EP1045321A2 - Appareil et procédé pour le traitement et la gestion d'informations et médium pour la livraison - Google Patents

Appareil et procédé pour le traitement et la gestion d'informations et médium pour la livraison Download PDF

Info

Publication number
EP1045321A2
EP1045321A2 EP00303049A EP00303049A EP1045321A2 EP 1045321 A2 EP1045321 A2 EP 1045321A2 EP 00303049 A EP00303049 A EP 00303049A EP 00303049 A EP00303049 A EP 00303049A EP 1045321 A2 EP1045321 A2 EP 1045321A2
Authority
EP
European Patent Office
Prior art keywords
information
content
billing
processing apparatus
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP00303049A
Other languages
German (de)
English (en)
Other versions
EP1045321A3 (fr
Inventor
Shinako c/o Sony Corporation Matsuyama
Yoshihito c/o Sony Corporation Ishibashi
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sony Corp
Original Assignee
Sony Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sony Corp filed Critical Sony Corp
Publication of EP1045321A2 publication Critical patent/EP1045321A2/fr
Publication of EP1045321A3 publication Critical patent/EP1045321A3/fr
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/04Billing or invoicing

Definitions

  • the present invention relates to an information processing apparatus and method, a management apparatus and method, and a providing medium. Particularly, the invention relates to an information processing apparatus and method for decrypting encrypted information, a management apparatus and method, and a providing medium.
  • predetermined billing is caused from the use (purchase) of contents, and the user must settle it.
  • billing information is transmitted to a management apparatus for managing this system, and the billing is settled through the billing information.
  • this billing information includes information to specify the purchased contents, and information as to the user as a purchaser, there has been a problem that these pieces of information are not effectively used.
  • the present invention has been made in view of these circumstances, and an object of the invention is to enable information included in billing information to be effectively used.
  • an information processing apparatus comprises preparation means for preparing billing information needed to settle billing of valuable information and including its own ID, transmission means for transmitting the billing information prepared by the preparation means to a management apparatus, and reception means for receiving predetermined marketing information corresponding to a settlement result based on the billing information transmitted by the transmission means and transmitted from the management apparatus.
  • an information processing method comprises a preparation step of preparing billing information needed to settle billing of valuable information and including its own ID, a transmission step of transmitting the billing information prepared in the preparation step to a management apparatus, and a reception step of receiving predetermined marketing information corresponding to a settlement result based on the billing information transmitted in the transmission step and transmitted from the management apparatus.
  • a providing medium provides a computer readable program for making a computer execute a process comprising a preparation step of preparing billing information needed to settle billing of valuable information and including its own ID, a transmission step of transmitting the billing information prepared in the preparation step to a management apparatus, and a reception step of receiving predetermined marketing information corresponding to a settlement result based on the billing information transmitted in the transmission step and transmitted from the management apparatus.
  • billing information needed to settle billing of valuable information and including its own ID is prepared, the prepared billing information is transmitted to a management apparatus, and predetermined marketing information corresponding to a settlement result based on the transmitted billing information and transmitted from the management apparatus is received.
  • a management apparatus comprises storage means for storing predetermined marketing information as to an information processing apparatus correspondingly to ID of the information processing apparatus, settlement means for receiving billing information transmitted from the information processing apparatus and including the ID of the information processing apparatus and for settling billing due to valuable information on the basis of the billing information, readout means for reading the marketing information as to the information processing apparatus stored in the storage means correspondingly to the ID of the information processing apparatus included in the billing information, and first exhibiting means for exhibiting the marketing information read out by the readout means to the information processing apparatus correspondingly to a settlement result by the settlement means.
  • a management method comprises a storage step of storing predetermined marketing information as to an information processing apparatus correspondingly to ID of the information processing apparatus, a settlement step of receiving billing information transmitted from the information processing apparatus and including the ID of the information processing apparatus and of settling billing due to valuable information on the basis of the billing information, a readout step of reading the marketing information as to the information processing apparatus stored in the storage step correspondingly to the ID of the information processing apparatus included in the billing information, and a first exhibiting step of exhibiting the marketing information read out in the readout step to the information processing apparatus correspondingly to a settlement result in the settlement step.
  • a providing medium provides a computer readable program for making a computer execute a process comprising a storage step of storing predetermined marketing information as to an information processing apparatus correspondingly to ID of the information processing apparatus, a settlement step of receiving billing information transmitted from the information processing apparatus and including the ID of the information processing apparatus and of settling billing due to valuable information on the basis of the billing information, a readout step of reading the marketing information as to the information processing apparatus stored in the storage step correspondingly to the ID of the information processing apparatus included in the billing information, and a first exhibiting step of exhibiting the marketing information read out in the readout step to the information processing apparatus correspondingly to a settlement result in the settlement step.
  • predetermined marketing information as to an information processing apparatus is stored correspondingly to ID of the information processing apparatus, billing information transmitted from the information processing apparatus and including the ID of the information processing apparatus is received, billing due to valuable information is settled on the basis of the billing information, the marketing information as to the information processing apparatus stored correspondingly to the ID of the information processing apparatus included in the billing information is read out, and the marketing information read out is exhibited to the information processing apparatus correspondingly to a settlement result.
  • Fig. 1 is a view for explaining an EMD (Electronic Music Distribution) system to which the invention is applied.
  • the EMD system is constituted by an EMD service center 1 for managing registration to the EMD system and for managing respective devices, a content provider 2 for providing contents, a service provider 3 for providing predetermined service corresponding to the contents, and a user home network 5 made of equipment in which the contents are used.
  • the content distributed (provided) to the equipment (user) registered in the EMD system is digital data in which information itself has a value, and in the case of this example, one content corresponds to music data of a piece of music.
  • the content is provided to the user while one content is made one unit (single) or a plurality of contents are made one unit (album).
  • the user purchases the content (actually purchases the right to use the content) and uses the provided content.
  • the EMD service center 1 transmits a distribution key Kd needed to use the contents to the user home network 5 and a plurality of content providers 2 (in the case of this example, two content providers 2-1, 2-2 (hereinafter, in the case where it is not necessary to distinguish the content providers 2-1, 2-2 from each other, the recitation of the content provider 2 is merely made. The same can be said of other devices)).
  • the EMD service center 1 also receives billing information or the like from the equipment of the user home network 5 and settles the fee, receives a UCP from the content provider 2, and receives a PT from the service provider 3.
  • the content providers 2-1 and 2-2 hold contents (encrypted by a content key Kco) to be provided, the content key Kco (encrypted by a delivery key Kd) needed to decrypt the contents, and a treatment policy (hereinafter referred to as UCP (Usage Control Policy)) indicating the usage content of the contents or the like, and supply them as a mode called a content provider secure container (described later) to the service provider 3.
  • UCP User Control Policy
  • the service providers 3-1 and 3-2 prepare one or plural price information (hereinafter referred to as PT (Price Tag)) corresponding to the UCP supplied from the content provider 2, and hold it.
  • the service provider 3 transmits the prepared PT, together with the contents (encrypted by the content key Kco) supplied from the content provider 2, the content key Kco (encrypted by the delivery key Kd), and the UCP, in a mode called a service provider secure container, to the user home network 5 through a network 4 constituted by a dedicated cable network, Internet, satellite communication, or the like.
  • the user home network 5 prepares usage permissible condition information (hereinafter referred to as UCS (Usage Control Status)) based on the supplied UCP and PT, and executes processing to use the contents based on the prepared UCS. Besides, the user home network 5 prepares billing information at the timing of preparing the UCS, and transmits it, together with the corresponding UCP and PT, to the EMD service center 1 at the timing of, for example, receiving the supply of the delivery key Kd. Incidentally, the user home network 5 can be made not to transmit the UCP and PT to the EMD service center 1.
  • UCS Usage Control Status
  • the user home network 5 is constituted by a receiver 51 connected to a HDD 52 and including a SAM 62, and a receiver 201 connected to a HDD 202 and including a SAM 212. It is assumed that although the receiver 51 is formally registered in the EMD system, the receiver 201 is not registered in the EMD system at the moment.
  • SAM Secure Application Module
  • Fig. 3 is a block diagram showing a functional structure of the EMD service center 1.
  • a service provider management portion 11 supplies information of profit distribution to the service provider 3.
  • a content provider management portion 12 transmits the delivery key Kd to the content provider 2, or supplies information of profit distribution.
  • a copyright management portion 13 transmits information indicating the actual results of use of contents in the user home network 5 to an association for managing the copyright, for example, JASRAC (Japanese Society for Rights of Authors, Composers and Publishers).
  • a key server 14 stores the delivery key Kd, and supplies it to the content provider 2 through the content provider management portion 12, or supplies it to the user home network 5 through a user management portion 18 or the like.
  • Fig. 4 is a view showing a delivery key Kd which the EMD service center 1 includes, a delivery key Kd which the content provider 2 includes, and a delivery key Kd which the receiver 51 includes, on January 1998 when the content provider 2 starts to provide the contents and the receiver 51 (Fig. 26) constituting the user home network 5 starts to use the contents.
  • a delivery key Kd is usable from the first day of a month of a calendar to the last day of the month, and for example, a delivery key Kd of version 1 having a value of "aaaaaaa" of a random number of a predetermined bit number is usable from January 1, 1998 to January 31, 1998 (that is, a content key Kco for encrypting the contents distributed to the user home network 5 through the service provider 3 from January 1, 1998 to January 31, 1998 is encrypted by the delivery key Kd of the version 1), a delivery key Kd of version 2 having a value of "bbbbbbbb" of a random number of a predetermined bit number is usable from February 1, 1998 to February 28, 1998 (that is, a contents key Kco for encrypting the contents distributed to the user home network 5 through the service provider 3 during the period is encrypted by the delivery key Kd of the version 2).
  • a delivery key Kd of version 3 is usable in March, 1998
  • a delivery key Kd of version 4 is usable in April, 1998
  • a delivery key Kd of version 5 is usable in May, 1998
  • a delivery key Kd of version 6 is usable in June, 1998.
  • the EMD service center 1 transmits the six delivery keys Kd of the version 1 to the version 6 usable from January, 1998 to June, 1998 to the content provider 2, and the content provider 2 receives and stores the six delivery keys Kd.
  • the reason why the delivery keys Kd for six months are stored is that it is necessary to take a predetermined period for the content provider 2 to make preparation such as encrypting of contents and the content key prior to providing the contents.
  • the EMD service center 1 Before the receiver 51 starts to use the contents, the EMD service center 1 transmits the three delivery keys Kd of the version 1 to the version 3 usable from January, 1998 to March, 1998 to the receiver 51, and the receiver 51 receives and stores the three delivery keys Kd.
  • the delivery keys Kd for three months are stored in order to avoid such a situation that the contents can not be used, in spite of the period of a contract when the contents can be used, because of such a trouble that connection to the EMD service center 1 can not be made, and in order to reduce the load of the user home network 5 by lowering the frequency in connection to the EMD service center 1.
  • the delivery key Kd of the version 1 is used in the EMD service center 1, the content provider 2, and the receiver 51 constituting the user home network 5.
  • the EMD service center 1 transmits six delivery keys Kd of the version 2 to version 7 usable from February, 1998 to July, 1998 to the content provider 2.
  • the content provider 2 receives the six delivery keys Kd, overwrites delivery keys Kd stored before the reception, and stores the new delivery keys Kd.
  • the EMD service center 1 transmits three delivery keys Kd of the version 2 to version 4 usable from February, 1998 to April, 1998 to the receiver 51.
  • the receiver 51 receives the three delivery keys Kd, overwrites delivery keys Kd stored before the reception, and stores the new delivery keys Kd.
  • the EMD service center 1 stores the delivery key Kd of the version 1 as it is. This is for enabling the delivery key Kd used in the past to be used when an unexpected trouble occurs, or a dishonest act occurs or is found.
  • the delivery key Kd of the version 2 is used in the EMD service center 1, the content provider 2, and the receiver 51 constituting the user home network 5.
  • the EMD service center 1 transmits six delivery keys Kd of the version 3 to version 8 usable from March, 1998 to August, 1998 to the content provider 2.
  • the content provider 2 receives the six delivery keys Kd, overwrites delivery keys Kd stored before the reception, and stores the new delivery keys Kd.
  • the EMD service center 1 transmits three delivery keys Kd of the version 3 to version 5 usable from March, 1998 to May, 1998 to the receiver 51.
