JP2001043620A - Sales destination terminal in contents sales system, and host device and settlement box in its system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To prevent the unauthorized appropriation such as falsification of contents data in the contents sales system for supplying the contents data to a terminal at sales destination from a terminal at a Kiosk, etc., by ensuring the management of copyright. SOLUTION: This contents sales system is constituted so that the contents data such as a music are provided by a host and transferred (down-load) with respect to players 6a, 6b at the user side through the terminal 5 placed at the Kiosk or a network such as the Internet, and the copied history between the players 6a, 6b is made recordable especially at the transfer side (transmission source), and also when these players are connected with the terminal 5 placed at the Kiosk or the settlement box 7, the information of the copied history is recovered by the host side, and the detection of the history information in the player is allowed only at the host side so that the entry into the data from the player side is eliminated.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a content selling system in which content data such as music is provided by a host and transferred (downloaded) to a player on a user side via a network such as a store-installed terminal or the Internet. The present invention relates to a sales terminal, a host device and a payment box in the system.

[0002]

2. Description of the Related Art In recent years, as a system for selling content data (software) such as music to users, instead of using paid recording media such as CDs (compact discs) and DVDs (digital versatile discs), Attention is paid to a content sales system or a network distribution system that transfers data to a recording medium such as a hard disk or semiconductor memory in a user's player via a network such as a store-installed terminal or the Internet on the condition that payment is made, and reproduces the data. ing.

As an example of a content sales system,
A method is conceivable in which content data is transferred from a host to a store-installed terminal via a satellite communication line or a public telephone line, and further transferred from the store-installed terminal to the player. As another via method, an Internet via method in which content data is transferred from an Internet server (host) to a player via the Internet and an Internet client (user personal computer) can be considered.

[0004]

By the way, in such a content sales system, the content data is transmitted after being encrypted based on the ID (identification information) of the transmitting side or the ID of the receiving side so that the content data is not illegally copied. It is thought that. However, even with such encryption, an ID is known by some method, and there is a concern that an unauthorized copy may be performed by decrypting the code using the ID. Therefore, in the present invention, in view of such a problem, when a copy is made between another sale terminal and a sale terminal, the number of copies, the copy history, and the like are managed to determine whether or not the copy can be performed more than a predetermined number of times. The copyright management can be made more reliable, the information of the copy history can be collected on the host device side, and the illegal copy can be checked, and the collected information can be deleted only on the host side. In this way, access to the data from the sales terminal cannot be made, thereby preventing the content data from being tampered with and diverted.

[0005]

The present invention comprises the following means 1) to 5) to solve the above problems. (1) In the sales terminal used in the contents sales system for supplying content data from the host device to the sales terminal, each time the contents data is copied between the copy source and the destination sales terminal. Means for storing a transfer history including the ID of the copy destination when a copy source is provided, and transmitting the transfer history to the host device, based on a control signal supplied from the host device having received the transfer history. And a means for deleting the transfer history. (2) The content sales system according to claim 1 further includes a settlement box for collecting a transfer history of the sales destination terminal,
The transfer history deleting unit may be configured to delete the transfer history based on a control signal supplied from the payment box that has collected the transfer history transmitted from the sales terminal to the payment box. Sold-to terminal. (3) The copy source terminal, which is the sales terminal according to claim 1 or 2, stores the retransfer generation indicating the number of copies in the header every time the content data is transferred.
Means for determining whether or not copying is possible based on content information built in the copy destination terminal transmitted from the copy destination terminal and content information built in the own terminal. Sold-to terminal. (4) In the host device used in the content sales system that supplies content data from the host device to the sales terminal, the sales terminal is configured to transfer the contents data to the sales terminal that is a copy source every time. An apparatus for storing data transfer history, wherein, when the data transfer history is transmitted from the selling terminal, receiving the history and transferring the data to the selling terminal. A host device comprising means for supplying a control signal for deleting a history. (5) The content sales system according to claim 4, further comprising a settlement box for collecting the transfer history of the data of the sales terminal, and collecting the history when the transfer history of the data is transmitted from the sales terminal. The payment box further comprising means for supplying a control signal for deleting the transfer history of the data to the sales terminal after the payment.

[0006]

Embodiments of the present invention will be described below with reference to the drawings. FIG. 1 is a configuration diagram showing an example of a content sales system via a store terminal (kiosk terminal) to which the present invention is applied, and FIG. 2 is a configuration diagram showing an example of an Internet-type content sales system to which the present invention is applied. FIG. 3 is an explanatory diagram showing a configuration of a sales header distributed to the player of FIG. 1, FIG. 4 is an explanatory diagram showing a configuration of a sales header provided by the authoring system of FIG. 1,
FIG. 5 is an explanatory diagram showing the configuration of the sales subheader for the player of FIG.

FIG. 1 shows, as an example of a content sales system, a system via a store-installed terminal in which a store terminal (hereinafter, a kiosk terminal) 5 is installed in a store of a JR (hereinafter, a kiosk). First, on the host side, the uncompressed music content is compressed by the authoring system 1 using, for example, the Twin VQ method, and then the compressed data is encrypted with reproduction key data described later in detail. In the authoring system 1, the reproduction key data is primary-encrypted, and the primary encrypted reproduction key data and the encrypted content are recorded as a predetermined data structure, and are transmitted via the transmission server 2, the uplink center 3, and the satellite 4. Transfer to the kiosk terminal 5 server. In this system using the store-installed terminal, instead of supplying the content to the kiosk terminal 5 via the satellite 4, as another or transitional supply method, the recorded server is periodically exchanged by physical distribution. You may make it, and it is not limited to this. Furthermore, the store installation terminal may be installed in a kiosk or another store such as a convenience store.

[0008] The kiosk terminal 5 secondary-encrypts the primary encrypted reproduction key data and downloads the secondary encrypted reproduction key data and the encrypted content to a player (sometimes referred to as a player in the figure) 6a. At this time, the kiosk terminal 5 and the player 6a are connected via the IEEE1394 interface, and the player 6a transfers its own ID to the kiosk terminal 5 before downloading.
Further, the secondary encrypted reproduction key data and the encrypted content can be re-transferred between the copy source player 6a and the copy destination player 6b. In this case also, the copy destination player 6b has its own ID before re-transfer. Copy source player 6
Transfer to a. In the charging method of this system, the balance is stored in the electronic wallet in the player 6a by the user purchasing the electronic ticket in the prepaid method, and the charging information is transmitted from the player 6a to the charging management server 8 via the payment box 7. Will be transferred. The charging management server 8 collects the charging information and the transfer histories of the players 6a and 6b through the kiosk terminal 5 and a Web server 9 described later,
Copyright management and the like are performed based on this information.

This sales system is a system via the above-mentioned kiosk terminal, and also has a sales channel by the Internet system. FIG. 2 is a diagram showing the Internet-based sales system. First, on the host side, the uncompressed music content is authored by the authoring system 1 in the same manner as in the system via the store-installed terminal.
, For example, by the Twin VQ method, and then the compressed data is encrypted with the reproduction key data. Further, in the authoring system 1, the reproduction key data is primarily encrypted, and the primary encrypted reproduction key data and the encrypted content are recorded as a predetermined data structure, and are stored in the transmission server 2 and the Web server (Internet service server) 9. Forward.

The Web server 9 secondarily encrypts the primary encrypted reproduction key data and transmits the secondary encrypted reproduction key data and the encrypted content to the PC client 1 for Internet service.
0 (also referred to as a PC client) via the player 6a
To download. At this time, the Web server 9 and the PC
The client 10 is connected by a dial-up connection, and the PC client 10 and the player 6a are connected.
Are connected via the IEEE 1394 interface, and the player 6a pre-downloads its own terminal ID via the PC client 10 via the Web client before downloading.
Transfer to server 9. Similarly, the secondary encrypted reproduction key data and the encrypted content can be re-transferred between the copy source player 6a and the copy destination player 6b. In this case as well, the copy destination player 6b has its own The ID is transferred to the copy source player 6a. When the user purchases an electronic ticket in a prepaid manner, the balance is stored in the electronic wallet in the player 6a, and the billing information is transferred from the player 6a to the billing management server 8 via the PC client 10 and the Web server 9. .

The format transferred to the players 6a and 6b is common to a system via a store-installed terminal and a system via the Internet, and includes a sales header, a sales subheader, and encrypted content data for each sales content. The sales subheader is provided for each music piece number N in the sales contents. Encrypted content data includes content header, sound stream (music content), text data (song name, artist name, etc.),
Including extended data.

As shown in FIG. 3, the sales header has a variable length (= 64N + M bytes (Bytes)) in accordance with the number N of songs in the sales content. 1-byte reserved data; 1-byte transfer control data; 8-byte content sales ID; 8-byte transfer source ID; 2-byte number of sales tickets・ The number of 1-byte sales subheaders, ・ The number of 1-byte content songs, ・ 32-byte production title name, ・ 16-byte production company name, ・ 4 × N-byte data length per song・ 8 × N bytes for each song, ・ 8 × N bytes for each artist, ・ 4 × N bytes for each song, ・ K bytes (64N + M−K bytes to 64N + M) (Byte) playback key data (encrypted data).

On the other hand, FIG. 4 shows the structure of a sales header given at the time of mastering by the authoring system 1. The sales header is the data shown in FIG. Artist name for each song, ISRC (International Standard Recor) for N songs
ding Code).

As shown in detail in FIG. 5, the sales subheader includes: 1-byte subheader version; 1-byte subheader size; 1-byte reserved data; and 1-byte transfer control data. And 8 bytes of the content sales ID, 8 bytes of the transfer source ID, 2 bytes of the sales ticket number, 1 byte of the designated song number, and 32 bytes of the production title name.

As shown in detail in FIG. 6, the transfer control data in the sales header and the sales sub-header has 4 bits b.
It includes retransfer generation number data of 0 to b3 and retransfer prohibition / permission data of 4 bits b4 to b7. Re-transfer generation number bits b0 to b3 0000: Re-transfer prohibition 0001 to 1111: Re-transfer generation number (re-transfer permission) Set by the copyright owner (host) to count down for each re-transfer and 0000 to prohibit re-transfer Retransmission prohibition / permission bits b4 to b7 0000: Retransmission permission 0001: Retransmission prohibition 0010 to 1111: Reserved

The encryption processing in the authoring system 1 is performed as follows. FIG. 7 is a flowchart for explaining the processing. First, a predetermined number of bytes of reproduction key data are created with random numbers for each sales header (step S1), and then the sales content data is converted into a content header, a sound stream (music content), text data (song name, artist name,
The sales content data is independently encrypted for each area by performing an exclusive OR (XOR) operation on the reproduction key data (random number) and a predetermined byte for each area of the extension data ( Step S2).

A hash function (MD5) is used to create a hash value of a predetermined byte based on a combined character string of (character string in order of designated items of sales header) + (character string in order of designated items of sales subheader) ( (Step S3) Next, primary encrypted reproduction key data is created by performing an XOR operation on the reproduction key data and the hash value (Step S3).
4). Then, the primary encrypted reproduction key data is stored in the reproduction key data area of the sales header and transmitted to the selling terminal (the kiosk terminal 5 and the Web server 9) together with the encrypted content (step S5). Thus, steps S3 and S3
By encrypting the reproduction key data with the information based on the sales header according to 4, the decryption cannot be performed when the combination of the sales header and the content data is falsified.

FIG. 8 shows a processing flow of the secondary encryption of the reproduction key of the sales terminal (the kiosk terminal 5 and the Web server 9). First, the primary encrypted reproduction key data is transferred to the transfer destination player ID as the key. DES encrypted as transfer destination player 6
a to generate secondary encrypted reproduction key data (step S1).
1) Next, the secondary encrypted reproduction key data is transmitted together with the encrypted content to the sales terminal (player 6a) (step S12).

FIG. 9 shows a processing flow of a decryption processing method of the encrypted reproduction key and the content data of the sales terminal (transfer destination player 6a). First, the secondary encrypted reproduction key data is stored in the DES using its own player ID as a key.
By decrypting the data, the data is decrypted into primary encrypted reproduction key data (step S21), and based on a combined character string of (character string in order of designated item of sales header) + (character string in order of designated item of sales subheader). A hash value of a predetermined byte is created by a hash function (MD5) (step S2).
2). Next, the primary encrypted playback key data and the hash value are XORed to decrypt the original playback key data (step S23), and the encrypted sales content data is XORed with the original playback key data by a predetermined number of bytes. Then, the original sales content data is decrypted, and the data is expanded and reproduced (step S24).

In particular, in the encryption method of the present system, actual data such as content data and text data is XORed.
Data that is different from actual data such as a header is encrypted by a DES encryption method. This corresponds to the processing speed at the time of reproduction, and adopts the XOR encryption method which can perform high-speed decryption in consideration of the decryption of actual data required at high speed at the time of reproduction. For the header information that does not require the processing speed of the DES, encryption is performed in consideration of both the reproduction speed and the outflow of data as a complicated DES encryption method that requires more time for decryption.

Also, the players 6a and 6b are shown in FIG.
The configuration shown in FIG. 0 will be described using only the reference numeral of the player 6a. The player 6a has a data transfer interface 6
a-1, electronic wallet section 6a-2, display section 6a-3, operation section 6a-
4, storage unit 6a-5, encryption / decryption unit 6a-6, data compression / decompression unit 6a-7, playback unit 6a-8, output terminal 6a-9, control unit 6a-10, and internal bus 6a-11 It is composed of

The data transfer interface 6a-1 is used for data transfer between the sending player and the receiving player, between these players and the kiosk terminal 5, or between a PC client (personal computer) described later. The electronic wallet unit 6a-2 can receive and pay for electronic money. Electronic money is deposited in advance by a prepaid method, and the electronic money is reduced according to the content fee. In the following description, the description is based on the prepaid method, but a well-known credit method may be used.

The display section 6a-3 displays the remaining amount of electronic money in the electronic wallet, the transmission / reception status when data is transmitted / received between terminals, the reproduction status when content is reproduced, whether copying is possible, and the like. The operation unit 6a-4 is used for a data cueing operation for searching data to be reproduced from a plurality of data, a reproduction volume operation at the time of reproduction, and the like. The storage unit 6a-5 stores header information, content data and reproduction received from the kiosk terminal 5, and header information and content data received from other portable terminals and the like.

The encryption / decryption unit 6a-6 generates authentication data and encrypts or decrypts content data, a reproduction key, and header information. The data compression / decompression unit 6a-7 compresses data or decompresses compressed data. The data to be transferred is in a compressed state to increase transfer efficiency. Therefore, the data is compressed before data transmission, and the compressed data is decompressed as needed after data reception. Reproduction unit 6a
-8 reproduces voice, text data and the like from the content data. The reproduced sound or the like is output from the output terminal 6a-9 to the outside. The control unit 6a-10 stores the control of the above-described units, registration of the number of history transfers, content sales ID, transfer source ID, and transfer control data for the number of histories, in the internal storage unit m.
To be performed.

Next, the processing procedure between the terminals will be sequentially described in detail. First, FIG. 11 and FIG. 12 show a transfer procedure between the kiosk terminal (host side) 5 and the player. FIG.
, The kiosk terminal 5 and, for example, the player 6 having the above configuration
a is a state connected via the IEEE 1394 interface. In addition, “Form 1”,
“Form2” and the like indicate signal format numbers, and detailed descriptions thereof are omitted. However, they are common to the system via the terminal installed at the store and the system via the Internet, and are basically shown in FIG. As shown, a source code (a code indicating the type of the system component device shown in FIG. 14), a command code (see FIGS. 15 and 16),
It is composed of a data length and actual data (encrypted data). However, various “requests” transmitted from the transfer source (the kiosk terminal 5 and the Web server 9) to the player 6a,
The format of various "notifications" transmitted from the player 6a to the transfer sources 5 and 9 does not include actual data, and is composed of only a source code, a command code, and a data length (= all 0).

Although not shown in the kiosk terminal 5, the kiosk terminal 5 has a data transfer interface, a display unit, a storage unit, an encryption / decryption unit, a reproduction unit, an output terminal, a control unit, an internal Players 6a, such as buses,
6b is included. First, an encryption unit (not shown) generates random number authentication data D1 of, for example, 8 bytes, and generates one of the common keys K1 to K6 held in common in the payment box, the kiosk terminal, each player, the Web server 9, and the PC client 10. DES is encrypted with the common key data K1, and the encrypted authentication A data is a player authentication A data D of a predetermined transmission form "1" (shown as "Form 1" in the figure) of 8 bytes.
1 as the player 6 via the data transfer interface
Send to a.

The player 6a receives the player authentication A data D1 via the data transfer interface 6a-1, and the DES is decrypted by the encryption / decryption unit 6a-6 using the common key data K1. The obtained authentication A data D1 is DES-encrypted with another common key data K2 to create reply player authentication A data. At the same time, an 8-byte random number authentication A data D3 is created, and this authentication A data D3 is
The S-encrypted data is used as host authentication A data, and the host authentication A data and the reply player authentication A data are returned to the kiosk terminal 5 again in a predetermined transmission form “2”.

The kiosk terminal 5 receives the return player authentication A data and the host authentication A data via the data transfer interface, and supplies them to the encryption / decryption unit. DES decryption is performed using the common key data K3, and the decrypted authentication A
The data D1 and the transmission authentication A data D1 are collated in the control unit. If the result of the comparison is a mismatch, the above-described processing performed on the kiosk terminal 5 side is executed again up to twice. If they still do not match, kiosk terminal 5
The processing in is stopped.

On the other hand, in the case of a match, the received host authentication A data is DES-decrypted by the common key data K3, and the authentication A data D2 obtained by this decryption is DES-decrypted by the other common key data K4. The data is transmitted to the player 6a in a predetermined form "3". In the encryption / decryption unit 6a-6 of the player 6a, the returned host authentication A data is DES-decrypted with the common key data 4 to obtain the decrypted authentication A data D2, and the decrypted authentication A data The control unit 6a-10 compares D2 with the transmission host authentication A data. If the two match, the host authentication is transmitted to the kiosk terminal 5 using a predetermined transmission form "4", and subsequent processing is accepted. On the other hand, if the authentications do not match, an authentication failure of the form "4" is transmitted to the kiosk terminal 5, and the subsequent processing is prohibited.

Next, the kiosk terminal 5 requests the player 6a to transmit a player ID of a predetermined transmission form "5". Upon receiving this, the encryption / decryption unit 6a-7 of the player 6b encrypts the self-player ID in 16-byte units using the authentication A data D2 used for host authentication as a key, and converts this data into a predetermined transmission form " 6 "to the kiosk terminal 5. In the encryption / decryption unit of the kiosk terminal 5, the host authentication A data D
2 is decrypted in units of 16 bytes using the key as a key, and the decrypted player ID is stored in the storage unit. If the player ID has not been transmitted from the player 6a, the request for the player ID is made again. If the transmission has not been transmitted, the processing to the player is stopped.

Next, when the kiosk terminal 5 transmits a transfer history transmission request of the predetermined transmission form "7" to the player 6a, the player 6a stores the above-mentioned received history number in the storage unit m in the control unit 6a-10. , History transfer count, content sales ID to another player 6b, transfer source ID and transfer destination ID of other players, transfer control data, etc., and if so, encryption is performed. The entire transfer history is DES-encrypted using the host authentication A data D2 as a key in the order of receiving the sales content in the decryption unit 6a-6, and the transfer history is transmitted to the kiosk terminal 5 in a predetermined transmission form “8”. In step 5, the received transfer history is DES-decrypted using the host authentication A data D2 as a key. Next, when the kiosk terminal 5 transmits a transfer history deletion request of the predetermined transmission form “9” to the player 6a, the player 6a deletes the transfer history. If there is no transfer history deletion request, the number of history transfers of all transfer histories is counted up by one and stored. When the player 6a deletes the transfer history, the kiosk terminal 5 transmits a transfer history deletion notification of a predetermined transmission form "10". Therefore, these transfer histories are later supplied to the charge management server 8, where they are used for information for copyright management and the like.

Next, in accordance with the operation on the kiosk terminal 5, the operation selectively shifts to "content transfer" and "edit data transfer". If "Content Transfer" is selected,
The kiosk terminal 5 requests the player 6a to transmit a ticket balance of a predetermined transmission form "11". The control unit 6a-10 of the player 6a checks the balance of the ticket in the electronic wallet 6a-2, and uses the balance in the encryption / decryption unit 6a-6 for authentication A data D2 used for host authentication.
Is transmitted to the kiosk terminal 5 using the transmission form "12", and the authentication A data D2 received by the encryption / decryption unit of the kiosk terminal 5 by host authentication is used as a key. D 16 bytes at a time
ES decryption is performed, and the ticket balance is stored in the storage unit. At this time, if there is no remaining money, the processing is stopped, or in the case of the credit method, the information is transmitted to the accounting management server 8 to perform a well-known procedure. If the receipt of the ticket balance cannot be obtained, the above-described process of the balance transmission request is executed again, and if no transmission has been made, the player process is stopped.

In the above processing, if the balance has been transmitted, then a request is made to the player 6a to transmit the free space of the transmission form "15". In the player 6a, the storage unit 6a
-5 is compared with the header / content free space of the data stored in -5, and transmitted to kiosk terminal 5 in form "1".
6 ”to transmit the collation result. The kiosk terminal 5 stores this free space in the storage unit. If there is no free space, the process is stopped or the kiosk terminal outputs a control signal for securing free space. Also,
If there is no transmission, the above-described processing is executed again. If there is still no transmission, the play processing is stopped.

Next, a built-in content sales ID of a predetermined transmission form “17” is transmitted from the kiosk terminal 5 to the player 6a.
Request for transmission. Storage unit 6a-5 in player 6a
If the built-in content sales ID is recorded in the DES, the entire content sales ID is DES-encrypted in 16-byte units using the authentication A data D2 used for host authentication as a key, and this data is transmitted using a predetermined transmission form “18”. Send to kiosk terminal 5. If there is no built-in content sales ID, the fact is transmitted using a predetermined transmission form “18”.

Next, the kiosk terminal 5 sends a predetermined transmission form "19", "20", "21" to the player 6a.
, The sales header, the sales subheader, and the content data are sequentially transmitted, and the player 6a responds to the predetermined transmission form “2” to the kiosk terminal 5.
2) is transmitted. Next, the kiosk terminal 5 transmits the primary encrypted reproduction key data in the sales header stored in the storage unit to the player 6a to which the primary encrypted reproduction key data was previously transmitted.
And the secondary encryption key data is transmitted to the player 6a in a predetermined transmission form "25". The player 6a stores the secondary encryption key data in the key data storage area of the sales header of the storage unit 6a-5. Then, the amount is reduced by the number of sales tickets by the electronic wallet unit 6a-2, and the transfer history of the received content is recorded in the storage unit m in the control unit 6a-10. Then, when these processes are completed, a reproduction key data reception notification of a predetermined transmission form "26" is transmitted to the kiosk terminal 5, and the IEEE 1394 interface between the kiosk terminal 5 and the player 6a is disconnected.

On the other hand, FIG. 17 is a flowchart when “edit data transfer” is selected instead of the “content transfer”. As shown in FIG. 17, when this mode is selected, the kiosk is selected. When the terminal 5 transmits an edit data transmission request of the predetermined transmission form "30" to the player 6a, the player 6a responds to the request by editing the music to be edited in the reproduction order starting from 1 in decimal, the music data thereof. Long,
In the order of the song title and artist name, a predetermined transmission form "3
1 "to the kiosk terminal 5. Next, the kiosk terminal 5 stores the transmission data in the storage unit, and
, The content deletion data of the predetermined transmission form “32” is transmitted. Based on this data, the player 6a deletes the songs in the reception deletion reproduction order from the reproduction list, deletes the sales content data and the sales subheader, and prohibits or deletes the resending of the sales header. Then, a sales content data deletion notification of a predetermined transmission form “33” is transmitted to the kiosk terminal 5. Next, the kiosk terminal 5 sends a predetermined transmission form “1” to the player 6a.
When the request for transmitting the free space of "5" is transmitted, the player 6a transmits the free space of the predetermined transmission form "16" to the kiosk terminal 5 in response to the request.

Next, the kiosk terminal 5 performs editing such as rearrangement of the reproduction order based on the data to be edited, and transmits the edited data to the player 6a in a predetermined transmission form "34". . In the player 6a,
Based on this, the old playback order is changed to the new playback order.
5 "is transmitted to the player 6a. Then, the IE between the kiosk terminal 5 and the player 6a
Disconnect the EE1394 interface.

Next, between the Web server 9 and the PC client 10 and the PC
The communication procedure between the client 10 and the player 6a will be described with reference to FIGS. First, FIG.
As shown in the figure, the PC client 10 and the player 6a
When connected via the IEEE 1394 interface,
The PC client 10 transmits player authentication B data of a predetermined transmission form "38" to the player 6a,
In response, the player 6a transmits the reply player authentication B data and the host authentication B data of the predetermined transmission form "39" to the PC client 10. Then PC
When the client 10 transmits the return host authentication B data of the predetermined transmission form "40" to the player 6a, the player 6a responds to this and the PC client 1
Host authentication B of predetermined transmission form "41" for 0
Submit the result.

Next, the PC client 10 sends the player 6
When the request for transmitting the ticket balance of the predetermined transmission form “11” is transmitted to the PC 6, the player 6 a responds to the request to transmit the predetermined transmission form “1” to the PC client 10.
2 ”is transmitted. Next, the PC client 10 sends a predetermined transmission form “1” to the player 6a.
When the request for transmitting the free space in the memory of "5" is transmitted, the player 6a transmits the free space of the predetermined transmission form "16" to the PC client 10 in response to the request. Next, when the PC client 10 requests the player 6a to transmit the built-in content sales ID already downloaded and stored in the memory of the predetermined transmission form "17", the player 6a responds to this request. , A built-in content sales ID of a predetermined transmission form “18” is transmitted. Next, the same editing data request and transmission as between the sales kiosk and the player in FIG. 17 are performed using the predetermined forms "34" and "35". Next, when a user or the like instructs through the PC client 10, “content selection /
"Purchase", "Ticket purchase", "Content editing / deletion"
Selectively shifts to each processing of.

The authentication method between the PC client 10 and the player 6a is substantially the same as the processing between the kiosk terminal 5 and the player 6a described with reference to FIG. 11, and the difference lies in the method of generating the authentication data. And the reply player authentication B encrypted using the common key data K5.
The point is that data is generated, and the reply host authentication B data is generated using the common key data K6. In the above-described case, the mutual devices are authenticated using the authentication A data. In particular, the authentication data between the PC clients 10 in this case is different from the others because there is a possibility of data leakage. Data is used. Therefore, if there is a possibility that the authentication data may leak out between the other devices, the authentication data may be different for each of the other devices.

On the other hand, when "content selection / purchase" is selected, as shown in FIG. 19, between the client 10 and the player 6a, the "ticket balance",
The exchange of “free space” and “built-in content sales ID” is performed again. Next, the client 10 transmits the content purchase request information to the server 9, and then the server 9
Transmits a sales content check result to the client 10. The balance transmission data and the built-in content I
When transmitting D, DES encryption is performed using the host authentication B data as a key.

Next, the client 10 sets the Web server 9
When the Web server 9 transmits the player authentication A data to the client 10, the client 10 transmits the player authentication A data to the player 6a. Next, the player 6a transmits the reply player authentication A data and the host authentication data to the client 10 in response thereto,
Next, the client 10 transmits the reply player authentication A data and the host authentication A data to the Web server 9.

Next, the server 9 transmits the reply host authentication A transmission data to the client 10, and then the client 10 transmits the reply host authentication A transmission data to the player 6a. Next, the player 6a transmits the result of the reply host authentication A data to the client 10 in response thereto, and then the client 10 transmits the result to the server 9.

Next, as shown in FIG. 20, the Web server 9 sends the player ID to the PC client 10 in a predetermined transmission form “5”, “11”, “15”, “17”, “7”, respectively. A transmission request, a ticket balance transmission request, a free space transmission request, a built-in content sales ID transmission request, and a transfer history transmission request are transmitted. Then PC client 1
0 transmits a player ID transmission request of a predetermined transmission form "5" to the player 6a, and the player 6a transmits a player ID of the predetermined transmission form "6" to the PC client 10 in response thereto, The PC client 10 sends a predetermined transmission form “1” to the player 6a.
When the request to transmit the ticket balance of "1" is transmitted, the player 6a
Transmits the ticket balance of the predetermined transmission form “12” to the PC client 10 in response to the request.

The PC client 10 is connected to the player 6
When the player 6a transmits a free space transmission request of the predetermined transmission form "15" to the PC client 10a, the player 6a transmits the free space of the predetermined transmission form "16" to the PC client 10 in response to the request. Is player 6
The player 6a transmits a built-in content sales ID of a predetermined transmission form "18" to the PC client 10 in response to the transmission request of the built-in content sales ID of the predetermined transmission form "17" to "a". , PC
When the client 10 transmits a transfer history transmission request of the predetermined transmission form "7" to the player 6a, the player 6a transmits a transmission history of the predetermined transmission form "8" to the PC client 10 in response thereto. . The PC client 10 sends these predetermined transmission forms “6”, “12”, “16”, “1” to the Web server 9.
"8" and "8" represent the player ID, ticket balance,
The free space, the built-in content sales ID, and the transfer history are transmitted. Then, this transfer history is transmitted to the accounting management server 8 as described above.

Next, when the Web server 9 collects the transfer history, a transmission history deletion request of a predetermined transmission form "9" is transmitted to the PC client 10, and the PC client 10 transmits the transmission form "9" to the player 6a. The transfer history deletion request is transmitted, and the player 6a deletes the transfer history stored in the storage unit m in the control unit 6a-10 in response to the request. And PC client 1
When the transfer history deletion notification of the predetermined transmission form “10” is transmitted to the PC server 10, the PC client 10 transmits the transmission history deletion notification of the transmission form “10” to the Web server 9. The transmission of these data is performed by the player 6a.
In, the DES encryption is performed using the host authentication A data as a key, except for the transmission of the free space, and the transmission is performed.

Next, the Web server 9 sends the transmission forms “19”, “20”, “2” to the PC client 10.
At 1 ", the sales header, sales subheader, and sales content data are transmitted. Then PC client 10
Are sent to the player 6a with the transmission forms "19" and "2".
When the sales header, the sales subheader, and the sales content data are transmitted at "0" and "21", respectively, the player 6a
Stores these data in the storage unit 6a-5. Then, the transmission form “2” is sent to the PC client 10.
2), the PC client 1
0 transmits a data reception notification of this transmission form "22".

Next, as shown in FIG.
Is transmitted form “25” to the PC client 10.
Is transmitted, the PC client 10 transmits the reproduction key data of the transmission form "25" to the player 6a. Next, the player 6a stores the received / reproduced key data in the key data storage area of the sales header, reduces the amount by the number of purchased tickets, records the transfer history of the received content data, etc., and transmits the transmission form “26” to the PC client 10. Is transmitted, and the PC client 10 transmits the reproduction key data reception notification of the transmission form "26" to the Web server 9. Then, the IEEE 1394 interface between the PC client 10 and the player 6a is disconnected.

Next, referring to FIG.
The case where "delete" is selected will be described with reference to FIG. In this processing, the line between the server 9 and the client 10 is not connected, and the client 10 and the player 6a are not connected.
Is performed in a state where only the connection is made. First, when the client (host side) 10 transmits content deletion data to the player 6a, the player 6a deletes the data based on the data in the same manner as in the player processing 11 of FIG. Then, a content deletion notification is transmitted to the client 10.

Next, an editing process is performed in the client 10 here. The processing will be described with reference to FIG. First, the content to be edited transferred from the player 6a is displayed (step S1). Next, when an editing item is input (step S2), the content to be edited is edited according to the input item (step S3). Then, as shown in FIG. 22, when the edited data is transmitted, the player 6a transmits an edited data reception notification to the client 10 in response to the transmission.

Next, referring to FIGS. 24 to 26, FIGS.
Another embodiment of “content selection / purchase” corresponding to FIG. 21 will be described. That is, in FIG. 18, when “content selection / purchase” is selected, the client 10 transmits content purchase request information to the server 9 as shown in FIG. To send the sales content check result. Next, when the client 10 transmits a content purchase request to the server 9, the server 9 transmits the player authentication A data to the player 6a through the client 10;
In response to this, the player 6a transmits the reply player authentication A data and the host authentication data to the server 9 through the client 10. Next, when the server 9 transmits the reply host authentication A transmission data to the player 6a through the client 10, the player 6a transmits the result of the reply host authentication A transmission data to the server 9 through the client 10 in response thereto. I do.

Next, as shown in FIG. 25, the server 9 sends a player ID transmission request, a ticket balance transmission request, a free space transmission request, a built-in content sales ID transmission request, and a transfer history transmission request through the client 10 to the player. 6a
, The player 6a responds to the request by sending the player ID, ticket balance, available space,
D, the transfer history is passed through the client 10 and the server 9
Send to

Next, when the server 9 transmits a transfer history deletion request to the player 6a through the client 10, the player 6a transmits a transfer history deletion notification to the server 9 through the client 10 in response to the request. .
Next, when the server 9 transmits the sales header, the sales subheader, and the sales content data to the player 6a through the client 10, the player 6a transmits each data reception notification to the server 9 through the client 10 in response thereto. . Next, as shown in FIG. 26, the server 9 passes the reproduction key data through the client 10 and
When transmitted to the server a, the player 6a transmits a reproduction key data reception notification to the server 9 through the client 10 in response to the transmission. Then, the IEEE 1394 interface between the client 10 and the player 6a is disconnected.

Next, referring to FIG. 27, the players 6a, 6
The process of data transfer between b will be described. First,
The encryption unit 6a-5 of the player (host side) 6a creates, for example, 8-byte random number authentication A data D1 and performs DES encryption using the common key data K1, and encrypts the encrypted authentication A data D1 with a predetermined 8-byte data. Submission form "1"
To the player 6b via the data transfer interface 6a-1. In the player 6b, the player authentication A data D1 is received via the data transfer interface 6b-1, and the encryption / decryption unit 6b-6 performs DES decryption with the common key data K1 and obtains the DES decryption. The authentication A data D1 is converted to the DE by another common key data K2.
S encryption is performed to create reply player authentication A data. At the same time, an 8-byte random number authentication A data D3 is created, and this authentication A data D3 is further shared with other common key data K3.
The data is used as the host authentication A data, and the host authentication A data and the reply player authentication A data are again transmitted to the player 6a in a predetermined transmission form "2".
Reply to.

The player 6a receives the reply player authentication A data and the host authentication A data via the data transfer interface 6a-1, and supplies them to the encryption / decryption unit 6a-6, where the reply is sent. The player authentication A data is DES-decrypted by the common key data K3, and the decrypted authentication A data D1 and transmission authentication A data D1 are collated in the control unit 6a-10. If the result of the comparison is a mismatch, the above-described processing performed on the player 6a side is repeated up to twice. If they still do not match, the processing in the player 6a is stopped.

On the other hand, if they match, the received host authentication A data is DES-decrypted by the common key data K3, and the authentication data D2 obtained by this decryption is DES-encrypted by another common key data K4. , Reply host authentication A
The data is transmitted to the player 6b using a predetermined transmission form "3". Encryption of player 6b /
The decryption unit 6b-6 performs DES decryption of the reply host authentication A data using the common key data 4 to obtain a decrypted authentication A data D2, and obtains the decrypted authentication A data D2.
The control unit 6b-10 compares 2 with the transmission host authentication A data. If the two match, the host authentication of the predetermined transmission form "4" is transmitted to the player 6a, and the subsequent processing is accepted. On the other hand, if the authentications do not match, a failure to authenticate the predetermined transmission form "4" is transmitted to the player 6a, and the reception of subsequent processing is prohibited.

Next, the player 6a requests the player 6b to transmit a player ID of a predetermined transmission form "5". Upon receiving this, the encryption / decryption section 6b-7 of the player 6b performs DES encryption of the player ID on a 16-byte basis using the authentication A data D2 used for host authentication as a key, and uses a predetermined transmission form "6". The data is transmitted to the player 6a. The encryption / decryption unit 6a-6 in the player 6a decrypts the host authentication A data D2 in 16-byte units using the key as a key, and stores the decrypted player ID in the storage unit m. If there is no transmission of the player ID from the player 6b, the player I
If a request for D is made and there is still no transmission, the player process is stopped.

Next, the player 6a checks the ticket balance. In the controller 6a-10 of the player 6a, the electronic wallet 6a-
The ticket balance in step 2 is collated, and the ticket balance is stored in the storage unit m (player processing 24).

Next, a request is made to the player 6b to transmit the free space of the predetermined transmission form "15". The player 6b collates the header / content free space of the data stored in the storage section 6b-5, and transmits the collation result to the player 6a using a predetermined transmission form "16". The player 6a stores this free space in the storage section m. If there is no transmission, the above-described processing is executed again. If there is still no transmission, the play processing is stopped.

Next, the player 6a requests the player 6b to transmit a built-in content sales ID of a predetermined transmission form "17". In order for the already transferred built-in content sales ID to be recorded in the storage unit 6b-5 of the player 6b, it is necessary to use the authentication A data D2 using all the content sales IDs for the host authentication as a key, and DES in 16-byte units.
The data is encrypted and transmitted to the player 6a using a predetermined transmission form "18". Built-in content sales ID
If there is no such information, a notice to that effect is sent to the specified transmission form "18".
Send by

In the player 6a, the control unit 6a-6 checks the transfer content sales ID stored in the storage unit 6a-5 against the built-in content sales ID transmitted from the player 6b. If there is the same content sales ID, the processing of the player 6a is stopped. If there is no identical content sales ID, the number of transfer control data retransfer generations in the transfer content sales header is confirmed. As a result of the confirmation, when the number of transfer generations is [0000: copy impossible], the display unit 6a informs the fact through the reproduction unit 6a-8.
In step -3, "copy impossible" is displayed to stop the process, and the player 6b also displays "copy impossible" on the display section 6b-3 if no data is received within a predetermined time.

If the number of transfer generations is equal to or more than [0001], the number of re-transfer generations of the transfer control data is decremented by 1, and the sales header excluding the reproduction key data of the transfer content is used when authenticating the player 6b. DES encryption is performed using the authentication A data D1 as a key and transmitted to the player 6b in a predetermined transmission form [19]. The player 6b receives this, DES-decodes the sales header using the authentication A data D1, stores it in the storage unit 6b-5, and transmits a reception notification to the player 6b.

When the storage section 6a-5 has a sales subheader, the player 6a performs DES encryption using the authentication A data D1 used for authentication of the player 6b as a key, as in the case of the sales header described above. The data is transmitted to the player 6a using a predetermined transmission form [20]. Player 6
In a, the sales subheader is DES-decrypted using the authentication A data D1 as a key and stored in the storage unit 6b-5. Also,
If there is no sales subheader information in the player 6a, the content data encrypted by the above-described method is transmitted by the next predetermined transmission form [21]. In the player 6b,
This content data is stored in the storage unit 6b-5, and a reception notification is returned in a predetermined transmission form [22].

Next, in the player 6a, the secondary encrypted reproduction key data in the transfer sales header reproduction key storage area in the storage unit 6b-5 is used, and the ID of the player (6a) is used in the encryption / decryption unit 6a-6. And decrypts the primary encrypted reproduction key data. Then, the primary encrypted reproduction key data is subjected to a secondary DES encryption process again using the ID of the player 6b as a transfer destination as a key, and the secondary encrypted reproduction key data is transmitted to a predetermined transmission form [25]. ] To the player 6b. Then, when this process ends, a reproduction key data reception notification of a predetermined transmission form “26” is transmitted to the player 6a. Then, the player 6b stores the secondary encryption key data in the key data storage area of the sales header of the storage unit 6b-5. And player 6
In a, the amount is reduced by the number of tickets sold by the electronic wallet unit 6a-2, and the above-described transfer history of the transmitted content is stored in the control unit 6a-1.
In the storage unit m. The IEEE 1394 interface between the player 6a and the player 6b is disconnected.

Next, FIG. 28 and FIG. 29 show another embodiment of the data transfer between the player 6a and the player 6b described above.
The point is that the transfer history is obtained from. Since the predetermined transmission forms [1] to [6] are the same as those in the above-described embodiment of FIG. 27, the description will be omitted, and the transmission form [7] will be omitted.
A more detailed description will be given. With this transmission form [7], the player 6a requests the transfer history from the player 6b. The player 6b detects whether or not there is a transfer history in the storage unit m in the control unit 6b-10.
The entire transfer history is DES-encrypted by the decryption unit 6b-6 in the order in which the sales contents are received using the host authentication A data D2 as a key, and a predetermined transmission form "8" is sent to the player 6a in response.
In the player 6a, the encryption / decryption unit 6a-6 transmits the transfer history to the host authentication A data D2.
Is used as a key to perform DES decryption. Then, the controller 6a-10
Then, it is checked whether or not copying is possible based on these data, and the fact is determined in a predetermined form [9].
b. In the player 6b, in particular, when copying is not possible, the display unit 6b-3 displays the fact through the reproducing unit 6b-8. If copying is permitted, the number of times of transfer of all transfer histories is counted up by one and stored.
Then, the reception of the data is transmitted to the player 6a using a predetermined transmission form "10".

If it is determined that copying is permitted,
Proceeding to the "content transfer" process, the player 6a checks the ticket balance. Control unit 6a-10 of player 6a
Now, check the balance of the ticket in the electronic wallet 6a-2,
It is stored in the storage unit m. At this time, if the reception of the ticket balance is not obtained, the above-described process of the balance transmission request is executed again, and if there is no transmission, the player process is stopped.

Next, the transmission form "1" is sent to the player 6b.
5 ". The player 6b checks the header / content free space of the data stored in the storage unit m, and sends the transmission form “1” to the player 6a.
6 ”to transmit the collation result. The player 6a stores this free space in the storage unit. If there is no transmission, the above-described processing is executed again. If there is still no transmission, the play processing is stopped.

Next, the player 6a requests the player 6b to transmit a built-in content sales ID of a predetermined transmission form "17". When the built-in content sales ID is recorded in the storage unit 6b-5 of the player 6b,
All content sales IDs are DES-encrypted in 16-byte units using the authentication A data D2 used for host authentication as a key, and this data is transmitted to the player 6a using a predetermined transmission form "18". If there is no built-in content sales ID, the fact is transmitted using a predetermined transmission form “18”.

Next, the player 6a sends a predetermined transmission form "19", "20", "21" to the player 6b.
When the sales header, the sales subheader, and the content data are transmitted in sequence, the player 6b responds to the predetermined transmission form "22" to the player 6a.
Is transmitted. Next, the player 6a
Then, the secondary encrypted playback key data in the transfer sales header playback key storage area in the storage unit 6b-5 is transferred to the encryption / decryption unit 6
In a-6, D is set using the ID of the player (6a) as a key.
ES decryption and decryption of the primary encrypted reproduction key data. Then, the primary encrypted reproduction key data is subjected to a secondary DES encryption process again using the ID of the player 6b as a transfer destination as a key, and the secondary encrypted reproduction key data is transmitted to a predetermined transmission form [25]. ] To the player 6b. The player 6b stores the secondary encryption key data in the key data storage area of the sales header of the storage unit 6b-5. Then, when this process ends, a reproduction key data reception notification of a predetermined transmission form “26” is transmitted to the player 6a. Then, in the player 6a, the amount of the sales ticket is reduced by the electronic wallet unit 6a-2, and the transfer history of the transmission content is stored in the storage unit m.
And the IEEE 1 between the player 6a and the player 6b.
Disconnect the 394 interface.

In the above description, the decision box 7
Although the data transfer procedure between the player and the players 6a and 6b has not been described in detail, except for the step of selecting "content transfer" and "edit data transfer" in the kiosk-player data transfer procedure shown in FIG. Form [1]
[12] to [12] are almost the same, and thereafter, for example, the above-mentioned electronic ticket is issued as a process. Therefore, the same applies to the mutual authentication method and the encryption method for transmitting the player ID.

The key data is encrypted and decrypted with the player ID. For example, the storage unit 6 for recording the content data in the players 6a and 6b is used.
If a-5 and 6b-5 are recording media such as a removable memory device, an ID may be assigned to the recording medium, and encryption / decryption may be performed based on the ID. good. When the storage unit 6b-5 is detachable, the content data is recorded in a predetermined area while being encrypted by the XOR operation using the reproduction key as described above, and the header information is encrypted. It may be recorded in a predetermined area as it is.

Further, the above-mentioned editing processing is performed only at the kiosk terminal and the PC client which are the selling terminals, but the present invention is not limited to these, and it is possible to keep the contents data encrypted so as not to be falsified. Any editing device that is devised for copyright management, such as editing the data of the above, may be used.

FIG. 30 is a diagram showing the format of the text data.
As shown in (a), each of the texts “1” to “N” is composed of a plurality of texts “1” to “N”.
As shown in (b), a plurality of text frames “1” to
"N". Text frame "1"
To "N" are the same encryption scheme as used when the content data was encrypted at the time of authoring, and are each composed of 16 bytes, the same as the playback key data. It consists of 12 bytes of text data. The encryption and decryption are performed by using the reproduction key data and the text frame “1” to
This is performed by performing an exclusive OR (XOR) operation for each “N”, that is, for each 16 bytes.

[0074]

As described above, according to the present invention, when a sales terminal copies data with another sales terminal,
The number of copies, the copy history, etc. can be recorded to determine whether or not copying can be performed more than a predetermined number of times, so that the copyright management can be made more reliable, and the information of the copy history is collected by the host device or kiosk terminal. In addition to checking illegal copies, the collected information can be deleted only at the host or kiosk side, making it impossible to access the data from the sales terminal, and illegally transmitting the content data at the sales terminal. There are effects such as prevention of tampering and diversion beforehand.

[Brief description of the drawings]

FIG. 1 is a configuration diagram showing an example of a content sales system via a kiosk terminal to which the present invention is applied.

FIG. 2 is a configuration diagram illustrating an example of an Internet-based content sales system to which the present invention is applied.

FIG. 3 is an explanatory diagram showing a configuration of a sales header distributed to the player of FIG. 1;

FIG. 4 is an explanatory diagram showing a configuration of a sales header given by the authoring of FIG. 1;

FIG. 5 is an explanatory diagram showing a configuration of a sales subheader distributed to the player of FIG. 1;

FIG. 6 is an explanatory diagram showing a configuration of transfer control data in FIGS. 4 and 5;

FIG. 7 is a flowchart showing a primary encryption process of the authoring system of FIGS. 1 and 7;

FIG. 8 is a flowchart showing a secondary encryption process of the kiosk terminal and the Web server shown in FIGS. 1 and 7;

FIG. 9 is a flowchart showing a copy management process and a secondary encryption process of the copy source player in FIGS. 1 and 7;

FIG. 10 is a schematic configuration diagram of a player.

FIG. 11 is an explanatory diagram showing a data transfer procedure between a kiosk and a player.

FIG. 12 is an explanatory diagram showing a continuous procedure of FIG. 11;

FIG. 13 is a configuration diagram of a transfer form.

FIG. 14 is a diagram showing an example of a transmission source code.

FIG. 15 is a diagram showing commands.

FIG. 16 is a diagram illustrating commands other than those in FIG. 15;

FIG. 17 is an explanatory diagram showing processing when transmission of edit data is selected in FIG. 11;

FIG. 18 is an explanatory diagram showing a data transfer procedure between an Internet server, an Internet client, and a player.

FIG. 19 is an explanatory diagram continued from FIG. 18;

FIG. 20 is an explanatory diagram continued from FIG. 19;

FIG. 21 is an explanatory diagram continuing from FIG. 20;

FIG. 22 is an explanatory diagram showing a procedure when content editing / deletion is selected in FIG. 18;

FIG. 23 is a diagram for describing editing processing of a client.

FIG. 24 shows another example of another content selection / purchase.
FIG. 22 is a diagram corresponding to FIGS. 9 to 21.

FIG. 25 is a view continued from FIG. 24;

FIG. 26 is a view continued from FIG. 25;

FIG. 27 is an explanatory diagram showing a transfer procedure between players.

FIG. 28 is an explanatory diagram showing a transfer procedure of another example between players.

FIG. 29 is a diagram continued from FIG. 28;

FIG. 30 is an explanatory diagram showing a format of text data.

[Explanation of symbols]

DESCRIPTION OF SYMBOLS 1 Authoring system (host) 2 Transmission server 3 Uplink center 4 Satellite 5 Kiosk terminal (transfer source terminal, sales terminal) 6a, 6b Player (transfer destination terminal, sales terminal) 6a-1, 6b-1 Data inter transfer Face 6a-2, 6b-2 Electronic wallet 6a-3, 6b-3 Display unit 6a-4, 6b-4 Operation unit 6a-5, 6b-5, m Storage unit 6a-6, 6b-6 Encryption / decryption Conversion unit 6a-7, 6b-7 Data compression / decompression unit 6a-8, 6b-8 Reproduction unit 6a-9, 6b-9 Output terminal 6a-10, 6b-10 Control unit 9 Web server (Internet server) (transfer Former terminal) 10 PC client for Internet service

Claims (5)

[Claims] 1. A sales terminal for use in a contents sales system for supplying contents data from a host device to a sales terminal, wherein each of the contents data is copied between a copy source and a copy destination sales terminal. Means for storing a transfer history including the ID of the copy destination when a copy source is used; transmitting the transfer history to the host device, and based on a control signal supplied from the host device receiving the transfer history. And a means for deleting the transfer history. 2. The contents sales system according to claim 1, further comprising a settlement box for collecting a transfer history of the sales terminal, wherein the means for deleting the transfer history includes a transfer box transmitted from the sales terminal to the settlement box. A seller terminal, wherein the transfer history is deleted based on a control signal supplied from the settlement box from which the history is collected. 3. The copy source terminal according to claim 1 or 2, wherein each time content data is transferred, the copy source terminal stores a retransfer generation indicating the number of copies in a header and transmits the retransfer generation from the copy destination terminal. And a means for determining whether or not copying is possible based on the content information contained in the copy destination terminal and the content information contained in the terminal itself. 4. The host device used in a content sales system for supplying content data from a host device to a selling terminal, wherein the selling terminal transfers the content data to a selling terminal that is a copy source. An apparatus comprising means for storing a data transfer history for each time, when the data transfer history is transmitted from the sales terminal, after receiving the history, the data is stored in the sales terminal. A means for supplying a control signal for deleting the transfer history of the host device. 5. The contents sales system according to claim 4, further comprising a settlement box for collecting a transfer history of data of the sales terminal, wherein when the transfer history of the data is transmitted from the sales terminal, the history is set. A collection box for supplying a control signal for deleting the transfer history of the data to the sales terminal after collecting the data.