee the RTT request.

Receiving equipment must return the RTT response to the RTT request that receives from transmitter immediately.According to the capacity of receiving equipment, if after receiving the RTT request, receiving equipment calculates MAC, and it may not return the RTT response at once so.So, make the receiving equipment can calculated in advance MAC, and it be effective to examine this MAC subsequently.

According to present embodiment, the TCP that uses in the AKE/RTT measuring phases connects and is different from the TCP connection of using in the stage in content delivery.AKE/RTT measuring phases and content delivery stage can separate in time.If many receiving equipments are connected to network, transmitter must determine which receiving equipment has sent content and sent request so, and perhaps whether executed AKE/RTT stage and ID thereof are registered receiving equipment.So, its unique ID is encrypted with indivedual key K p of sharing according to the receiving equipment of present embodiment, and except content sends request, also this ID is sent to transmitter, so that it can notify transmitter, the registration of the ID of receiving equipment is finished.

(error handling processing)

Below error handling processing will be described.Figure 12-the 16th, expression is when the sequence chart of an example of the process of execution when transmitter or receiving equipment make a mistake.

(error handling processing: the fault that causes by the mistake on the transmitter)

Figure 12 represents to show if the RTT response of receiving from receiving equipment in the RTT checking process is delayed exceeds predetermined threshold, so the sequence chart of the example of the error handling processing of Zhi Hanging.Up to receiving that from receiving equipment the process (step S91-S7) before the RTT response is identical with the process shown in Fig. 7.

If transmitter fails to check the threshold value (step S98) of RTT, it sends a message to receiving equipment so, the failure notification receiving equipment (step S99) of RTT inspection, and upgrade sequence number N, so that calculate new Message Authentication Code MAC-1c and MAC-2c (step S101).In addition, receive that the transmitter of RTT failure notification upgrades sequence number N, calculate new Message Authentication Code MAC-1d and MAC-2d (step S100 and S102).MAC-1c, MAC-1d, MAC-2c and MAC-2d are calculated in equation (3) below utilizing and (4).

MAC-1c=MAC1d=encrypts (Kp, Ra ψ Rb ψ N+1) preceding X position (3)

MAC-2c=MAC2d=encrypts Y position (4), (Kp, Ra ψ Rb ψ N+1) back

Wherein symbol " ψ " expression is connected in series.

In this example, sequence number is added 1.The MAC that recomputates is used to repetition RTT and checks (step S103-S110).

In the example shown in Figure 12, after RTT measures failure, recomputate MAC.If the computing capability of transmitter or receiving equipment is low excessively, consequently calculating MAC needs the long time, and completing successfully the RTT inspection so needs the long period.Represented this is carried out improved process among Figure 13.

In Figure 13, transmitter and receiving equipment calculated many Message Authentication Codes before RTT checks, and local preserve they (step S121-S124).After the calculating of finishing MAC, receiving equipment sends to transmitter and prepares to receive RTT notice (step S125).Respond this notice, transmitter sends RTT request (step S131-S135) in proper order, and does not send the RTT failure notification, even RTT checks failure (step S126-S130).This can eliminate and recomputate MAC and provide the RTT failure notification time required with response, checks thereby can carry out more RTT in the short time.

Owing to utilize UDP to send and reception RTT request and response, so the grouping of losing on the communication path is not retransmitted.Therefore, transmitter can not always be received the RTT response.So, can set timeout threshold, if so that in the predetermined a period of time after transmitter sends the RTT request, it does not receive the RTT response, it sends next RTT request so.In addition, can provide the number of the RTT request that measurement causes by overtime, and if produce the RTT request lastingly, the function checked of aborted RTT so.

If RTT request is sent repeatedly, so RTT check can complete successfully before, may pass by long period of time, and be used to verify/TCP of cipher key change connects and may be disconnected owing to overtime.This disconnection in order to prevent that TCP from connecting can send the NULL data in the predetermined a period of time in the RTT checking process.

If Figure 14 represents that in the content delivery stage ID registration is checked in transmitter failure, the sequence chart of the error handling processing of Zhi Hanging example so.As described in previous crops is the 3rd feature, after transmitter was issued receiving equipment to the data of predetermined quantity, it abandoned unique ID (step S147) of this receiving equipment.So receiving equipment must verify at next/carries out another RTT during the cipher key change to check (step S149).