  • the receiver 51 receives the three delivery keys Kd, overwrites delivery keys Kd stored before the reception, and stores the new delivery key Kd.
  • the EMD service center 1 stores the delivery key Kd of the version 1 and the delivery key Kd of the version 2 as they are.
  • the delivery key Kd of the version 3 is used in the EMD service center 1, the content provider 2, and the receiver 51 constituting the user home network 5.
  • the EMD service center 1 transmits six delivery keys Kd of the version 4 to version 9 usable from April, 1998 to September, 1998 to the content provider 2.
  • the content provider 2 receives the six delivery keys Kd, overwrites delivery keys Kd stored before the reception, and stores the new delivery keys Kd.
  • the EMD service center 1 transmits three delivery keys Kd of the version 3 to version 5 usable from April, 1998 to June, 1998 to the receiver 51.
  • the receiver 51 receives the three delivery keys Kd, overwrites delivery keys Kd stored before the reception, and stores the new delivery keys Kd.
  • the EMD service center 1 stores the delivery key Kd of the version 1 and the delivery key Kd of the version 2, and the delivery key Kd of the version 3 as they are.
  • the delivery key Kd of the version 4 is used in the EMD service center 1, the content provider 2, and the receiver 51 constituting the user home network 5.
  • the delivery keys Kd for three months or six months are distributed, as described above, to the equipment of the user home network 5 formally registered in the EMD system and the content provider 2.
  • a delivery key Kd for one month is distributed to the equipment of the user home network 5 in the state where it is not formally registered in the EMD system but is temporarily registered (the detail will be described later).
  • a registration procedure requiring a time of about one month, such as credit investigation processing becomes necessary.
  • the delivery key Kd usable for one month is distributed to the equipment not formally registered (equipment temporarily registered).
  • a history data management portion 15 stores billing information, PT corresponding to the contents, UCP corresponding to the content, and the like, outputted from the user management portion 18.
  • the profit distributing portion 16 calculates the profit of the EMD service center 1, the content providers 2-1, 2-2, and the service providers 3-1, 3-2 on the basis of various pieces of information supplied from the history data management portion 15, and outputs the result to the service provider management portion 11, the content provider management portion 12, a receipts and disbursements portion 20, and the copyright management portion 13.
  • the profit distributing portion 16 calculates a usage point (the more the profit is, that is, the more the user uses, the larger the value is) to each of the content providers 2-1, 2-2 and the service provides 3-1, 3-2 in accordance with the calculated profit, and outputs to the user management portion 18.
  • the usage point in the content provider 2 will be referred to as a "content usage point”
  • the usage point in the service provider 3 will be referred to as a "service usage point”.
  • a mutual authentication portion 17 executes mutual authentication among the content provider 2, the service provider 3, and the equipment of the user network 5.
  • the user management portion 18 manages information (hereinafter, referred to as system registration information) with respect to the equipment of the user home network 5 which can be registered in the EMD system.
  • the system registration information includes information corresponding to items of [ID of SAM], [equipment number], [settlement ID], [settlement user information], a plurality of [subordinate user information], and [usage point information].
  • [ID of SAM], [equipment number], [settlement ID], and [usage point information] are not made open.
  • the predetermined information of [settlement user information] and [subordinate user information] is made open in the case where the user permits.
  • the information shaded is information which is not made open (exhibition is not permitted), and the information not shaded is information which is made open (exhibition is permitted).
  • the exhibition here means that the information is provided to the content provider 2, the service provider 3, or the equipment of the user home network 5.
  • the ID of the SAM of the equipment of the user home network 5, which was manufactured, is stored.
  • the ID of the SAM 62 of the receiver 51 and the ID of the SAM 212 of the receiver 201 are set.
  • the equipment number previously set for the equipment of the user home network 5 including the SAM is set.
  • the equipment of the user home network 5 has a function (includes a communication portion) capable of directly communicating with the service provider 3 and the EMD service center 1 through the network 4, and for example, has a function (has a display portion and an operation portion) to output (present) the content of the UCP or PT to the user, and to enable the user to select the use content of the UCP
  • the equipment hereinafter, the equipment having such functions will be referred to as main equipment
  • main equipment is given the equipment number of No. 100 or more.
  • the equipment (hereinafter, such equipment will be referred to as subordinate equipment) is given the equipment number of No. 99 or less.
  • the equipment number (No. 100) of No. 100 or more is given to each, and in the corresponding [equipment number], the equipment number of No. 100 is set.
  • a predetermined settlement ID allocated when a receiver is formally registered in the EMD system is stored.
  • the receiver 51 is formally registered and the settlement ID is given
  • the [settlement ID] corresponding to the ID of the SAM 62 in the system registration information of Fig. 9
  • the given settlement ID is stored.
  • the receiver 201 is not registered in the EMD system, and the settlement ID is not given, any information is not set in the [settlement ID] corresponding to the ID of the SAM 212 in the system registration information of Fig. 9.
  • the name, address, telephone number, settlement agency information for example, credit card number, etc.
  • birth date, age, gender, ID, password, etc. of the user who settles the billing to be added up hereinafter, such a user will be referred to as a settlement user
  • the settlement agency information, ID and password are made information which is not made open
  • the other information of the name, address, telephone number, birth date, age, and gender is made information which is made open in the case where the user permits.
  • the name, address, telephone number, settlement agency information, birth date, and gender of the settlement user set in the [settlement user information] (hereinafter, in the case where it is not necessary to individually distinguish these pieces of information set in the [settlement user information], the whole will be referred to as user general information) are provided by the user when an application for registration is made and are set.
  • user general information the whole will be referred to as user general information
  • accurate information for example, information registered in the settlement agency
  • the ID and password of the settlement user stored in the [settlement user information] are allocated and are set when temporal registration in the EMD system is made.
  • the receiver 51 is registered with the user F as the settlement user, and in the [settlement user information] corresponding to the ID of the SAM 62 in the system registration information of Fig. 9, the user general information provided from the user F, the ID of the user F, and the password of the user F are set. Since an application for registration is not made for the receiver 201, any information is not set in the [settlement user information] corresponding to the ID of the SAM 212.
  • the user F permits exhibition of the name, address, telephone number, birth date, age, and gender (all information which can be made open).
  • the name, address, telephone number, birth date, age, gender, ID, password, etc. of the user who does not settle the billing (hereinafter, such a user will be referred to as a subordinate user) are set. That is, among various pieces of information set in the [settlement user information], those other than the information of the settlement agency are set. In the case of this example, these pieces of information may be made open.
  • the credit investigation processing is not carried out for the subordinate user, it is not necessary that the name, address, telephone number, birth date, age, and gender of the subordinate user set in the [subordinate user information] are accurate.
  • a nickname or the like may be used.
  • the ID and password of the subordinate user set in the [subordinate user information] are allocated and set when temporal registration or formal registration is made.
  • any information is not set in the [subordinate user information] corresponding to the ID of the SAM 62 in the system registration information of Fig. 9 and in the [subordinate user information] corresponding to the ID of the SAM 212.
  • the usage point outputted from the profit distributing portion 16 is set.
  • the contents are already used, and in the [usage point information] corresponding to the SAM 62, the usage point information as shown in Fig. 10 is stored.
  • the content usage point of the content provider 2-1 given to the user F (settlement user) of the receiver 51 is 222 points
  • the content usage point of the content provider 2-2 is 123 points
  • the service usage point of the service provider 3-1 is 345 points
  • the service usage point of the service provider 3-2 is 0 point.
  • the user management portion 18 manages such system registration information, and further, prepares a registration list (described later) correspondingly to predetermined processing, and transmits it together with the delivery key Kd to the user home network 5.
  • a billing charging portion 19 calculates the billing to the user on the basis of, for example, the billing information, UCP and PT supplied from the history data management portion 15, and supplies the result to the receipts and disbursements portion 20.
  • the receipts and disbursements portion 20 communicates with a not-shown external bank or the like on the basis of the disbursements to the user, the content provider 2, and the service provider 3, and the sum of usage fees to be collected, and executes the settlement processing.
  • the receipts and disbursements portion 20 also notifies the user management portion 18 of the result of the settlement processing.
  • the audit portion 21 inspects the correctness (that is, whether a dishonest act is performed or not) of the billing information, PT, and UCP supplied from the equipment of the user home network 5.
  • the EMD service center 1 receives the UCP from the content provider 2, the PT from the service provider 3, and the UCP and PT from the user home network 5, respectively.
  • Fig. 11 is a block diagram showing a functional structure of the content provider 2-1.
  • a content server 31 stores contents to be supplied to the user, and supplies them to a watermark adding portion 32.
  • the watermark adding portion 32 adds a watermark (electronic watermark) to the contents supplied from the content server 31, and supplies them to a compression portion 33.
  • the compression portion 33 compresses the contents supplied from the watermark adding portion 32 through a system such as ATRAC2 (Adaptive Transform Acoustic Coding 2) (trade mark) and supplies them to an encrypting portion 34.
  • the encrypting portion 34 encrypts the contents compressed in the compression portion 33 by using a random number supplied from a random number generating portion 35 as a key (hereinafter, this random number will be referred to as a content key Kco) and by a common key encrypting system such as DES (Data Encryption Standard), and outputs the result to a secure container preparing portion 38.
  • the random number generating portion 35 supplies the random number of a predetermined bit number, which becomes the content key Kco, to the encrypting portion 34 and an encrypting portion 36.
  • the encrypting portion 36 encrypts the content key Kco by using a delivery key Kd supplied from the EMD service center 1 and by a common key encrypting system such as DES, and outputs the result to the secure container preparing portion 38.
  • the DES is an encrypting system in which a common key of 56 bits is used, and processing is carried out while a plain text of 64 bits is made one block.
  • the processing of the DES is composed of a portion (data mixing portion) for mixing the plain text into an encrypted text, and a portion (key processing portion) for generating a key (enlarged key) used by the data mixing portion from a common key. Since all algorism of the DES is open to the public, here, basic processing of the data mixing portion will be described in brief.
  • H 0 of the upper 32 bits and L 0 of the lower 32 bits are divided into H 0 of the upper 32 bits and L 0 of the lower 32 bits.
  • An enlarged key K 1 of 48 bits supplied from the key processing portion and L 0 of the lower 32 bits are made input, and the output of an F function obtained by mixing L 0 of the lower 32 bits is calculated.
  • the F function is constituted by two kinds of basic transformations, that is, "substitution” for substituting a numerical value through a predetermined rule and "transposition” for transposing a bit position through a predetermined rule.
  • H 0 of the upper 32 bits and the output of the F function are subjected to an exclusive OR operation, and its result is made L 1 .
  • L 0 is made H 1 .
  • H 0 of the upper 32 bits and L 0 of the lower 32 bits On the basis of H 0 of the upper 32 bits and L 0 of the lower 32 bits, the above processing is repeated 16 times, and the obtained H 16 of the upper 32 bits and L 16 of the lower 32 bits are outputted as an encrypted text. Decrypting is realized by using the common key used for encrypting and by reversely proceeding the above procedure.
  • a policy storage portion 37 stores UCP set correspondingly to contents, and outputs it to the secure container preparing portion 38.
  • Fig. 12 shows UCP A and UCP B which are set correspondingly to contents A held in the content server 31 and are stored in the policy storage portion 37.
  • the UCP includes predetermined information corresponding to the respective items of [ID of contents], [content information], [ID of content provider], [ID of UCP], [effective period of UCP], [use condition], and [use content].
  • the ID of the contents to which the UCP corresponds is set.
  • the ID of the contents A is set.
  • the content information of the contents A is set.
  • the ID of the content provider as a supplier of the contents is set.
  • the ID of the content provider 2-1 is set.
  • the predetermined ID assigned to each UCP is set, the ID of the UCP A is set in the [ID of UCP] of the UCP A, and the ID of the UCP B is set in the [ID of UCP] of the UCP B.
  • Predetermined information corresponding to each item of user condition] and [equipment condition] is set in the [use condition].
  • Information indicating the condition of the user capable of selecting this UCP is set in the [user condition]
  • information indicating the condition of the equipment capable of selecting this UCP is set in the [equipment condition].
  • [use condition 10] is set, and information ("200 points or more") indicating that the condition is such that the use point is 200 points or more is set in the [user condition 10] of the [use condition 10].
  • Information (“no condition”) indicating that there is no condition is set in the [equipment condition 10] of the [use condition 10]. That is, only the user having the content use point of 200 points or more for the content provider 2-1 can select the UCP A.
  • [use condition 20] is set, and information ("less than 200 points") indicating that the condition is such that the use point is less than 200 points is set in the [user condition 20] of the [use condition 20]. Besides, information ("no condition”) indicating that there is no condition is set in the [equipment condition 20] of the [use condition 20]. That is, only the user having the content use points of less than 200 points for the content provider 2-1 can select the UCP B.