If transmitter is received content and sent request, and unique ID of receiving equipment is not registered, the transmitter refusal sends content so.Refuse information can (1) be defined in the entity to HTTP GET request responding of indication ID inspection failure, perhaps (2) are sent out as the error code of the non-existent http response of instruction content that defines in RFC2616, and perhaps (3) are defined as and are used to verify/one of the order of cipher key change.

Order of definable, when as shown in Figure 15, when transmitter abandoned unique ID (step S167) of receiving equipment, this order was used to the discard notification receiving equipment (step S170) unique ID of receiving equipment.In this case, before sending next content requests, receiving equipment must be carried out RTT and check, and registers its unique ID to transmitter.

(error handling processing: the fault that causes by the mistake on the receiving equipment)

Below the process of carrying out will be described under the situation that receiving equipment makes a mistake.

If Figure 16 is expression MAC to be checked, it fails to match for MAC-1a and MAC-1b, sends the sequence chart of an example of the process of error messages to transmitter.Transmitter and receiving equipment are carried out checking/cipher key change (step S181).If the success of checking/cipher key change, transmitter and receiving equipment produce indivedual key K p (step S182 and S183) of sharing respectively so.

Subsequently, according to Fig. 3 in similarly mode produce RTT request and response (step S184-S189).If transmitter success (step S190) aspect the coupling of RTT inspection and Message Authentication Code MAC2a and MAC2b, transmitter provides MAC to check request (step S191) to receiving equipment so.

If receiving equipment fails to finish the coupling (step S192) of Message Authentication Code MAC2a and MAC2b, receiving equipment provides MAC to check response to transmitter so, and fail (step S193) mated in indication.

Subsequently, transmitter and receiving equipment are all carried out error handling processing (step S194 and S195).

Figure 17 is the sequence chart of expression by an example of the error handling processing of receiving equipment execution.If at transmitter unique ID of receiving equipment is registered to unique ID tabulation 21 (steps 204) afterwards, transmitter is closed, and perhaps telecommunication cable disconnects with transmitter and being connected, and the unique ID that is registered in so in unique ID tabulation 21 is abandoned automatically.

When receiving equipment subsequently when transmitter sends the request of checking the common key K s of sharing (step S205), transmitter sends that it had shares key K s number (step S206) jointly.Receiving equipment receives this Ks number, and (step S207) mated in this Ks number and its Ks number, in this case should it fails to match.Thereby receiving equipment is carried out predetermined error handling processing (step S208).

At least a portion of above-mentioned transmitter and receiving equipment can be realized by hardware or software.If at least a portion of transmitter and/or receiving equipment realizes by software, at least some functional programs that realize transmitter and/or receiving equipment so can be stored in such as floppy disk or CD-ROM on the recording medium, and are read by computer.Recording medium is not limited to portable medium such as disk or CD.It can be a recording medium fixing such as hard disk or memory.

At least some functional programs that realize transmitter and/or receiving equipment can transmit by the communication network such as the internet (it can be a wireless network).In addition, described program can be passed through wired or wireless network, and to encrypt, modulation or compressed format transmit such as the internet, perhaps can be stored on the recording medium and is transmitted.

Claims

1, a kind of by the messaging device of network to the encrypted content of communication equipment transmission protection copyright, comprising:

Be configured to communicate to connect with this communication equipment and verify/cipher key exchange, and produce checking/cipher key change unit with shared first key of this communication equipment by first;

Be configured to the measurement of round trip time request that utilizes first key to produce is sent to communication equipment, thereby measure indication and receive two-way time about the time of the measurement request response of this request, and check two-way time of recording whether at the fixed time within and the emission source that comes and goes the request response whether be the measurement of round trip time unit of sharing the communication equipment of first key;

When measurement of round trip time unit when success aspect inspection, communicate to connect the unique identification information that receives the communication equipment that utilizes first secret key encryption by first, and to unique ID receiver of this unique identification information deciphering;

Be configured to register the ID registration unit of unique identification information of the communication equipment of unique ID receiver deciphering;

When measurement of round trip time unit when success aspect inspection, utilize first key to being used for second secret key encryption of content delivery, and communicate to connect the public keys reflector that sends second encrypted key by first;

Be configured to connect to receive the content that sends from communication equipment and send request, and utilize first key, to sending the ID decrypting device of unique identification information deciphering of the communication equipment of first secret key encryption in the request by being included in content by second communication;

Whether the unique identification information that is configured to check the deciphering of ID decrypting device is registered to the ID inspection unit in the ID registration unit; With

2, according to the described messaging device of claim 1, be registered to the ID registration unit if also comprise the unique identification information that is configured to communication equipment, skip the RTT measurement of the measurement of round trip time that sends from communication equipment so next time and skip the unit.