  • the [use content] includes predetermined information corresponding to the respective items of [ID], [format], [parameter], and [management movement permissible information].
  • [ID] predetermined ID assigned to information set in the [use content] is set.
  • [format] information indicating a use format of contents, such as reproduction or copying, is set.
  • [parameter] predetermined information corresponding to the use format set in the [format] is set.
  • the equipment of the management movement origin can not (not permitted) perform the management movement of the contents to another equipment as shown in Fig. 13A. That is, the contents are held only in two devices of the equipment of the management movement origin and the equipment of the management movement destination. At this point, it is different from the first generation copying as shown in Fig. 14A in which a plurality of copies (first generation) can be formed from the original contents. Besides, since it is possible to make the management movement of the contents to another equipment by returning the contents from the equipment of the management movement origin, in this point, it is also different from copying of only one time as shown in Fig. 14B.
  • the UCP A is provided with four [use content 11] to [use content 14].
  • [use content 11] and in its [ID 11], predetermined ID assigned to the [use content 11] is set.
  • [format 11] information ("purchased reproduction") indicating the use format in which the contents are purchased and are reproduced is set, and in the [parameter 11], predetermined information corresponding to the "purchased reproduction” is set.
  • [management movement permissible information 11] information (“permissible") indicating that management movement of contents is possible is set.
  • predetermined ID assigned to the [use content 12] is set.
  • information (“first generation copying") indicating the use format of carrying out the first generation copying is set.
  • the first generation copying can prepare a plurality of first generation copies from the original contents as shown in Fig. 14A. However, it is not possible (not permissible) to prepare second generation copying from the first generation copying.
  • predetermined information corresponding to the "first generation copying” is set.
  • information (“impermissible) indicating that the management movement can not be made is set.
  • predetermined ID assigned to the [use content 13] is set.
  • information "reproduction with limited period" indicating the use format of making reproduction only in a predetermined period (time) is set.
  • the start time (hour) of the period and the end time (hour) are set.
  • "impermissible” is set.
  • predetermined ID assigned to the [use content 14] is set.
  • information "Pay Per Copy 5" indicating the use format of copying 5 times (so-called book of tickets to enable copying to be performed five times) is set.
  • a copy from a copy can not be made (permitted).
  • information (“copying 5 times”) indicating that copying can be made five times is set.
  • "impermissible” is set.
  • the user having the use points of 200 points or more can select the use content from the four use content 11 to use content 14, while the user having the use points of less than 200 points can select only the use content from the two use content 21 and use content 22.
  • Fig. 12 schematically shows the UCP A and the UCP B
  • the [use condition 10] of the UCP A and the [use condition 20] of the UCP B are actually constituted by a service code shown in Fig. 15A and a condition code shown in Fig. 15B, and further, by a value code indicating numerical values and predetermined kinds corresponding to the service code.
  • Fig. 16B shows a code value of each code set as the [user condition 20] and the [equipment condition 20] of the [use condition 20] of the UCP B. Since the [user condition 20] is made "less than 200 points", the service code of 80xxh meaning "there is condition as to use point”, the value code of 0000C8h indicating the numerical value of 200, and the condition code of 03h meaning " ⁇ (less than)" are set as the user condition.
  • the secure container preparing portion 38 prepares a content provider secure container made of, for example, as shown in Fig. 17, contents A (encrypted by content key KcoA), the content key KcoA (encrypted by delivery key Kd), UCP A, UCP B, and a signature.
  • the signature is such that a hash value obtained by applying a hash function to the whole of the data to be transmitted (in this case, contents A (encrypted by the content key KcoA)), the content key KcoA (encrypted by the delivery key Kd), the UCP A and the USP B is encrypted with a secret key (in this case, secret key Kscp of the content provider 2-1) of public key cipher.
  • the secure container preparing portion 38 attaches a certificate of the content provider 2-1 as shown in Fig. 18 to the content provider secure container and transmits it to the service provider 3.
  • This certificate is constituted by the version number of the certificate, the serial number of the certificate allocated to the content provider 2-1 by certificate authority, algorism and parameter used for the signature, the name of the certificate authority, effective period of the certificate, name of the content provider 2-1, public key Kpcp of the content provider 2-1, and its signature (encrypted by secret key Ksca of the certificate authority).
  • the signature is data for checking falsifying and for authenticating an author, and is prepared in such a manner that a hash value is taken by a hash function on the basis of the data to be transmitted, and this is encrypted by a secret key of the public key code.
  • the hash function is a function which receives predetermined data to be transmitted, compresses it to data of a predetermined bit length, and outputs it as a hash value.
  • the hash function has features that it is difficult to predict an input from a hash value (output), when one bit of data inputted to the hash function is changed, a number of bits of the hash value are changed, and it is difficult to find input data having the same hash value.
  • a receiving person having received the signature and data decrypts the signature with the public key of the public key cipher, and obtains the result (hash value). Further, the hash value of the received data is calculated, and it is judged whether the calculated hash value is equal to the hash value obtained by decrypting the signature. In the case where it is judged that the hash value of the transmitted data is equal to the decrypted hash value, it is understood that the received data are not falsified, and are data transmitted from a transmitting person holding the secret key corresponding to the public key.
  • the hash function of the signature MD4, MD5, SHA-1, or the like is used.
  • the public key cipher To a common key cipher system in which the same key (common key) is used in encrypting and decrypting, in the public key cipher system, a key used in encrypting and a key used in decrypting are different from each other.
  • the public key cipher even if one of the keys is made open, the other can be made secret, and a key which may be made open is called a public key, and the other key to be kept secret is called a secret key.
  • a typical RSA (Rivest-Shamir-Adleman) cipher in the public key cipher will be described in brief.
  • p and q which are two sufficiently large prime numbers, are obtained, and further, n of the product of p and q is obtained.
  • the least common multiple L of (p-1) and (q-1) is calculated, and further, a numeral e, which is not less than 3 and less than L, and is relatively prime to L, is obtained (that is, a number which can commonly divide e and L is only 1).
  • An encrypted text C is calculated from a plain text M by processing of equation (1).
  • C M ⁇ e mod n
  • the encrypted text C is decrypted to the plain text M by processing of equation (2).
  • M C ⁇ d mod n
  • the secret key d can be calculated from the public key e.
  • the secret key d can not be calculated from the public key e by merely knowing the public key n, and decrypting can not be made.
  • the key used for encrypting and the key for decrypting can be made different from each other.
  • a mutual authentication portion 39 of the content provider 2-1 makes mutual authentication with the EMD service center 1 before the delivery key Kd supplied from the EMD service center 1 is received. Besides, the mutual authentication portion 39 can also be made mutual authentication with the service provider 3 before the content provider secure container is transmitted to the service provider 3. In the case of this example, since the content provider secure container does not include information which must be made secret, this mutual authentication is not necessarily required.
  • the content provider 2-2 basically includes the same structure as the content provider 2-1, its illustration and explanation are omitted.
  • a content server 41 stores contents (encrypted by a content key Kco), the content key Kco (encrypted by a delivery key Kd), UCP, and a signature of the content provider 2, which are contained in the content provider secure container supplied from the content provider 2, and supplies them to a secure container preparing portion 44.
  • An estimating portion 42 checks the validity of the content provider secure container based on the signature contained in the content provider secure container supplied from the content provider 2. In this case, the certificate of the content provider 2 is checked, and when it is valid, the public key of the content provider 2 is obtained. Then, on the basis of the obtained public key, the validity of the content provider secure container is checked.
  • the estimating portion 42 prepares PT corresponding to UCP contained in the content provider secure container, and supplies it to the secure container preparing portion 44.
  • Figs. 20A and 20B show two PT A-1 (Fig. 20A) and PT A-2 (Fig. 20B) prepared correspondingly to the UCP A of Fig. 12A.
  • the PT includes information such as predetermined information corresponding to each item of [ID of contents], [content information], [ID of content provider], [ID of UCP], [ID of service provider], [ID of PT], [effective period of PT], [price condition], and [price content].
  • Information of items corresponding to the UCP is set in the [ID of contents], [content information], [ID of content provider], and [ID of UCP] of the PT, respectively. That is, the ID of contents A is set in the [ID of contents] of each of the PT A-1 and PT A-2, the content information of the contents A is set in the [content information] of each, the ID of the content provider 2-1 is set in the [ID of content provider] of each, and the ID of the UCP A is set in the [ID of UCP] of each.
  • the ID of the service provider 3 as the providing origin of the PT is set.
  • the ID of service provider 3-1 is set.
  • predetermined ID assigned to each PT is set.
  • the ID of the PT A-1 is set in the [ID of PT] of the PT A-1
  • the ID of the PT A-2 is set in the [ID of PT] of the PT A-2.
  • information indicating the effective period of the PT is set.
  • the effective period of the PT A-1 is set in the [effective period of PT] of the PT A-1
  • the effective period of the PT A-2 is set in the [effective period of PT] of the PT A-2.
  • the [price condition 20] is set, and in the [user condition 20] of the [price condition 20], information ("female") indicating that the user is female is set, and in the [equipment condition 20], "no condition” is set. That is, only the female user can select the PT A-2.
  • the expression "600 yen” of the [price content 12] of the PT A-1 and "300 yen” of the [price content 22] of the PT A-2 indicate the fee of the case where the contents A are used in the use format of first generation copy, from the [format 12] of the [use content 12] of the PT A-1.
  • the expression "100 yen” of the [price content 13] of the PT A-1 and "50 yen” of the [price content 23] of the PT A-2 indicate the fee of the case where the contents A are used in the use format of reproduction with a limited period, from the [format 13] of the [use content 13] of the UCP A.
  • the price indicated in the price content of the PT A-1 is set twice the price indicated in the price content of the PT A-2.
  • the [price content 11] of the PT A-1 corresponding to the [use content 11] of the UCP A is made "2000 yen”
  • the [price content 21] of the PT A-2 similarly corresponding to the [use content 11] of the UCP A is made "1000 yen”.
  • the price set in each of the [price content 12] to [price content 14] of the PT A-1 is set twice the price set in each of the [price content 22] to [price content 24] of the PT A-2. That is, the contents A are contents which can be used by the female user at a lower price.
  • Figs. 22A and 22B show two PT B-1 and PT B-2 prepared correspondingly to the UCP B of Fig. 12B.
  • the PT B-1 of Fig. 22A includes ID of the contents A, content information of the contents A, ID of the content provider 2-1, ID of the UCP B, ID of the service provider 3-1, ID of the PT B-1, effective period of the PT B-1, price condition 30, two price contents 31 and 32, and the like.
  • the other PT B-2 of Fig. 22B prepared correspondingly to the UCP B includes ID of the contents A, content information of the contents A, ID of the content provider 2-1, ID of the UCP B, effective period of the UCP B, ID of the service provider 3-1, ID of the PT B-2, effective period of the PT B-2, price condition 40, two price contents 41 and 42, and the like;
  • the price indicated in each of the [price content 41] and the [price content 42] of the PT B-2 indicates the fee of the case where the contents A are used in the use format shown in each of the [format 21] of the [use content 21] and the [format 22] of the [use content 22] of the UCP B.
  • the price content of the PT B-1 is set twice the price content of the PT B-2.
  • the [price content 31] of the PT B-1 is made "100 yen” while the [price content 41] of the PT B-2 is made “50 yen”
  • the [price content 32] is made "300 yen” while the [price content 42] is made "150 yen”.
  • a policy storage portion 43 stores UCP of contents supplied from the content provider 2, and supplies it to the secure container preparing portion 44.
  • the secure container preparing portion 44 prepares a service provider secure container made of, for example, as shown in Fig. 24, contents A (encrypted by a content key KcoA), the content key KcoA (encrypted by a delivery key Kd), UCP A, UCP B, signature of the content provider 2, PT A-1, A-2, B-1, B-2, and signature of the service provider 3.
  • the secure container preparing portion 44 supplies the prepared service provider secure container, together with a certificate of the service provider constituted by, as shown in Fig. 25, the version number of the certificate, the serial number of the certificate allocated to the service provider 3-1 by certificate authority, algorism and parameter used for the signature, the name of the certificate authority, the effective period of the certificate, the name of the service provider 3-1, the public key Kpsp of the service provider 3-1, and the signature, to the user home network 5.
  • a mutual authentication portion 45 makes mutual authentication with the content provider 2. Besides, before the service provider secure container is transmitted to the user home network 5, the mutual authentication portion 45 makes mutual authentication with the user home network 5. However, for example, in the case where the network 4 is satellite communication, the mutual authentication between the service provider 3 and the user home network 5 is not executed. In the case of this example, since secret information is not particularly contained in the content provider secure container and the service provider secure container, it is not necessary that the service provider 3 makes mutual authentication with the content provider 2 and the user home network 5.
  • the structure of the service provider 3-2 is basically the same as the structure of the service provider 3-1, its illustration and description are omitted.
  • the receiver 51 is constituted by a communication portion 61, a SAM 62, an external storage portion 63, an expansion portion 64, a communication portion 65, an interface 66, a display control portion 67, and an input control portion 68.
  • the communication portion 61 communicates with the service provider 3 or the EMD service center 1 through the network 4, and receives or transmits predetermined information.
  • the SAM 62 is made up of a mutual authentication module 71, a billing processing module 72, a storage module 73, a decrypting/encrypting module 74, and a data inspection module 75, and is constructed by a single chip cipher processing dedicated IC which has a multi-layer structure, has an inner memory cell sandwiched between dummy layers of aluminum layers or the like, and has such characteristics (tamper resistance) that from the outside, it is hard to dishonestly read out data, for example, the width of an operating voltage or frequency is narrow.
  • the mutual authentication module 71 of the SAM 62 transmits a certificate stored in the storage module 73 and shown in Fig. 27 to a mutual authentication partner, and executes mutual authentication, and by this, it supplies a temporary key Ktemp (session key) commonly owned by the authentication partner to the decrypting/encrypting module 74. Since information corresponding to information contained in the certificate (Fig. 18) of the content provider 2-1 and the certificate (Fig. 25) of the service provider 3-1 is contained in the certificate of the SAM, the description is omitted.
  • the billing processing module 72 prepares UCS and billing information on the basis of the use content of the selected UCP.
  • Fig. 28 shows UCS A prepared based on the use content 11 of the UCP A shown in Fig. 12A, and the price content 11 of the PT A-1 shown in Fig. 20A.
  • predetermined information corresponding to each item of [ID of contents], [content information], [ID of content provided], [ID of UCP], [effective period of UCP], [ID of service provider], [ID of PT], [effective period of PT], [ID of UCS], [ID of SAM], [ID of user], [use content], and [use history] is set in the UCS.
  • the content information of the contents A is set in the [content information]
  • the ID of the content provider 2-1 is set in the [ID of content provider]
  • the ID of the UCP A is set in the [ID of UCP]
  • the effective period of the UCP A is set in the [effective period of UCP]
  • the ID of the service provider 3-1 is set in the [ID of service provider]
  • the ID of the PT A-1 is set in the [ID of PT]
  • the effective period of the PT A-1 is set in the [effective period of PT].
  • the predetermined ID allocated to the UCS is set in the [ID of UCS], and the ID of the USC A is set in the [ID of UCS].
  • the ID of the SAM of the equipment is set in the [ID of SAM]
  • the ID of the SAM 62 of the receiver 51 is set in the [ID of SAM] of the UCS A.
  • the ID of the user using the contents is set in the [ID of user]
  • the ID of the user F is set in the [ID of user] of the UCS A.
  • the [use content] is made up of respective items of [ID], [format], [parameter], and [management movement state information], and information of items corresponding to those of [use content] of the selected UCP is set in the items of the [ID], [format], and [parameter]. That is, information (ID of the use content 11) set in the [ID 11] of the [use content 11] of the UCP A is set in the [ID] of the UCS A, "purchase reproduction" set in the [format 11] of the [use content 11] is set in the [format], and information (information corresponding to "purchase reproduction") set in the [parameter 11] of the [use content 11] is set in the [parameter].
  • the ID of the SAM 62 is set as the ID of the equipment of the management movement origin and as the ID of the equipment of the management movement destination.
  • the [use history] contains the history of use format to the same contents.
  • the [use history] of the UCS A although only the information indicating "purchase reproduction" is stored in the [use history] of the UCS A, for example, in the case where the contents A was previously used in the receiver 51, information indicating the use format at that time is also stored.
  • the [effective period of UCP] and [effective period of PT] are provided, it is also possible that they are made not to be set in the UCS.
  • the [ID of content provider] is provided, in the case where the ID of the UCP is unique, and the content provider can be specified by this, it is also possible not to provide it.
  • the [ID of service provider] in the case where the ID of the PT is unique and the service provider can be specified by this, it is also possible not to provide it.
  • the prepared UCS together with a content key Kco (encrypted by a saving key Ksave) supplied from a decrypting unit 91 of the decrypting/encrypting module 74 of the receiver 51, is transmitted to the external storage portion 63, and is stored in a use information storage portion 63A.
  • the use information storage portion 63A of the external storage portion 63 is divided into M blocks Bp-1 to Bp-M (for example, divided every megabyte), and each block Bp is divided into N use information memory regions Rp-1 to Rp-N.
  • the content key Kco (encrypted by the saving key Ksave) supplied from the SAM 62, and the UCS are correspondingly stored in the use information memory region Rp of the predetermined block Bp of the use information storage portion 63A.
  • the UCS A shown in Fig. 28 and the content key KcoA (encrypted by the saving key Ksave) for decrypting the contents A are correspondingly stored in the use information memory region Rp-3 of the block Bp-1.
  • the use information memory regions Rp-1 and Rp-2 of the block Bp-1 other content keys Kco1 and Kco2 (respectively encrypted by the saving key Ksave) and the UCS 1 and UCS 2 are respectively stored.
  • the use information memory region Rp-4 (not shown) to Rp-N of the block Bp-1, and the block Bp-2 (not shown) to Bp-M the content key Kco and the UCS are not recorded, but predetermined initial information indicating vacancy is stored.
  • it is not necessary to distinguish the content key Kco (encrypted by the saving key Ksave) and the UCS stored in the use information memory region Rp from each other they will be referred to as use information together.
  • Fig. 30 shows billing information A prepared at the same time as the UCS A shown in Fig. 28.
  • predetermined information corresponding to respective items of [ID of contents], [ID of content provider], [ID of UCP], [effective period of UCP], [ID of service provider], [ID of PT], [effective period of PT], [ID of UCS], [ID of SAM], [ID of user], [use content], and [billing information] is set.
  • the ID of the content provider 2-1 is set in the [ID of content provider]
  • the ID of the UCP A is set in the [ID of UCP]
  • the effective period of the UCP A is set in the [effective period of UCP]
  • the ID of the service provider 3-1 is set in the [ID of service provider]
  • the ID of the PT A-1 is set in the [ID of PT]
  • the effective period of the PT A-1 is set in the [effective period of PT]
  • the ID of the UCS A is set in the [ID of UCS]
  • the ID of the SAM 62 is set in the [ID of SAM]
  • the ID of the user F is set in the [ID of user]
  • the content of the [use content 11] of the UCS A is set in the [use content].
  • Information indicating the sum of billing added up in the equipment is set in the [billing history] of the billing information.
  • the sum of billing added up in the receiver 51 is set in the [billing history] of the billing information A.
  • the [effective period of UCP] and the [effective period of PT] are provided, they may not be provided in the billing information.
  • the [ID of content provider] is provided, in the case where the ID of the UCP is unique, and the content provider can be specified by this, it is also possible not to provide that.
  • the [ID of service provider] in the case where the ID of the PT is unique, and the service provider can be specified by this, it is also possible not to provide that.
  • Fig. 26 In the storage module 73, as shown in Fig. 31, various keys such as the public key Kpu of the SAM 62, the secret key Ksu of the SAM 62, the public key Kpesc of the EMD service center 1, the public key Kpca of the certificate authority, the saving key Ksave, and the delivery key Kd for March, the certificate (Fig. 27) of the SAM 62, billing information (for example, billing information A of Fig. 30), reference information 51, M inspection values Hp-1 to Hp-M, and the like are stored.
  • billing information for example, billing information A of Fig. 30
  • reference information 51 for example, billing information A of Fig. 30
  • M inspection values Hp-1 to Hp-M M inspection values
  • Fig. 32 shows the reference information 51 stored in the storage module 73.
  • the reference information includes predetermined information set in respective items of [ID of SAM], [equipment number], [settlement ID], [upper limit amount of billing], [settlement user information], [subordinate user information], and [use point information].
  • the [ID of SAM] [equipment number], [settlement ID], [settlement user information], [subordinate user information], and [use point information] of the reference information
  • information of corresponding items of the system registration information (Fig. 9) managed by the user management portion 18 of the EMD service center 1 is set. That is, the ID of the SAM 62, the equipment number (No. 100) of the SAM 62, the settlement ID of the user F, the settlement user information of the user F (general information (name, address, telephone number, settlement agency information, birth date, age, gender) of the user F, the ID of the user F, and the password of the user F), and use point information shown in Fig. 33 (information similar to that shown in Fig. 10) are set in the reference information 51.
  • the upper limit amounts of billing different between the state where the equipment is formally registered in the EMD system and the state where it is temporarily registered are set.
  • the [upper limit amount of billing] of the reference information 51 since the receiver 51 is formally registered, information ("upper limit amount at the time of formal registration") indicating the upper limit amount of billing in the state where it is formally registered is set.
  • the upper limit amount of billing in the state of the formal registration is larger than the upper limit amount of billing in the state of temporal registration.
  • the inspection value Hp-1 is a hash value calculated by applying a hash function to the whole of data stored in the block Bp-1 of the use information storage portion 63A of the external storage portion 63.
  • the inspection values Hp-2 to Hp-M are also hash values of data stored in the corresponding blocks Bp-2 to Bp-M of the external storage portion 63.
  • the decrypting/encrypting module 74 of the SAM 62 is constituted by a decrypting unit 91, a random number generating unit 92, and an encrypting unit 93.
  • the decrypting unit 91 decrypts an encrypted content key Kco by a delivery key Kd and outputs it to the encrypting unit 93.
  • the random number generating unit 92 generates a random number of predetermined figures as the need arises (for example, at the time of mutual authentication), generates a temporal key Ktemp, and outputs it to the encrypting unit 93.
  • the encrypting unit 93 encrypts the decrypted content key Kco again by the saving key Ksave held in the storage module 73.
  • the encrypted content key Kco is supplied to the external storage portion 63.
  • the encrypting unit 93 encrypts the content key Kco by the temporal key Ktemp generated by the random number generating unit 92.
  • the data inspection module 75 compares the inspection value Hp stored in the storage module 73 with the hash value of the data of the corresponding block Bp of the use information storage portion 63A of the external storage portion 63, and inspects whether the data of the block Bp is not falsified.
  • the data inspection module 75 again calculates the inspection value Hp when the purchase, use, management movement, and the like of the contents are carried out, and stores (renews) the value in the storage module 73.
  • the expansion portion 64 is constituted by a mutual authentication module 101, a decrypting module 102, a decrypting module 103, an expansion module 104, and a watermark adding module 105.
  • the mutual authentication module 101 performs mutual authentication with the SAM 62, and outputs the temporal key Ktemp to the decrypting module 102.
  • the decrypting module 102 decrypts the content key Kco, which was encrypted by the temporal key Ktemp, by the temporal key Ktemp, and outputs it to the decrypting module 103.
  • the decrypting module 103 decrypts the contents recorded in the HDD 52 by the content key Kco, and outputs it to the expansion module 104.
  • the expansion module 104 further expands the decrypted contents through a system of ATRAC2 or the like, and outputs it to the watermark adding module 105.
  • the watermark adding module 105 inserts a watermark (electronic watermark) of information (for example, ID of the SAM 62) for specifying the receiver 51 to the contents, and outputs it to a not-shown speaker, and reproduces music.
  • the communication portion 65 carries out communication processing with the receiver 201 of the user home network 5.
  • the interface 66 changes a signal from the SAM 62 and the expansion portion 64 into a predetermined format, and outputs it to the HDD 52. Further, the interface changes a signal from the HDD 52 into a predetermined format, and outputs it to the SAM 62 and the expansion portion 64.
  • the display control portion 67 controls output to a display portion (not shown).
  • the input control portion 68 controls input from an operation portion (not shown) constituted by various buttons and the like.
  • the HDD 52 stores a registration list as shown in Fig. 34, in addition to the contents supplied from the service provider 3, UCP, and PT.
  • This registration list is constituted by a list portion where information is stored in a table form, and an object SAM information portion where predetermined information as to an equipment for holding the registration list is stored.
  • the SAM ID of the equipment holding this registration list in the case of this example, the ID of the SAM 62 of the receiver 51 is stored (in the column of [object SAM ID]). Further, in the object SAM information portion, the effective period of this registration list is stored (in the column of [effective period]), the version number of the registration list is stored (in the column of [version number]), and the number of the connected equipment (including itself), in the case of this example, since other equipment is not connected to the receiver 51, the value of 1 including itself is stored (in the column of [number of connected equipment]).
  • the list portion is constituted by nine items of [SAM ID], [user ID], [purchase processing], [billing processing], [billing equipment], [content supply equipment], [state flag], [signature of registration condition], and [registration list signature], and in the case of this example, as the registration conditions of the receiver 51, predetermined information is stored in the respective items.
  • the ID of the SAM of the equipment is stored in the [SAM ID].
  • the ID of the SAM 62 of the receiver 51 is stored.
  • the ID of the user of the corresponding equipment is stored.
  • the ID of the user F is stored.
  • the ID of the SAM of the equipment for performing the billing processing to the billing added up in the corresponding equipment is stored.
  • the ID of the SAM 62 is stored.
  • the ID of the SAM of the equipment capable of supplying the contents is stored.
  • the receiver 51 since the receiver 51 receives the supply of contents from the service provider 3, information ("No") indicating that there is no equipment to supply contents is stored.
  • an operation limiting condition of the corresponding equipment is stored.