3,, comprise also being configured to when between the transmission period of content that unique identification information, communicates to connect the deletion notification unit of described deletion notifying communication equipment by first when deleted from the ID registration unit according to the described messaging device of claim 1.

4, according to the described messaging device of claim 1, also comprise the measurement of round trip time request mark information of sharing with communication equipment by utilizing, first random number from second random number and first key that communication equipment sends, produces the first authorization information generator of first authorization information;

Be configured to received communication equipment and be included in second authorization information that measurement request response identification information, first random number, second random number and first key from the measurement request response that communication equipment sends produce, and check their authorization information inspection unit according to first authorization information by utilization; With

Be configured to when authorization information inspection unit when success aspect inspection, check request unit to the authorization information of the inspection of communication equipment request first authorization information,

Wherein the measurement of round trip time unit sends the header of UDP datagram, the corresponding sequence number of measurement of round trip time request mark information that its value is updated when carrying out the measurement of round trip time request at every turn, with the measurement of round trip time request that comprises first random number and this sequence number, and receive the measurement request response that comprises second random number and this sequence number.

5, according to the described messaging device of claim 1, the unique identification information of ID inspection unit received communication equipment wherein, when HTTP being used for when the content that communication equipment sends sends request, described identification information is by first secret key encryption and be included in the http request header.

6,, but comprise also that described notice declaration communication equipment is in the state that can receive the measurement of round trip time request according to the described messaging device of claim 1 from the notification received receipt status notification receiver of communication equipment,

Wherein but after receiving receipt status notification, the measurement of round trip time unit sends the measurement of round trip time request to communication equipment.

7, according to the described messaging device of claim 1, also comprise:

Before the measurement of round trip time request was sent to communication equipment, reception was from the ID searching request receiver of the request of the unique identification information of the search communication equipment of communication equipment transmission;

Be configured to the searching request according to ID, whether the unique identification information of search communication equipment is registered to the ID search unit in the ID registration unit;

The result that the ID search unit is searched sends to the Search Results reflector of communication equipment; With

Be configured to from the notification received unnecessary property notification unit of communication equipment, described notice indication communication equipment does not need to measure two-way time,

Wherein when the ID search unit is confirmed registration with respect to the ID registration unit, the request of measurement of round trip time unit cancellation measurement of round trip time, communication equipment receives the unnecessary property notice of measurement of round trip time request.

8, a kind of encrypted content by network handle protection copyright sends the messaging device of communication equipment to, comprising:

Be configured to communicate to connect a measurement of round trip time request that produces and send to communication equipment by first, thereby measure indication and receive two-way time about the time of the measurement request response of this request, and check two-way time of recording whether at the fixed time within and the emission source that comes and goes the request response whether be the measurement of round trip time unit of sharing the communication equipment of first key;

9, according to the described messaging device of claim 8, also comprise the ID registration unit that is configured to register and identification information that from communication equipment send unique for communication equipment, described identification information communicates to connect by first during success aspect inspection in the measurement of round trip time unit and is included in the certificate that uses in checking/cipher key exchange.

10,,, skip the RTT measurement of two-way time and skip the unit next time so if comprise that also being configured to unique identification information is registered to the ID registration unit according to the described messaging device of claim 9.

11, according to the described messaging device of claim 8, also comprise the measurement of round trip time request mark information of sharing with communication equipment by utilizing, first random number from second random number and first key that communication equipment sends, produces the first authorization information generator of first authorization information;

Be configured to when the authorization information inspection unit is succeedd aspect inspection, check request unit to the authorization information of the inspection of communication equipment request first authorization information,

Wherein the measurement of round trip time unit sends when carrying out the measurement of round trip time request at every turn, the sequence number of the measurement of round trip time request mark information correspondence that its value is updated, with the measurement of round trip time request that comprises this sequence number, and receive the measurement request response that comprises second random number and this sequence number.