  • information "no limitation" indicating that case, in the case where a predetermined limitation is applied, information ("with limitation”) indicating that case, and in the case where the operation is stopped, information ("stop") indicating that case are stored, respectively.
  • "with limitation” is set in the [state flag] corresponding to the equipment.
  • processing of using already purchased contents is executed, processing for purchasing new contents can not be executed.
  • the [registration condition signature] as a registration condition, a signature by the EMD service center 1 to information stored in each of the [SAM ID], [user ID], [purchase processing], [billing processing], [billing equipment], [content supply equipment], and [state flag] is stored.
  • the signature to the registration condition of the receiver 51 is stored.
  • the [registration list signature] a signature to the whole of data set in the registration list is set.
  • Fig. 35 shows a structural example of the receiver 201. Since a communication portion 211 of the receiver 201 to an input control portion 218 have the same function as the communication portion 61 of the receiver 51 to the input control portion 68, their description is suitably omitted.
  • a public key Kpu of the SAM 212 a secret key Ksu of the SAM 212, a public key Kpesc of the EMD service center 1, a public key Kpca of certificate authority, a saving key Ksave, certificate of the SAM 212 previously distributed from the certificate authority, and as shown in Fig. 37, reference information 201 in which the ID of the SAM 212 and the equipment number (No. 100) of the receiver 201 are set, are stored.
  • a delivery key Kd expressed with a shadow in the Fig. 36 is not stored at this point of time.
  • a HDD 202 has the same function as the HDD 52, the description is omitted.
  • step S11 the processing in which the delivery key Kd is supplied from the EMD service center 1 to the content provider 2-1 is carried out.
  • the details of this processing are shown in the flowchart of Fig. 39. That is, at step S31, the mutual authentication portion 17 (Fig. 3) of the EMD service center 1 makes mutual authentication with the mutual authentication portion 39 (Fig. 11) of the content provider 2-1, and after confirms that the content provider 2-1 is a proper provider, the content provider management portion 12 of the EMD service center 1 transmits the delivery key Kd supplied from the key server 14 to the content provider 2-1.
  • the details of the mutual authentication processing will be described later with reference to Figs. 40 to 42.
  • the encrypting portion 36 of the content provider 2-1 receives the delivery key Kd transmitted from the EMD service center 1, and stores it at step S33.
  • step S12 of Fig. 38 when the encrypting portion 36 of the content provider 2-1 stores the delivery key Kd, the processing is ended, and proceeds to step S12 of Fig. 38.
  • a description will be made on, as examples, a case of using one common key (Fig. 40), a case of using two common keys (Fig. 41), and a case of using a public key cipher (Fig. 42).
  • Fig. 40 is a flowchart for explaining an operation of mutual authentication between the mutual authentication portion 39 of the content provider 2 and the mutual authentication portion 17 of the EMD service center 1, by one common key and using DES of common key cipher.
  • the mutual authentication portion 39 of the content provider 2 generates a random number R1 of 64 bits (the random number generating portion 35 may generate it).
  • the mutual authentication portion 39 of the content provider 2 encrypts the random number R1 by using the DES and by the previously stored common key Kc (encrypting may be made in the encrypting portion 36).
  • the mutual authentication portion 39 of the content provider 2 transmits the encrypted random number R1 to the mutual authentication portion 17 of the EMD service center 1.
  • the mutual authentication portion 17 of the EMD service center 1 decrypts the received random number R1 by the previously stored common key Kc.
  • the mutual authentication portion 17 of the EMD service center 1 generates a random number R2 of 32 bits.
  • the mutual authentication portion 17 of the EMD service center 1 replaces the lower 32 bits of the decrypted random number R1 of 64 bits by the random number R2, and generates concatenation R1 H
  • Ri H designates the upper bit of Ri
  • B designates concatenation of A and B (what is composed of (n + m) bits obtained by combining the lower bits of n bits of A with B of m bits).
  • the mutual authentication portion 17 of the EMD service center 1 encrypts R1 H
  • the mutual authentication portion 17 of the EMD service center 1 transmits the encrypted R1 H
  • the mutual authentication portion 39 of the content provider 2 decrypts the received R1 H
  • the mutual authentication portion 39 of the content provider 2 checks R1 H of the upper 32 bits of the decrypted R1 H
  • the processing is ended.
  • the mutual authentication portion 39 of the content provider 2 sets the received and decrypted random number R2 of 32 bits to the upper bits, and sets the generated random number R3 to the lower bits to make concatenation R2
  • the mutual authentication portion 39 of the content provider 2 encrypts the concatenation R2
  • the mutual authentication portion 39 of the content provider 2 transmits the encrypted concatenation R2
  • the mutual authentication portion 17 of the EMD service center 1 decrypts the received concatenation R2
  • the mutual authentication portion 17 of the EMD service center 1 checks the upper 32 bits of the decrypted concatenation R2
  • Fig. 41 is a flowchart for explaining the operation of mutual authentication between the mutual authentication portion 39 of the content provider 2 and the mutual authentication portion 17 of the EMD service center 1, by two common keys Kc1 and Kc2 and by using the DES of the common key cipher.
  • the mutual authentication portion 39 of the content provider 2 generates a random number R1 of 64 bits.
  • the mutual authentication portion 39 of the content provider 2 encrypts the random number R1 by using the DES and by the previously stored common key Kc1.
  • the mutual authentication portion 39 of the content provider 2 transmits the encrypted random number R1 to the EMD service center 1.
  • the mutual authentication portion 17 of the EMD service center 1 decrypts the received random number R1 by the previously stored common key Kc1.
  • the mutual authentication portion 17 of the EMD service center 1 encrypts the random number R1 by the previously stored common key Kc2.
  • the mutual authentication portion 17 of the EMD service center 1 generates a random number R2 of 64 bits.
  • the mutual authentication portion 17 of the EMD service center 1 encrypts the random number R2 by the common key Kc2.
  • the mutual authentication portion 17 of the EMD service center 1 transmits the encrypted random number R1 and random number R2 to the mutual authentication portion 39 of the content provider 2.
  • the mutual authentication portion 39 of the content provider 2 decrypts the received random number R1 and random number R2 by the previously stored common key Kc2.
  • the mutual authentication portion 39 of the content provider 2 checks the decrypted random number R1, and if it is coincident with the random number R1 (random number R1 before being encrypted) generated at step S61, the mutual authentication portion authenticates that the EMD service center 1 is a proper center, and if not coincident, the mutual authentication portion regards it as an unfair center and ends the processing.
  • the mutual authentication portion 39 of the content provider 2 encrypts the decrypted random number R2 by the common key Kc1.
  • the mutual authentication portion 39 of the content provider 2 transmits the encrypted random number R2 to the EMD service center 1.
  • the mutual authentication portion 17 of the EMD service center 1 decrypts the received random number R2 by the common key Kc1.
  • the mutual authentication portion 17 of the EMD service center 1 authenticates that the content provider 2 is a proper provider if the decrypted random number R2 is coincident with the random number R2 (random number R2 before being encrypted) generated at step S66, while it regards the provider as an unfair provider and ends the processing if not coincident.
  • Fig. 42 is a flowchart for explaining the operation of mutual authentication between the mutual authentication portion 39 of the content provider 2 and the mutual authentication portion 17 of the EMD service center 1, by using an elliptic curve cipher with a length of 160 bits, as the public key cipher.
  • the mutual authentication portion 39 of the content provider 2 generates a random number R1 of 64 bits.
  • the mutual authentication portion 39 of the content provider 2 transmits a certificate (what is previously obtained from the certificate authority) including its own public key Kpcp and the random number R1 to the mutual authentication portion 17 of the EMD service center 1.
  • the mutual authentication portion 17 of the EMD service center 1 decrypts the signature (encrypted by the secret key Ksca of the certificate authority) of the received certificate by the previously obtained public key Kpca of the certificate authority, and extracts the hash value of the public key Kpcp of the content provider 2 and the name of the content provider 2, and further extracts the public key Kpcp of the content provider 2 and the name of the content provider 2 stored in the certificate as a plain text.
  • the certificate is a proper one issued by the certificate authority, it is possible to decrypt the signature of the certificate, and the hash value of the public key Kpcp and the name of the content provider 2 obtained by decrypting coincides with a hash value obtained by applying a hash function to the public key Kpcp of the content provider 2 and the name of the content provider 2 stored in the certificate as the plain text.
  • the public key Kpcp is a proper one which is not falsified. If the signature can not be decrypted, or even if decrypted, the hash values are not coincident with each other, it is found that the key is not a proper public key or the provider is not a proper provider. At this time, the processing is ended.
  • the mutual authentication portion 17 of the EMD service center 1 When the proper authentication result is obtained, at step S84, the mutual authentication portion 17 of the EMD service center 1 generates a random number R2 of 64 bits. At step S85, the mutual authentication portion 17 of the EMD service center 1 generates concatenation R1
  • the mutual authentication portion 17 of the EMD service center 1 transmits the concatenation R1
  • the mutual authentication portion 39 of the content provider 2 decrypts the signature of the received certificate by the previously obtained public key Kpca of the certificate authority, and if correct, it extracts the public key Kpesc from the certificate. Since the processing of this case is the same as the case of step S83, the description is omitted.
  • the mutual authentication portion 39 of the content provider 2 decrypts the concatenation R1
  • the mutual authentication portion 39 of the content provider 2 decrypts the concatenation R1
  • the mutual authentication portion 39 of the content provider 2 compares the concatenation R1
  • the mutual authentication portion 39 of the content provider 2 When a proper authentication result is obtained, at step S93, the mutual authentication portion 39 of the content provider 2 generates a random number R3 of 64 bits. At step S94, the mutual authentication portion 39 of the content provider 2 generates concatenation R2
  • the mutual authentication portion 17 of the EMD service center 1 decrypts the encrypted concatenation R2
  • the mutual authentication portion 17 of the EMD service center 1 authenticates that the content provider 2 is a proper provider, and if not coincident, it regards the content provider as an improper provider and ends the processing.
  • the mutual authentication portion 17 of the EMD service center 1 and the mutual authentication portion 39 of the content provider 2 make mutual authentication.
  • the random number used for the mutual authentication is used as a temporal key Ktemp effective for only the processing subsequent to the mutual authentication.
  • step S12 the processing in which a content provider secure container is supplied to the service provider 3-1 from the content provider 2-1 is carried out.
  • the details of the processing are shown in the flowchart of Fig. 43. That is, at step 201, the watermark adding portion 32 (Fig. 11) of the content provider 2-1 reads out the contents A from the content server 31, inserts a predetermined watermark (electronic watermark) indicating the content provider 2-1, and supplies it to the compression portion 33.
  • a predetermined watermark electronic watermark
  • the compression portion 33 of the content provider 2-1 compresses the contents A inserted with the watermark by a predetermined system such as ATRAC2, and supplies to the encrypting portion 34.
  • the random number generating portion 35 generates a random number which becomes a content key KcoA, and supplies it to the encrypting portion 34.
  • the encrypting portion 34 of the content provider 2-1 uses the random number (content key KcoA) generated in the random number generating portion 35 by the predetermined system of DES or the like, and encrypts the contents A in which the watermark is inserted and which is compressed.
  • the encrypting portion 36 encrypts the content key KcoA by the predetermined system such as DES and by the delivery key Kd supplied from the EMD service center 1.
  • the secure container preparing portion 38 of the content provider 2-1 calculates a hash value by applying a hash function to the whole of the contents A (encrypted by the content key KcoA), the content key KcoA (encrypted by the delivery key Kd), UCP A and UCP B (Fig. 12) stored in the policy storage portion 37 and corresponding to the contents A, and encrypts it by its own secret key Kscp.
  • the signature shown in Fig. 17 is prepared.
  • the secure container preparing portion 38 of the content provider 2-1 prepares the content provider secure container shown in Fig. 17, which includes the contents A (encrypted by the content key KcoA), the content key KcoA (encrypted by the delivery key Kd), UCP A, UCP B (Fig. 12) and the signature prepared at step S206.
  • the mutual authentication portion 39 of the content provider 2-1 makes mutual authentication with the mutual authentication portion 45 (Fig. 19) of the service provider 3-1. Since the authentication processing is the same as the case explained with reference to Figs. 40 to 42, the description is omitted.
  • the secure container preparing portion 38 of the content provider 2-1 attaches the certificate (Fig. 18) previously issued from the certificate authority to the content provider secure container prepared at step S207, and transmits it to the service provider 3-1.
  • the service provider secure container is supplied from the service provider 3-1 to the user home network 5 (receiver 51).
  • the details of this processing are shown in the flowchart of Fig. 44. That is, at step S221, the estimating portion 42 (Fig. 19) of the service provider 3-1 confirms the signature contained in the certificate (Fig. 18) attached to the content provider secure container transmitted from the content provider 2-1, and if falsifying of the certificate is not made, it extracts the public key Kpcp of the content provider 2-1 from that. Since the confirmation of the signature of the certificate is the same as the processing at step S83 of Fig. 42, the description is omitted.
  • the estimating portion 42 of the service provider 3-1 decrypts the signature of the content provider secure container transmitted from the content provider 2-1 by the public key Kpcp of the content provider 2-1, judges whether the obtained hash value is coincident with a hash value obtained by applying a hash function to the whole of the contents A (encrypted by the content key KcoA), the content key KcoA (encrypted by the delivery key Kd), the UCP A and the UCP B, and confirms whether the content provider secure container is not falsified. In the case where values of both are not coincident with each other (in the case where falsifying is found), the processing is ended. In the case of this example, it is assumed that falsifying of the content provider secure container is not carried out, and the processing proceeds to step S223.
  • the estimating portion 42 of the service provider 3-1 extracts the contents A (encrypted by the content key KcoA), the content key KcoA (encrypted by the delivery key Kd), and the signature from the content provider secure container, and supplies them to the content server 41.
  • the content server 41 stores those.
  • the estimating portion 42 extracts also the UCP A and UCP B from the content provider secure container, and supplies them to the policy storage portion 43 and the secure container preparing portion 44.
  • the estimating portion 42 of the service provider 3-1 prepares PT A-1, PT A-2 (Fig. 20), and PT B-1, PT B-2 (Fig. 22) on the basis of the extracted UCP A and UCP B, and supplies them to the secure container preparing portion 44.
  • the secure container preparing portion 44 of the service provider 3-1 prepares the service provider secure container shown in Fig. 24 from the contents A (encrypted by the content key KcoA), the content key KcoA (encrypted by the delivery key Kd), and the signature of the content provider 2-1, which are read out from the content server 41, and the UCP A, B, and the PT A-1, A-2, B-1, B-2, which are supplied from the estimating portion 42.
  • the mutual authentication portion 45 of the service provider 3-1 makes mutual authentication with the mutual authentication module 71 (Fig. 26) of the receiver 51. Since this authentication processing is the same as the case where the explanation has been made with reference to Figs. 40 to 42, the explanation is omitted.
  • the secure container preparing portion 44 of the service provider 3-1 attaches the certificate (Fig. 25) of the service provider 3-1 to the service provider secure container prepared at step S225, and transmits it to the receiver 51 of the user home network 5.
  • the service provider secure container transmitted from the service provider 3-1 is received by the receiver 51 of the user home network 5.
  • the mutual authentication module 71 (Fig. 26) of the receiver 51 makes mutual authentication with the mutual authentication portion 45 (Fig. 19) of the service provider 3-1 through the communication portion 61, and when the mutual authentication can be made, the communication portion 61 receives the service provider secure container (Fig. 24) from the service provider 3-1 with which the mutual authentication was made.
  • the processing is ended. In the case of this example, it is assumed that the mutual authentication was made, and the processing proceeds to step S242.
  • the communication portion 61 of the receiver 51 receives a public key certificate from the service provider 3-1 with which the mutual authentication was made at step S241.
  • the decrypting/encrypting module 74 of the receiver 51 checks the signature contained in the service provider secure container received at step S241, and checks whether falsifying has been made or not.
  • the processing is ended. In the case of this example, it is assumed that falsifying is not found, and the processing proceeds to step S244.
  • the user F refers to the content of the displayed UCP and PT, operates a not-shown operation portion, and selects one use content of the UCP.
  • the input control portion 68 outputs a signal inputted from the operation portion and corresponding to the operation of the user F to the SAM 62.
  • the content use point of the content provider 2-1 is made 222 points. That is, according to this reference information 51, between UCP A and UCP B set correspondingly to the contents A, the USP A (Fig. 12A) in which the [user condition 10] of the [use condition 10] is made "200 points or more" is selected. Besides, in the [settlement user information] of the reference information 51, since the user F is made male, the condition set in the [price condition 10] of the PT A-1 (Fig. 20A) is satisfied.
  • the PT A-1 is selected between the PT A-1 and PT A-2 prepared correspondingly to the UCP A.
  • the PT A-1 is selected.
  • the content of the UCP A and the PT A-1 is displayed on the display portion.
  • the user F selects the use content 11 of the UCP A (price content 11 of the PT A-1).
  • the billing processing module 72 of the SAM 62 of the receiver 51 prepares UCS A (Fig. 28) and billing information A (Fig. 30) on the basis of the content (content of the [price content 11] of the PT A-1) of the [use content 11] of the UCP A selected at step S 244. That is, in this case, the contents A are purchased and reproduced at a charge of 2000 yen.
  • the contents A (encrypted by the content key KcoA), UCP A, PTA-1, PTA-2, and the signature of the content provider 2, which are contained in the service provider secure container (Fig. 24), are extracted, are outputted to the HDD 52, and are stored.
  • the decrypting unit 91 of the decrypting/encrypting unit 74 decrypts the content key KcoA (encrypted by the delivery key Kd) contained in the service provider secure container by the delivery key Kd stored in the storage module 73.
  • the encrypting unit 93 of the decrypting/encrypting unit 74 encrypts the content key KcoA decrypted at step S247 by the saving key Ksave stored in the storage module 73.
  • the data inspection module 75 of the receiver 51 detects the block Bp of the use information storage portion 63A (Fig. 29) of the external storage portion 63 in which the content key KcoA encrypted by the saving key Ksave at step S248 and UCS A prepared at step S245 are correspondingly stored.
  • the block Bp-1 of the use information storage portion 63A is detected.
  • the data inspection module 75 of the receiver 51 applies a hash function to the data of the block Bp-1 detected at step S249 (all data stored in the use information memory regions Rp-1 to Rp-N) to obtain a hash value.
  • the data inspection module 75 compares the hash value obtained at step S250 with the inspection value Hp-1 (Fig. 31) corresponding to the block Bp-1 stored in the storage module 73, and judges whether they are coincident with each other. In the case where it is judged that they are coincident, since the data of the block Bp-1 are not falsified, the processing proceeds to step S252.
  • the SAM 62 of the receiver 51 stores the use information (content key KcoA encrypted by the saving key Ksave at step S248, and UCS A (Fig. 28) prepared at step S245) in the use information memory region Rp-3 of the block Bp-1 of the external storage portion 63.
  • the data inspection module 75 of the receiver 51 applies a hash function to all data stored in the block Bp-1, which includes the use information memory region Rp-3 in which the use information is stored at step S252, of the use information storage portion 63A, and calculates a hash value, and at step S254, overwrites the inspection value Hp-1 stored in the storage module 73.
  • the billing processing module 72 stores the billing information A prepared at step S245 in the storage module 73, and the processing is ended.
  • step S251 in the case where it is judged that the calculated hash value is not coincident with the inspection value Hp-1, since the data of the block Bp-1 are falsified, the procedure proceeds to step S256, and it is judged whether the data inspection module 75 has examined all blocks Bp of the use information storage portion 63A of the external storage portion 63. In the case where all blocks Bp of the external storage portion 63 have not been examined, the procedure proceeds to step S257, other blocks Bp having vacancy in the use information storage portion 63A are searched, and then, the procedure returns to step S250, and the subsequent processing is executed.
  • step S256 in the case where all blocks Bp of the use information storage portion 63A of the external storage portion 63 have been examined, since a block Bp (use information memory region Rp) capable of storing use information does not exist, the processing is ended.
  • the supplied contents A are used in the receiver 51.
  • the contents A are reproduced and are used. Then, here, the reproduction processing of the contents A will be described. The details of this reproduction processing are shown in the flowchart of Fig. 46.
  • the data inspection module 75 of the receiver 51 applies a hash function to the content key KcoA (encrypted by the saving key Ksave) and the data of the block Bp-1, which includes the use information memory region Rp-3 in which the UCS A is stored at step S252 of the Fig. 45, of the use information storage portion 63A of the external storage portion 63, and calculates a hash value.
  • the data inspection module 75 of the receiver 51 judges whether the hash value calculated at step S261 is coincident with the hash value (inspection value Hp-1) calculated at step S253 of Fig. 45 and stored in the storage module 73 at step S254, and in the case where they are coincident with each other, since the data of the block Bp-1 are not falsified, the procedure proceeds to step S263.
  • step S263 on the basis of the information indicated in the [parameter] of the [use content] of the UCS A (Fig. 28), it is judged whether the contents A can be used.
  • the contents A For example, in the UCS in which the [format] of the [use content] is made [reproduction with limited period], since the start period (hour) and end period (hour) are stored in the [parameter], in this case, it is judged whether the present hour is in the range. When the present hour is in the range, it is judged that the use of the contents is possible, and when the hour is in the outside of the range, it is judged that the use is impossible.
  • the remaining usable number of times is stored in the [parameter].
  • the usable number of times stored in the [parameter] is not 0, it is judged that the use of the corresponding contents is possible, while when the usable number of times is 0, it is judged that the use is impossible.
  • step S263 since the [format] of the [use content] of the UCS A is made [purchase reproduction], in this case, the contents A are purchased, and are reproduced without limit. That is, information indicating that the contents can be used is set in the [parameter] of the [use content] of the UCS A. Thus, in the case of this embodiment, at step S263, it is judged that the contents A can be used, and the procedure proceeds to step S264.
  • the billing module 72 of the receiver 51 renews the UCS A.
  • information to be renewed is not contained in the UCS A, for example, in the case where the [format] of the [use content] is made the use format in which reproduction is made only a predetermined number of times, the reproducible number of times stored in the [parameter] is decremented by 1.
  • the SAM 62 of the receiver 51 stores the UCS A (actually, not renewed) renewed at step S264 in the use information memory region Rp-3 of the block Bp-1 of the use information storage portion 63A of the external storage portion 63.
  • the data inspection module 75 applies a hash function to the data of the block Bp-1 of the use information storage portion 63A of the external storage portion 63, in which the UCS A is stored at step S265, and calculates a hash value, and overwrites the inspection value Hp-1 stored in the storage module 73.
  • the mutual authentication module 71 of the SAM 62 and the mutual authentication module 101 of the expansion portion 64 make mutual authentication, and the SAM 62 and the expansion portion 64 have the temporal key Ktemp in common. Since this authentication processing is the same as the case described with reference to Figs. 40 to 42, its description is omitted here.
  • the random numbers R1, R2, and R3 used for the mutual authentication or their combination is used as the temporal key Ktemp.
  • the decrypting unit 91 of the decrypting/encrypting module 74 decrypts the content key KcoA (encrypted by the saving key Ksave) stored in the block Bp-1 (use information memory region Rp-3) of the use information storage portion 63A of the external storage portion 63 at step S252 of Fig. 45 by the saving key Ksave stored in the storage module 73.
  • the encrypting unit 93 of the decrypting/encrypting module 74 encrypts the decrypted content key KcoA by the temporal key Ktemp.
  • the SAM 62 transmits the content key KcoA encrypted by the temporal key Ktemp to the expansion portion 64.
  • the decrypting module 102 of the expansion portion 64 decrypts the content key KcoA by the temporal key Ktemp.
  • the expansion portion 64 receives the contents A (encrypted by the content key Kco) recorded in the HDD 52 through the interface 66.
  • the decrypting module 103 of the expansion portion 64 decrypts the contents A (encrypted by the content key Kco) by the content key KcoA.
  • the expansion module 104 of the expansion portion 64 expands the decrypted contents A by a predetermined system such as ATRAC2.
  • the watermark adding module 105 of the expansion portion 64 inserts a predetermined watermark (electronic watermark) for specifying the receiver 51 to the expanded contents A.
  • the contents A are outputted to a not-shown speaker or the like, and the processing is ended.
  • step S262 in the case where it is judged that the hash value calculated at step S261 is not coincident with the hash value stored in the storage module 73 of the receiver 51, or at step S263, in the case where it is judged that the contents can not be used, at step S277, the SAM 62 executes predetermined error processing such as displaying an error message on a not-shown display portion through the display control portion 67, and the processing is ended.
  • FIG. 47 shows a processing procedure of the receiver 201 in the case of executing this processing.
  • the user A purchasing the receiver 201 enters predetermined information in a registration form attached to the receiver 201 at the time of purchase, and sends it to a management company for managing the EMD service center 1.
  • a registration form an expression indicating ID of the SAM of the equipment to be attached (in this case, ID of the SAM 212 of the receiver 201) is recited, and further, there are provided columns in which information such as name, address, telephone number, information of settlement agency (for example, the number of a credit card, etc.), birth date, age, gender, password, user ID, settlement ID, and the like of the user can be entered.
  • the pass word, ID, and settlement ID of the user are given to the user when he or she is registered (formally registered or temporarily registered) in the EMD system, and these are not made open.
  • the user A since the user A is not registered in the EMD system, he or she does not has the password, user ID, and settlement ID. Then, as shown in Fig. 48, the user A enters the name, address, telephone number, information of settlement agency, birth date, age, and gender (hereinafter, in the case where it is not necessary to individually distinguish the name, address, telephone number, information of settlement agency, birth date, age, and gender, which are entered in the registration form, from one another, the whole will be referred to as "user general information" in the registration form.
  • the user A since the user A is registered as the settlement user of the receiver 201, a credit investigation processing is carried out to the user A. Then, the user A must always enter the information of the name, address, telephone number, and settlement agency in the user general information, which are used for the credit investigation processing, in the registration form.
  • the user A carries out an operation to the receiver 201 to transmit a predetermined use start signal indicating the start of use of contents in the receiver 201 to the EMD service center 1.
  • a predetermined use start signal indicating the start of use of contents in the receiver 201 to the EMD service center 1.
  • mutual authentication is made between the mutual authentication portion 221 of the receiver 201 and the mutual authentication portion 17 of the EMD service center 1, and then, the use start signal is transmitted to the EMD service center 1 through the communication portion 211 of the receiver 201.
  • this use start signal includes ID of the SAM of the equipment requiring the use start (in this case, ID of the SAM 212 of the receiver 201).
  • the receiver 201 receives and stores the delivery key Kd (Fig. 8) for January, upper limit amount of billing at the time of temporal registration, ID of the user A, password of the user A, and user general information written in the registration form at step S401, which are transmitted from the EMD service center 1 when it is temporarily registered in the EMD system (hereinafter, in the case where it is not necessary to respectively distinguish these pieces of information from one another, the information transmitted from the EMD service center 1 at this time will be referred to as temporal registration information).
  • the temporal key Ktemp is owned in common.
  • the delivery key Kd for January is stored in the storage module 223 of the receiver 201.
  • the reference information 201 stored in the storage module 223, as shown in Fig. 50 in addition to the information (Fig. 37) stored before this processing, "upper limit amount at temporal registration" is set in the [upper limit amount of billing], and the user general information of the user A, the ID of the user A, and the password are set in the [settlement user information].
  • the information of the user A is stored in the [name], [birth date], and [age] of the reference information 201 under the condition that the exhibition is permitted.
  • the information displayed with a shadow indicates that its exhibition is not permitted, and the information displayed without a shadow indicates that its exhibition is permitted.
  • the receiver 201 receives and stores the delivery key Kd for March, upper limit amount of billing at the time of formal registration, and settlement ID of the user A, which are transmitted from the EMD service center 1 at the time of formal registration in the EMD system (hereinafter, in the case where it is not necessary to respectively distinguish these pieces of information transmitted from the EMD service center 1 at this time, the whole will be referred to as formal registration information ). Since the specific processing here is similar to the case at step S403, the description is omitted. By this, in the storage module 223 of the receiver 201, as shown in Fig. 51, instead of the delivery key Kd for January in the information (Fig.
  • the delivery key Kd for March is stored, and in the reference information 201, as shown in Fig. 52, "upper limit amount at the time of formal registration" is set in the [upper limit amount of billing], and the settlement ID of the user A is newly set in the [settlement ID].
  • the receiver 201 is registered in the EMD system while the user A is made the settlement user. By this, it becomes possible for the user A to use the contents in the receiver 201.
  • step S411 when a management company for managing the EMD service center 1 receives the registration form (step S401 of Fig. 47) sent by the user A, it inputs the content to the EMD service center 1.
  • the [settlement user information] corresponding to the ID of the SAM 212 of the receiver 201
  • the system registration information held by the user management portion 18 of the EMD service center 1 as shown in Fig. 54
  • the user general information of the user A (name, address, telephone number, information of settlement agency, birth date, age, and gender) is stored.
  • step S412 a registration processing through credit investigation is started.
  • the details of the registration processing through this credit investigation are shown in the flowchart of Fig. 55. That is, at step S421, the receipts and disbursements portion 20 of the EMD service center 1 communicates, for example, with the settlement agency of the user A on the basis of the information of the name, address, telephone number, and settlement agency of the user A entered in the registration form, and starts the credit investigation processing to the user A.
  • step S422 the user management portion 18 of the EMD service center 1 judges whether the use start signal (step S402 of Fig. 47) transmitted from the receiver 201 is received or not, and in the case where it is judged that the signal is received, the procedure proceeds to step S423, and it is judged whether the credit investigation processing started at step S421 is completed or not.
  • step S423 the procedure proceeds to step S424, the user management portion 18 of the EMD service center 1 assigns the ID and password of the user A, and sets those as information not permitted to be made open, as shown in Fig. 56, in the [settlement user information] corresponding to the ID of the SAM 212 of the system registration information, and transmits them, together with the delivery key Kd for January prepared by the key server 14 and the information indicating the upper limit amount of billing at the time of temporal registration, to the receiver 201.
  • the receiver 201 receives them (step S403 of Fig. 47).
  • the temporal registration information is transmitted to the receiver 201 in several hours from the time when the EMD service center 1 received the use start signal.
  • step S425 the user management portion 18 of the EMD service center 1 waits until the credit investigation processing started at step S421 is completed, and when the credit investigation processing is completed, the procedure proceeds to step S426, and on the basis of the result of the credit investigation processing, it is judged whether the receiver 201 can be formally registered in the EMD system.
  • step S426 in the case where it is judged that the receiver 201 can be formally registered in the EMD system, the user management portion 18 of the EMD service center 1 proceeds to step S427, assigns the settlement ID to the user A, and after setting it, as one not permitted to be made open, in the [settlement ID] corresponding to the ID of the SAM 212 in the system registration information as shown in Fig. 57, the user management portion transmits it to the receiver 201, together with the delivery key Kd for March prepared by the key server 14 and the information indicating the upper limit amount of billing at the time of formal registration.
  • the receiver 201 receives them (step S404 of Fig. 47).
  • the credit investigation processing started at step S401 is completed in about one week. That is, the formal registration information is transmitted to the receiver 201 after one week has passed since the registration form was sent to the management company.
  • step S422 in the case where it is judged that the use start signal is not received, the procedure proceeds to step S428, and it is judged whether the credit investigation processing is completed. In the case where it is judged that the credit investigation processing is not completed, the processing returns to step S422, and the subsequent processing is carried out.
  • step S428 in the case where it is judged that the credit investigation processing is completed, that is, in the case where the credit investigation processing is completed before the use start signal is received, or at step S423, in the case where it is judged that the credit investigation processing is completed, that is, in the case where the credit investigation processing is completed before the temporal registration information is transmitted, the procedure proceeds to step S429.
  • the user management portion 18 of the EMD service center 1 assigns the ID, password, and settlement ID of the user A, and sets them in the [settlement user information] corresponding to the ID of the SAM 212, and then, transmits them to the receiver 201, together with the delivery key Kd for March prepared by the key server 14, the information indicating the upper limit amount of billing at the time of formal registration, and the user general information.
  • the temporal registration information is transmitted to the receiver 201, the credit investigation processing is completed.
  • step S426 in the case where it is judged that the receiver 201 is not formally registered in the EMD system, the processing at step S427 is skipped, and the processing is ended. Incidentally, at this time, at step S424, the user ID, password, and user general information set in the system registration information are deleted.
  • step S501 mutual authentication between the receiver 51 and the EMD service center 1 is carried out. Since this mutual authentication is the same processing as the case where the description has been made with reference to Figs. 40 to 42, its description is omitted.
  • the SAM 62 of the receiver 51 transmits a certificate to the user management portion 18 of the EMD service center 1.
  • the SAM 62 of the receiver 51 encrypts the billing information stored in the storage module 73 by the temporal key Ktemp commonly owned by the EMD service center 1 at step S501, and transmits it to the EMD service center 1, together with the version of the delivery key Kd, the corresponding UCP and PT stored in the HDD 52, and the registration list.
  • the user management portion 18 of the EMD service center 1 receives the information transmitted from the receiver 51 at step S503, and decrypts it, and then, the user management portion 18 of the EMD service center 1 confirms whether an unfair act by which "stop" is set in the [state flag] of the registration list exists in the receiver 51.
  • the billing charging portion 19 of the EMD service center 1 analyzes the billing information received at step S503, and carries out processing of calculating the payment sum of the user (for example, user F) and the like.
  • the user management portion 18 confirms whether the settlement was successful by the processing at step S505.
  • the user management portion 18 of the EMD service center 1 sets the registration conditions of the receiver 51 on the basis of the confirmation result at step S504 and the confirmation result at step S506, and attaches a signature to them and prepares a registration list of the receiver 51.
  • step S504 in the case where an unfair act is confirmed, "stop" is set in the [state flag], and in this case, after this, all processing is stopped. That is, it becomes impossible to receive any service from the EMD system.
  • step S506 in the case where it is confirmed that the settlement was not successful, "with limitation” is set in the [state flag], and in this case, although the processing of reproducing the contents already purchased is made possible, it becomes impossible to execute processing of newly purchasing contents.
  • step S508 the procedure proceeds to step S508, and the user management portion 18 of the EMD service center 1 encrypts the delivery key Kd of the newest version (delivery key Kd of the newest version for March) by the temporal key Ktemp, and transmits it, together with the registration list prepared at step S507, to the receiver 51.
  • the SAM 62 of the receiver 51 receives the delivery key Kd and the registration list transmitted from the EMD service center 1 through the communication portion 61, and after decrypting them, the SAM stores them in the storage module 73. At this time, the billing information stored in the storage module 73 is erased, and the registration list and the delivery key Kd are renewed.
  • This processing is started in the case where the billing added up exceeds a predetermined upper limit amount (upper limit amount at the time of formal registration or upper limit amount at the time of temporal registration), or in the case where the version of the delivery key Kd becomes old, and for example, at step S247 of Fig. 45, it becomes impossible to decrypt the content key Kco (encrypted by the delivery key Kd) (in the case where it becomes impossible to receive the service provider secure container).
  • a predetermined upper limit amount upper limit amount at the time of formal registration or upper limit amount at the time of temporal registration
  • the billing information is transmitted to the EMD service center 1 (step S503), and is stored in the history data management portion 15 of the EMD service center 1. That is, the EMD service center 1 includes information (for example, ID of contents, content information, user general information of the user purchasing the contents) relating to the purchased contents, so-called marketing information.
  • information for example, ID of contents, content information, user general information of the user purchasing the contents
  • Fig. 59 shows information which can be made open to the content provider 2, the service provider 3, or the user home network 5, in the information owned by the EMD service center 1 and relating to the purchased contents.
  • the ID of contents, content information, use format, and selling price (use price) in which "open" is correspondingly shown in the drawing are made open (provided) to the content provider 2, the service provider 3, and the user home network 5 particularly with no registration.
  • the ID of contents, content information, and use format are information included in the billing information
  • the selling price is information specified by the ID of UCP included in the billing information, the ID of use content, and the ID of PT and read out from the price content of the PT.
  • the name, address, telephone number, birth date, age, and gender of the user purchasing the contents are information read out from the system registration information managed by the user management portion 18 of the EMD service center 1, and in the case where the exhibition is permitted by the user, those are made open to the content provider 2, the service provider 3, or the user home network 5. That is, in this example, the name, address, telephone number, birth date, age, and gender of the user F are made open. Besides, the name, birth date, and age of the user A are made open.
  • the EMD service center 1 can provide the pieces of information of Fig. 59 separately to the content provider 2, the service provider 3, and the user home network 5, and can also provide information of the total of these pieces of information as shown in Figs. 60 to 62.
  • Fig. 60 is a bar graph showing singers (artists) of contents used in a predetermined period in decreasing order of use count.
  • Fig. 61 is a bar graph showing use formats of predetermined contents (contents S) in decreasing order of use count.
  • Fig. 62 is a bar graph showing a use count of users (purchasers) of predetermined contents (contents S) in respective age.
  • the added up information shown in Figs. 60 to 62 is provided to the content provider 2, the service provider 3, and the user home network 5 in response to the request. For example, the user can get these pieces of information by using a password.
  • Fig. 63 is a bar graph showing a sales state of each content server 2 in a predetermined period. Such information added up for every content provider 2 is provided to the content provider 2 in response to the request.
  • Fig. 64 is a bar graph showing a sales state of each service provider 3 in a predetermined period. Such information added up for every service provider 3 is provided to the service provider 3 in response to the request.
  • a system is defined as the whole of an apparatus constituted by a plurality of devices.
  • a providing medium for providing a computer program for carrying out the foregoing processing to the user in addition to a recording medium such as a magnetic disk, a CD-ROM, or a solid memory, a communication medium such as a network or a satellite can also be used.
  • a recording medium such as a magnetic disk, a CD-ROM, or a solid memory
  • a communication medium such as a network or a satellite can also be used.
  • billing information including the ID of the information processing apparatus is transmitted to the management apparatus, so that marketing information corresponding to the settlement result can be received.
  • billing information including the ID of the information processing apparatus is received and the settlement processing is carried out, so that marketing information corresponding to the settlement result can be made open
EP00303049A 1999-04-12 2000-04-11 Appareil et procédé pour le traitement et la gestion d'informations et médium pour la livraison Withdrawn EP1045321A3 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP10399199 1999-04-12
JP11103991A JP2000293588A (ja) 1999-04-12 1999-04-12 情報処理装置および方法、管理装置および方法、並びに提供媒体

Publications (2)

Publication Number Publication Date
EP1045321A2 true EP1045321A2 (fr) 2000-10-18
EP1045321A3 EP1045321A3 (fr) 2003-07-02

Family

ID=14368777

Family Applications (1)

Application Number Title Priority Date Filing Date
EP00303049A Withdrawn EP1045321A3 (fr) 1999-04-12 2000-04-11 Appareil et procédé pour le traitement et la gestion d'informations et médium pour la livraison

Country Status (2)

Country Link
EP (1) EP1045321A3 (fr)
JP (1) JP2000293588A (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1227449A1 (fr) * 2001-01-30 2002-07-31 Siemens Aktiengesellschaft Procédé de facturation pour les réseaux multimédias
US7403924B2 (en) 2002-05-20 2008-07-22 Ntt Docomo, Inc. Communication terminal, portable terminal, circulating server, providing server, electronic book distributing method, and electronic book distributing program

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
No Search *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1227449A1 (fr) * 2001-01-30 2002-07-31 Siemens Aktiengesellschaft Procédé de facturation pour les réseaux multimédias
US7403924B2 (en) 2002-05-20 2008-07-22 Ntt Docomo, Inc. Communication terminal, portable terminal, circulating server, providing server, electronic book distributing method, and electronic book distributing program

Also Published As

Publication number Publication date
EP1045321A3 (fr) 2003-07-02
JP2000293588A (ja) 2000-10-20

Similar Documents

Publication Publication Date Title
JP4238411B2 (ja) 情報処理システム
JP4238410B2 (ja) 情報処理システム
EP1043878A2 (fr) Appareil et méthode de traitement d'information, appareil et méthode de gestion d'information et support pour fournir de l'information
US7099479B1 (en) Information transmission system, transmitter, and transmission method as well as information reception system, receiver and reception method
US5937395A (en) Accounting apparatus, information receiving apparatus, and communication system
JP4120125B2 (ja) 利用許可証発行装置および方法
US6859790B1 (en) Data distribution system and method thereof, data processing device, data control device, and machine-readable recording medium recording distribution data
US7092909B2 (en) Information processing apparatus and method, and distribution medium
JP2000357196A (ja) 情報処理装置及び方法、管理装置及び方法、提供媒体、情報提供システム及び方法並びに情報送信装置
JP2000124890A (ja) 情報処理装置および方法、管理装置および方法、情報利用システム、提供媒体、並びに外部記憶媒体
EP1047030A2 (fr) Dispositif et méthode de traitement d'informations, dispositif et méthode de gestion d'informations, moyen de fourniture d'informations, système et méthode de fourniture d'informations et dispositif de transmission d'informations
EP1120726A1 (fr) Dispositif et procede de traitement d'informations et support de fourniture d'informations
EP1249771B1 (fr) Vente, médiation, achat de grandes quantités de données, système serveur, terminal et support d'enregistrement pour le logiciel associé
EP1045321A2 (fr) Appareil et procédé pour le traitement et la gestion d'informations et médium pour la livraison
EP1087320A1 (fr) Dispositif de traitement d'informations et support de fourniture
JP2000188595A (ja) 管理装置および方法、情報処理装置および方法、提供媒体、並びに情報利用システム

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE

AX Request for extension of the european patent

Free format text: AL;LT;LV;MK;RO;SI

PUAL Search report despatched

Free format text: ORIGINAL CODE: 0009013

AK Designated contracting states

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE

AX Request for extension of the european patent

Extension state: AL LT LV MK RO SI

17P Request for examination filed

Effective date: 20031216

AKX Designation fees paid

Designated state(s): DE FR GB

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN WITHDRAWN

18W Application withdrawn

Effective date: 20060623