12,, but comprise also that described notice declaration communication equipment is in the state that can receive the measurement of round trip time request according to the described messaging device of claim 8 from the notification received receipt status notification receiver of communication equipment,

13, according to the described messaging device of claim 9, also comprise:

According to the ID searching request, whether the unique identification information of search communication equipment is registered to the ID search unit in the ID registration unit;

Be configured to from the notification received unnecessary property notification unit of communication equipment, described notice indication communication equipment does not need to measure the measurement of round trip time request,

14, a kind of by the messaging device of network reception from the encrypted content of the protection copyright of communication equipment transmission, comprising:

Be configured to by utilizing first to communicate to connect with this communication equipment and verify/cipher key exchange, and produce checking/cipher key change unit with shared first key of this communication equipment;

15, according to the described messaging device of claim 14, also comprise:

By utilizing the measurement of round trip time request response identification information of sharing with communication equipment, first random number from second random number and first key that communication equipment sends, produces the first authorization information generator of first authorization information;

Be configured to receive the measurement of round trip time request mark information, first random number, second random number and first key that are included in from the measurement of round trip time request that communication equipment sends, and check their authorization information inspection unit according to first authorization information; With

The result of authorization information inspection unit inspection is sent to the check result reflector of communication equipment;

Wherein measurement of round trip time request responsive transmitter receives: the header of UDP datagram, the corresponding sequence number of measurement of round trip time request response that is updated when at every turn carrying out the measurement of round trip time request, and comprise the measurement of round trip time request of second random number and this sequence number, and send the header of UDP datagram, this sequence number and comprise first random number and the measurement of round trip time request of this sequence number response.

16, according to the described messaging device of claim 14, when HTTP being used for content and sending request, the ID reflector sends to communication equipment to the unique identification information that utilizes first secret key encryption and be included in the encryption in the http request header.

17,, but also comprise and send the receipt status notification unit that the indication communication equipment is in the notice of the state that the measurement of round trip time request can receive from communication equipment according to the described messaging device of claim 14.

18, according to the described messaging device of claim 14, also comprise:

Before receiving the measurement of round trip time request from communication equipment, the request communication equipment is searched for the ID searching request reflector whether this communication equipment has unique identification information;

According to the ID searching request, the result's of received communication equipment search Search Results receiver; With

Be configured to the result that receives when according to the Search Results receiver, when finding that communication equipment has described unique identification information, unnecessary property notification unit is asked in the unnecessary measurement of notifying communication equipment measurement of round trip time request.

19, a kind of by the messaging device of network reception from the encrypted content of the protection copyright of communication equipment transmission, comprising:

When the result of measurement of round trip time reached predetermined condition, received communication equipment was by the first public keys receiver that communicates to connect second key that utilizes first secret key encryption of transmission;

20, according to the described messaging device of claim 19, also comprise:

Be configured to receive second authorization information that is included in measurement of round trip time request mark information, first random number, second random number and the generation of first key from the measurement of round trip time request that communication equipment sends by utilization, and check the authorization information inspection unit of second authorization information according to first authorization information; With

Wherein measurement of round trip time request responsive transmitter receives the measurement of round trip time request of the sequence number comprise that the measurement of round trip time request upgraded when at every turn carrying out the measurement of round trip time request is corresponding, and the measurement of round trip time request that comprises second random number and this sequence number, and send this sequence number and the measurement of round trip time request response that comprises first random number and this sequence number.

21,, but but also comprise and transmit the receipt status notification reflector that the indication communication equipment is in the receipt status notification of the state that the measurement of round trip time request can receive from communication equipment according to the described messaging device of claim 19.

22, according to the described messaging device of claim 19, also be included in receive the measurement of round trip time request from communication equipment before, the request communication equipment is searched for the ID searching request reflector whether this communication equipment has unique identification information;

As the result who receives according to the Search Results receiver, when finding that communication equipment has unique identification information, unnecessary property notification unit is asked in the unnecessary measurement of notifying communication equipment measurement of round trip time request.

23, a kind ofly the encrypted content of protection copyright is sent to the information processing method of second communication equipment from first communication equipment, comprising by network:

24, a kind of can the execution by computer sends the encrypted content of protection copyright the message handling program of second communication equipment to from first communication equipment by network, and step comprises: