JP2001069134A - Infromation transmission system and infromation receiver - Google Patents

Infromation transmission system and infromation receiver

Info

Publication number
JP2001069134A
JP2001069134A JP24229699A JP24229699A JP2001069134A JP 2001069134 A JP2001069134 A JP 2001069134A JP 24229699 A JP24229699 A JP 24229699A JP 24229699 A JP24229699 A JP 24229699A JP 2001069134 A JP2001069134 A JP 2001069134A
Authority
JP
Japan
Prior art keywords
key
content
information
step
signature
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
JP24229699A
Other languages
Japanese (ja)
Inventor
Yoshito Ishibashi
義人 石橋
Original Assignee
Sony Corp
ソニー株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sony Corp, ソニー株式会社 filed Critical Sony Corp
Priority to JP24229699A priority Critical patent/JP2001069134A/en
Priority claimed from CNB008018219A external-priority patent/CN1296846C/en
Publication of JP2001069134A publication Critical patent/JP2001069134A/en
Pending legal-status Critical Current

Links

Abstract

(57) [Summary] [Problem] In an information distribution system for distributing content, even if the expiration date of a distribution key Kd distributed from an information transmission device and other information required for using the content expires, To be available. An information transmission device encrypts a content key with an individual key unique to the information transmission device, and encrypts at least a content key encrypted with the individual key and a distribution key updated at a predetermined cycle. And transmitting the encrypted individual key supplied from outside to the information receiving apparatus, and before the distribution key is updated, the information receiving apparatus By decrypting the content key with the obtained individual key and storing the decrypted content key, the content can be decrypted after the distribution key is updated. Therefore, regardless of the expiration date of the delivery key, the pre-purchased content can be fully purchased.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an information transmission system, and is suitably applied to an information transmission system in which a content holder or a seller can safely deliver contents to content users.

[0002]

2. Description of the Related Art This is a system in which information (content) such as music is encrypted and transmitted to an information processing device of a user who has made a predetermined contract, and the user decrypts and uses the content with the information processing device.

[0003] For example, as shown in Fig. 91, a case where two content transmitting devices and one content receiving device are provided will be described.

[0004] The first content transmission device 300 includes a data encryption unit 301, a data encryption unit 302, a content key generation unit 303, a tamper resistant memory (Tamper Resistant Memor).
y) 304. Note that the tamper-resistant memory here is not limited as long as data cannot be easily read by a third party, and there is no particular hardware limitation (for example, a hard disk or a hard disk in an entry-controlled room). , Password-managed PC hard disk, etc.). The tamper-resistant memory 304 has a content key (Co
ntent Key) Delivery key (Dist) required to encrypt K co
ribution Key) Kd is supplied from an electronic distribution service center (not shown) and stored in advance.

[0005] In order to generate data to be passed to the content receiving device 320, the content transmitting device 300 generates a content key K co1 using the content key generating unit 303, and uses the key to encrypt the content in the data encryption unit 301. Encrypt. The content key K co1 is encrypted by the data encryption unit 302 using the distribution key K d . The encrypted content and the content key K co1 are transmitted to the content receiving device 320.

[0006] The second content transmission device 310
Has a data encryption unit 311, a data encryption unit 312, a content key generation unit 313, and a tamper-resistant memory 314, and generates a content key K co2 in the content key generation unit 313. The content is encrypted by the data encryption unit 311 using the key. The data encryption unit 312 encrypts the content key K co2 using the distribution key K d supplied from the electronic distribution service center (not shown). Thus, the second content transmitting device 310 transmits the encrypted content and the encrypted content key K co2 to the content receiving device 3.
20.

[0007] The content receiving apparatus 320
21, upper controller 322, encryption processing unit 323, memory 324, data decryption unit 325, data decryption unit 32
6. It has a tamper-resistant memory 327. In addition, since the content users are unspecified and numerous, and it is not possible to understand how the content users handle the device, the tamper-resistant memory here needs to protect internal data by hardware, Therefore, the cryptographic processing unit 323 is a semiconductor chip having a structure that is difficult to access from the outside, has a multilayer structure, and has a tamper-resistant memory inside it is sandwiched between dummy layers such as an aluminum layer. It has characteristics that it is difficult to read data illegally from the outside, such as a narrow frequency range. The tamper-resistant memory 327 stores a distribution key Kd supplied in advance from an electronic distribution service center (not shown).

[0008] The contents transmitting devices 300 and 31
Although the tamper-resistant memories 304 and 314 of 0 are memories that can be accessed from the outside, restrictions are imposed on the access method. It is a password or room management. On the other hand, the tamper-resistant memory 327 of the content receiving device 320 has a structure in which the memory itself is not illegally accessed from the outside, and a method of reading internal data from the outside by a proper access means is limited or not at all. Note that the tamper-resistant memory 327 cannot read its internal data at all from the outside, but there is a case where there is an access method that can only change the data from the outside by using the previous key data or the like. Further, in the encryption processing unit 323, while it is possible to access a memory and read out predetermined data, it is configured such that an internal memory cannot be read from the outside.

[0009] The content and the content keys K co1 and K co2 transmitted from the content sender 300 or 310 are received by the transmission / reception unit 321 and delivered to the upper controller 322. Host controller 322
Stores these data in the memory 324 once,
When using the content, the content key K co and the content are delivered to the encryption processing unit 323. Encryption unit 323 which received this, decrypted by using the distribution key K d that has been stored in advance in the tamper resistant memory 327 by the data decoding unit 325, continue using the content key K co with content data decoder 326 Decrypt and use the content. At this time, a billing process may be involved.

[0010]

However, FIG.
In the conventional information processing system shown in (1), since the content transmission devices 300 and 310 use the same delivery key Kd , there is a problem that the content information can be stolen from each other. One method for solving this problem is to use a different delivery key K for each content transmission device.
A method for preventing the plagiarism of the content information between the transmission devices by using d is considered. However, in this case, it is necessary for the content receiving device to hold all the delivery keys Kd , and there has been a problem that the configuration of the receiving device and the receiving method are complicated accordingly.

[0011] Further, the delivery key Kd and other information necessary for using the content delivered from the information transmitting apparatus are updated at a predetermined timing, and the new delivery key Kd and other information are stored. It is difficult for an information receiving apparatus that does not use the content to use the content.

[0012]

In order to solve the above-mentioned problems, according to the present invention, an information transmitting apparatus encrypts a content key with an individual key unique to the information transmitting apparatus, and at least encrypts the content key with the individual key. An externally supplied encrypted individual key obtained by encrypting the individual key with a distribution key updated at a predetermined cycle is transmitted to the information receiving apparatus, and the information receiving apparatus transmits, before the distribution key is updated, By decrypting the individual key with the given distribution key, decrypting the content key with the decrypted individual key, and storing the decrypted content key, decrypt the content after the distribution key is updated be able to. Therefore, regardless of the expiration date of the delivery key, the pre-purchased content can be fully purchased.

[0013]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, an embodiment of the present invention will be described in detail with reference to the drawings.

(1) Information Distribution System FIG. 1 shows an EMD (Electronic Music Distr) to which the present invention is applied.
FIG. 1 is a diagram illustrating an electronic music distribution system 10. The content delivered to the user in this system is digital data in which the information itself has value. In this example, one content is one digital content.
This is equivalent to music data for a song. As for content, one content is provided to the user as one unit (single) or a plurality of contents are provided as one unit (album). The user purchases the content (actually, purchases the right to use the content key K co) and uses the provided content (actually, decrypts the content using the content key K co and uses the content. Do). Of course, the present invention can be applied not only to music data but also to all sales of contents such as videos and game programs.

[0015] Electronic Distribution Service Center (END Service Ce)
nter) 1 is a content provider (Content Provide)
r) The individual key K i and the public key certificate of the content provider 2 are transmitted to 2 and the service provider (Service Provider)
er) 3 to transmit the public key certificate of the service provider 3 and to the user home network 5 the delivery key K d
And registration information are transmitted from the user home network 5, and billing information or the like corresponding to the use of the content is received. The usage fee is settled based on the billing information. The profit distribution process is performed for the service center 1 itself.

The content provider 2 has digitized content and uses a digital watermark (Watermark) to prove that the content is its own.
ark)) into the content, compress the content,
And encrypts the content, generates a content handling policy, adds the signature data, and transmits it to the service provider 3.

The service provider 3 adds price information to the content supplied from the content provider 2 via a network 4 including a dedicated cable network, the Internet, satellite communication, or the like, and adds signature data to the content. , To the user home network 5.

The user home network 5 obtains the content sent from the service provider 3 with the price information, purchases the right to use the content, and executes the purchase process. The purchased use right is, for example, a reproduction use right or a copy right. Then, the billing information generated by the purchase processing, the devices that holds the user, are stored in the tamper resistant memory in the cryptographic processing section, when the user home network 5 obtains the distribution key K d from the electronic distribution service center 1 , Electronic Distribution Service Center 1
Sent to.

FIG. 2 is a block diagram showing a functional configuration of the electronic distribution service center 1. As shown in FIG. The service provider management unit 11 supplies the service provider 3 with the public key certificate and profit sharing information of the service provider 3 and receives information (price information) attached to the content as necessary. The content provider management unit 12
Individual key K i in the content provider 2, the delivery key K d and transmits the public key certificate of the encrypted individual key K i and the content provider 2, and supplies the information of benefit distribution, with the content as required Received information (handling policy). The copyright management unit 13 stores information indicating the result of use of the content of the user home network 5 into an organization that manages copyright, for example, JASRAC (Japanese).
Society for Rights of Authors, Composers and Publ
ishers: Japan Music Copyright Association). Key server 1
4, generation of keys used for all systems, hold, and performs management, for example, with different individual key K i is generated for each content provider, the delivery key K d in encrypted individual key K i also generated together, they are supplied to the content provider 2 via the content provider management section 12, it is further supplied to the distribution key K d individual key encrypted with K i also certificate authority 22 as required, shipping Key K d
Is supplied to the user home network 5 via the user management unit 18. Also, the public key / private key of the electronic distribution service center 1 and the public key /
All private keys are also generated and managed, and the public key is transmitted to the certificate authority 22 and used for creating a public key certificate. Also, a storage key K corresponding to a device-specific ID unique to the encryption processing unit 92 described later.
In some cases, save is created and saved .

An example of periodic transmission of a key from the electronic distribution service center 1 to the content provider 2 and a home server 51 (described later) constituting the user home network 5 will be described with reference to FIGS. . FIG. 3 shows that the content provider 2 starts providing the content, and the home server 51 constituting the user home network 5 starts using the content.
In the month, the delivery key K d of the delivery key K d of the electronic distribution service center 1, the individual key K i, the individual key K i has the content provider 2, and the home server 51 has
FIG. Although not less, the content provider 2, corresponding to the individual key K i, the delivery key K d in encrypted individual key K i is also assumed to hold.

In the example of FIG. 3, the delivery key K d and the individual key K
i can be used from the first day of the calendar month to the last day of the month, and is, for example, “aaaaaa” which is a random number having a predetermined number of bits.
delivery key K d that is version 1 having a value of “aaa”, version 1 having a value of “zzzzzzzz”
The individual key K i is 2000
Can be used until January 31, 2000 (that is, the content key K co for encrypting the content distributed by the service provider 3 to the user home network 5 during the period from January 1, 2000 to January 31, 2000 is the version it is encrypted with the individual key K i is 1, the individual key K i is version 1, is encrypted) the delivery key K d is version 1, is a random number of a predetermined number of bits "bbb
distribution key K which is version 2 having a value of bbbbbb "
d, "yyyyyyyy" individual key K i is a version 2 with a value of, available from February 1, 2000 to February 29, 2000 (ie, service provider 3 in the period to the user home network 5 the content key K co for encrypting the content to be distributed is encrypted with the individual key K i is version 2, the individual key K i is version 2, encrypted with the distribution key K d is version 2 ). Similarly, the delivery key K d is version 3, the individual key K i is available during March 2000, the delivery key K d is version 4, the individual key K i can be used during the April 2000 , and the delivery key K d is the version 5, the individual key K i is available in may 2000, is a version 6 delivery key K d, individual key K i
Is available during June 2000.

Before the content provider 2 starts providing content, the electronic distribution service center 1
Has provided content provider 2 with 6
Versions 1 through 6 available until March
One of the transmitted and the individual key K i, which is encrypted respectively with the same version of the distribution key K d, the content provider 2, six individual keys K i and the delivery key K d in encrypted individual key K i Received and stored. June individual key K i
The reason for storing the individual key Ki encrypted with the delivery key Kd is that the content provider 2 requires a predetermined period for preparing the content and the content key Kco before providing the content. That's why.

Before the home server 51 starts using the content, the electronic distribution service center 1
Transmits three available delivery keys Kd , which are available versions 1 to 3, from January 2000 to March 2000 to the home server 51, and the home server 51
The three delivery keys Kd are received and stored. The storage key Kd for March is stored even during the contract period during which the content can be purchased due to troubles such as the home server 51 being unable to connect to the electronic distribution service center 1 due to line congestion or the like. Regardless, this is to avoid situations such as the inability to purchase content, reduce the frequency of connection to the electronic distribution service center 1, suppress the simultaneous access of individual devices to the electronic distribution service center 1, and perform electronic distribution. This is to reduce the load on the service center 1.

From January 1, 2000 to January 3, 2000
The period of one day, the delivery key K d and the individual key K i is version 1, the electronic distribution service center 1, content provider 2, are utilized in the home server 51 constituting the user home network 5.

[0025] in February 2000 1, it described the content provider 2 of the delivery key K d and the individual key K i of the electronic distribution service center 1, and sent to the home server 51 in Figure 4. Electronic distribution service center 1, the content provider 2, available until July 2000 from February 2000, six of the individual key K i of version 2 to version 7, the delivery key K of the same version, respectively
The content encrypted by d is sent to the content provider 2
The six individual keys K i and distribution key K receives the encrypted individual key K i by d, the individual key K i stored before the reception
And it overwrites the delivery keys K d in the encrypted individual key K i, and stores the encrypted individual key K i in the new individual keys K i and the delivery key K d. The electronic distribution service center 1
From February 2000 to April 2000, the home server 51 transmits three available delivery keys Kd , which are available version 2 to version 4, and the home server 51 receives the three delivery keys Kd , Delivery key K stored before reception
overwrite d, stores the new delivery key K d. The electronic distribution service center 1 has a distribution key K of version 1 to version 7.
d and the individual key Ki are stored as they are. This is to make it possible to use the delivery key Kd used in the past when an unexpected trouble occurs, or when a fraud occurs or is found.

From February 1, 2000 to February 2, 2000
The period of 9 days, the delivery key K d and the individual key K i is version 2, the electronic distribution service center 1, content provider 2, are utilized in the home server 51 constituting the user home network 5.

[0027] in the March 1, 2000, describing the content provider 2 of the delivery key K d and the individual key K i of the electronic distribution service center 1, and sent to the home server 51 in Figure 5. Electronic distribution service center 1, the content provider 2, available from March 2000 to August 2000, six of the individual key K i of version 3 to version 8, the delivery key K of the same version, respectively
The content encrypted by d is sent to the content provider 2
The six individual keys K i and distribution key K receives the encrypted individual key K i by d, the individual key K i stored before the reception
And it overwrites the delivery keys K d in the encrypted individual key K i, and stores the encrypted individual key K i in the new individual keys K i and the delivery key K d. The electronic distribution service center 1
From March 2000 to May 2000, the home server 51 transmits three available delivery keys Kd , which are available versions 3 to 5, and the home server 51 receives the three delivery keys Kd , Delivery key K stored before reception
overwrite d, stores the new delivery key K d. The electronic distribution service center 1 has a distribution key K of version 1 to version 8.
d and the individual key Ki are stored as they are. This is to make it possible to use the delivery key Kd used in the past when an unexpected trouble occurs, or when a fraud occurs or is found.

From March 1, 2000 to March 3, 2000
The period of one day, the delivery key K d and the individual key K i is version 3, the electronic distribution service center 1, content provider 2, are utilized in the home server 51 constituting the user home network 5.

[0029] in 2000 April 1, illustrating the content provider 2 the distribution key K d and the individual key K i of the electronic distribution service center 1, and the transmission to the home server 51 in FIG. Electronic distribution service center 1, the content provider 2, available from April 2000 until September 2000, six of the individual key K i of version 4 to version 9, the delivery key K of the same version, respectively
The content encrypted by d is sent to the content provider 2
The six individual keys K i and distribution key K receives the encrypted individual key K i by d, the individual key K i stored before the reception
And it overwrites the delivery keys K d in the encrypted individual key K i, and stores the encrypted individual key K i in the new individual keys K i and the delivery key K d. The electronic distribution service center 1
The home server 51 transmits three delivery keys Kd of version 4 to version 6, which are available from April 2000 to June 2000, to the home server 51, and the home server 51 receives the three delivery keys Kd , Delivery key K stored before reception
overwrite d, stores the new delivery key K d. The electronic distribution service center 1 has a distribution key K of version 1 to version 9.
d and the individual key Ki are stored as they are. This is to make it possible to use the delivery key Kd used in the past when an unexpected trouble occurs, or when a fraud occurs or is found.

From April 1, 2000 to April 3, 2000
During the period of day 0, the delivery key K d and the individual key K i is version 4, the electronic distribution service center 1, content provider 2, are utilized in the home server 51 constituting the user home network 5.

As described above, the delivery key K of the previous month is
By distributing d and the individual key K i , even if the user has not accessed the center at all for one or two months, the user can purchase the contents for the time being and access the center at an appropriate time. You can receive the key.

The history data management unit 15 (FIG. 2) of the electronic distribution service center 1 includes billing information, which is information indicating the actual use of the content collected by the user management unit 18, and a price corresponding to the content if necessary. Information (either or both of the information sent from the service provider 3 and the information sent by the user added to the billing information),
And holding and managing the handling policy (one or both of the one sent from the content provider 2 and the one added by the user to the billing information) corresponding to the content as needed, and The data is output when the provider management unit 11 or the content provider management unit 12 uses the billing information, the usage history, and the like. The price information and the handling policy may not be sent from the service provider 3 or the content provider 2 when necessary data is written in the billing information. The profit distribution unit 16 is supplied from the history data management unit 15,
The profit of the electronic distribution service center 1, the content provider 2, and the service provider 3 is calculated based on the billing information, the price information as needed, and the handling policy.
These pieces of information are supplied to the accounting section 20 and profit sharing may be performed via the accounting section 20. However, the profit sharing is not performed, and only the information is stored in the service provider management section 1.
1, content provider management unit 12, copyright management unit 1
3 and the sales itself may be credited to the service provider, and the service provider 3 may distribute the profit to each beneficiary. The mutual authentication unit 17 performs mutual authentication, which will be described later, with predetermined devices of the content provider 2, the service provider 3, and the user home network 5.

The user management unit 18 has a user registration database. When a registration request is received from a device in the user home network 5, the user management unit 18 searches the user registration database and registers the device in accordance with the recorded contents. Or create registration information such as rejecting registration. When the user home network 5 is composed of a plurality of devices having a function capable of connecting to the electronic distribution service center 1, the user management unit 18 defines a device for performing payment in registration information, registers a payment ID, and registers a payment ID. Further, the content purchase processing operation is specified, the range of devices constituting the user home network is specified, information such as transaction suspension is specified, and the predetermined device (settlement-enabled device) of the user home network 5 is specified. Send.

The example of the user registration database shown in FIG. 7 shows the registration status of each network group constructed in the user home network 5, and each group has a group ID indicating a group ID, a home network, and the like. 5, an ID unique to the devices constituting the device 5, and corresponding to the ID (that is, for each device having the ID), whether or not connection to the electronic distribution service center 1 is possible, whether or not settlement processing is possible, Information such as whether or not purchase is possible, which device performs settlement processing, which device requests content purchase, whether registration is possible, and the like are recorded.

The group ID recorded in the user registration database is assigned to each user home network.
Settlement and information updating are performed in this group unit. Therefore, in principle, the representative device in the group performs communication, settlement processing, and information update with the electronic distribution service center 1 collectively, and the other devices in the group use the electronic distribution service center 1.
Do not communicate directly with The ID recorded in the user registration database is the ID assigned to each device.
D, used to identify the device.

The information on whether or not connection with the electronic distribution service center 1 is possible recorded in the user registration database indicates whether or not the device is physically connectable with the electronic distribution service center 1. Even devices that are recorded as connectable are not connected to the electronic distribution service center 1 in principle except for devices that can be settled. If the operation stops, the electronic distribution service center 1 may be temporarily connected as a proxy.) In addition, the device recorded as being unable to connect outputs billing information and the like to the electronic distribution service center 1 via the device capable of performing payment processing in the user home network 5.

The information on whether or not settlement processing is possible, which is recorded in the user registration database, indicates whether or not the device is capable of settlement. When the user home network 5 is composed of a plurality of devices capable of purchasing content usage rights, one device capable of performing payment processing among the devices is
The accounting information, the price information if necessary, and the handling policy of all the devices registered in the electronic distribution service center 1 of the user home network 5 are transmitted to the electronic distribution service center 1, and the settlement processing is completed. The distribution key K d and the registration information are received from the electronic distribution service center 1. By doing so, the processing of the electronic distribution service center 1 is reduced as compared with performing the processing for each device.

The information on whether or not the purchase process is possible recorded in the user registration database indicates whether or not the device can purchase the right to use the content. In the case of non-purchasable devices, substitute purchase of usage rights from other purchaseable devices (meaning that the right is purchased with another device and all of the rights are transferred; no rights remain on the supplier side). Distribution (This is a method of purchasing the content usage rights already purchased again with the same usage rights or different usage rights and supplying them to another device. At this time, there is no right left on the supplying side. The main purpose is to provide a discount.The condition that a discount privilege can be received is provided for a group using the same payment ID. The processing load on the electronic distribution service center 1 is reduced, so that a discount can be obtained in exchange for it, or management transfer (movement of content reproduction right, especially indefinite reproduction right) can be performed. However, the playback right transmitter manages which device is the playback right receiver, and if the playback right is not returned, the management right cannot be moved again. Is managed, the management movement cannot be performed again, and only the reproduction right transmitter that has given the reproduction right can only return the reproduction right) to obtain the content use right.

Here, the method of using / the right to use the content and the method of purchasing the content will be briefly described. There are two methods of using the content: one in which the right to use the content is managed and held by the user, and the other, in which the right to use held by the other device is used and used by the own device. The right to use the content includes unlimited playback rights (ones with no restrictions on the content playback period and number of times,
In the case of music content, it is played back, but it is executed in a game program, etc.), a time-limited playback right (a period during which the content can be played is limited), a number-limited playback right (the number of times the content can be played is limited). Limited), unlimited copy right (unlimited copy time and number of contents), limited copy right (limited copy number of contents) (copy right has no copy management information Copy right, copy right with copy management information (SCMS)
, Etc. (there are also duplication rights for exclusive media, etc.) (and there are also times-limited duplication rights in some cases), and management transfer rights. As for the method of purchasing the usage right, in addition to the normal purchase of purchasing these usage rights directly, the content of the usage right that has already been purchased is changed to another content, and the content of the usage right that has already been purchased with another device is used. There are redistribution in which the usage right is separately purchased based on the right, proxy purchase in which the purchase of the usage right is performed on behalf of another device, and album purchase in which a plurality of content usage rights are collectively purchased and managed.

[0040] The information recorded in the user registration database and recorded in the proxy settlementr is the ID of the device for which the billing information generated when the right to use the content is purchased is transmitted to the electronic distribution service center 1 as a proxy. Is shown.

The information recorded in the user registration database for the proxy purchaser indicates the ID of the device that purchases the usage right on behalf of the device that cannot purchase the usage right for the content. However, when all the devices in the group that can be purchased are determined to be proxy purchasers, there is no particular need to record them.

The information as to whether or not registration is possible, which is recorded in the user registration database, is based on information such as unpaid charges and fraudulent processing supplied from a settlement institution (for example, a bank) or a credit card company. Be updated. In response to a request to register a device having an ID recorded as unregisterable, the user management unit 18 rejects the registration, and the device whose registration is rejected will only be able to purchase the contents of this system. Not home user network 5
Data transmission to and from other devices within the network will also be disabled. In some cases, the use of the purchased content may be restricted (however, the device may be brought into the electronic distribution service center 1 or the like, and may be re-registered after the inspection or the like is completed). In addition to "registration possible" and "registration not possible",
There may also be states such as "payment not processed" and "pause".

The user management unit 18 is supplied with charging information, registration information, and price information and a handling policy as necessary from the device of the user home network 5, and manages the charging information, the price information, and the handling policy in the history data. The distribution key K d and the registration information are supplied to the unit 15 and the device of the user home network 5. The supply timing will be described later.

Here, the registration information will be described with reference to FIG. The registration information in FIG. 8 has a payment ID and a signature added thereto in addition to the information in the user registration database, and includes only information on the same payment group. The settlement ID indicates an ID in a user information database (for example, a bank account number or a credit card number) of a user used by the billing unit 19 and the accounting unit 20 when performing settlement.
The generation of the signature will be described later.

Returning to FIG. 2 again, the billing unit 19 calculates the billing to the user based on the billing information, the price information if necessary, and the handling policy supplied from the history data managing unit 15. The result is supplied to the accounting unit 20. Also, the settlement information is provided to the user via the user management unit 18 as necessary. The accounting unit 20 is configured to withdraw money to the user, the content provider 2 and the service provider 3,
Based on the amount of the usage fee to be collected, it communicates with an external bank or the like (not shown) to execute the settlement processing. In addition, accounting section 20
Will send all of the sales to Service Provider 3,
There is a case where the service provider 3 distributes the profit based on the distribution information transmitted via the profit distribution unit 16. The audit unit 21 determines the accounting information, price information, and handling policy supplied from the device of the user home network 5 based on the handling policy supplied from the content provider 2 and the price information supplied from the service provider 3. Audit gender.

The processing performed by the auditing unit 21 includes checking the consistency between the amount received from the user home network 5 and the total amount of profit distribution or the amount sent to the service provider 3 or the user home network. For example, there is a process of inspecting whether or not the data in the billing information supplied from the device No. 5 includes, for example, a content provider ID, a service provider ID, an unusable share, a price, and the like that cannot exist.

The certificate authority 22 generates a certificate of the public key supplied from the key server 14 and
A public key certificate to be supplied to the service provider 3 and stored in the large-capacity storage unit 68 (described later) of the home server 51 or the small-capacity storage unit 75 (described later) of the stationary device 52 when the user device is manufactured is also generated. . If the content provider 2 does not author the content, there are a content server 23 and a content authoring 24 that hold the content as an alternative method.

FIG. 9 is a block diagram showing a functional configuration of the content provider 2. Content server 31
Stores the content to be supplied to the user and supplies it to the digital watermark (watermark) adding unit 32. The digital watermark adding unit 32 inserts the content provider ID indicating that the content belongs to the content supplied from the content server 31 in the form of a digital watermark, and supplies the content to the compression unit 33. The compression unit 33 converts the content supplied from the digital watermark adding unit 32 into an ATRAC (Adaptive Transfo
The content is compressed by a method such as rm Acoustic Coding (trademark) and supplied to the content encryption unit 34. Incidentally, as a compression method, a method such as MP3 or AAC can be used instead of ATRAC. The content encryption unit 34 uses the key supplied from the content key generation unit 35 (hereinafter, this key is referred to as a content key K co ) to convert the content compressed by the compression unit 33 into a DES (Data Encryption Standard) or the like. , And outputs the result to the signature generation unit 38.

The content key generation unit 35 generates a random number of a predetermined number of bits to be the content key K co, and among them, generates a weak key (for example, K co = 1E1E1E1E0E0E0E0E).
And a bit string that is not suitable for encryption, such as EE01EE00EF00EF0 or the like, is supplied to the content encryption unit 34 and the content key encryption unit 36. When an encryption algorithm without such an inappropriate bit string is used, the processing for removing the inappropriate bit string is unnecessary. The content key encryption unit 36 converts the content key K co into a D key using the individual key K i supplied from the electronic distribution service center 1.
The data is encrypted by a common key encryption method such as ES, and the result is output to the signature generation unit 38. By the way, the encryption method is D
Not only ES but also RSA (Rivest, Shamir, Adleman
) May be used.

The DES is a cryptographic method in which a 64-bit plaintext is processed as one block using a 56-bit common key. The DES process is composed of a part that converts plain text into ciphertext (data stirring unit) and a part that generates a key (enlarged key) used by the data stirring unit from a common key (key processing unit). Since all the algorithms of the DES are disclosed, the basic processing of the data agitation unit will be briefly described here.

First, the plaintext 64 bits are divided into upper 32 bits H0 and lower 32 bits L0. Using the 48-bit expanded key K1 and the lower 32 bits L0 supplied from the key processing unit as inputs, the output of the F function that mixes the lower 32 bits L0 is calculated. The F function is
It is composed of two types of basic conversion, "substitution" for replacing a numerical value with a predetermined rule and "transposition" for replacing a bit position with a predetermined rule. Next, the upper 32 bits H0 and F0
The output of the function is XORed and the result is L1. L0 is set to H1.

Based on the upper 32 bits H0 and the lower 32 bits L0, the above processing is repeated 16 times, and the obtained upper 32 bits H16 and lower 32 bits L1 are obtained.
6 is output as a ciphertext. Decryption is realized by reversing the above procedure using the common key used for encryption.

In the present embodiment, DES is shown as the common key encryption, but FEAL proposed by NTT (trademark) is used.
(Fast Encryption Algorithm), IDEA (Internat
ional Data Encryption Algorithm), E2, and AES (Advanced Encryption Standa
rd).

The handling policy generation unit 37 generates a handling policy for the content, and outputs the handling policy to the signature generation unit 38 corresponding to the content to be encrypted. The handling policy generation unit 37 may supply the generated handling policy to the electronic distribution service center 1 via a communication unit (not shown).
The data is kept and managed. Signature generation unit 38
Adds an electronic signature to the encrypted content, the encrypted content key K co , the encrypted individual key K i , and the handling policy, and sends the service provider 3 with the certificate Ccp of the content provider 2 ( Thereafter, the contents obtained by adding an electronic signature to each of the encrypted content, the encrypted content key K co , the encrypted individual key Ki , and the handling policy using the secret key of the content provider 3 are referred to as the content. Provider Secure Container). Instead of separately adding signatures to individual data, one signature may be added to the entire data.

The mutual authentication section 39 mutually authenticates with the electronic distribution service center 1 and, if necessary, mutually authenticates with the service provider 3 before transmitting the content provider secure container to the service provider 3. Memory 40A, since the content provider 2 holds the individual key K i that must be kept secret, but the tamper-resistant memory is desirable not read data easily to a third party, in particular hardware limitations Not required (for example,
A hard disk in a room where entry control is performed, or a hard disk of a personal computer with password management may be used.) The memory 40B is the delivery key K d in encrypted individual key K i, for a public key certificate of the content provider 2 is only stored, it is a normal anything good such as the storage device (public information , No need to keep it secret).
Note that the memories 40A and 40B may be one.

The signature is data to be attached to data or a certificate to be described later to check for falsification and authenticate the creator. Created using a private key.

The hash function and the signature will be described.
The hash function takes the given data you want to send as input,
This is a function that compresses data of a predetermined bit length and outputs it as a hash value. The hash function has difficulty in predicting an input from a hash value (output). When one bit of data input to the hash function changes, many bits of the hash value change, and the same hash value is obtained. It has the feature that it is difficult to find the input data that it has. MD (Message Digest) as a hash function
4, MD5, SHA (Secure Hash Algorithm) -1 and the like.

The signature generator 38 of the transmitting device (content provider 2) that transmits data and signature generates a signature using, for example, elliptic curve cryptography, which is a public key cryptosystem. This processing will be described with reference to FIG. 10 (EC-DSA (El
liptic Curve Digital Signature Algorithm), IEEE P
1363 / D3). In step S1, M is a message, p is a characteristic, a and b are coefficients of an elliptic curve (elliptic curve: y 2 = x 3 +
ax + b), G is the base point on the elliptic curve, r is G
Of order, and the secret key of the K s (0 <K s < r) of. In step S2, a random number u is generated by a random number generation unit such that 0 <u <r. In step S3, a coordinate obtained by multiplying the base point by u is calculated. Note that addition and doubling on an elliptic curve are defined as follows.

P = (X 0 , Y 0 ), Q = (X 1 ,
Y 1 ), R = (X 2 , Y 2 ) = P + Q, and when P ≠ Q, X 2 = λ 2 −X 0 −X 1 Y 2 = λ (X 0 −X 2 ) −Y 0 λ = (Y 1 −Y 0 ) / (X 1 −X 0 ) When P = Q, X 2 = λ 2 −2X 0 Y 2 = λ (X 0 −X 2 ) −Y 0 λ = (3X 0 2 + a ) / 2Y 0 , and calculate u times of the point G using these (slower, but the most obvious operation method is as follows. Calculate G, 2G, 4G,. (2 i ) × G corresponding to the position where “1” stands after being developed (i is a bit position when counted from the LSB of u)). In step S4, c = Xv mod r is calculated. In step S5, it is determined whether or not this value is 0. If not 0, the process proceeds to step S6, where the hash value of the message M is calculated, and f = SHA- 1 (M). Next, step S
7, d = [(f + cK s ) / u] mod r
Is calculated, and it is determined whether or not d is 0 in step S8. If d is not 0, c and d are used as signature data. Assuming that r is 160 bits long, the signature data is 320 bits long.

If c is 0 in step S5, the process returns to step S2 to generate a new random number again. Similarly, if d is 0 in step S8, the process returns to step S2 to generate a random number again.

The receiving device (user home network 5) that has received the signature and the data verifies the signature using, for example, elliptic curve cryptography that is a public key cryptosystem. This processing will be described with reference to FIG. In step S10, M is a message, p is a characteristic, a and b are coefficients of an elliptic curve (elliptic curve: y 2 = x 3 + ax + b), G is a base point on the elliptic curve, and r is G Orders of G and K
s G and a public key (0 <K s <r) . Step S11
Checks whether the signature data c and d satisfy 0 <c and d <r. If this is satisfied, in step S12,
The hash value of the message M is calculated, and f = SHA-1
(M). Next, in step S13, h = 1 / dm
od r is calculated, and in step S14, h 1 = fh, h
2 = Calculate ch mod r. In step S15, using h 1 and h 2 already calculated, P = (X
p, calculates the Y p) = h 1 G + h 2 K s G. Since the signature verifier knows the public keys G and KsG, this calculation can be performed similarly to step S3. And step S
At 16, it is determined whether or not P is an infinity point, and if not, the process proceeds to step S17 (actually, the determination of the infinity point can be made at step S15. That is, P = (X,
When the addition of Y) and Q = (X, -Y) is performed, it is known that the aforementioned λ cannot be calculated, and that R is a point at infinity. In step S17, X p mod r is calculated, and the signature data c
Compare with If the values match, step S1
Proceed to 8 to determine that the signature is correct.

When it is determined that the signature is correct, it is understood that the received data is not falsified and is data transmitted from the transmitting device that holds the private key corresponding to the public key.

If the signature data c and d do not satisfy 0 <c and d <r in step S11, the process proceeds to step S19. Also, in step S16, if P is a point at infinity, the process proceeds to step S19. Furthermore, if the value of X p mod r does not match the signature data c in step S17, the process proceeds to step S19. In step S19, it is determined that the signature is not correct.

If it is determined that the signature is not correct, it is understood that the received data has been falsified or is not data transmitted from the transmitting device that holds the private key corresponding to the public key.

Although SHA-1 is used as a hash function in this embodiment, any function such as MD4 and MD5 may be used. Further, the generation and verification of the signature may be performed using RSA encryption (ANSI X
9.31-1).

Next, the encryption / decryption of the public key cryptosystem will be described. In contrast to a common key cryptosystem using the same key (common key) for encryption and decryption, the public key cryptosystem uses a different key for encryption and a different key for decryption. If public key cryptography is used, one of the keys can be kept open or the other kept secret.
The key that is called the public key and keeps the other secret is called the secret key.

A typical elliptic curve encryption method among public key cryptosystems will be described. In FIG. 12, step S20
Where M x and My are the message, p is the characteristic, a and b are the coefficients of the elliptic curve (elliptic curve: y 2 = x 3 + ax + b), G is the base point on the elliptic curve, and r is the order of G , G and K s G are public keys (0 <K s <r). Step S2
A random number u is generated by 1 so that 0 <u <r. In step S22, a coordinate V obtained by multiplying the public key K s G by u is calculated.
Note that the scalar multiplication on the elliptic curve is the same as the method described for the signature generation, and a description thereof will be omitted. In step S23, the X coordinate of V and X 0 sought remainder in M x times to p. The Y coordinate of the V and M y times in step S24 and Y 0 seek remainder by p. Incidentally, if the length of the message is less than the number of bits of p, M y uses a random number, so as to discard the M y in the decoding unit. In step S25, uG is calculated, and in step S26, the ciphertext uG,
(X 0 , Y 0 ) is obtained.

Here, regarding the decryption of the public key cryptosystem,
This will be described with reference to FIG. In step S30, u
G, (X 0 , Y 0 ) is ciphertext data, p is characteristic, a, b
Is the coefficient of the elliptic curve (elliptic curve: y 2 = x 3 + ax +
b), the base point on the elliptic curve G, of order of the r G, and private key K s (0 <K s < r). Step S
In 31, the secret key K s double the encryption data uG. In step S32, the X coordinate of (X 0 , Y 0 ) is extracted from the encrypted data, and X 1 = X 0 / X v mod p is calculated. In step S33, Y 1 = Y 0 / Y v
Calculate mod p. Then, at step S34, X
1 and M x, retrieve the message to Y 1 as M y. In this case, if you did not the M y in the message,
Y 1 is discarded.

As described above, in the public key cryptosystem, the secret key is set to K s and the public key is set to G and K s G, so that the key used for encryption and the key used for decryption are different keys. be able to.

As another example of the public key cryptosystem, R
SA cryptography (Rivest, Shamir, Adleman) is known.

FIG. 14 is a block diagram showing a functional configuration of the service provider 3. As shown in FIG. Content server 41
Stores the public key certificate of the content provider 2 and the encrypted content supplied from the content provider 2. The public key certificate of the content provider 2 is verified by the certificate checking unit 42 with the public key of the certificate authority 22. If the verification is successful, the public key of the content provider 2 is verified by the signature verification unit 43.
To supply. The signature verification unit 43 verifies the signature of the content provider 2 with respect to the handling policy stored in the content server 41 using the public key of the content provider 2 verified earlier. To the attachment section 44. Pricing unit 44
In, the price information is created from the handling policy and supplied to the signature generation unit 45. In the signature generation unit 45, a tamper-resistant memory (not shown) (40A in the content provider 2)
Using the private key of the service provider 3 held in the same manner as described above, a signature for the price information is generated (hereinafter, the content provider secure container and the electronic signature added to the price information using the private key of the service provider 3). , Service provider secure container). Instead of adding a signature to the price information, one signature may be generated for the content provider secure container and the entire price information. Then, the service provider secure container, the public key certificate of the content provider 2, and the public key certificate of the service provider 3 are supplied to the user home network 5 via the network 4 (FIG. 1). Mutual authentication unit 46
Mutually authenticates with the electronic distribution service center 1 and, if necessary, with the user home network 5 via the content provider and the Internet or cable communication as required.

FIG. 15 is a block diagram showing the configuration of the user home network 5. The home server 51 receives the secure container including the content from the service provider 3 via the network 4, purchases the right to use the content, and exercises the right to decrypt, decompress, reproduce, and copy the content. .

The communication unit 61 communicates with the service provider 3 or the electronic distribution service center 1 via the network 4.
And receive or transmit predetermined information. The host controller 62 receives the signal from the input unit 63, displays a predetermined message or the like on the display unit 64, performs a content use right purchase process or the like using the encryption processing unit 65, and sends the content to the decompression unit 66. The encrypted content read from the capacity storage unit 68 is supplied, and the encrypted content and the like are stored in the large capacity storage unit 68. The input means 63
A signal from the remote controller and input data from the input button are transmitted to the host controller 62. The display means 64 is constituted by a display device such as a liquid crystal display,
Instruct the user or display information. The input unit 63 and the display unit 64 may be a touch panel type liquid crystal display or the like as needed, and may be integrated into one. The cryptographic processing unit 65 mutually authenticates with the service provider 3 or the cryptographic processing unit of the electronic distribution service center 1 or other devices, purchases the right to use the content, and encrypts / decrypts predetermined data, and It manages an external memory that holds the key K co and license condition information, and further stores the delivery key K d , billing information, and the like. The decompression unit 66 receives the content key K co by performing mutual authentication with the encryption processing unit 65, decrypts the encrypted content supplied from the higher-order controller 62 using the content key K co , and executes a predetermined process such as ATRAC. And a predetermined digital watermark is inserted into the content.
The external memory 67 is composed of a nonvolatile memory such as a flash memory or a volatile memory with a backup power supply, and stores the content key Kco and the license condition information encrypted with the storage key Ksave . The mass storage unit 68 in a storage device such as HDD, an optical disk, a content provider secure container and service provider secure container (encrypted content, the encrypted content key K co by the individual key K i, the delivery key K d Encrypted individual keys K i , handling policies, price information and their signatures), public key certificates, registration information, and the like are stored.

Mutual authentication with the electronic distribution service center 1
Purchase content usage rights, generate billing information,
By decrypting / encrypting predetermined data, the content key K
A cryptographic processing unit 65 that manages an external memory holding co and license condition information and further stores a delivery key K d , billing information, etc. 94, a mutual authentication module 95, an encryption / decryption module 96, and an external memory control unit 97. The cryptographic processing unit 65 is configured by a single-chip cryptographic processing IC, has a multi-layer structure, and has internal memory cells sandwiched between dummy layers such as an aluminum layer. It has a characteristic (tamper resistance) that makes it difficult to read data from the outside illegally, such as when it is narrow.

The control section 91 controls each module according to a command from the upper controller 62 and returns a result from each module to the upper controller 62. Storage module 92, the accounting information supplied from the purchase processing module 94, and stores data such as the delivery key K d, when another functional block executes predetermined processing, supplies the data such as the distribution key K d I do. The registration information inspection module 93 inspects the registration information supplied from the upper controller 62, and determines whether or not to mutually authenticate with another device in the user home network 5, whether or not to transfer accounting information, and whether to re-read the content. A determination is made as to whether or not distribution is to be performed. The purchase processing module 94 newly generates license condition information from the handling policy and price information (and, in some cases, the license condition information already held) included in the secure container received from the service provider 3. Then, the charge information is output to the external memory control unit 97 or the control unit 91 to generate the charge information and output it to the storage module 92. The mutual authentication module 95 performs mutual authentication with the electronic distribution service center 1 and the encryption processing unit and the decompression unit 66 of another device in the home network 5, and if necessary, temporarily stores the temporary key K temp (session key). Generated and supplied to the encryption / decryption module 96.

The decryption / encryption module 96 comprises a decryption unit 111, an encryption unit 112, a random number generation unit 113, a signature generation unit 114, and a signature verification unit 115. Decryption unit 111
Is or decrypts the distribution key K d in encrypted individual key K i, or decrypts the encrypted content key K co by the individual key K i, the various data encrypted with the temporary key K temp Or decrypt it. The encryption unit 112 encrypts the decrypted content key K co with the storage key K save held in the storage module 92, and outputs the encrypted content key K co to the external memory control unit 97 via the control unit 91, Encrypt various data with K temp . Random number generation unit 113
Generates a random number of a predetermined number of digits,
5 and the signature generation unit 114. The signature generation unit 114 calculates a hash value of the message supplied from the control unit 91, generates signature data using the random number supplied from the random number generation unit 113, and outputs the generated signature data to the control unit 91. The signature verification unit 115 determines whether the signature is correct from the message and the signature data supplied from the control unit, and outputs the result to the control unit 91. Note that the signature generation / verification method is the same as that described above with reference to FIGS.

The external memory control section 97 includes an external memory 67
To read and write data, and verify whether data in the external memory has been tampered with. FIG. 16 is a block diagram illustrating the operation of the external memory control unit 97. In FIG. 16, the storage module 92 stores N hash values for integrity prevention (Integrity Check Va).
lue) is preserved. The external memory 67 is divided into N blocks of data areas, and M sets of content keys K co and license condition information can be written in each data area. Also, the external memory 67
There are other areas available for free use. The falsification preventing hash value ICV is a hash value for all data in the external memory 67 corresponding thereto. The reading procedure and the writing procedure of the external memory will be described later using a flowchart.

A decompression unit 66 (FIG. 15) for decrypting and decompressing the content and adding a predetermined digital watermark includes a mutual authentication module 101, a key decryption module 102, a decryption module 103, a decompression module 104, and a digital watermark addition module 105. , And a storage module 106. The mutual authentication module 101 includes the encryption processing unit 6
5, the temporary key K temp is decrypted by the key decryption module 10
Output to 2. Key decryption module 102 decrypts the temporary key K temp the content key K co encrypted with the read out temporary key K temp from the external memory 67, and outputs to the decoding module 103. The decryption module 103 stores the content recorded in the large-capacity
The data is decoded by co and output to the decompression module 104. The decompression module 104 further decompresses the decrypted content by a method such as ATRAC and outputs it to the digital watermark addition module 105. Digital watermark adding module 105
Inserts the individual ID of the cryptographic processing unit that has performed the purchase processing into the content by using the digital watermarking technology, outputs it to another device or a speaker (not shown), and reproduces music.

The storage module 106 includes the encryption processing unit 6
Key data necessary for mutual authentication with the server 5 is stored. It is desirable that the extension section 66 has tamper resistance.

The external memory 67 stores the purchase processing module 9
4 stores the license condition information generated when the right was purchased and the content key Kco encrypted with the storage key Ksave . The large-capacity storage unit 68 records a secure container, a public key certificate, registration information, and the like supplied from the service provider 3.

The stationary device 52 that records and reproduces the content supplied from the service provider 3 on a recording medium 80 such as an attached optical disk or semiconductor memory includes a communication unit 71, a host controller 72, an encryption processing unit 73, and a decompression unit. 74, a small-capacity storage unit 75, a recording / reproducing unit 76, an input unit 77, a display unit 78, an external memory 79, and a recording medium 80. The communication unit 71 has the same function as the communication unit 61, and a description thereof will be omitted. The upper controller 72 has the same function as the upper controller 62, and a description thereof will be omitted. The encryption processing unit 73 has the same function as the encryption processing unit 65, and a description thereof will be omitted. The extension section 74 has the same function as the extension section 66, and a description thereof will be omitted. Although the small-capacity storage unit 75 has the same function as the large-capacity storage unit 68, the content itself is not stored, and only the public key certificate, registration information, and the like are stored. Recording / playback unit 76
Is mounted with a recording medium 80 such as an optical disk or a semiconductor memory, records contents on the recording medium 80, and outputs the read contents to a decompression unit. The input unit 77 has the same function as the input unit 63, and a description thereof will be omitted. The display unit 78 has the same function as the display unit 64, and a description thereof will be omitted. The external memory 79 has the same function as the external memory 67, and a description thereof will be omitted. The recording medium 80 is, for example, an MD (Mini Disk: trademark) or a storage medium dedicated to electronic distribution (Memory S using a semiconductor memory).
tick: trademark).

The portable device 53, which is a device carried by the user to play and enjoy music, comprises a communication unit 81, a host controller 82, an encryption processing unit 83, a decompression unit 84, and an external memory 85. The communication unit 81 is a communication unit 61
Has the same function as that described above, and the description thereof is omitted. The upper controller 82 has the same function as the upper controller 62, and a description thereof will be omitted. The encryption processing unit 83 has the same function as the encryption processing unit 65, and a description thereof will be omitted. The extension unit 84 has the same function as the extension unit 66, and a description thereof will be omitted. The external memory 85 has the same function as the external memory 67, and a description thereof will be omitted. However, these memories are not limited to semiconductor memories, but may be HDDs, rewritable optical disks, or the like.

FIG. 17 shows the configuration of a recording medium dedicated to electronic distribution. A recording medium 120 for storing electronically distributed contents includes a communication unit 121, an encryption processing unit 122, and an external memory 123. The communication unit 121 transmits and receives data to and from the recording / reproducing unit 76 of the stationary device 52 (FIG. 15). Mutually authenticates with the stationary device 52, transfers the right to use the content, decrypts / encrypts predetermined data, manages an external memory that holds the content key K co and license condition information, and the like, and further saves the save key K save The configuration of the encryption processing unit 122 that stores the same function is the same as that of the encryption processing unit 65, and a description thereof will be omitted. External memory 123 stores the keys K save in encrypted content key K co, the encrypted content with the content key K co, license conditions information that defines the usage conditions of the content, the handling policy as required, and Stores price information.

The recording medium for exclusive use of electronic distribution 120 is used differently from the recording medium described for the stationary apparatus 52. The ordinary recording medium 80 is the home server 5
Unlike the large-capacity storage unit 68, the electronic-distribution-dedicated medium 120 is not different from a portable device without a decompression unit. Therefore, when playing the content,
Although a device such as the stationary device 52 having the extension unit 74 is required, the home server 51 and the portable device 5 have functions for transferring content and managing the content.
Processing similar to 3 can be performed. Due to these differences, the content recorded on the ordinary recording medium cannot be reproduced on the device other than the recording device, but the content recorded on the recording medium 120 exclusively for electronic distribution is reproduced on the device other than the recording device. Will be able to do it. In other words, since there is only a content encrypted with the content key Kco in a normal recording medium, it cannot be reproduced by a device other than the device that has (recorded) the content key Kco . On the other hand, in the electronic distribution only recording medium 120, not only the contents encrypted by the content key K co, the content key K co is also encrypted with the save key K save the electronic distribution only recording medium 120 Yes retention Therefore, it is possible to reproduce the data on another device.

That is, after mutual authentication is performed between the mutual authentication module 128 of the encryption processing unit 122 and the mutual authentication module (not shown) of the encryption processing unit 73 of the stationary device 52, the content key is saved with the storage key K save3 unique to the dedicated recording medium. The KCO is decrypted, the content key Kco is encrypted with the shared temporary key Ktemp , and transmitted to the encryption processing unit 73 for reproduction.

FIG. 18 is a block diagram showing the data storage status in each device. In the home server 51, the storage module 92 in the cryptographic processing unit 65 includes an individual ID for specifying a device (the same as that for specifying the cryptographic processing unit) and a settlement ID (necessary for Can be replaced by an individual ID, and may be unnecessary because it is in the registration information).
save , the public key of the electronic distribution service center 1 used for mutual authentication with the electronic distribution service center 1 (this is unnecessary if there is a public key certificate of the electronic distribution service center 1), and authentication for verifying the public key certificate Public key of station 22, decompressor 6
6, a common key used for mutual authentication is stored. These data are data stored in advance when the device is manufactured. On the other hand, the distribution key K d periodically distributed from the electronic distribution service center 1, the billing information written at the time of the purchase processing, the content key K co held in the external memory 67 and the falsification check of the license condition information are checked. Is a data stored after the device is started to be used, and these data are also stored in the storage module 92. The storage module 106 in the extension unit 66 includes an individual ID for identifying the extension unit,
A common key used for mutual authentication with the device is stored in advance when the device is manufactured. Note that the encryption processing unit 65 and the decompression unit 66
In order to correspond one-to-one, each storage module may have an ID of each other. (Since mutual authentication is performed with a common key, only the corresponding cryptographic processing unit and decompression unit consequently have to do so. However, the exchange is not possible, but the processing may be mutual authentication based on a public key cryptosystem. At this time, the stored key is not a common key but a secret key unique to the decompression unit 66.

The external memory 67 stores a content key K co encrypted with a storage key K save used when decrypting the content, and license condition information indicating conditions for using the content key K co. It is remembered. The large-capacity storage unit 68 also stores a public key certificate (device public key certificate) corresponding to a device-specific secret key in the storage module 92, registration information, a content provider secure container (content key K co in the encrypted content and the signature, the encrypted content key K co and the signature in the individual key K i, the encrypted individual key K i and the signature in the delivery key K d, handling policy and its signature) , A service provider secure container (price information and its signature), a public key certificate of the content provider 2, and a public key certificate of the service provider 3.

The portable device 53 is provided with an encryption processing unit 83 identical to the encryption processing unit 65 held by the home server 51 and an external memory 85 identical to the external memory 67 (those having the same internal data are omitted). For example, the extension unit). However, the data held therein is slightly different as shown in the figure. The data held by the storage module in the cryptographic processing unit 83 includes an individual ID for identifying the device, a secret key different for each device, a storage key K save , and an electronic ID used for mutual authentication with the electronic distribution service center 1. A public key of the distribution service center 1 (however, it is not necessary to have the home server 51 perform all procedures with the electronic distribution service center 1), a public key of the certificate authority 22 for verifying the public key certificate, A common key used for mutual authentication with the extension unit 84 is stored. These data are data stored in advance when the device is manufactured. Also,
A hash value for falsification checking of the content key K co and the license condition information held in the external memory 85, a settlement ID, a delivery key K d , and (part of) registration information as required
(If the purchase process is not performed, the settlement ID and the delivery key Kd are not necessary) are data stored after the device is started to be used, and these data are also stored (if the purchase process is performed, the billing is performed) Information is also stored). In the external memory 85, a certificate of a public key corresponding to a device-specific private key in the encryption processing unit 83, a content encrypted with the content key K co and a signature thereof (in addition to the the encrypted content key K co and its signature key K i, according to encrypted need individual key K i and the signature in the delivery key K d, handling policy and its signature, price information and the signature is also stored The content key K co encrypted with the storage key K save used when decrypting the content, and the license condition information indicating the conditions for using the content are stored. Also, a public key certificate of the content provider 2 and a public key certificate of the service provider 3 are stored as necessary.

The stationary device 52 has a recording medium 80 in addition to the configuration of the home server 51. The recording medium may be a normal MD or CD-R, or may be a storage medium dedicated to electronic distribution. In the former case, the data to be stored is decrypted content to which a copy prohibition signal is added, but of course, encrypted content may be stored (storage key K save
May be stored in encrypted content key K co be together. At this time, only the stored device can be reproduced. This is because the storage key K save is different for each device.)

FIG. 19 can be considered as a storage medium. In the storage medium 120 exclusively for electronic distribution,
The storage module 125 in the encryption processing unit 122 includes:
Used to encrypt the individual ID of the recording medium, a secret key different for each recording medium, a certificate of a public key corresponding to the secret key (may be recorded in the external memory 123), and a content key Kco. Storage key K save (generally different for each storage medium), the public key of the electronic distribution service center 1 (necessary when not communicating with the center or when the external memory 123 has the public key certificate of the electronic distribution service center 1) No), a public key of a certificate authority, a hash value for checking the external memory 123 for tampering, and (part of) registration information. The external memory 123, contents encrypted by the content key K co (and its signature), save key K save in encrypted content key K co, license conditions information is stored, if necessary The handling policy (and its signature), price information (and its signature), the public key certificate of the content provider 2, and the public key certificate of the service provider 3 are stored.

FIGS. 20 and 21 are diagrams for explaining information transmitted and received among the electronic distribution service center 1, the content provider 2, the service provider 3, and the user home network 5. Content Provider 2
Attaches the public key certificate of the content provider 2 (the details of which will be described later) to a content provider secure container (the details of which will be described later), and sends the certificate to the service provider 3. Further, the content provider 2 transmits the handling policy and its signature and the certificate of the content provider 2 to the electronic distribution service center 1 as necessary.

The service provider 3 verifies the public key certificate of the content provider 2, obtains the public key of the content provider 2, and verifies the signature of the received content provider secure container. is there). After the signature is successfully verified, the handling policy is extracted from the content provider secure container, price information is generated based on the policy, and the price information is signed to form a service provider secure container (the details will be described later). The content provider secure container, the service provider secure container, the public key certificate of the content provider 2, and the public key certificate of the service provider 3 (the details of which will be described later) are transmitted to the user home network 5. In addition, the service provider 3 sets the price information and its signature as necessary,
The public key certificate of the service provider 3 is transmitted to the electronic distribution service center 1.

After verifying the received secure container, the user home network 5 performs a purchase process based on the handling policy and the price information included in the secure container, generates billing information, and stores the billing information in the storage module in the cryptographic processing unit. And generates the license condition information, decrypts the content key K co , re-encrypts it with the storage key K save , and saves the license condition information and the re-encrypted content key K co in the external memory 67. Keep it. Then, along the license conditions information, decrypts save key K save the content key K co, utilized by decoding the content in this key. The billing information is encrypted with a temporary key K temp at a predetermined timing,
It is signed and transmitted to the electronic distribution service center 1 together with handling policy and price information as needed.

The electronic distribution service center 1 calculates the usage fee based on the billing information and the price information, and calculates the profits of the electronic distribution service center 1, the content provider 2, and the service provider 3, respectively. The electronic distribution service center 1 further includes a content provider 2
The service policy received from the service provider 3, the price information received from the service provider 3, if necessary, the service policy, and the service policy and price information received from the user home network 5 are compared. It monitors whether there has been any tampering such as tampering with or unauthorized addition of prices.

Further, the electronic distribution service center 1 transmits the public key certificate of the content provider to the content provider 2 and transmits the public key certificate of the service provider to the service provider 3. Also, at the time of factory shipment,
In order to embed the public key certificate created for each device in each device, data on the public key certificate of each device is delivered to the factory.

FIG. 22 is a diagram for explaining a content provider secure container. The content provider secure container 1A includes the encrypted content and the signature by the content key K co, the individual key K i encrypted content key K co and its signature, encrypted with the distribution key K d the individual key K Includes i and its signature, policy and signature. The signature is data generated by using the secret key K scp of the content provider 2 to a hash value generated by applying a hash function to each data.
Note that the content key K CO encrypted with the key data (individual key K i in the case of FIG. 22, the delivery key K d to the addition to generate the signature separately respectively encrypted individual key K i in was, each key data together (encrypted content key K CO in the individual key K i, the individual key K i encrypted with the distribution key K d) one generates one signature is added In this way, by combining the key data that is always used together and adding one signature, the signature verification can be performed only once.

FIG. 23 is a view for explaining another example of the content provider secure container. The content provider secure container 1B includes encrypted content and the signature by the content key K co, the encrypted content key K co and its signature in the individual key K i, including handling policy and signature.

FIG. 24 is a view for explaining another example of the content provider secure container. The content provider secure container 1C is content encrypted with the content key K co, the encrypted individual key K i content key K co, the delivery key K d in encrypted individual key K i,
Including handling policy and signature. The signature is the content key K
encrypted content in the co, the encrypted content key K co by the individual key K i, the delivery key K d in an encrypted individual key K i, and the hash that is generated by applying a hash function to the handling policy In the value, the secret key K of the content provider 2
This is data generated using scp .

FIG. 25 is a view for explaining another example of the content provider secure container. The content provider secure container 1D is content encrypted with the content key K co, the encrypted content key K co by the individual key K i, the handling policy, and a signature. The signature is
Content encrypted with content key K co , individual key K
Data generated by using the secret key K scp of the content provider 2 to the content key K co encrypted with i and the hash value generated by applying the hash function to the handling policy.

FIG. 26 is a view for explaining the public key certificate of the content provider 2. Content Provider 2
The public key certificate 2A includes a version number of the public key certificate, a serial number of the public key certificate assigned to the content provider 2 by the certificate authority, an algorithm and parameters used for signature, a name of the certificate authority, and a name of the public key certificate. It contains the expiration date, the name of the content provider 2, the public key K pcp of the content provider 2, and a signature. The signature is the version number of the public key certificate, the serial number of the public key certificate assigned by the certificate authority to the content provider 2, the algorithm and parameters used for the signature, the name of the certificate authority, the expiration date of the public key certificate, the content provider 2
And the public key K pcp of content provider 2
And a hash value generated by applying a hash function to the secret key K sca of the certificate authority.

FIG. 27 is a view for explaining another example of the public key certificate of the content provider 2. The public key certificate 2B of the content provider 2 includes the version number of the public key certificate, the serial number of the public key certificate assigned by the certificate authority to the content provider 2, the algorithm and parameters used for signature, the name of the certificate authority, and the public key. It contains the expiration date of the certificate, the name of the content provider 2, the public key K pcp of the content provider 2, the individual key K i encrypted with the delivery key K d , and the signature. The signature is the version number of the public key certificate, and the certificate authority is the content provider 2
, The serial number of the public key certificate to be assigned to, the algorithm and parameters used for the signature, the name of the certificate authority, the expiration date of the public key certificate, the name of the content provider 2,
The public key K pcp of the content provider 2, and the hash value generated by applying a hash function to encrypted with the distribution key K d individual key K i, was generated using the secret key K sca of the authentication station data It is.

FIG. 28 is a view for explaining another example of the public key certificate of the content provider 2. The public key certificate 2C of the content provider 2 includes the version number of the public key certificate, the serial number of the public key certificate assigned by the certificate authority to the content provider 2, the algorithm and parameters used for signature, the name of the certificate authority, and the public key. expiration date of the certificate, the name of the content provider 2, including public key K pcp of the content provider 2, was encrypted with the distribution key K d the part of the individual key K i, a predetermined type of data, as well as a signature. The signature is the version number of the public key certificate, the serial number of the public key certificate assigned by the certificate authority to the content provider 2, the algorithm and parameters used for the signature, the name of the certificate authority, the expiration date of the public key certificate, the content provider 2 name, the public key K pcp of the content provider 2, and encrypted with the distribution key K d part of the individual key K i, the hash value generated by applying a hash function to the predetermined type of data, This is data generated using the private key K sca of the certificate authority.

FIG. 29 is a view for explaining the service provider secure container. The service provider secure container 3A includes price information and a signature. The signature is data generated by using a secret key K ssp of the service provider 3 on a hash value generated by applying a hash function to the price information as necessary.

FIG. 30 is a diagram for explaining another example of the service provider secure container. The service provider secure container 3B includes a content provider secure container, price information, and a signature. The signature is
To the hash value generated by applying the hash function to the content provider secure container and price information,
This is data generated using the secret key K ssp of the service provider 3.

FIG. 31 is a view for explaining the public key certificate of the service provider 3. The public key certificate 4A of the service provider 3 includes the version number of the public key certificate, the serial number of the public key certificate assigned by the certificate authority to the service provider 3, the algorithm and parameters used for signature, the name of the certificate authority, and the public key. It contains the expiration date of the certificate, the name of the service provider 3, the public key K psp of the service provider 3, and the signature. The signature is the version number of the public key certificate, the serial number of the public key certificate assigned by the certificate authority to the service provider 3, the algorithm and parameters used for the signature, the name of the certificate authority, the expiration date of the public key certificate, the service provider 3 and a hash value generated by applying a hash function to the public key K psp of the service provider 3 to the secret key K sca of the certificate authority.
This is data generated by using.

FIG. 32 is a view for explaining the public key certificate of the User device. The public key certificate 5A of the User device is the version number of the public key certificate, the serial number of the public key certificate assigned by the certificate authority to the User device (accurately, the cryptographic processor (exclusive IC chip)), and the signature number used for signature. Including the algorithm and parameters used, the name of the certificate authority, the expiration date of the public key certificate, the name of the User device, the public key K pu of the User device, and the signature. The signature is the version number of the public key certificate, the serial number of the public key certificate assigned to the User device by the certificate authority, the algorithm and parameters used for the signature, the name of the certificate authority, the expiration date of the public key certificate, the user device name,
And data generated by using a secret key K sca of a certificate authority and a hash value generated by applying a hash function to the public key K pu of the User device.

FIG. 33 and FIG. 34 show the data format of the handling policy. The handling policy is generated by the content provider 2 for each single content or for each album content, and the usage right that the user home network 5 can purchase. Indicates the contents of

The data of the handling policy (FIG. 33) for the single content includes the data type, the handling policy type,
Expiration date of handling policy, content ID, content provider ID, handling policy ID, handling policy version, region code, usable equipment condition, usable User condition, service provider ID, generation management information, the handling policy , The number of rules including the use right that can be purchased, address information indicating the storage location of the rule, the rule stored at the location indicated by the address information, public key certificate, and signature are stored.

The rules include a rule number assigned as a serial number for each usage right, a usage right content number indicating the usage right, its parameters, a minimum selling price, a profit amount of the content provider, and a profit rate of the content provider. , Data size, and transmission information.

The data of the handling policy (FIG. 34) for the album contents includes the data type, the handling policy type, the expiration date of the handling policy, the album ID, the handling policy version, the content provider ID, and the handling policy. ID, area code, available equipment conditions, available User
Conditions, service provider IDs, number of policies for handling single content constituting the album, address information indicating the storage location of the handling policy for the single content,
The data packet of the handling policy of the single content stored at the position indicated by the address information, the generation management information, the number of rules including the purchase right indicated by the handling policy,
Address information indicating the storage location of the rule, the rule stored at the location indicated by the address information, the public key certificate,
The signature is stored.

The rules include a rule number, a use right content number, a parameter,
It comprises a minimum selling price, a profit amount of the content provider, a profit rate of the content provider, a data size, and transmission information.

In these handling policies, the type of data indicates that the data is data of a handling policy, and the type of handling policy indicates whether the handling policy is a single or album content handling policy. . The expiration date of the handling policy indicates the period of use of the handling policy by the expiration date or the number of days from the reference date of starting use to the expiration date. The content ID and album ID indicate purchasable single content and album content indicated by the handling policy, and the content provider ID indicates the ID of the content provider 2 that defines the handling policy.

The handling policy ID is used to identify the handling policy. For example, when a plurality of handling policies are set for the same content, the handling policy ID is used to identify the handling policy. You. The version of the handling policy indicates the revised information of the handling policy revised according to the use period. Therefore, the handling policy is the ID of these handling policies
And the version of the handling policy.

The area code indicates an area where the handling policy can be used, and the area code indicates a specific area that limits the area where the handling policy can be used. You can assign a code to make it available in your area. The usable device condition indicates the condition of the device that can use the handling policy, and the available User condition indicates the condition of the user that can use the handling policy.

The ID of the service provider indicates the ID of the service provider 3 that uses the handling policy. The ID of the service provider includes the ID of the specific service provider 3 that limits the service provider 3 that can use the handling policy. And an ID that enables the handling policy to be used by a plurality of (all) service providers.

Further, the generation management information indicates the maximum number of repurchasable contents. The signature is attached to the entirety from the data type to the public key certificate, excluding the signature from the handling policy. The algorithm and parameters used to create the signature and the key used to verify the signature are included in the public key certificate.

In the rules, the usage right content number is a number added for each usage right content, and the parameter indicates a parameter of the right content. The minimum selling price indicates the lowest selling price when selling single and album contents according to the content of the usage right, and the profit amount and profit rate of the content provider are determined by the content provider 2 when the single content and album content are purchased. It shows the amount of profit that can be obtained and the profit ratio with respect to the selling price. The data size indicates the data size of the transmission information, and the transmission information includes points set by the content provider 2 that are added to the user by purchasing the usage right and mileage information that is a discount amount of the usage right corresponding to the point. And various information set by the content provider 2 as necessary.

Here, in the handling policy of the album content, a plurality of rules indicate a purchase mode of the album. Also, in the handling policy of multiple single contents stored in the handling policy of album content,
The rules stored in the handling policy indicate that the corresponding single content can be purchased alone as a single song from an album, or the corresponding single content can be purchased only as an album song (ie, as an album, , Etc.), the purchase form of the single content in the album is shown.

Therefore, in the handling policy of the album content, the album content is purchased based on the rule of the handling policy, or the single content is purchased as a single tune based on the rule of the handling policy of the single content. , Album content, and single content that can be sold as a single song can be selected and purchased.

In the handling policy of the album content, since the signature is attached to the whole, only the signature is verified, and the signature of the handling policy of the single content stored in this handling policy is not verified. Even with the handling policy of the album content, the tampering check can be performed in accordance with the handling policy of each single content, and thus the signature verification can be simplified.

Incidentally, the handling policy of the single and album contents may store whether or not to verify the signature indicating whether or not to execute the signature verification for the content, if necessary. This is because the data amount of the content is relatively large and it takes a long time to verify the signature. When information on whether or not the signature is verified according to the handling policy is stored,
The signature of the content is verified according to the information, or the verification is not performed.

In the handling policy of the album content, although the handling policy of a plurality of single contents constituting the album is stored, the handling policy of the plurality of single contents need not be stored.

Further, in the handling policy of the single and album contents, since the profit amount and the profit ratio of the contents provider may be collectively managed by the electronic distribution service center 1, as shown in FIGS. The configuration may be such that the profit amount and profit rate of the provider are excluded.

FIGS. 37 and 38 show the data format of the price information. The price information is stored in the service provider 3 for each single content handling policy given by the content provider 2 and for each album content handling policy. It is generated and indicates the price of the single content and the album content.

The data of the price information (FIG. 37) for the single content includes the type of data, the type of price information,
Expiration date of price information, content ID, service provider ID, price information ID, price information version, area code, usable device condition, usable User condition, content provider ID, and the price information are added. The ID of the handling policy, the number of rules including the use right that can be purchased indicated by the price information, the address information indicating the storage position of the rule, the rule stored at the position indicated by the address information, the public key certificate, and the signature Is stored.

The rule includes a rule number assigned as a serial number for each use right, a profit amount of the service provider, a profit rate of the service provider, a price, a data size, and transmission information.

The data of the price information (FIG. 38) for the album content includes the type of data, the type of price information, the expiration date of the price information, the album ID, the service provider ID, the price information ID, and the price information. Version, region code, usable device condition, usable User condition, content provider ID, handling policy ID to which the price information is added, the number of price information of single content constituting the album, Address information indicating the storage location of the price information, a data packet of price information of the single content stored at the location indicated by the address information, the number of rules including the purchaseable use right indicated by the price information, and the storage location of the rule Information, a rule stored at the position indicated by the address information, and a public key Certificates and signatures are stored.

As in the case of the price information rule for single content, the rules include a rule number assigned as a serial number for each use right, a profit amount of the service provider, a profit rate of the service provider, a price, a data size, and the like. It consists of transmission information.

In these price information, the type of data indicates that the data is price information data, and the type of price information indicates whether the price information is single content or album content. I have. The expiration date of the price information indicates the usage period of the price information by the expiration date or the number of days from the reference date for starting use to the expiration date.
The content ID and album ID indicate purchaseable single content and album content indicated by the price information, and the service provider ID indicates the ID of the service provider 3 that created the price information.

The ID of the price information is used to identify the price information. For example, when a plurality of pieces of price information are set for the same content, the ID is used to identify the price information. You. The version of the price information indicates revision information of the price information revised according to the usage period. Therefore, the price information is managed by the ID of the price information and the version of the price information.

The area code indicates an area where the price information can be used. The area code is a code indicating a specific area that limits the area where the price information can be used. You can assign a code to make it available in your area. The usable device condition indicates a condition of a device that can use the price information, and the usable User condition indicates a condition of a user that can use the price information. The content provider ID indicates the ID of the content provider 2 that defines the handling policy to which the price information has been added. The handling policy ID is for identifying a handling policy to which price information has been added.

Further, a signature is attached to the entirety from the data type to the public key certificate, excluding the signature from the price information. The algorithm and parameters used to create the signature and the key used to verify the signature are included in the public key certificate.

In the rule, the rule number uses the rule number of the rule indicated by the corresponding handling policy as it is. The profit amount and profit rate of the service provider indicate a profit amount and a profit rate of the profit that can be obtained by the service provider 3 when the single content and the album content are purchased. Shows the selling price of the single content and the album content set based on the lowest selling price. The data size indicates the data size of the transmission information, and the transmission information includes the points set by the service provider 3 that are added to the user by purchasing the usage right and the mileage information that is a discount amount of the usage right corresponding to the point. And various information set by the service provider 3 as necessary.

Here, when generating the price information, the service provider 3 can set all the purchaseable usage rights indicated by the corresponding handling policy as the purchaseable usage rights indicated by the price information. A usage right arbitrarily selected from all the usage rights that can be purchased indicated by the handling policy can be set as a purchase right indicated by the price information, and the usage right defined by the content provider 2 can be selected. .

[0135] In the price information of the album content, a plurality of rules regulate the selling price according to the album purchase mode. Further, among the price information of a plurality of single contents stored in the price information of the album content, the rule of the price information of the single content that can be sold as a single song defines the selling price of the single content that can be sold as the single song. are doing.

Accordingly, in the price information of the album content, the selling price of the album is determined by the single price information.
It is made possible to recognize the selling price of single content that can be sold as a single song.

[0137] Also, in the price information of the album content, the signature is attached to the whole, so that only the signature is verified, and the signature of the price information of the single content stored in the price information is not verified. However, it is possible to check for tampering with the price information of each single content together with the price information of the album content, and thus the signature verification can be simplified.

Incidentally, in the price information of the single and the album, whether or not the signature of the content is verified can be stored in the same manner as the handling policy described above with reference to FIGS. In the price information of the album content, although the price information of a plurality of single contents constituting the album is stored, the price information of the plurality of single contents need not be stored.

Further, in the price information of the single and album contents, since the profit amount and the profit ratio of the service provider may be collectively managed by the electronic distribution service center 1, as shown in FIGS.
The service provider may be configured to exclude the profit amount and profit rate.

FIG. 41 shows a data format of the license condition information. When the user purchases a content on a device in the user home network 5, the handling policy of the purchased content is described. Based on the usage rights indicated by the handling policy, the usage rights selected by the user are shown.

The data of the license condition information includes the type of data, the type of the license condition information, the expiration date of the license condition information, the content ID, the album ID, the encryption processing unit ID, the user ID, and the content. Provider I
D, ID of handling policy, version of handling policy, ID of service provider, ID of price information, version of price information, ID of licensing condition information, rule number assigned as reference number to reproduction right (usage right), Usage right content number,
Remaining number of times of reproduction, expiration date of reproduction right, rule number assigned to copy right (use right) as reference number, use right content number, number of remaining copies, generation management information, ID of cryptographic processing unit holding reproduction right Is stored.

In the license condition information, the type of data indicates that this data is data of license condition information, and the type of license condition information indicates whether the license condition information is used for either single content or album content. Indicates whether the information is permission condition information. The expiration date of the license condition information indicates the period of use of the license condition information by the expiration date or the number of days from the reference date of use start to the expiration date.

In the content ID, an ID indicating the purchased single content is described, and in the album ID, an ID indicating the album only when the album is purchased.
Is described. Actually, when the content is purchased as a single, an ID indicating the purchased single content is described only in the content ID, and when the content is purchased as an album, the album is added to the content ID. The IDs of all the constituent single contents are described, and the ID of the purchased album is described in the album ID. Therefore, by looking at the ID of this album, it can be easily determined whether the purchased content is a single or an album.

The ID of the encryption processing unit indicates the encryption processing unit of the device in the user home network 5 that has purchased the content. The user ID indicates a plurality of users who share the device when the device in the user home network 5 from which the content is purchased is shared by the plurality of users.

The ID of the content provider indicates the ID of the content provider 2 that defines the handling policy used to create the license condition information.
D indicates the handling policy used to create the license condition information. The version of the handling policy indicates revision information of the handling policy used to create the license condition information. The ID of the service provider indicates the ID of the service provider 3 that has created the price information used to create the license condition information, and the ID of the price information indicates the price information used to create the license condition information. . The version of the price information indicates revision information of the handling policy used to create the license condition information. Therefore, the content provider 2 or the service provider 3 that has provided the content purchased by the user is identified by the content provider ID, the handling policy ID, the handling policy version, the service provider ID, the price information ID, and the price information version. It has been made known.

The ID of the license condition information is assigned by the encryption processing unit of the device in the user home network 5 that has purchased the content, and is used to identify the license condition information. The rule number of the reproduction right indicates the serial number assigned to the reproduction right among the usage rights, and the rule number of the rule indicated by the corresponding handling policy and price information is used as it is. The usage right content indicates the content of the reproduction right described later.
The remaining number of playbacks indicates the number of remaining playbacks among the preset number of playbacks for the purchased content, and the expiration date of the playback right indicates the reproducible period of the purchased content by the date and time at which the expiration date expires. I have.

The rule number of the duplication right indicates the serial number assigned to the duplication right among the usage rights, and the rule number of the rule indicated by the corresponding handling policy and price information is used as it is. The usage right content indicates the content of the duplication right described later. The remaining copy count indicates the remaining copy count among the preset copy counts for the purchased content.

Further, the generation management information indicates the remaining number of times that the content can be repurchased when the content is repurchased. The ID of the cryptographic processing unit that has the reproduction right indicates the cryptographic processing unit that has the reproduction right at the present time. When the management is moved, the ID of the cryptographic processing unit that has the reproduction right is changed.

In the license condition information, an expiration date may be defined for the duplication right. Indicated by

FIG. 42 shows billing information. The billing information is generated by a device in the user home network 5 based on a handling policy and price information corresponding to the content when the content is purchased. .

The charging information data includes data type, encryption processing unit ID, user ID, content ID, content provider ID, handling policy ID, handling policy version, service provider ID, and price information. ID, version of price information, I of license condition information
D, rule number, profit and profit rate of content provider 2, profit and profit rate of service provider,
The generation management information, the data size of the transmission information set by the content provider, the transmission information set by the content provider, the data size of the transmission information set by the service provider, the transmission information set by the service provider, and the ID of the supply source are stored. Have been.

In the billing information, the type of data indicates that the data is billing information, and the ID of the encryption processing unit
Indicates an encryption processing unit of the device that has executed the content purchase processing and generated the accounting information. The user ID indicates a plurality of users sharing the device when the device in the user home network 5 that purchased the content is shared by the plurality of users, and the content ID indicates the purchased content (single content). Or album content).

The ID of the content provider indicates the ID of the content provider 2 (the ID of the content provider included in the handling policy) that defines the handling policy used in the purchase process, and the ID of the handling policy is used for the purchase process. Indicates the handling policy that was used. The version of the handling policy indicates revision information of the handling policy used for the purchase processing. The ID of the service provider indicates the ID of the service provider 3 that created the price information used in the purchase processing (the ID of the service provider included in the price information), and the ID of the price information indicates the price information used in the purchase processing. . The version of the price information indicates revision information of the price information used for the purchase processing.

The ID of the license condition information indicates the ID of the license condition information created at the time of the purchase process, and the rule number indicates the rule number assigned to the purchased usage right as a serial number. The profit amount and the profit ratio of the content provider indicate the amount of the dividend distributed to the content provider 2 by the purchase of the content and the ratio to the sales, and the profit amount and the profit ratio of the service provider are distributed to the service provider 3 by the purchase of the content. And the ratio of the dividend to the sales.

The generation management information indicates the generation of the purchased content. In addition, the data size of the transmission information set by the content provider and the transmission information set by the content provider store the data size indicated by the handling policy used for the purchase process and the transmission information as they are, and set the data size of the service provider. In the data size of the transmission information and the transmission information set by the service provider, the data size indicated by the price information used in the purchase processing and the transmission information are stored as they are. The ID of the supply source indicates the device of the supply source of the purchased content, and this ID is accumulated every time the content is repurchased.

In the billing information, the profit and the profit rate of the content provider and the profit and the profit rate of the service provider may be collectively managed by the electronic distribution service center 1. The profit amount and profit rate of the content provider and the profit amount and profit rate of the service provider may be excluded.

FIG. 44 shows the contents of the usage rights that can be purchased. The usage rights can be roughly divided into reproduction rights, duplication rights, right content change rights, repurchase rights, additional purchase rights,
Has administrative transfer rights.

The reproduction right includes an unlimited reproduction right without a period limitation and a number of times restriction, a period-restricted reproduction right for restricting the reproduction period, a reproduction right with an accumulation time restriction for restricting the accumulation time of reproduction, and a restriction on the number of times of reproduction. There is a limited number of playback rights. The duplication right includes a period limit, a frequency limit, and unlimited copy right without copy management information without copy management information (eg, serial copy management: SCMS). A copy right without information, a copy right with copy management information provided without adding a copy limit and a period limit and a copy limit, and a copy limit with copy control information and a copy limit and copy control information provided with copy control information Has the right to copy with information. Incidentally, the duplication right includes, in addition to the above, a period-limited duplication right that restricts a duplication period (a copy right with copy management information and a copy right without the copy management information), and an accumulated copy time ( That is, there is an accumulation time-limited copy right (the one that adds copy management information and the one that does not add the copy management information) that limit the accumulation time required to reproduce the copied content.

The right to change the content of the right is a right to change the content of the usage right already purchased to another content as described above, and the right to repurchase is also used based on the right purchased by another device as described above. Rights are purchased separately. The additional purchase right is a right to additionally purchase another content of the album including the content in addition to the content already purchased alone and convert the content into an album, and the management transfer right changes the holder by moving the purchased use right. Right.

Next, a specific example of the usage right content shown in FIG. 33 and the like will be described. Actually, as the data of the unlimited reproduction right, as shown in FIG. 45 (A), the validity period of the reproduction right is set to the expiration date or the number of days from the reference date of the validity period start to the expiration date. For example, information on the expiration date of the reproduction right, which is indicated by, for example, is stored in the usage right content area. As the data of the reproduction right with a limited period, FIG.
As shown in (B), information on the expiration date of the reproduction right, which is indicated by the expiration date of the reproduction right or the number of days from the reference date of the start of the expiration period to the expiration date, is used. It is stored in the right content area.

As shown in FIG. 45 (C), the data of the reproduction right with the accumulation time limit is obtained by setting the validity period of the reproduction right to the expiration date or from the reference date for starting the validity period to the expiration date. The information on the expiration date of the reproduction right indicated by the number of days, etc., and the information on the number of days and time indicating the restriction on the accumulated time that can be reproduced are stored in the usage right content area. As the data of the reproduction right with the limited number of times, FIG.
(D), information on the expiration date of the renewal right, which is indicated by the expiration date of the renewal right or the number of days from the reference date of the start of the expiration date to the expiration date; Information on the number of times of reproduction indicating the number of times of reproduction is stored in the area of the usage right content.

As the unlimited copy right data without copy management information, as shown in FIG. 45 (E), the effective period of the copy right is set to the expiration date or the reference date of the start of the effective period. The information on the expiration date of the duplication right indicated by the number of days until the expiration date is stored in the usage right content area. As shown in FIG. 45F, the copy right data with the number of times limited and without copy management information expires from the date on which the validity period of the copy right expires or the reference date for starting the validity period. The information on the expiration date of the duplication right indicated by the number of days up to the date and the information on the number of duplications indicating the number of times that the duplication right can be duplicated are stored in the usage right content area.

As shown in FIG. 45 (G), the data of the copy right with copy management information includes a copy right validity period that expires from the date on which the validity period starts and a date that expires from the reference date for starting the validity period. Information on the expiration date of the duplication right indicated by the number of days until is stored in the usage right content area. As the data of the copy right with the number of times limitation and the copy management information, as shown in FIG. 45H, the validity period of the copy right expires from the date on which the validity period starts or the date on which the validity period starts from The information on the expiration date of the duplication right indicated by the number of days until, and the information on the number of duplications indicating the number of times that the duplication is possible are stored in the usage right content area.

Further, as shown in FIG. 45 (I), the data of the right to change the right content includes the validity period of the right to change the right content, the date of expiration or the date from which the valid period starts. Expiration date of the right to change the right content, indicated by the number of days until the expiration date, the old rule number for searching the right before the change, and the new rule for searching the right after the change The number is stored in the usage right content area. By the way, as the contents of the usage right,
For example, even with respect to one reproduction right with a period limitation, there are a plurality of types of contents for each usage right so that there are a plurality of types of reproduction rights with a period restriction depending on the setting of the period. Therefore, it is difficult to manage the usage right content only by the usage right content number. Therefore, in the right content change right, the usage right content is managed by a rule number assigned to each of the plurality of usage right contents.

FIG. 45 (J) shows the repurchase right data.
As shown in, information on the expiration date of the repurchase right, which is indicated by the expiration date of the repurchase right or the number of days from the date on which the validity period starts to the expiration date, The old rule number for searching for the right to use before repurchase, the new rule number for searching for the right to use after repurchase, and the maximum distribution generation information indicating the maximum number of repurchase times are used. Stored in the content area.

As data of the additional purchase right, FIG.
As shown in (K), the validity period of the additional purchase right is indicated by the expiration date of the additional purchase right or the number of days from the reference date of the start of the validity period to the expiration date. The information and the minimum possession content number and the maximum possession content number indicating the content of the single purchased already among the plurality of single contents constituting the album content are stored in the usage right content area.

As the data of the management transfer right, FIG.
As shown in (L), the validity period of the management transfer right is indicated by the expiration date or the number of days from the reference date of the validity period start to the expiration date. The information is stored in the usage right content area.

By the way, as the contents of the use right, for example, when game data is divided into a plurality of contents, a content purchase right for purchasing these contents in a predetermined order may be defined. As the data of the content purchase right, as shown in FIG. 45 (M), the validity period of the content purchase right is set to the expiration date or from the reference date of the validity period start to the expiration date. Information on the expiration date of the content purchase right indicated by the number of days, the ID of the content already purchased, the old rule number for searching for the content of the use right already purchased, and the content of the new purchase right. The new rule number to be searched is stored in the usage right content area.
By doing so, it is possible to allow the user to continuously purchase a game program or the like having a continuous story, or to upgrade the content (game) itself.

FIG. 46 shows the data format of a single content. The data of the single content includes data type, content type, content expiration date, content category, content ID, and content provider ID. , The content encryption method, the data length of the encrypted content, the encrypted content, the public key certificate, and the signature.

In this single content, the type of data indicates that the data is content data, and the type of content indicates that the content is single. The expiration date of the content indicates the distribution expiration date of the content by the expiration date or the number of days from the reference date when distribution starts to the expiration date. The content category indicates which category the content is, such as music data, program data, or video data, and the content ID is for identifying the single content.

The ID of the content provider is the ID of the content provider 2 holding this single content.
D is shown. The content encryption method indicates an encryption method (for example, DES) used for encrypting the content. The signature is attached to the entire data from the type of data to the public key certificate, excluding the signature from the data of the single content. The algorithm and parameters used to create the signature and the key used to verify the signature are included in the public key certificate.

FIG. 47 shows the data format of the album content. The data of the album content includes a data type, a content type,
It stores the expiration date of the content, the ID of the album, the ID of the content provider, the number of single content, the address information of the single content, the single content, the public key certificate, and the signature.

In this album content, the type of data indicates that the data is content data, and the type of content indicates that the content is an album. The expiration date of the content indicates the distribution expiration date of the content by the expiration date or the number of days from the reference date when distribution starts to the expiration date, and the album ID is used to identify the album content. Things.

The ID of the content provider is the ID of the content provider 2 holding the album content.
D is shown. The number of single contents indicates the number of single contents constituting the album, the address information of the single contents indicates a storage position of the single contents constituting the album, and the single contents are actually stored at the position indicated by the address information. This is a data packet of a plurality of single contents constituting the album. The signature is attached to the entire data from the data type to the public key certificate, excluding the signature from the album content data. The algorithm and parameters used to create the signature,
The key used to verify the signature is included in the public key certificate.

Then, in the album contents,
By applying a signature to the whole, only the signature is verified, and the signature of the single content stored in the album content is not verified, but the single content is also combined with the album content. Tampering can be checked, and thus signature verification can be simplified.

FIG. 48 shows the data format of a single content key. The single content key data includes a data type, a key data type, a key expiration date, a content ID, and a content provider. the ID, key version, the encryption method of the content key K co, the encrypted content key K co, an encryption method of the individual key K i, the encrypted individual key K i, the public key certificate, the signature is stored ing.

In the key data for single content, the type of data indicates that the data is key data, and the type of key data indicates that the key data is for single content. The expiration date of the key indicates the period of use of the key (content key K co and individual key K i ) indicated in the key data on the date on which the key expires or the number of days from the reference date when the key is used to the date on which the key expires The content ID indicates a single content to be encrypted with the content key K co . The content provider ID holds the content and the content key K co
Is generated.

The key version indicates the revision information of the key (the content key K co and the individual key K i ) revised according to the usage period. Encryption method when the cryptosystem of the content key K co for encrypting the content key K co using the individual key K i (e.g., DES) indicates, the encrypted content key K co is individual key by the encryption system indicating the encrypted content key K co using the K i. The encryption method of an individual key K i cryptography for encrypting an individual key K i using the delivery key K d (e.g., Triple-DES-CBC) indicates, the encrypted individual key K i is the indicating the encrypted individual key K i using the delivery key K d by the encryption method. The signature is attached to the entire data from the data type to the public key certificate, excluding the signature from the key data for single content. The algorithm and parameters used to create the signature and the key used to verify the signature are included in the public key certificate.

Here, the distribution key Kd and the individual key Ki are always united and distributed by the content provider 2 using single content key data. In the key data for single content, one signature is added to the entire key data. Accordingly, in the apparatus having received the key data for single contents, there is no need to verify the signature separately respectively encrypted content key K co and the encrypted individual key K i, for a single content will be the signature verification only verifies one signature key data with respect to the encrypted content key K co and the encrypted individual key K i, thus, these encrypted content key K
Verification of the signature on co and the encrypted individual key K i may be simplified.

Incidentally, the individual key K i is encrypted together with the ID of the content provider that encrypts the content key K co using the individual key K i . A method of actually encrypting the individual key K i together with the ID of the content provider by an encryption method called Triple Death CBC mode will be described with reference to FIG. That is, in such an encryption method, a predetermined initial value and an individual key K i (64 bits) are concatenated, and then encrypted using a delivery key K d in an encryption method in a triple death CBC mode. Got
The first value of 64 bits is assigned to the content provider ID (64bi
After concatenation with t), the data is again encrypted by the encryption method of the triple death CBC mode using the delivery key K d , thus obtaining a 64-bit second value. And, in such encryption method, 16 bytes of data connecting a first value and a second value, the encrypted individual key K i is stored in the key data for single contents (in this case , storing the first value corresponds to the beginning of the 64bit data of the encrypted individual key K i is stored in the key data for single contents, and the second value is the key data for the single contents Following the first value in the encrypted individual key K i to be
64bit data).

FIG. 50 shows the key data for the album content. The key data for the album content includes a data type, a key data type, a key expiration date, an album ID, and a content provider. I
D, the version of the key, the number of key data for single content used when encrypting the single content constituting the album, address information indicating the storage location of the key data, and the key stored at the location indicated by the address information A data packet, a public key certificate, and a signature are stored.

In the key data for album content, the type of data indicates that the data is key data, and the type of key data indicates that the key data is for album content. The expiration date of the key indicates the use period of the key (content key K co ) indicated in the key data by the expiration date or the number of days from the reference date when the key started to be used to the expiration date. ID indicates an album content composed of a single content encrypted with the content key Kco . The content provider ID indicates the ID of the content provider 2 that encrypts the album content.

The key version indicates the revision information of the key (content key K co ) revised according to the usage period. The signature excludes the signature from the key data for single content.
It is attached to the whole from the type of data to the public key certificate. The algorithm and parameters used to create the signature and the key used to verify the signature are included in the public key certificate.

In the key data for album contents, a signature is attached to the whole, and only by verifying the signature, a plurality of single content keys stored in the key data for album contents are obtained. Even without verifying the data signatures individually, the key data for the album content and the key data for each single content can also be checked for tampering, and thus the signature verification can be simplified. .

FIG. 51 is a diagram for explaining the operation of mutual authentication between the encryption processing unit 65 and the decompression unit 66 using DES which is a common key encryption with one common key. In FIG. 51,
When the encryption processing section 65 of the extension portion 66, B and A, the encryption processing unit 65 generates a 64-bit random number R B, the ID B is the ID of the R B and self decompression unit via the upper controller 62 Send to 66. Decompression unit 66 receiving this
Generates a new 64-bit random number R A , R A ,
R B and ID B are encrypted using the key K AB in the DES CBC mode, and the
Return to 5.

The DES CBC mode is a method of performing an exclusive OR operation on the immediately preceding output and input when encrypting, and then encrypting. In this example, X = DES (K AB , R A + IV) IV = initial value, +:
Exclusive OR Y = DES (K AB, R B + X) Z = DES (K AB, ID B + Y) , and the output is X, Y, and Z. In these equations, DES (K AB , R A + IV) indicates that the data R A + IV is encrypted with DES using the key K AB , and DES
(K AB, R B + X ) represents encrypting with the DES data R B + X using a key K AB, DES (K AB, ID B
+ Y) indicates that the data ID B + Y is encrypted with DES using the key K AB .

[0187] encryption processing section 65 having received this decodes the received data with the key K AB, R B and ID B inspects whether the encryption processing section 65 coincides with that transmitted. If the inspection passes, the extension unit 66 is authenticated as valid. Subsequently, the session key (that temporary key K temp, generated by a random number) to generate a SK AB, R B, R A , SK AB
Is encrypted using the key K AB in the DES CBC mode, and transmitted to the decompression unit 66 via the upper controller 62. Extension section 66 which has received this, decrypts the received data with the key K AB, R B and R A is, expansion section 66 is examined for a match with those transmitted. If the check passes, the encryption processing unit 65 is authenticated as valid, and the data SK AB is used as a session key for subsequent communication. If any irregularities or discrepancies are found during the inspection of the received data,
Processing is suspended assuming that mutual authentication has failed.

FIG. 52 shows a mutual authentication module 95 in the cryptographic processing unit 65 of the home server 51 and the stationary device 52 using a 160-bit elliptic curve cryptosystem which is a public key cryptosystem.
FIG. 7 is a diagram for explaining the operation of mutual authentication with a mutual authentication module (not shown) in the encryption processing unit 73 of FIG. In FIG. 52,
When the encryption processing section 65 of the encryption processing section 73, B and A, the encryption processing unit 65 generates a 64-bit random number R B, upper controller 62 via the communication unit 61 to the stationary apparatus 52. The stationary device 52 that has received this generates a new 64-bit random number R A and a random number A K smaller than the characteristic p in the encryption processing unit 73. Then, a point A V obtained by multiplying the base point G by A K is obtained, and R A , R B , A
V (X coordinate and Y coordinate) are concatenated (64 bits + 64 bits + 160 bits + 160 bits become 448 bits), and the signature data A.V. Generate Sig. The scalar multiplication of the base point is the same as the method described in the generation of the signature in FIG. The connection of data is, for example, as follows. When 16-bit data A and 16-bit data B are concatenated, the upper 16-bit data is A
Means 32-bit data in which the lower 16-bit data becomes B. The generation of the signature is the same as the method described in the generation of the signature in FIG.

[0189] Next, the encryption processing unit 73 determines that R A , R B , A
V and signature data A. Sig to host controller 72
The public key certificate for the stationary device 52 (stored in the small capacity storage unit 75)
Is transmitted to the home server 51 via the communication unit 71. Since the public key certificate has been described with reference to FIG. 32, its details are omitted. The home server 51 that has received this verifies the signature of the public key certificate of the stationary device 52 in the encryption processing unit 65. The signature verification is the same as the method described in the signature verification in FIG. Next, among the data transmitted, the random number R B is, the encryption processing unit 65 checks whether or identical to that transmitted, in the case were identical signature data A. Verify Sig. When the verification is successful, the encryption processing unit 65 authenticates the encryption processing unit 73. Note that the signature verification is the same as the method described in the signature verification in FIG. And
The encryption processing unit 65 generates a random number B K smaller than the characteristic p, obtains a point B V obtained by multiplying the base point G by B K ,
R B, R A, concatenating B V a (X and Y coordinates) with respect to the data, signature data B. a secret key possessed by the self Sig
Generate Lastly, the encryption processing unit 65 determines that R B , R A ,
B V and signature data B. Sig upper controller 6
The host controller 62 adds the public key certificate for the home server 51 (stored in the large-capacity storage unit 68) and transmits the certificate to the stationary device 52 via the communication unit 61.

[0190] The stationary device 52 that has received this verifies the signature of the public key certificate of the home server 51 in the encryption processing unit 73. Next, among the transmitted data, a random number R
A is checked whether it is the same as the one transmitted by the encryption processing unit 73, and if it is the same, the signature data B.A. Verify Sig. When the verification is successful, the encryption processing unit 73 authenticates the encryption processing unit 65.

If both are successfully authenticated, the encryption processing unit 65 calculates B K A V (where B K is a random number, but A V is a point on the elliptic curve, so that the scalar multiplication of the point on the elliptic curve is performed). calculate the necessary), the encryption processing unit 73 calculates a a K B V, the lower 64 bits of X coordinates of these points are used for subsequent communications as a session key (temporary key K temp) and (common key encryption In the case of a common key encryption having a 64-bit key length). Incidentally, the session key used for communication is not limited to the lower 64 bits of the X coordinate, and the lower 64 bits of the Y coordinate may be used. In the secret communication after mutual authentication,
The data is not only encrypted with the temporary key K temp , but a signature may be attached to the encrypted transmission data.

In the case of verifying the signature and the verification of the received data, if an injustice or mismatch is found, the processing is interrupted assuming that the mutual authentication has failed.

FIG. 53 is a diagram for explaining the operation when the settlement enabled device in the user home network 5 transmits the billing information to the electronic distribution service center 1. The settlement-capable device in the user home network 5 searches the registration information for a target device to be settled by proxy, performs mutual authentication, and shares a temporary key K temp sharing the charging information (this key changes each time mutual authentication is performed). And send it (the data is signed at this time). After processing is completed for all devices, mutual authentication is performed with the electronic distribution service center 1, all billing information is encrypted with the shared temporary key, signature data is attached to these, registration information, and handling policy as necessary , Together with the price information. Note that the billing information transmitted from the user home network 5 to the electronic distribution service center 1 includes the handling policy I
Since information necessary for distributing the amount of money such as D and ID of price information is included, it is not always necessary to transmit a handling policy and price information having a large amount of information. The user management unit 18 receives this. The user management unit 18 verifies the signature data with respect to the received billing information, registration information, handling policy, and price information. The verification of the signature is the same as the method described with reference to FIG. Next, the user management unit 1
8 decrypts the billing information with the temporary key K temp shared at the time of mutual authentication, and transmits it to the history data management unit 15 together with the handling policy and price information.

Incidentally, in this embodiment, the data transmitted after the mutual authentication is performed, if necessary, with temporary key K temp.
Encrypted. For example, the content key K co and the distribution key K d
If the contents are viewed, the data will be used illegally, so it is necessary to encrypt the data with the temporary key K temp so that it cannot be seen from the outside. On the other hand, even if the contents of the billing information and the licensing condition information can be seen, since the data cannot be used illegally, it is not always necessary to encrypt it with the temporary key K temp. If the file is tampered with or the use conditions of the license condition information are loosened, damage will occur to the parties involved in the transfer of the amount. Therefore, tampering is prevented by adding a signature to the billing information and the license condition information. However, a signature may be added when transmitting the content key Kco or the distribution key Kd .

Then, the transmitting side generates a signature for the data to be transmitted or for data obtained by encrypting the transmitted data with the temporary key K temp , and transmits the data and the signature. On the receiving side, if the sent data is not encrypted with the temporary key K temp , the data is obtained by verifying the signature, or if the sent data is encrypted with the temporary key K temp Obtains data by decrypting the data with the temporary key K temp after verifying the signature. In this embodiment, for the data transmitted after mutual authentication, the signature and the temporary key K
There is a case where encryption by temp is performed.

The user management section 18 receives the delivery key Kd from the key server 14, encrypts the delivery key Kd with the shared temporary key Ktemp , adds the signature data, creates registration information from the user registration database, and temporarily stores The distribution key K d encrypted with the key K temp , the signature data, and the registration information are transmitted to the settlement enabled device in the user home network 5. The method for creating the registration information is as described with reference to FIG. 8, and a detailed description thereof will be omitted.

When executing the settlement, the billing request unit 19
The charge information, the handling policy and the price information as necessary are received from the history data management unit 15, the charge amount to the user is calculated, and the charge information is transmitted to the accounting unit 20. Cashier 20
Communicates with a bank or the like to execute a settlement process. At this time, if there is information such as a user's unpaid fee, such information is transmitted in the form of a settlement report to the billing unit 19 and the user management unit 18 and is reflected in the user registration database, and the subsequent user registration processing, or It is referred at the time of payment processing.

The delivery key K d encrypted with the temporary key K temp ,
The payment-enabled device in the user home network 5 that has received the signature data and the registration information updates the stored registration information, checks the registration information, and verifies the signature data if the registration has been performed. , The delivery key K d to the temporary key K
The decryption is performed by temp , the delivery key Kd stored in the storage module in the encryption processing unit is updated, and the billing information in the storage module is deleted. Subsequently, a device to be settled by proxy is searched from the registration information, mutual authentication is performed for each device found by the search, and the delivery key Kd read from the storage module of the encryption processing unit is searched for the device found by the search. It is encrypted with a different temporary key K temp , a signature is attached to each device, and the signature is transmitted to each device together with registration information. The process ends when all the target devices to be settled by proxy have been completed.

The target device that has received these data checks the registration information and verifies the signature data in the same manner as the settlement-enabled device, and then decrypts the delivery key Kd with the temporary key Ktemp , and sends the delivery key Kd in the storage module. Update the key Kd and delete the billing information.

[0200] The registration item of the registration information is "registration impossible".
As for the device having been set as described above, since the charging was not performed, the delivery key Kd is not updated and the charging information is not deleted. There may be various cases that are not described, such as a state in which is performed normally).

FIG. 54 is a diagram for explaining the operation of the profit distribution processing of the electronic distribution service center 1. The history data management unit 15 holds and manages the billing information transmitted from the user management unit 18, the handling policy and the price information as necessary. The profit distribution unit 16 determines the content provider 2, the service provider 3,
Then, the profit of each electronic distribution service center 1 is calculated, and the result is transmitted to the service provider management unit 11, the content provider management unit 12, and the accounting unit 20. The accounting unit 20 communicates with a bank or the like to perform settlement. The service provider management unit 11 transmits the distribution information received from the profit distribution unit 16 to the service provider 2. The content provider management unit 12 transmits the distribution information received from the profit distribution unit 16 to the content provider 3.

The auditing unit 21 receives the accounting information, the handling policy, and the price information from the history data managing unit 15 and audits whether there is any inconsistency in the data. For example, whether the price in the billing information matches the data of the price information, whether the distribution ratio matches, and the like are audited, and whether the handling policy and the price information are inconsistent is audited. In addition, as the processing of the auditing unit 21, there is a processing of auditing the consistency between the amount received from the user home network 5 and the total amount of profit distribution or the amount sent to the service provider 3, or a device of the user home network 5. For example, content provider ID, service provider ID, and inconceivable share in
There is a process of auditing whether or not the price is included.

FIG. 55 is a block diagram of the electronic distribution service center 1.
FIG. 9 is a diagram illustrating an operation of a process of transmitting a usage result of a content to JASRAC. The history data management unit 15 transmits to the copyright management unit 13 and the profit distribution unit 16 charging information indicating the use results of the content of the user. The profit distribution unit 16 calculates the amount charged and the amount paid for the JASRAC from the billing information, and transmits the payment information to the accounting unit 20. The accounting unit 20 communicates with a bank or the like and executes a settlement process. The copyright management unit 13 sends the user's usage record of the content to JASRAC.

Next, the processing of the EMD system will be described. FIG. 56 is a flowchart for explaining the content distribution and reproduction processing of this system. In step S40, the content provider management unit 12 of the electronic distribution service center 1
Transmitted to the individual key K i, the distribution key K individual key encrypted with the d K i and the content provider 2 a public key certificate,
The content provider 2 receives this. Details of the processing will be described later with reference to the flowchart in FIG.
In step S41, the user selects a device of the user home network 5 (for example, the home server 5 in FIG. 15).
By operating 1), the device of the user home network 5 is registered in the user management unit 18 of the electronic distribution service center 1. Details of this registration processing will be described later with reference to the flowchart in FIG. In step S42, the user management unit 18 of the electronic distribution service center 1 transmits the delivery key Kd to the device of the user home network 5 after performing the mutual authentication with the user home network 5 as described above with reference to FIG. The user home network 5 receives this key. Details of this processing will be described with reference to the flowchart in FIG.

[0205] In step S43, the signature generation unit 38 of the content provider 2 generates a content provider secure container, and stores it in the service provider 3
Send to Details of this processing will be described later with reference to the flowchart in FIG. In step S44, the signature generation unit 45 of the service provider 3 generates a service provider secure container and transmits it to the user home network 5 via the network 4. Details of this transmission processing will be described later with reference to the flowchart in FIG. In step S45, the purchase module 94 of the user home network 5 executes a purchase process. Details of the purchase process will be described later with reference to the flowchart in FIG. In step S46, the user
The content is reproduced on the device of the user home network 5. The details of the reproduction process will be described later with reference to the flowchart in FIG.

[0206] Figure 57 corresponds to S40 in FIG. 56, the electronic distribution service center 1 individual key K i to content provider 2, the delivery key K d in transmitting the encrypted individual key K i and a public key certificate 6 is a flowchart illustrating details of a process in which the content provider 2 receives the content. In step S50, the mutual authentication unit 17 of the electronic distribution service center 1 performs mutual authentication with the mutual authentication unit 39 of the content provider 2. This mutual authentication process is shown in FIG.
2, the details are omitted. When it is confirmed by the mutual authentication process that the content provider 2 is a valid provider, in step S51,
The content provider 2 is an electronic distribution service center 1
Individual key K i that is sent from the content provider management section 12 of receiving the encrypted individual key K i and certificate distribution key K d. In step S52, the content provider 2 stores the received individual key K i in the tamper-resistant memory 4
0A, and the individual key Ki and the certificate encrypted with the delivery key Kd are stored in the memory 40B.

As described above, the content provider 2
Individual key K i and delivery key K d from the electronic distribution service center 1
Receive the individual key K i and the certificate that have been encrypted. Similarly, in the example of performing the processing of the flowchart shown in FIG. 56, in addition to the content provider 2, also the service provider 3, the same processing as FIG. 57, the electronic distribution service center 1 the individual key K i (the content provider 2 individual key K i is different from the), encrypted with the distribution key K d the individual key K
Receive i and certificate.

[0208] Incidentally, the memory 40A, since the content provider 2 holds the individual key K i that must be kept secret, but the tamper-resistant memory is desirable not read data easily by a third party, in particular There is no need for hardware limitations (for example, a hard disk in a room where entry control is performed, a hard disk of a personal computer with password management, etc. may be used). The memory 40B is the delivery key K d in encrypted individual key K i, because the certificate content provider 2 is only stored, (there is no need to secretly) like conventional memory device may anything . Further, the memories 40A and 40B may be one.

FIG. 58 is a flow chart for explaining a process in which the home server 51 registers the settlement information in the user management section 18 of the electronic distribution service center 1. Step S
At 60, the home server 51 stores the large-capacity storage unit 68
Is mutually authenticated by the mutual authentication module 95 of the encryption processing unit 65 with the mutual authentication unit 17 of the electronic distribution service center 1. This authentication process is performed as shown in FIG.
2 is similar to the case described with reference to FIG. In step S60, the home server 51
Transmitted to the user management unit 18 of the electronic distribution service center 1 includes the data (public key certificate of the user device) shown in FIG.

[0210] In step S61, the home server determines whether or not registration of personal settlement information (such as a user's credit card number or account number of a payment institution) is a new registration. , Step S62
Proceed to. In step S62, the user enters the input
3 to input personal settlement information. These data are encrypted by the encryption unit 112 using the temporary key K temp, and are transmitted via the communication unit 61 to the electronic distribution service center 1.
Is transmitted to the user management unit 18.

[0211] In step S63, the user management unit 18 of the electronic distribution service center 1 extracts the device ID from the received certificate, and searches the user registration database shown in FIG. 7 based on the device ID. Step S
At 64, the user management unit 18 of the electronic distribution service center 1 determines whether registration of the device having the received ID is possible, and determines that registration of the device having the received ID is possible. In this case, the process proceeds to step S65,
It is determined whether the device having the received ID has been newly registered. If it is determined in step S65 that the device having the received ID has been newly registered, the process proceeds to step S66.

In step S66, the user management section 18 of the electronic distribution service center 1 newly issues a payment ID, decrypts the payment information encrypted with the temporary key, and stores the payment ID and the payment information in the device ID. , Payment ID,
A payment information database that stores payment information (account number, credit card number, etc.), transaction suspension information, and the like is registered in association with the device ID, and the payment ID is registered in the user registration database. In step 67, registration information is created based on the data registered in the user registration database. Since this registration information has been described with reference to FIG. 8, its details are omitted.

[0213] In step S68, the user management section 18 of the electronic distribution service center 1 transmits the created registration information to the home server 51. In step S69, the host controller 62 of the home server 51 stores the received registration information in the large-capacity storage unit 68.

[0214] If it is determined in step S61 that the registration of the payment information is an update registration, the procedure proceeds to step S70, and the user uses the input unit 63 to input personal payment information. These data are encrypted by the encryption unit 112 using the temporary key K temp and transmitted to the user management unit 18 of the electronic distribution service center 1 via the communication unit 61 together with the registration information already issued at the time of payment registration. You.

If it is determined in step S64 that the device having the received ID cannot be registered, the process proceeds to step S71, where the user management unit 18 of the electronic distribution service center 1 creates registration information of registration rejection. The process proceeds to step S68.

If it is determined in step S65 that the device having the received ID is not a new registration, the procedure proceeds to step S72, where the user management unit 18 of the electronic distribution service center 1 encrypts the data with the temporary key. The payment information thus decrypted is decrypted, updated and registered in the payment information registration database in correspondence with the device ID, and the process proceeds to step S67.

As described above, home server 51 is registered in electronic distribution service center 1.

FIG. 59 is a flowchart for explaining the process of newly registering the device ID in the registration information. The mutual authentication process in step S80 is the same as the process described in FIG. 52, and thus the description is omitted. Step S81 is the same as step S63 in FIG. 58, and a description thereof will be omitted. Step S82 corresponds to step S6 in FIG.
4, the description is omitted. Step S8
In 3, the user management unit 18 of the electronic distribution service center 1 sets the registration item corresponding to the device ID in the user registration database to “registration” and registers the device ID.
In step S84, the user management unit 18 of the electronic distribution service center 1 creates registration information as shown in FIG. 8 based on the user registration database. Step S
Step 85 is the same as step S68 in FIG. 58, and a description thereof will be omitted. Step S86 is the same as step S69 in FIG. 58, and thus description thereof is omitted.

[0219] If it is determined in step S82 that registration of the device having the received ID is impossible, the process proceeds to step S87, where the user management unit 18 of the electronic distribution service center 1 creates registration information of registration rejection. The process proceeds to step S85.

Thus, home server 51 is registered in electronic distribution service center 1.

FIG. 60 is a diagram showing an example in which the registered device is
13 is a flowchart illustrating a process when additionally registering another device. Here, an example will be described in which the home server 51 is already registered, and the stationary device 52 is registered therein. In step S90, the home server 51 performs mutual authentication with the stationary device 52. The mutual authentication process is the same as the process described with reference to FIG. 52, and a description thereof will not be repeated. In step S91, the home server 51 mutually authenticates with the electronic distribution service center 1. In step S92,
The home server 51 transmits the registration information read from the large-capacity storage unit 68 and the certificate of the stationary device 52 obtained at the time of mutual authentication with the stationary device 52 in step S90 to the electronic distribution service center 1. Step S93 corresponds to FIG.
The description is omitted because it is the same as step S81 in FIG. Step S94 is the same as step S82 in FIG. 59, and a description thereof will be omitted. Step S95 is the same as step S83 in FIG. 59, and a description thereof will be omitted. In step S96, the user management unit 18 of the electronic distribution service center 1 newly creates registration information to which information on the stationary device 52 has been added in addition to the registration information received from the home server 51. Step S97 is the same as step S85 in FIG. 59, and a description thereof will be omitted.
Step S98 is the same as step S86 in FIG. 59, and a description thereof will be omitted.

Then, in step S99A, home server 51 transmits the received registration information to stationary device 52, and in step S99B, stationary device 52 stores the received registration information in small-capacity storage unit 75.

If it is determined in step S94 that the registration of the device having the received ID is impossible, the process proceeds to step S99, and the user management unit 18 of the electronic distribution service center 1 determines that only the stationary device 52 has rejected registration. The registration information (accordingly, the home server 51 remains registered) is created, and the process proceeds to step S97. Means that you can register).

Thus, the stationary device 52 is additionally registered in the electronic distribution service center 1 according to the processing procedure shown in FIG.

Here, the timing at which the registered device updates the registration (updates the registration information) will be described. FIG.
1 shows a processing procedure for determining whether or not to update the registration information based on various conditions. In step S600, the home server 51 determines in advance from the delivery key K d , registration information or billing information. It is determined by a clock (not shown) and a determination unit (not shown) whether a predetermined period has elapsed. If an affirmative result is obtained here, this means that a certain period has elapsed since the delivery key K d , registration information or billing information was raised, and the home server 51 proceeds to step S607 at this time. To update the registration information. This processing will be described later with reference to FIG.

On the other hand, if a negative result is obtained in step S600, this means that a certain period has not elapsed since the delivery key K d , registration information or billing information has been rinsed, that is, the registration of the elapse of the period has been completed. This indicates that the information update condition is not satisfied, and the home server 51 moves to step S601 at this time.

At step S601, home server 5
1 judges whether the number of purchases of the content has reached a prescribed number. If an affirmative result is obtained here, the home server 51 proceeds to step S607 to execute a registration information update process, and if a negative result is obtained in step S601, this means that the home server 51 determines the number of purchases of the content. The home server 51 shifts to the following step S602 because it indicates that the update condition is not satisfied.

In step S602, home server 51 determines whether or not the purchase price of the content has reached a prescribed price. If an affirmative result is obtained here, the home server 51 proceeds to step S607 to execute a registration information update process, and if a negative result is obtained in step S602, this indicates that the content purchase price The home server 51 proceeds to the subsequent step S603 because it indicates that the update condition of the registration information is not satisfied.

[0229] In step S603, the home server 51 determines whether the expiration date of the delivery key Kd has expired. As a method of determining whether or not the expiration date of the delivery key Kd has expired, the version of the delivery key Kd of the distributed data may be any of the three versions of the delivery key Kd stored in the storage module 92. It is checked whether the version matches the version of the distribution key Kd or whether it is older than the version of the latest distribution key Kd . In this comparison if the result is older than the version of the case do not match or recent distribution key the K d, will be the expiration date of the delivery key K d for the storage module 92 has expired, the home server 51 step S6
In step S60, a positive result is obtained in step S60.
Then, the process proceeds to step S7 where the registration information is updated. On the other hand, if a negative result is obtained in step S603, this means that the expiration date of the delivery key Kd does not satisfy the update condition of the registration information. At this time, the home server 51 proceeds to step S604. Move on.

[0230] In step S604, the home server 51 determines whether there is a change in the network configuration such as whether or not another device is newly connected to the home server 51 or whether or not the connected other device is disconnected. . If an affirmative result is obtained here, this indicates that the network configuration has been changed, and at this time, the home server 51 proceeds to step S607 and executes a registration information update process. On the other hand, if a negative result is obtained in step S604, this means that the update condition of the registration information is not satisfied with respect to the network configuration, and the home server 51 proceeds to step S60.
Move to 5.

In step S605, home server 51 determines whether or not there has been a request for updating the registration information from the user. If there is no registration information update request, the process moves to step S606.

[0232] In step S606, the home server 51 executes the above-described step S6 for another connected device.
The update determination in step S00 to step S605 is performed. When the determination result to be updated is obtained, the process proceeds to step S607 to perform the update processing of the registration information. The same processing is repeated from S600. Thereby, the home server 51
Can obtain the timing for performing the update processing of the registration information. Instead of the home server 51 checking the update start condition of another device, another device may independently check the update start condition and issue a request to the home server 51 by itself.

FIG. 62 is a flowchart for explaining an operation in which a registered device updates registration (updates registration information), performs a settlement process, and receives a redistribution of the delivery key Kd .
The mutual authentication process in step S100 is the same as the process described with reference to FIG. Step S
In 101, the home server 51 encrypts the billing information stored in the storage module 92 using the temporary key K temp in the encryption unit 112 of the encryption processing unit 96,
The signature is generated by the signature generation unit 114, and the signature is added. Then, the encrypted billing information and its signature are combined with the handling policy, price information, and registration information stored in the large-capacity storage unit 68 and transmitted to the electronic distribution service center 1. At this time, the handling policy and price information need not be transmitted depending on the model. This is because the content provider 2 and the service provider 3 may have transmitted to the electronic distribution service center 1 in advance, or the billing information may include necessary information out of the handling policy and price information. is there.

Step S102 is the same as step S102 in FIG.
Since it is the same as 81, its description is omitted. Step S
Step 103 is the same as step S82 in FIG. 59, and a description thereof will be omitted. In step S104, the user management unit 18 of the electronic distribution service center 1 verifies the signature with the signature verification unit 115 and decrypts the received accounting information with the temporary key K temp (if the received data has an electronic signature, The signature is verified by the signature verification unit 115) and transmitted to the history data management unit 15 together with the handling policy and price information (if received). The history data management unit 15 receiving this saves and manages the received data.

In step S105, the user management section 18 of the electronic distribution service center 1 verifies the registration item corresponding to the device ID in the user registration database and updates the data. For example, it is data such as a registration date and a billing status (not shown). Step S106 is the same as step S84 in FIG. 59, and a description thereof will be omitted. In step S107, the user management unit of the electronic distribution service center 1 encrypts the delivery key Kd supplied from the key server 14 with the temporary key Ktemp , and transmits it to the home server 51 together with the registration information.

[0236] In step S108, the home server 51 stores the received registration information in the large-capacity storage unit 68. In step S109, the home server 51
The received registration information is input to the encryption processing unit 65, and the encryption processing unit 65 verifies the electronic signature included in the registration information with the signature verification unit 115 and checks whether the device ID of the home server 51 is registered. If the verification is successful and it is confirmed that the charging process has been completed, step S11
Go to 0. In step S110, the home server 5
1 inputs the received delivery key Kd to the encryption processing unit 65. In the encryption processing unit 65, the received delivery key Kd is encrypted /
The decryption is performed by the decryption unit 111 of the decryption module 96 using the temporary key K temp , stored (updated) in the storage module 92, and erases the billing information stored in the storage module 92 (this indicates that payment has been completed). Become).

In step S103, the received ID
If it is determined that the registration of the device having is impossible, the process proceeds to step S111, and the user management unit 18 of the electronic distribution service center 1 creates registration information indicating that registration has been rejected,
Proceed to step S112. In step S112, unlike step S107, only the registration information is stored in the home server 5
Send to 1.

In step S109, the verification of the signature included in the registration information fails, or the item of “registration” included in the registration information (for example, charging processing failed → purchase cannot be performed, registration rejection → reproduction, etc. If “registration permitted” is not written in “Stop the function of the cryptographic processing unit and suspend the transaction → payment processing succeeded, but the purchase may be stopped for some reason), the process proceeds to step S113. Perform predetermined error processing.

As described above, the home server 51 updates the registration information, transmits the billing information to the electronic distribution service center 1, and receives the delivery key Kd instead.

FIGS. 63 and 64 show that the stationary device 52 performs the settlement, the update of the registration information, and the delivery key K via the home server 51.
FIG. 13 is a diagram illustrating a flowchart for explaining processing for updating d . In step S120, the home server 5
The mutual authentication module 94 and the mutual authentication module (not shown) of the stationary device perform mutual authentication. The mutual authentication process is
Since the processing is the same as that described with reference to FIG. 52, the description is omitted.
As described in the mutual authentication process, the home server 5
1 and the stationary device 52 exchange certificates with each other, and it is assumed that the device ID of the other party is known. In step S121, the higher-level controller 62 of the home server 51 reads the registration information from the large-capacity storage unit 68 and causes the encryption processing unit 65 to check the information. Upper controller 6
The encryption processing unit 65, which has received the registration information from Step 2, verifies the signature in the registration information, determines whether there is an ID of the stationary device, and proceeds to Step S122 when there is an ID of the stationary device in the registration information. .

In step S122, it is determined whether or not the ID of the stationary device 52 is registered in the registration information. If the ID of the stationary device 52 is registered, the process proceeds to step S123. In step S123, the encryption processing unit 73 of the stationary device 52 reads out the billing information stored in the storage module, and uses the encryption unit to store the temporary key K
Encrypt using temp . Further, a signature corresponding to the billing information is generated by the signature generation unit. Figure 1 shows the signature generation
0, the details are omitted. The higher-level controller 72, which has received the billing information encrypted with the temporary key K temp and its signature, reads the handling policy and price information corresponding to the billing information from the small-capacity storage unit 75 as necessary, and uses the temporary key K temp Encrypted billing information and its signature,
A handling policy and price information corresponding to the billing information are transmitted to the home server 51 as necessary.

The home server 5 receiving these data
1 stores the handling policy and price information in the large-capacity storage unit 68 if received, and inputs the billing information encrypted with the temporary key K temp and its signature to the encryption processing unit 65. Upon receiving the billing information encrypted with the temporary key K temp and the signature thereof, the encryption processing unit 65 uses the signature verification unit 115 of the encryption / decryption module 96 to sign the billing information encrypted with the temporary key K temp. Verify. Since the verification of the signature is the same as the processing described with reference to FIG. 11, the details are omitted. Then, the decryption unit 111 of the encryption / decryption module 96 decrypts the billing information encrypted with the temporary key K temp .

In step S124, home server 51 performs mutual authentication with mutual authentication unit 17 of electronic distribution service center 1, and shares temporary key K temp2 . Step S12
In 5, the home server 51 encrypts the accounting information sent from the stationary device 52 by the encryption unit 112 of the encryption / decryption module 96 using the temporary key K temp 2. At this time, the billing information of the home server 51 may be encrypted together. Further, a signature corresponding to the billing information encrypted with the temporary key K temp 2 is generated by the signature generation unit 114 of the encryption / decryption module 96. Upon receiving the billing information encrypted with the temporary key K temp 2 and the signature thereof, the upper controller 62 reads the handling policy, price information, and registration information corresponding to the billing information from the large-capacity storage unit 68 as necessary. Then, the accounting information encrypted with the temporary key K temp 2, its signature, and, if necessary, the handling policy, price information, and registration information corresponding to the accounting information are transmitted to the user management unit 18 of the electronic distribution service center 1.

At step S126, the user management section 18 of the electronic distribution service center 1 searches the user registration database. In step S127, it is determined whether or not the home server 51 and the stationary device 52 have been registered in the “Registration” item in the user registration database as being permitted to be registered. move on. In step S128, the user management unit 18 of the electronic distribution service center 1 stores the temporary key K
Verify the signature for the billing information encrypted in temp2 ,
The accounting information is decrypted using the temporary key K temp 2. Then, the accounting information and, if received, the handling policy and price information are transmitted to the history data management unit 15. History data management unit 1 that has received billing information, handling policy and price information if received
5 manages and stores the data.

[0245] In step S129, the user management unit 18 of the electronic distribution service center 1 updates the user registration database (date and time of receipt of charging data, date and time of issuance of registration information, date and time of delivery key delivery, etc., not shown). Step S130
, The user management unit 1 of the electronic distribution service center 1
8 creates registration information (for example, the example in FIG. 8). In step S131, the user management unit 18 of the electronic distribution service center 1 encrypts the delivery key Kd received from the key server 14 of the electronic distribution service center 1 with the temporary key Ktemp2 and encrypts it with the temporary key Ktemp2 . A signature is generated for the obtained distribution key Kd . Then, send the registration information, the signature distribution key K d, and the temporary key K temp 2 encrypted with the temporary key K temp 2 for the encrypted distribution key K d in the home server 51.

[0246] In step S132, the home server 51, registration information, the temporary key K temp 2 in encrypted distribution key K d, and the temporary key K temp 2 in encrypted distribution key K d
Receive a signature for. Home upper controller 62 of the server 51 inputs the signature distribution key K d, and the temporary key K temp 2 encrypted with the temporary key K temp 2 for the encrypted distribution key K d in the encryption processing section 65. Cryptographic processing unit 6
In 5, the signature verification unit 115 of the encryption / decryption module 96 verifies the signature for the delivery key Kd encrypted with the temporary key Ktemp2 , and the encryption / decryption module 9
6 decrypts the delivery key K d using the temporary key K temp 2, and the encryption unit 112 of the encryption / decryption module 96 converts the decrypted delivery key K d into
Re-encryption is performed using the temporary key K temp shared with the stationary device 52. Finally, the signature generation unit 114 of the encryption / decryption module 96 generates a signature corresponding to the encrypted delivery key K d using the temporary key K temp , and generates the temporary key K
The signatures for the delivery key Kd encrypted with the temp and the delivery key Kd encrypted with the temporary key Ktemp are returned to the host controller 62. Delivery key K encrypted with temporary key K temp
The upper controller 62 that has received the signature for the delivery key Kd encrypted with d and the temporary key Ktemp transmits the same to the stationary device 52 together with the registration information sent from the electronic distribution service center 1.

In step S133, the stationary device 52
The upper-level controller 72 overwrites the received registration information in the small-capacity storage unit 75. In step S134, the encryption processing unit 73 of the stationary device 52 verifies the signature of the received registration information, and determines whether or not the item for “registration” of the ID of the stationary device 52 is “registration allowed”,
If it is "registration possible", the process proceeds to step S135. In step S135, the higher-level controller of the stationary device 52 transmits the delivery key K encrypted with the temporary key K temp.
The signature for the delivery key Kd encrypted with d and the temporary key Ktemp is input to the encryption processing unit 73. Encryption processing unit 73
Verifies the signature with the temporary key K temp for encrypted distribution key K d, decrypts the distribution key K d using the temporary key K temp, the distribution key K d for the storage module of the encryption processing section 73 At the same time as updating, the accounting information is erased (note that there is a case where the payment information is simply marked without actually being erased).

In step S121, the stationary device 52
If the ID is not included in the registration information, the process proceeds to step S136, starts the registration information adding process described with reference to FIG. 60, and proceeds to step S123.

[0249] In step S127, the home server 51 registers the "registration" item in the user registration database.
If the ID of the stationary device 52 or the ID of the stationary device 52 is not “registration possible”, the process proceeds to step S137. Step S
Step 137 is the same as that in step S130, and thus details thereof are omitted. Step S138 is equivalent to step S13
In 1, the user management unit 18 of the electronic distribution service center 1 transmits the registration information to the home server 51. In step S139, the home server 51 transmits the registration information to the stationary device 52.

If the “registration” item for the ID of the stationary device 52 in the registration information is not “registration permitted” in step S122, the “registration” item for the ID of the stationary device 52 in the registration information is not determined in step S134. Is not "Registerable"
The process ends.

Although the proxy process according to this method is a process for only the stationary device 52, all devices connected to the home server 51 and the accounting information of the home server 51 itself may be collected and processed collectively. . Then, the registration information and the delivery key Kd of all the devices are updated (in the present embodiment, the received registration information and the delivery key Kd are not checked at all by the home server 51. Processing of the home server 51 itself) Should be checked and updated if they are also performed collectively).

Next, the process of transmitting the content provider secure container from the content provider 2 to the service provider 3 corresponding to step S43 in FIG. 56 will be described with reference to the flowchart in FIG. In step S140, the digital watermark adding unit 32 of the content provider 2 inserts predetermined data indicating the content provider 2 such as a content provider ID into the content read from the content server 31 in the form of a digital watermark. To supply. Step S
In 141, the compression unit 33 of the content provider 2
Compresses the content into which the digital watermark is inserted by a predetermined method such as ATRAC and supplies the compressed content to the content encryption unit 34. In step S142, the content key generation unit 3
5 generates a key to be used as the content key K co and supplies it to the content encryption unit 34 and the content key encryption unit 36. In step S143, the content encryption unit 34 of the content provider 2 encrypts the content into which the digital watermark has been inserted and compressed using the content key K co by a predetermined method such as DES.

In step S144, the content key encryption unit 36 executes the processing of step S40 in FIG.
Encrypts the content key K co with the individual key K i supplied from. In step S145, the handling policy generation unit 37 defines a content handling policy and generates a handling policy as shown in FIG. 33 or FIG. Step S
At 146, the signature generation unit 38 of the content provider 2 determines the encrypted content, the encrypted content key K co , the encrypted individual key Ki, and the handling policy supplied from the handling policy generation unit 37. Generate a signature. Since the generation of the signature is the same as that described with reference to FIG. 10, the description is omitted here. Step S14
7, the content provider 2 transmits the encrypted content and its signature, the encrypted content key K co and its signature, the encrypted individual key Ki and its signature, the handling policy and its signature (hereinafter, these The four signed data are referred to as a content provider secure container), and the certificate of the content provider 2 previously obtained from the certificate authority is transmitted to the service provider 3 using a transmission unit (not shown).

As described above, the content provider 2
Transmits the content provider secure container to the service provider 3.

Next, the process in which the service provider 3 transmits the service provider secure container to the home server 51 corresponding to step S44 in FIG.
This will be described with reference to the flowchart of FIG. It is assumed that the service provider 3 stores data transmitted from the content provider 2 in the content server 41 in advance. In step S150, the certificate verification unit 42 of the service provider 3 reads the signature of the certificate of the content provider 2 from the content server 41, and verifies the signature in the certificate. Figure 1 shows signature verification
1 is similar to the method described with reference to FIG. If the certificate has not been tampered with, the public key K pcp of the content provider 2 is extracted.

In step S151, the signature verification unit 43 of the service provider 3
The signature of the content provider secure container transmitted from the transmission unit of the public key K of the content provider 2
Verify by pcp (only the signature of the handling policy may be verified). If signature verification fails and tampering is discovered,
The process ends. Note that the signature verification is the same as the method described with reference to FIG.

If the content provider secure container has not been tampered with, in step S152, the pricing section 44 of the service provider 3 executes the processing shown in FIG.
The price information described in FIG. 7 and FIG. 38 is created. Step S
At 153, the signature generation unit 4 of the service provider 3
5 generates a signature for the price information and combines the content provider secure container, the price information, and the signature of the price information to create a service provider secure container.

[0258] In step S154, the transmitting unit (not shown) of the service provider 3 transmits the certificate of the service provider 3, the certificate of the content provider 2, and the service provider secure container to the communication unit 61 of the home server 51. To end.

As described above, the service provider 3 transmits the service provider secure container to the home server 51.

The details of the purchase processing of the home server 51 after receiving the appropriate service provider secure container corresponding to step S45 in FIG. 56 will be described with reference to the flowchart in FIG. In step S161, the home server 51 executes the registration information updating process described above with reference to FIGS.
2, the upper controller 62 of the home server 51
Inputs the registration information read from the large-capacity storage unit 68 of the home server 51 to the encryption processing unit 65 of the home server 51. After receiving the registration information, the encryption processing unit 65 verifies the signature of the registration information in the signature verification unit 115 of the encryption / decryption module 96, and then changes the item of “purchase processing” for the ID of the home server 51 to “purchase permitted”. In addition, it is determined whether or not the registration item is “registerable”, and if “registerable” is determined to be “purchasable”, the process proceeds to step S163. In addition, signature verification, "registerable",
The inspection of “purchasable” may be performed by the registration information inspection module 93. In step S163, the host controller 62 of the home server 51
The public key certificate of the content provider 2 read from the large-capacity storage unit 68 is input to the encryption processing unit 65 of the home server 51.

Upon receiving the public key certificate of the content provider 2, the encryption processing unit 65 sets the encryption / decryption module 9
6 and the content provider 2 in the signature verification unit 115.
After verifying the signature of the certificate, the public key of the content provider 2 is extracted from the public key certificate. If the signature verification shows that the signature has not been tampered with,
Proceed to step S164. In step S164,
The upper controller 62 of the home server 51 inputs the content read from the large-capacity storage unit 68 of the home server 51 to the encryption processing unit 65 of the home server 51. Upon receiving the content, the encryption processing unit 65 verifies the signature of the content with the signature verification unit 115 of the encryption / decryption module 96, and when it is confirmed that the content has not been tampered with, proceeds to step S165. In step S165, the host controller 62 of the home server 51
The content key Kco read from the large-capacity storage unit 68 of the home server 51 is input to the encryption processing unit 65 of the home server 51.

The encryption processing unit 6 that has received the content key K co
5, the signature verification unit 115 of the encryption / decryption module 96 verifies the signature of the content key Kco , and if it is confirmed that the content key Kco has not been tampered with, the process proceeds to step S16.
Proceed to 6. In step S166, the home server 5
Upper controller 62 of the 1 inputs the individual key K i read from the mass storage section 68 of the home server 51 in the cipher processing portion 65 of the home server 51. Upon receiving the individual key K i , the encryption processing unit 65 verifies the signature of the individual key K i by the signature verification unit 115 of the encryption / decryption module 96, and if it is confirmed that the signature has not been tampered with, the step Proceed to S167.

In step S167, the host controller 62 of the home server 51 inputs the handling policy read from the large-capacity storage unit 68 of the home server 51 to the encryption processing unit 65 of the home server 51. Upon receiving the handling policy, the cryptographic processing unit 65 verifies the signature of the handling policy by the signature verification unit 115 of the encryption / decryption module 96, and if it is confirmed that the signature has not been tampered with, returns to step S.
Proceed to 168. In step S168, the host controller 62 of the home server 51 sends the service provider 3
Is input to the encryption processing unit 65 of the home server 51.

Upon receiving the public key certificate of the service provider 3, the encryption processing unit 65 sets the encryption / decryption module 96
After the signature verification unit 115 verifies the signature of the certificate of the service provider 3, the public key of the service provider 3 is extracted from the public key certificate. If it is determined that the signature has not been tampered with, the process proceeds to step S169. In step S169, the host controller 62 of the home server 51
The price information read from the large-capacity storage unit 68 is input to the encryption processing unit 65 of the home server 51. Upon receiving the price information, the encryption processing unit 65 sets the encryption / decryption module 96
The signature verification unit 115 verifies the signature of the price information,
If it is confirmed that the data has not been tampered with, it proceeds to step S170.

In step S170, the host controller 62 of the home server 51 displays the information of the content that can be purchased (for example, the use form and price that can be purchased) by using the display means 64. To select a purchase item. The signal input from the input means 63 is transmitted to the host controller 62 of the home server 51. The host controller 62 generates a purchase command based on the signal, and transmits the purchase command to the home server 51.
Is input to the encryption processing unit 65. Note that these input processes may be performed at the start of the purchase process. Receiving this, the encryption processing unit 65 generates billing information and license condition information from the handling policy input in step S167 and the price information input in step S169. Since the billing information has been described with reference to FIG. 42, its details are omitted. Since the license condition information has been described with reference to FIG. 41, the details are omitted.

At step S171, the encryption processing unit 6
The control unit 91 stores the billing information generated in step S170 in the storage module 92. Step S172
, The control unit 91 of the encryption processing unit 65 determines in step S
The license condition information generated in 170 is transmitted to the external memory control unit 97 of the encryption processing unit 65. After receiving the license condition information, the external memory control unit 97 checks the external memory 67 for tampering, and then writes the license condition information to the external memory 67. The falsification check at the time of writing will be described later with reference to FIG. In step S173, the control unit 91 of the encryption processing unit 65 determines in step S166
The individual key K i inputted in the encryption / decryption module 9
In the sixth decryption unit 111, decryption is performed using the delivery key Kd supplied from the storage module 92. Next, the control unit 91 of the encryption processing unit 65 converts the content key K co input in step S165 into the encryption / decryption module 96.
, The individual key K decrypted earlier
Decrypt using i . Finally, the control unit 91 of the encryption processing unit 65 encrypts the content key K co using the storage key K save supplied from the storage module 92 in the encryption unit 112 of the encryption / decryption module 96. In step S174, the content key K co encrypted with the storage key K save is stored in the external memory control unit 9 of the encryption processing unit 65.
7, and is stored in the external memory 67.

If it is determined in step S162 that the home server 51 is a device for which purchase processing cannot be performed, or if it is determined in step S163 that the signature of the public key certificate of the content provider 2 is incorrect,
If it is determined in 164 that the signature of the content encrypted with the content key K co is incorrect, or in step S1
If the signature of the encrypted content key K co is determined to be incorrect by the individual key K i by 65 or Step S16
If 6 the delivery key K d with the signature of the encrypted individual key K i is determined to be incorrect, or if the signature of the handling policy is determined to be incorrect in step S167, or the service provider 3 at step S168 If it is determined that the signature of the certificate is not correct, or if it is determined in step S169 that the signature of the price information is not correct, the home server 51 proceeds to step S176 and performs error processing. Incidentally step S165, and summarizes the process of step S166, the content key K co, may be verified only signature on the individual key K i.

[0268] As described above, the home server 51 stores the charge information in the storage module 92, after decrypting the content key K co by the individual key K i, the content key K
co is encrypted with the storage key K save and stored in the external memory 67.

The stationary device 52 also stores the billing information in the storage module of the encryption processing unit 73 by the same processing,
The content key K co decrypted by the individual key K i, is encrypted with save the content key K co key K save 2 (different from the key of the home server 51) and stored in the external memory 79.

FIG. 68 is a flowchart for explaining a method of falsification check performed by the external memory control unit 97 of the encryption processing unit 65 when reading data from the external memory 67. In step S180 in FIG. 68, the external memory control unit 97 of the encryption processing unit 65 searches for the location of data to be read from the external memory 67 (for example, the first data in the block in FIG. 16). In step S181,
The external memory control unit 97 of the encryption processing unit 65 calculates a hash value (a hash value of the entire first block in FIG. 16) for all data in the same block including the data to be read in the external memory 67. At this time, data other than the data to be read (for example, content key 1 and license condition information 1) is discarded after being used for hash value calculation. In step S182, the hash value calculated in step S181 is compared with the hash value (ICV 1 ) stored in the storage module 92 of the encryption processing unit 65. If they match, the data read in step S181 is transmitted to the control unit 91 via the external memory control unit 97, and if they do not match, the external memory control unit 97
The process proceeds to S183, in which the memory block is assumed to have been tampered with, and subsequent reading and writing is prohibited (referred to as a bad block). For example, when the external memory is a 4 MB flash memory, it is assumed that this memory is divided into 64 blocks. Therefore, the storage module stores 64 hash values. When data is read, first, a location where the data is located is searched, and a hash value for all data in the same block including the data is calculated. The falsification is checked by checking whether this hash value matches the hash value corresponding to the lock in the storage module (see FIG. 16).

As described above, the external memory control unit 97 of the encryption processing unit 65 checks the external memory 67 for tampering,
Read data.

FIG. 69 is a flowchart for explaining a method of falsification check performed by the external memory control unit 97 of the encryption processing unit 65 when writing data to the external memory 67. In step S190A of FIG. 69, the external memory control unit 97 of the encryption processing unit 65 searches for a place where data can be written to the external memory 67. Step S
In 191A, the external memory control unit 97 of the encryption processing unit 65 determines whether or not there is a free area in the external memory 67. If it is determined that there is a free area, step S1 is performed.
Proceed to 92A. In step S192A, the external memory control unit 97 of the encryption processing unit 65 calculates hash values for all data in the data block to be written. In step S193A, step S192
The hash value calculated in A is compared with the hash value stored in the storage module 92 of the encryption processing unit 65, and if they match, the process proceeds to step S194A. Step S1
At 94A, data is written to the write-scheduled area. In step S195A, the external memory control unit 97 of the encryption processing unit 65 recalculates the hash values for all data in the written data block. In step S196A, the control unit 91 stores the hash value in the storage module 92 of the encryption processing unit 65 in step S196A.
Update to the hash value calculated in 195A.

If the calculated hash value is different from the hash value in the storage module 92 in step S193A, the control unit 91 sets the memory block as a bad block (for example, changes the hash value to a value indicating a bad block). Yes), and the process proceeds to step S190A.

If it is determined in step S191A that there is no free area in the external memory 67, the process proceeds to step S191.
Proceeding to 198A, in step S198A, the external memory control unit 97 returns a write error to the control unit 91, and ends the processing.

As shown in FIG. 70, the external memory control unit 97 of the encryption processing unit 65 rewrites (updates) the data in the external memory 67 in step S190B as shown in FIG. Search for a place. In step S192B, the external memory control unit 97 of the encryption processing unit 65 calculates a hash value for all data in the data block to be rewritten. In step S193B, step S192B
The hash value calculated in step S194 is compared with the hash value stored in the storage module 92 of the encryption processing unit 65, and if they match, the process proceeds to step S194B. Step S19
In 4B, the data in the area to be rewritten is rewritten. In step S195B, the external memory control unit 97 of the encryption processing unit 65 recalculates hash values for all data in the written data block. In step S196B, the control unit 91 stores the hash value in the storage module 92 of the encryption processing unit 65 in step S196B.
Update to the hash value calculated in 195B.

If the calculated hash value is different from the hash value in the storage module 92 in step S193B, the control unit 91 sets the memory block as a bad block (for example, replaces the hash value with a value indicating the bad block). Change) and rewrite failure.

A method of deleting data in external memory 79 will be described with reference to FIG. In step S190C, the external memory control unit of the encryption processing unit 73 searches for a location where data in the external memory 79 is to be deleted. Step S
In 192C, the external memory control unit of the encryption processing unit 73 calculates a hash value for all data in the data block to be deleted. Step S193C
In step S192C, the hash value calculated in step S192C is compared with the hash value stored in the storage module (not shown) of the encryption processing unit 73, and if they match, the process proceeds to step S194C. In step S194C,
Delete the data to be deleted from the deletion target area. In step S195C, the external memory control unit of the encryption processing unit 73 recalculates the hash values for all data in the data block from which the data to be deleted has been deleted. In step S196C, the encryption processing unit 73 updates the hash value in the storage module to the hash value calculated in step S195C.

If the calculated hash value is different from the hash value in the storage module in step S193C, the encryption processing unit 73 sets the memory block as a bad block (for example, replaces the hash value with a value indicating the bad block). Change), and erasure failure.

The details of the process in which home server 51 reproduces the content corresponding to step S46 in FIG.
2 and the flowchart of FIG. 73 will be described. In step S200, the host controller 62 of the home server 51 inputs the ID corresponding to the content instructed to be reproduced from the input means 63 of the home server 51 to the encryption processing unit 65 of the home server 51. Step S201
, The control unit 91 of the encryption processing unit 65 that has received the content ID to be reproduced
5, and is searched for the content key K co and the license condition information corresponding to the content ID. At this time, it is confirmed that the license condition information is a reproducible right. In step S202,
The external memory control unit 97 of the encryption processing unit 65 calculates a hash value of the data block including the content key K co and the license condition information, and transmits the hash value to the control unit 91 of the encryption processing unit 65. In step S203, the control unit 91 of the cryptographic processing unit 65 determines whether the hash value stored in the storage module 92 of the cryptographic processing unit 65 and the hash value received in step S202 match, and If so, the process proceeds to step S204.

In step S204, encryption processing section 6
The control unit 91 of 5 updates the license condition information as necessary. For example, when the usage right in the license condition information is a coupon, the number of times is subtracted.
Therefore, the right to buy out which does not need to be updated does not need to be updated, and in that case, the process jumps to step S208 (not shown). In step S205, the external memory control unit 97 rewrites and updates the updated license condition information transmitted from the control unit 91 to the external memory 67. In step S206, the external control unit 97 recalculates a hash value for all data in the rewritten data block, and transmits the hash value to the control unit 91 of the encryption processing unit 65. In step S207, the control unit 91 of the encryption processing unit 65 stores the hash value stored in the storage module 92 of the encryption processing unit 65 in step S20.
Rewrite with the hash value calculated in 6.

At step S208, the encryption processing unit 6
5 and the decompression unit 66 perform mutual authentication and share the temporary key K temp . Since the mutual authentication processing has been described with reference to FIG. 51, the details are omitted. In step S209, the encryption /
The decryption unit 111 of the decryption module 96 decrypts the content key K co read from the external memory 97 with the storage key K save supplied from the storage module 92. In step S210, the encryption unit 112 of the encryption / decryption module 96 re-encrypts the content key K co with the temporary key K temp shared with the decompression unit 66. In step S211, the control unit 91 of the encryption processing unit 65 sends the temporary key K
the encrypted content key K co to send to the decompression unit 66 at temp.

At step S212, the key decryption module 102 of the decompression unit 66
Decrypts the content key K co with the temporary key K temp supplied from. In step S213, the upper controller 62 reads the content from the large-capacity storage unit 68 and supplies the content to the decompression unit 66. Decompression unit 66 that received the content
Decrypts the content using the content key K co supplied from the key decryption module 102. In step S214, the decompression module 104 of the decompression unit 66 decompresses the content according to a predetermined method, for example, a method such as ATRAC. Step S2
At 15, the digital watermark adding module 105 inserts the data specified by the cryptographic processing unit 65 into the content in the form of a digital watermark (the data passed from the cryptographic processing unit to the decompression unit is not limited to the content key K co , Playback conditions (analog output, digital output, output with copy control signal (SCMS)), device ID for which the right to use content has been purchased
And so on. The data to be inserted is the ID of the device that purchased the content usage right (that is, the device ID in the license condition information). Step S216
In, the expansion unit 66 plays music via a speaker (not shown).

[0283] Thus, the home server 51 reproduces the content.

FIG. 74 shows that the home server 51
6 is a flowchart illustrating details of a process of proxy purchasing a content use right for the second embodiment. Step S220
In, the home server 51 and the stationary device 52 mutually authenticate. The mutual authentication process is the same as the process described with reference to FIG. 52, and a description thereof will not be repeated. In step S221,
The host controller 62 of the home server 51 causes the encryption processing unit 65 of the home server 51 to check the registration information read from the large-capacity storage unit 68 of the home server 51.
Upon receiving the registration information from the upper controller 62, the encryption processing unit 65 supplies the signature attached to the registration information to the signature verification unit 115 of the encryption / decryption module 96 from the storage module 92 of the encryption processing unit 65. The verification is performed using the public key of the electronic distribution service center 1. After successfully verifying the signature, the control unit 91 of the encryption processing unit 65 registers the ID of the stationary device in the registration information, and performs “registration” and “purchase”.
Is determined to be “registerable” and “purchasable”. If it is determined that the item is “registerable”, the process proceeds to step S222 (the registration information is also checked on the stationary device 52 side). Then, it is determined that the home server 51 is "registerable". Steps S225 to S227 are the same processes as steps S160 to S171 in FIG. 67, and thus the details are omitted.

At step S228, the encryption processing unit 6
Control unit 91 of the 5, the encrypted individual key K i by the delivery key K d inputted in step S225, the decoding unit 111 of the encryption / decryption module 96, the delivery key supplied from the storage module 92 Decrypt using Kd . Next, the control unit 91 of the encryption processing unit 65 determines in step S225
Encrypted content key K in in the input individual key K i
co to the decryption unit 1 of the encryption / decryption module 96
11, is decrypted using the individual key K i. Then, the control unit 91 of the encryption processing unit 65 checks the encryption / decryption module 9
In the sixth encryption unit 112, the content key K co is re-encrypted using the temporary key K temp shared with the stationary device 52 at the time of mutual authentication in step S220. In step S229, the control unit 91 of the encryption processing unit 65 sets the temporary key K temp
And the content key K co, which in encrypted, step S226
A signature is generated using the signature generation unit 114 of the encryption / decryption module 96 with respect to the license condition information generated in step (1), and transmitted to the host controller 62. Temporary key K temp
The upper-level controller 62 of the home server 51 that has received the content key K co encrypted with the content key K co and the license agreement information and their signatures from the mass storage unit 68 includes the content encrypted with the content key K co (including the signature). . The same applies hereafter) and the content key K co encrypted with the temporary key K temp , the license condition information, their signatures, and the content encrypted with the content key K co are stored in the stationary device 52.
Send to

At step S230, temporary key K temp
Content key K co , which is encrypted with
The stationary device 52 that has received the content encrypted with the signature and the content key K co outputs the content encrypted with the content key K co to the recording / reproducing unit 76 of the stationary device 52 after verifying the signature. Reproducing unit 76 of the stationary device 52 which has received the encrypted content with the content key K co stores the contents encrypted by the content key K co in the recording medium 80.

In step S231, the stationary device 52
The encryption processing unit 73 converts the content key K co encrypted with the temporary key K temp into the temporary unit K And decrypt it. Then, the control unit of the encryption processing unit 73 re-encrypts the content key K co using the storage key K save 2 supplied from the storage module of the encryption processing unit 73 in the encryption unit of the encryption / decryption module. .

In step S232, the stationary device 52
The encryption processing unit 73 transmits the content key K co encrypted with the storage key K save 2 and the license condition information received in step S230 to the external memory control unit of the encryption processing unit 73, and saves it in the external memory 79. Let it. The process of writing data to the external memory by the external memory control unit is described in FIG.
Therefore, the details are omitted.

As described above, the home server 51 purchases the content use right, the billing information is stored on the home server 51 side, and the use right is transferred to the stationary device 52.

FIG. 75 is a flowchart showing a process in which the home server 51 purchases a content usage right that has already been purchased by changing it to another usage mode. FIG.
Steps S240 to S245 of FIG. 5 are the same as those described with reference to FIG. 67, and a description thereof will not be repeated. In step S246, the encryption processing unit 65 of the home server 51 causes the external memory control unit 97 of the encryption processing unit 65 to read the license condition information of the content whose usage right is to be changed. Since the reading of data from the external memory 67 has been described with reference to FIG. 68, the details are omitted. If the license condition information has been read out normally in step S246, the process proceeds to step S247.

In step S247, the higher-level controller 62 of the home server 51 uses the display means 64 to display information on the content whose use right can be changed (for example, a use form or price in which the use right can be changed). The user uses the input unit 63 to select a usage right content update condition. The signal input from the input means 63 is the home server 5
The upper controller 62 generates a usage right content change command based on the signal, and sends the usage right content change command to the home server 51.
Is input to the encryption processing unit 65. Upon receiving this, the encryption processing unit 65 sets the handling policy received in step S243, the price information received in step S245, and the
Based on the license condition information read in step 7, billing information and new license condition information are generated.

Step S248 is the same as step S248 in FIG.
171, the detailed description thereof is omitted. In step S249, the control unit 91 of the encryption processing unit 65
Is the license condition information generated in step S247,
Output to the external memory control unit 97 of the encryption processing unit 65. The external memory control unit 97 overwrites and updates the received license condition information in the external memory 67. External memory control unit 97
70 is rewritten (updated) in the external memory 67 in FIG.
Therefore, the details are omitted.

At step S246, the external memory 6
7, the content I added to the right content change command
If the license condition information corresponding to D has not been found, or if tampering has been found in the storage block of the external memory in which the license condition information is stored (described above with reference to FIG. 68), step S251 is performed. Then, predetermined error processing is performed.

As described above, the home server 51 stores the rights already purchased (described in the license condition information).
By using the handling policy and price information, a new right can be purchased and the content of the usage right can be changed.

FIGS. 76 and 77 show specific examples of the rules of the handling policy and price information. FIG.
, The handling policy is a rule number assigned as a serial number for each usage right, a usage right content number indicating the usage right,
The handling policy includes parameters, a minimum selling price, and a profit rate of the content provider. For example, five rules are described in this handling policy. Since the right item of the rule 1 is the usage right content number 1, it can be seen from FIG. 44 that the right is a reproduction right and a right with no time / frequency limit. In addition, it is understood that there is no particular description in the parameter item. The minimum selling price is $ 350, and the content provider 2's share is 30% of the price. Rule 2 is
Since the right item is the usage right content number 2, from FIG.
It can be seen that the right is a reproduction right, a right with a time limit, and a right with no frequency limit. Also, it can be seen from the parameter item that the available period is one hour. The minimum selling price is $ 100, and the content provider 2's share is 30% of the price. Since the right item of the rule 3 is the use right content number 6, it can be seen from FIG. 44 that the right is a copy right (no copy control signal), no time limit, and a number-limited right. Also, the number of usable times is 1
The number of times is known from the item of the parameter. The minimum selling price is $ 30, and the share of the content provider 2 is 30% of the price.

Rule 4 is that the right item is the usage right content number 1
From FIG. 44, it can be seen from FIG. 44 that the right is a change in the contents of use. It can be seen from the parameter item that the rule numbers that can be changed are # 2 (reproduction right, with time limit, no number limit) to # 1 (reproduction right, no time / number limit). The minimum selling price is $ 200, and the content provider 2's share is 20% of the price. The reason why the minimum selling price is presented lower than the rule 1 is that it is assumed that the rights which have already been purchased are traded in and repurchased, and the share of the content provider 2 is presented lower than the rule 1. Is to increase the share of the electronic distribution service center 1 that actually performs the work (since the content provider 2 has no work when the right content is changed).

[0297] Rule 5 is that the right item is usage right content number 1
44, it can be seen from FIG. 44 that the right is redistribution. The redistributable condition is that a device having rule number # 1 (reproduction right, no time / number limit) purchases and redistributes rule number # 1 (reproduction right, no time / number limit). It can be seen from the item of the parameter. The minimum selling price is $ 250, and the content provider 2's share is 20% of the price. The reason why the minimum selling price is presented lower than the rule 1 is that the device having the right to purchase is considered to repurchase the same content, and the share of the content provider 2 is presented lower than the rule 1. The reason for this is to increase the share of the electronic distribution service center 1 that actually performs the work (because the content provider 2 has no work at the time of redistribution).

In FIG. 77, the price information is composed of a rule number, a parameter, and price information assigned as a serial number for each usage right, and this price information also describes, for example, five rules. Rule 1 is price information for rule # 1 of the handling policy, and indicates that the price is $ 500 and the service provider 3 takes 30% when purchasing the usage right content number # 1. Therefore, $ 500 paid by the user is $ 150 for the content provider 2;
The service provider 3 costs $ 150 and the electronic distribution service center 1 costs $ 200. The same applies to rules 2 to 5, and the details are omitted.

[0299] In Rules 4 and 5, the reason that the service provider 2 takes a smaller share than Rule 1 is that the distribution work of the service provider 2 is performed on behalf of the user equipment, and the payment is collected by the electronic distribution service. This is because the center 1 is performing.

In this example, the rule numbers are serially numbered from # 1 to # 5, but this is not always necessary. The creator sets a usage right content number and a parameter for each rule number, and arranges those extracted therefrom, so that the number is generally not a serial number.

FIG. 78 shows a specific example when the right content is changed as described in FIG. The handling policy consists of a rule number assigned as a serial number for each usage right, a usage right content number indicating the content of the usage right, its parameters, the minimum selling price, and the profit margin of the content provider. Price information is organized by usage right The license condition information is composed of a rule number assigned as a serial number for each usage right, a usage right content number indicating the content of the usage right, and its parameters. I have. Home server 51
The reproduction right and the time-limited right of the rule number # 2 have already been purchased, and the license condition information indicating the content of the right describes the rule number # 2, and the available time is 3
At 0 minutes, it indicates that the purchase has been made for 2 hours by integrating. Now, if you try to change from the time limit to the time limit, you can change from the rule 3 of the handling policy, the rule 3 of the price information and the licensing condition information to $ 200 for the right to play, without the time / number of times limit. The condition information includes the rule number # 1, the reproduction right of the usage right content number, the time
It can be seen that the number of times changes without restriction (use right content number #
The parameter in the case of 1 will be described later. In addition, in this example, it is cheaper to buy the right with a time limit and then change the right content than to buy the direct reproduction right and no time / number of times limit. For this reason, it is better to discount by looking at the accumulated use time.)

FIG. 79 shows that the home server 51
7 is a flowchart illustrating details of processing for purchasing a content usage right and redistributing the usage right for the second usage right. Steps S260 to S264 are the same as steps S220 to S225 of FIG.
Detailed description is omitted. In step S265, the encryption processing unit 65 of the home server 51 sends, to the external memory control unit 97 of the encryption processing unit 65, the license information and the storage key K corresponding to the content to be redistributed.
the encrypted content key K co by the save, external memory 6
7 is read. The method of reading the external memory 67 by the external memory control unit 97 has been described with reference to FIG. If the reading has succeeded, the process proceeds to step S266.

[0303] In step S266, the higher-level controller 62 of the home server 51 uses the display means 64 to display information on the redistributable content (for example, the usage form and price of the redistributable content). A redistribution condition is selected using the input means 63. This selection process may be performed in advance at the time of starting the redistribution process. The signal input from the input means 63 is transmitted to the host controller 62 of the home server 51, and the host controller 62 generates a redistribution command based on the signal, and sends the redistribution command to the encryption processing unit 65 of the home server 51. input. The encryption processing unit 65 receiving this
Generates billing information and new license condition information from the handling policy and price information received in step S264 and the license condition information read in step S265.

Step S267 is the same as step S267 in FIG.
171, the detailed description thereof is omitted. In step S268, the control unit 91 of the encryption processing unit 65
Decrypts the content key K co encrypted with the storage key K save read in step S265 by the decryption unit 111 of the encryption / decryption module 96 using the storage key K save supplied from the storage module 92. Become Then, the control unit 91 of the encryption processing unit 65 uses the encryption unit 112 of the encryption / decryption module 96 to execute step S26.
0, the temporary key K temp shared with the stationary device 52 at the time of mutual authentication.
To re-encrypt the content key K co . Finally, the signature generation unit 114 of the encryption / decryption module 96
Is a content key K co encrypted with the temporary key K temp ,
A signature corresponding to the new license condition information generated in step S266 is generated and returned to the control unit 91 of the encryption processing unit 65.

The processing from step S269 to step S272 is the same as the processing from step S229 to step S23 in FIG.
2, the details are omitted.

As described above, the home server 51 creates new license condition information from the usage right (license condition information) held by itself, the handling policy, and the price information, and together with the content key K co and the content held by itself. By transmitting the content to the stationary device 52, the content can be redistributed.

FIG. 80 shows that the home server 51
7 is a flowchart illustrating details of a process of transmitting license condition information and a content key K co for 2 and purchasing a content usage right by the stationary device 52. Step S2
At 80, the encryption processing unit 73 of the stationary device 52 determines whether or not the total of the charging of the charging information stored in the storage module of the encryption processing unit 73 has reached the upper limit. In step S281, the determination may be made based on the upper limit of the number of billing processes instead of the determination based on the total billing upper limit.

At step S281, the stationary device 52
The upper-level controller 72 inputs the registration information read from the small-capacity storage unit 75 of the stationary device 52 to the encryption processing unit 73 of the stationary device 52. Cryptographic processing unit 7 receiving registration information
3 verifies the signature of the registration information by the signature verification unit of the encryption / decryption module (not shown),
It is determined whether the item of “purchase processing” for D is “purchasable”, and if it is “purchasable”, step S2
Go to 82.

Step S282 is the same as step S282 in FIG.
Since it is the same as 220, its details are omitted. Step S
Step 283 is the same as step S221 in FIG. 74, so the details are omitted (the home server 51 determines whether the stationary device 52 is registered, and determines whether the stationary device 52 is registered. Is determined). Step S284 is the same as step S265 in FIG. 79, and thus details thereof are omitted. Step S285 corresponds to FIG.
Since this is the same as step S268, the details thereof are omitted. In step S286, the control unit 91 of the encryption processing unit 65 checks the content key K encrypted with the temporary key K temp.
For the co and the license condition information read in step S284, a signature is generated using the signature generation unit 114 of the encryption / decryption module 96, and the host controller 62
Send to The higher-level controller 62 of the home server 51 that has received the content key K co encrypted with the temporary key K temp , the license condition information, and their signatures, sends the content encrypted with the content key K co from the large-capacity storage unit 68. If necessary, the handling policy and its signature, the price information and its signature are read out, and the content key K co encrypted with the temporary key K temp , the license condition information, their signature, and the content key K co are encrypted with the content key K co The content, the handling policy and its signature, and the price information and its signature are transmitted to the stationary device 52.

Step S287 is the same as step S287 in FIG.
Since it is the same as 230, its details are omitted. Step S
Step 288 is the same as step S225 in FIG. 74, and thus the details are omitted. In step S289, the higher-level controller 72 of the stationary apparatus 52 uses the display unit 78 to display information on the redistributable content (for example, the usage form and price of the redistributable content). Use to select redistribution conditions. In addition,
This selection process may be performed in advance at the start of the redistribution process. The signal input from the input unit 77 is transmitted to the upper controller 72 of the stationary device 52, and the upper controller 72 generates a redistribution command based on the signal, and transmits the redistribution command to the encryption processing unit 73 of the stationary device 52.
To enter. Receiving this, the encryption processing unit 73 generates charging information and new license condition information from the handling policy, price information and license condition information received in step S286.

At step S290, the stationary device 52
The encryption processing unit 73 stores the accounting information generated in step S289 in the storage module of the encryption processing unit 73 (not shown). In step S291, the encryption processing unit 73 of the stationary device 52 sets the temporary key K received in step S286.
the encrypted content key K co with temp, the decoding unit of the encryption processing section 73 (not shown), it is decrypted using the temporary key K temp shared in step S282. The encryption processing unit 73 of the stationary device 52 includes an encryption processing unit 73 (not shown).
Encrypts the content key Kco using the storage key Ksave2 supplied from the storage module of the encryption processing unit 73 (not shown).

[0312] In step S292, the stationary device 52
The encryption processing unit 73 does not show the license condition information generated in step S289 and the content key K co encrypted with the storage key K save 2 generated in step S291,
This is transmitted to the external memory control unit of the encryption processing unit 73. External memory control unit which receives the encrypted content key K co in the license conditions information and stores the keys K save 2 is license conditions information and stores the keys K save 2 in encrypted external memory the content key K co Write 79. The falsification check at the time of writing has been described with reference to FIG. 69, and thus details thereof will be omitted.

As described above, the stationary device 52 receives the usage right (license condition information), the handling policy, the price information, the content key K co , and the content held by the home server 51 from the home server 51, and By creating new license condition information, the content can be redistributed.

FIG. 81 is a view for explaining the management transfer right. The management transfer is an operation in which the reproduction right can be transferred from the device 1 to the device 2. The transfer of the right from the device 1 to the device 2 is the same as the normal transfer, but the device 2 transfers the received reproduction right. This is different from the normal movement in that it cannot be moved again (similar to the normal movement, the device 1 after moving the reproduction right cannot move the reproduction right again). The device 2 that has received the reproduction right through the management transfer can return the reproduction right to the device 1. After the return, the device 1 can transfer the reproduction right again, and the device 2 cannot continue. In order to realize these, the license agreement information manages the purchaser of the management transfer right and the holder of the current management transfer right (here,
It is assumed that the management transfer can be performed only when the user has the usage right content number # 1, but the management right can also be extended with the usage right content number # 2).

In FIG. 81, rule 1 of the handling policy is as follows:
Since it has been described with reference to FIG. 78, its details are omitted. In rule 2, since the right item is the usage right content number 16, it can be seen from FIG. 44 that the right is the management transfer right.
In addition, it is understood that there is no particular description in the parameter item. The minimum selling price is $ 100, and the content provider 2's share is 50% of the price. The reason why the content provider 2 is shown higher than the rule 1 is that the service provider 3 does not perform any actual work, so that the service provider 3 transfers the content to the content provider 2.

In FIG. 81, rule 1 of price information is as follows:
Since it has been described with reference to FIG. 78, its details are omitted. Rule 2 is price information for rule # 2 of the handling policy, and when the usage right content number # 16 is purchased, the price is $ 100.
Indicates that the share of the service provider 3 is 0%. Therefore, $ 100 paid by the user is $ 50 for the content provider 2, $ 0 for the service provider 3,
The electronic distribution service center 1 will take $ 50.

In FIG. 81, the user first purchases rule number # 1 (reproduction right, with no restriction on time and number of times). However, at this time, the user does not have the management transfer right (the state of FIG. 81 (a)). Next, the user purchases the management transfer right (since these operations are instantaneous, the user looks as if he / she has purchased all at once). The rule number of the license condition is the ID of the encryption processing unit indicating the purchaser (hereinafter referred to as the purchaser).
1 (for example, the ID of the home server 51), and the ID of the cryptographic processing unit that holds the reproduction right (hereinafter referred to as the holder) becomes ID2 (the state of FIG. 81B). When this is moved to the stationary device 52 by performing management movement, the rule part of the license condition information of the home server 51 is that the purchaser remains ID1 but the holder changes to ID2. Also, the rule part of the license condition information of the stationary device 52 that has received the reproduction right by the management transfer is ID1 for the purchaser and ID2 for the holder, and is together with the license condition information of the home server 51.

FIG. 82 is a flowchart for explaining the details of the management transfer right transfer process. In FIG. 82, step S300 is the same as step S220 in FIG. Step S301 is the same as step S221 in FIG. 74, and therefore, the details thereof are omitted. Step S302 is the same as step S246 in FIG. 75, and thus details thereof are omitted. Step S303
In, the encryption processing unit 65 of the home server 51 examines the rule part in the read license condition information, and determines whether the usage right is a reproduction right, no time / number-of-times restriction, and a management transfer right. If it is determined that there is a management transfer right, the process proceeds to step S304.

At step S304, the encryption processing unit 6
The control unit 91 determines whether the purchaser and the holder of the management transfer right both have the ID of the home server 51. If it is determined that both the purchaser and the holder of the management transfer right have the ID of the home server 51, the process proceeds to step S305. In step S305, the control unit 91 of the encryption processing unit 65 rewrites the holder of the management transfer right of the license condition information to the ID of the stationary device 52. In step S306, the control unit 91 of the encryption processing unit 65
Outputs the license condition information rewritten in step S305 to the external memory control unit 97 of the encryption processing unit 65. The external memory control unit 97 of the encryption processing unit 65 that has received the license condition information overwrites and stores the license condition information in the external memory 67. The method of rewriting and storing the data in the external memory 67 has been described with reference to FIG. 70, and thus the detailed description is omitted. Steps S307 to S311 correspond to steps S268 to S272 in FIG.
Therefore, the details are omitted.

[0320] If it is determined in step S303 that the management license is not included in the license condition information, step S304 is performed.
The purchaser or holder of the management transfer right is the home server 51
If not, the processing is interrupted.

[0321] As described above, the right to play the content from the home server 51 to the stationary device 52 can be transferred.

FIG. 83 is a flow chart for explaining a process of returning the management transfer right from the stationary device 52 having the management transfer right to the home server 51 which is the purchaser of the management transfer right. In FIG. 83, since step S320 is similar to step S220 in FIG. 74,
The details are omitted. Since step S321 is the same as step S221 in FIG. 74, its details are omitted, but
It is assumed that both the home server 51 and the stationary device 52 are inspecting whether the ID of the other party is registered. If it is determined that it has been registered, the process proceeds to step S322. Since step S322 is the same as step S246 in FIG. 75, the details thereof are omitted, but it is assumed that the data of the same content ID is read by both the home server 51 and the stationary device 52. If the data has been correctly read from the external memory, the process proceeds to step S323. Step S3
23 is the same as step S303 in FIG. 82,
Although the details are omitted, the home server 51 and the stationary equipment 5
2 It is assumed that both sides have determined whether there is a management transfer right.
If it is determined that there is a management transfer right, step S3
Proceed to 24.

In step S324, the encryption processing unit 65 of the home server 51 determines that the purchaser of the management transfer right is the ID of the home server 51 and the holder is the stationary device 52.
Is determined. If it is determined that the purchaser of the management transfer right has the ID of the home server 51 and the holder has the ID of the stationary device 52, the process proceeds to step S325. Similarly, the encryption processing unit 73 of the stationary device 52 determines that the purchaser of
D, it is determined whether the holder has the ID of the stationary device 52. Buyer of management transfer right is home server 5
When it is determined that the ID is 1 and the holder is the ID of the stationary apparatus 52, the process proceeds to step S325.

[0324] In step S325, the stationary device 52
The recording / playback unit 76 deletes the content from the recording medium 80 (however, since only the encrypted data remains, there is no need to forcibly delete the content). Step S326
, The encryption processing unit 73 of the stationary device 52 sends an external memory 79 to the external memory control unit of the encryption processing unit 73 (not shown).
The content key Kco and the license condition information encrypted with the storage key Ksave2 stored in the storage device are deleted. Since the method of deleting the shimmer of the external memory 79 has been described with reference to FIG. 71, the details are omitted.

[0325] In step S327, the encryption processing unit 6
The control unit 91 generates license condition information in which the holder of the management transfer right of the license condition information is rewritten to the ID of the home server 51. In step S328, the control unit 91 of the encryption processing unit 65 outputs the license condition information generated in step S327 to the external memory control unit 97 of the encryption processing unit 65. The external memory control unit 97 of the encryption processing unit 65 that has received the license condition information overwrites and stores the license condition information in the external memory 67. Since the method of rewriting and storing the data in the external memory 67 has been described with reference to FIG. 70, the details are omitted.

In step S321, if the registration information has been falsified in the home server 51 or the stationary device 52 or the ID of the partner device has not been registered, the home server 51 or the stationary device 52 in step S322.
If the content key or the license condition information for the predetermined content is not found in the external memory or the memory block including the content key is falsified, the process proceeds to step S329 to perform error processing.

[0327] If the home server 51 or the stationary device 52 does not have the management transfer right in the license condition information in step S323, the purchaser holds the information in the home server 51 or the stationary device 52 in step S324. If the user is not the stationary device 52, the processing is interrupted.

As described above, the right to reproduce the content from the stationary device 52 to the home server 51 can be returned.

The contents and the contents key K co
Although only one is described, it is assumed that there are a plurality of such as required.

In this example, the content provider 2 and the service provider 3 are handled separately, but they may be combined into one. Furthermore, the method of the content provider 2 may be diverted to the service provider 3 as it is.

(2) Encryption Process Using Individual Key The content provider 2 encrypts the content with the content key created by itself as described above with reference to FIG. Also, the content provider 2 sends an individual key unique to the content provider from the electronic distribution service center 1,
The personal key encrypted with the distribution key is received, and the content key is encrypted with the individual key. Thus, the content provider 2 supplies the content encrypted with the content key, the content key encrypted with the individual key, and the individual key encrypted with the delivery key to the user home network 5 via the service provider 3. I do.

[0332] In the user home network 5, the individual key unique to the content provider is decrypted using the delivery key received from the electronic distribution service center 1. As a result, the user home network 5 can decrypt the content key supplied from the content provider 2 after being encrypted with the individual key unique to the content provider.
The user home network 5 that has obtained the content key can decrypt the content using the content key.

Here, the individual key is unique to each content server, whereas the distribution key is only one type. Therefore, if the user home network 5 has only one kind of delivery key, the individual key from each content provider can be decrypted. Therefore, the user home network 5 does not need to have an individual key unique to each content provider, and can purchase the contents of all the content providers simply by having the distribution key.

[0334] Further, since each content provider does not have a distribution key, it cannot decrypt an individual key (encrypted with the distribution key) unique to another content provider. This can prevent theft of content between content providers.

Here, in order to clarify the configuration of the above-described embodiment and each means of the invention described in the claims, the corresponding embodiments (however, parentheses after each means). The following describes the features of the present invention with the addition of an example. However, of course, this description does not mean that each means is limited to those described.

That is, in the information transmission system of the present invention, the individual key storage memory (for example, FIG. 84) of the content supplier or content distributor (for example, the content transmission device 200 of FIG. 84) for transmitting information such as content. 84 tamper-resistant memory 201), content key K
means for encrypting co with the individual key K i (for example, FIG.
4), means for generating a handling policy describing the usage conditions of the content key K co (for example, the handling policy generating unit 206 in FIG. 84), and digital signatures for various data. (E.g., the signature generation unit 207 in FIG. 84) and means for verifying signature data generated for various types of data possessed by a user who purchases the content (e.g., the content reception device 210 in FIG. 84). 84, the signature verification unit 222 in FIG. 84), the ID indicating the creator of the content key K co and the I of the creator of the handling policy.
D (for example, the comparator 2 in FIG. 84)
26), means for storing the delivery key (for example, FIG. 84)
Tamper-resistant memory 221).

In the information transmission system of the present invention, the individual key storage memory (for example, FIG. 85) of the content supplier or content distributor (for example, the content transmission device 200 in FIG. 85) for transmitting information such as content. tamper resistant memory 201) of 85, a memory for storing key certificates (for example, memory 202 in FIG. 85), means for encrypting the content key K co with the individual key K i (e.g., data in FIG. 85 The encryption unit 203), the user who purchases the content (for example, the content receiving device 21 in FIG. 85)
Means for verifying the generated signature data with respect to the various data of (0) (for example, the signature verification unit 222 in FIG. 85);
Means for storing the delivery key (for example, tamper-resistant memory 221 in FIG. 85).

(3) Remote Playback Processing A device that does not hold the content playback right (for example, the stationary device 52) receives a playback command from a device (for example, the home server 51) that holds the content and plays back the content. The reproduction process will be described.

FIG. 86 shows the remote playback processing procedure.
After the content ID of the content to be remotely reproduced by the user's input operation is input to the upper controller 62, in step S401, the home server 51
And the stationary device 52 mutually authenticate. The mutual authentication process is shown in FIG.
Since the processing is the same as that described in step 2, the description is omitted.
In step S <b> 402, the host controller 62 of the home server 51 stores the large-capacity storage unit 6 of the home server 51.
The registration information read from 8 is checked by the encryption processing unit 65 of the home server 51. Upon receiving the registration information from the host controller 62, the encryption processing unit 65 supplies the signature added to the registration information from the storage module 92 of the encryption processing unit 65 to the signature verification unit 115 of the encryption / decryption module 96. The verification is performed using the public key of the certificate authority 22.
After the signature has been successfully verified, the “Registration” item is “Registration OK”
Is determined, and if it is determined that “registration is possible”, the process proceeds to step S403. In addition, the stationary device 52 also checks the registration information, and determines that the home server 51 is “registerable”.

[0340] In step S403, the upper controller 62 generates a reproduction command including the content ID of the content to be remotely reproduced, and then proceeds to step S40.
In 4, the encryption processing unit 65 of the home server 51 sends, to the external memory control unit 97 of the encryption processing unit 65, the license key information corresponding to the content to be remotely reproduced and the content key encrypted with the storage key K save. K co is read from the external memory 67. The method of reading data from the external memory 67 by the external memory control unit 97 is as described with reference to FIG. 68, and the details are omitted. If the reading has succeeded, the process proceeds to step S405.

In step S405, the decryption unit 111 of the encryption / decryption module 96 decrypts the content key K co read from the external memory 67 with the storage key K save supplied from the storage module 92. In step S406, the encryption unit 112 of the encryption / decryption module 96, it encrypts the content key K co with the temporary key K temp, encrypted with the temporary key K temp the reproduction command in step S407.

The home server 51 proceeds to the next step S408.
, The content to be remotely reproduced (encrypted with the content key K co ) is read from the large-capacity storage unit 68, and is read out in steps S406 and S40 described above.
At 7, the content key and the playback command encrypted with the temporary key K temp are transmitted to the stationary device 52.

In step S409, the stationary device 52
Decrypts the content key and the playback command received from the home server 51 with the temporary key K temp , and
At 0, the encryption processing unit 73 and the decompression unit 74 perform mutual authentication and share the temporary key K temp 2. And step S41
In step 1, the encryption processing unit 73 encrypts the content key K co and the reproduction command using the temporary key K temp 2 shared with the decompression unit 74 in step S410 described above. Step S4
In 12, the encryption processing unit 73 expands the content key K co and the playback command encrypted with the temporary key K temp 2
4, the decompression unit 74 decrypts the content key K co and the reproduction command with the temporary key K temp 2 in step S413.

The decompression unit 74 determines in step S414
The content received from the home server 51 decrypts with decrypted content key K co in step S413 described above in accordance with the decoded reproduction command in step S413 described above in the home server 51 step S408 described above from. In step S415, the decompression unit 74 decompresses the decrypted content by a predetermined method, for example, a method such as ATRAC.
In step S416, the host controller 72 inserts the data specified by the encryption processing unit 73 into the content in the form of a digital watermark. Incidentally, the data passed from the encryption processing unit 73 to the decompression unit 74 includes not only the content key K co and the reproduction command, but also reproduction conditions (analog output, digital output, output with copy control signal (SCM
S)), the ID of the device that purchased the content usage right, and the like. The data to be inserted is the ID of the device that purchased the content usage right, that is, the device ID in the license condition information. In step S417, the extension unit 74 plays music via a speaker (not shown).

In the above configuration, the home server 51 transmits the content, the playback command of the content, and the content key Kco to the stationary device 52, so that the stationary device 52 that does not hold the content reproduction right And the content can be reproduced using the content key Kco . Therefore, according to the above configuration,
The content can be played back on a plurality of devices (stationary devices and the like) connected to the device that holds the content (device that has the right to play the content).

(4) Reservation Purchasing Processing The following describes the reservation purchasing processing of the home server which makes a content key conversion before the expiration date of the delivery key expires and makes a content purchase reservation. In step S451 of the reservation purchase processing procedure shown in FIG. 87, the home server 51 performs registration information update determination processing, and proceeds to step S45.
Proceed to 2. The registration information update determination processing is as described with reference to FIGS. 61 and 62, and a detailed description thereof will be omitted. However, in the reservation purchase processing, the determination of the registration information update timing based on the number of purchases and the purchase price described in steps S601 and S602 in FIG. 61 may not be performed.

[0347] In step S452, the host controller 62 of the home server 51 inputs the registration information read from the large-capacity storage unit 68 of the home server 51 to the encryption processing unit 65 of the home server 51. After receiving the registration information, the encryption processing unit 65 verifies the signature of the registration information by the signature verification unit 115 of the encryption / decryption module 96, and then sets the “purchase process” and “registration” items for the ID of the home server 51 to “ It is determined whether or not “purchase permitted” and “registration permitted” are performed. If “purchase permitted” and “registration permitted” are determined, the process proceeds to step S453. In step S453, the host controller 62 of the home server 51 inputs the public key certificate of the content provider 2 read from the large-capacity storage unit 68 of the home server 51 to the encryption processing unit 65 of the home server 51. After receiving the public key certificate of the content provider 2, the encryption processing unit 65 verifies the signature of the public key certificate of the content provider 2 by the signature verification unit 115 of the encryption / decryption module 96, The public key of the provider 2 is extracted. If it is confirmed that the signature has not been tampered with as a result of the signature verification, the host controller 62 proceeds to step S454.

In step S454, home server 5
The first upper controller 62 inputs the content key Kco read from the large-capacity storage unit 68 of the home server 51 to the encryption processing unit 65 of the home server 51. Upon receiving the content key K co , the encryption processing unit 65 causes the signature verification unit 115 of the encryption / decryption module 96 to execute the content key K co
The signature is verified, and if it is confirmed that the signature has not been tampered with, the process proceeds to step S455.

[0349] In step S455, the upper controller 62 of the home server 51 inputs the individual key K i read from the mass storage section 68 of the home server 51 in the cipher processing portion 65 of the home server 51. Upon receiving the individual key K i , the encryption processing unit 65 verifies the signature of the individual key K i by the signature verification unit 115 of the encryption / decryption module 96,
If it is confirmed that the data has not been tampered with, it proceeds to step S456.

[0350] Here, if marked with one signature for the entire individual key K i encrypted with the encrypted content key K co and delivery key K d in the individual key K i, the S454 and S455 One can be combined and the signature verification process can be simplified.

At step S456, the encryption processing unit 6
Control unit 91 of the 5, the individual key K i inputted in step S455, the decoding unit 111 of the encryption / decryption module 96, is decrypted using the distribution key K d supplied from the storage module 92. Next, the control unit 91 of the encryption processing section 65, has been the content key K co inputted in step S454, the decoding unit 111 of the encryption / decryption module 96, using the individual key K i that was just decoded decoding Become Finally, the control unit 91 of the encryption processing unit 65 checks
The encryption unit 112 of the decryption module 96 encrypts the content key K co using the storage key K save supplied from the storage module 92.

At step S457, the storage key K save
In the encrypted content key K co is stored in the external memory 67 via the external memory control section 97 of the encryption processing section 65.

In step S452, the home server 5
If one is determined to be a device that can not handle purchase, or if the signature of the public key certificate of the content provider 2 is determined to be incorrect in step S453, or encrypted with the individual key K i in step S454 If the signature of the content key K co is determined to be incorrect, or if it is encrypted with the distribution key K d in step S455 signature of the individual key K i is determined to be incorrect, the home server 51 in step S458 Proceed to perform error processing.

As described above, the home server 51 decrypts the content key K co with the individual key K i , re-encrypts the content key K co with the storage key K save , and stores the same in the external memory 67. In this reservation purchase processing, since the content is not actually purchased, of the purchase processing described above with reference to FIG. 67, the processing for the billing information in the registration information update determination processing in step S161, and the processing for the purchase content corresponding to step S164. Processing, processing regarding handling policy corresponding to step S167, processing regarding public key verification of the service provider corresponding to step S168, processing regarding signature verification of price information corresponding to step S169, steps S170 to S172
The storage processing of the billing information and the license condition information corresponding to the above may not be performed.

By the way, in the case of the reservation purchase processing of FIG. 87, the home server 51 did not create the license condition information, but instead creates license condition information and stores the license information number (that is, the rights item) ) May be set to a state in which the right such as an initial value is not possessed (for example, # 0 which does not exist).

As described above, in the reservation purchase process, the home server 51 stores the content key K co in the external memory 67 before the expiration date of the delivery key K d , so that the stored content key K co The content encrypted by K co can be purchased regardless of the expiration date of the delivery key K d .

Here, a description will be given of the main purchase processing of the content reserved for purchase by storing the content key K co in the external memory 67 in the home server 51. Step S47 of the real purchase processing procedure shown in FIG. 88
In 1, the home server 51 performs a registration information update determination process, and proceeds to step S472. Details of the registration information update determination processing are omitted as described with reference to FIGS. However, in this purchase processing, FIG.
It is not necessary to determine the registration information update timing based on the delivery key Kd described in step S603.

[0358] In step S472, the host controller 62 of the home server 51 inputs the registration information read from the large-capacity storage unit 68 of the home server 51 to the encryption processing unit 65 of the home server 51. After receiving the registration information, the encryption processing unit 65 verifies the signature of the registration information by the signature verification unit 115 of the encryption / decryption module 96, and then sets the “purchase process” and “registration” items for the ID of the home server 51 to “ It is determined whether or not “purchase is allowed” and “registration is allowed”. If “purchase is allowed” and “registration is allowed”, the process proceeds to step S473. In step S473, the host controller 62 of the home server 51 inputs the public key certificate of the content provider 2 read from the large-capacity storage unit 68 of the home server 51 to the encryption processing unit 65 of the home server 51. After receiving the public key certificate of the content provider 2, the encryption processing unit 65 verifies the signature of the public key certificate of the content provider 2 by the signature verification unit 115 of the encryption / decryption module 96, The public key of the provider 2 is extracted.
If it is determined that the signature has not been tampered with, the process proceeds to step S474.

[0359] In step S474, the host controller 62 of the home server 51 inputs the content read from the large-capacity storage section 68 of the home server 51 to the encryption processing section 65 of the home server 51. Upon receiving the content, the encryption processing unit 65 verifies the content signature with the signature verification unit 115 of the encryption / decryption module 96,
If it is confirmed that the data has not been tampered with, the process proceeds to step S475.

[0360] In step S475, the host controller 62 of the home server 51 inputs the handling policy read from the large-capacity storage unit 68 of the home server 51 to the encryption processing unit 65 of the home server 51. Upon receiving the handling policy, the encryption processing unit 65 verifies the signature of the handling policy by the signature verification unit 115 of the encryption / decryption module 96, and if it is confirmed that the signature has not been tampered with, proceeds to step S476. In step S476, the host controller 62 of the home server 51
The public key certificate of the service provider 3 read from the large-capacity storage unit 68 of the
To enter. Upon receiving the public key certificate of the service provider 3, the encryption processing unit 65 sets the encryption / decryption module 96
After the signature verification unit 115 verifies the signature of the public key certificate of the service provider 3, the public key of the service provider 3 is extracted from the public key certificate. If it is confirmed that the signature has not been tampered with, the process proceeds to step S477.

[0361] In step S477, the host controller 62 of the home server 51 inputs the price information read from the large-capacity storage section 68 of the home server 51 to the encryption processing section 65 of the home server 51. Upon receiving the price information, the encryption processing unit 65 verifies the signature of the price information by the signature verification unit 115 of the encryption / decryption module 96, and if it is confirmed that the signature has not been tampered with, proceeds to step S478.

[0362] In step S478, the upper controller 62 of the home server 51 uses the display means 64 to display information on the content that can be purchased (for example, a useable form and price that can be purchased). To select a purchase item. Note that the purchase item selection processing may be performed prior to the main purchase processing. The signal input from the input unit 63 is transmitted to the upper controller 62 of the home server 51, and the upper controller 62 generates a purchase command based on the signal and inputs the purchase command to the encryption processing unit 65 of the home server 51. . Receiving this, the encryption processing unit 65 generates billing information and license condition information from the handling policy input in step S475 and the price information input in step S477. The billing information is as described with reference to FIG. 42, and the details are omitted. For license agreement information,
As described with reference to FIG. 41, the details are omitted.

At step S479, the encryption processing unit 6
The control unit 91 stores the billing information generated in step S478 in the storage module 92. And step S
In 480, the control unit 91 of the encryption processing unit 65 transmits the license condition information generated in step S478 to the external memory control unit 97 of the encryption processing unit 65. The external memory control unit 97 having received the license condition information sets the external memory 6
After performing the tampering check of No. 7, the license condition information is written to the external memory 67. The falsification check at the time of writing is as described above with reference to FIG. 69, and a detailed description thereof will be omitted. (If the license condition information without the right has already been written, the rewriting process described with reference to FIG. 70 Rewrite and update license agreement information).

By the way, if it is determined in step S472 that the home server 51 is a device that cannot be purchased or registered, or it is determined in step S473 that the signature of the public key certificate of the content provider 2 is incorrect. Or the signature of the content encrypted with the content key K co is determined to be incorrect in step S474, or the signature of the handling policy is determined to be incorrect in step S475, or step S476.
If it is determined in step S477 that the signature of the public key certificate of the service provider 3 is not correct, or if it is determined in step S477 that the signature of the price information is not correct, the home server 51 proceeds to step S481 and performs error processing. .

As described above, the home server 51 stores the billing information for the content selected and purchased by the user in the storage module 92 and stores the license condition information in the external memory 67, thereby realizing the content purchase processing. To end. In the book purchase processing, the signature verification of already performed the content key K co by the above-mentioned reservation purchase processing for FIG. 87 (step S454) and the signature verification of the individual key K i (step S455), and the content key K
The co replacement process (step S456) is not performed.

In the above configuration, the home server 51 decrypts the content key K co by storing the content key K co in the external memory 67 by the pre-purchase process before the delivery key K d is updated. Even if the required delivery key Kd is updated, the content key Kco is already stored in the external memory 67, so that the content can be purchased even if the delivery key Kd expires.

(5) Proxy Purchasing Process The proxy purchasing process for exchanging contents between devices having different registration information (Registration List), that is, devices having different groups will be described. In the proxy purchase process, for example, when the home server 51 and the home server 51 transfer contents between the home server 51 and a portable device or the like which is a device outside the group, the home server 51 charges a fee, The case where charging is performed will be described. In this case, the stationary device 52 described above with reference to FIG. 15 will be described as a device outside the group.

FIG. 89 shows a processing procedure when the home server 51 delivers contents to a device outside the group and the home server 51 performs a billing process. In step S501, the home server 51 and the device outside the group perform mutual authentication. The mutual authentication processing is the same as the processing described with reference to FIG. 52, and a description thereof will not be repeated. In step S502,
The home server 51 and the out-of-group device exchange registration information with each other, and check the registration information of each other in step S503.

That is, the home server 51 causes the encryption processing unit 65 to check the registration information received from the device outside the group. Upon receiving the registration information from the device outside the group, the encryption processing unit 65 sends the signature added to the registration information to the signature verification unit 115 of the encryption / decryption module 96.
The verification is performed using the public key supplied from the storage module 92 of the encryption processing unit 65. After successfully verifying the signature, the control unit 91 of the encryption processing unit 65 stores the registration information
D is registered, and it is determined whether or not the items of “purchase processing” and “registration” are “purchasable” and “registerable”.
Similarly, the device outside the group that has received the registration information of the home server 51 also registers the ID of the home server 51 in the registration information of the home server 51, and determines whether the “registration” item is “registration permitted”. Is determined. Then, when it is confirmed that the devices of the other party are registered,
The home server 51 moves to step S504.

Steps S504 to S510
Is a process similar to that of steps S161 to S171 in FIG. 67, and thus the details are omitted.

At step S511, the encryption processing unit 6
Control unit 91 of the 5, the encrypted individual key K i by the delivery key K d inputted in step S508, the in the decoding unit 111 of the encryption / decryption module 96, the delivery key supplied from the storage module 92 Decrypt using Kd . Next, the control unit 91 of the encryption processing unit 65 determines in step S508
Encrypted content key K in in the input individual key K i
co to the decryption unit 1 of the encryption / decryption module 96
11, is decrypted using the individual key K i that was just decoded. Then, the control unit 91 of the encryption processing unit 65 causes the encryption unit 112 of the encryption / decryption module 96 to regenerate the content key K co using the temporary key K temp shared with the device outside the group at the time of mutual authentication in step S501. Encrypt.
In step S512, the control unit 9 of the encryption processing unit 65
1 is the content key K encrypted with the temporary key K temp
A signature is generated using the signature generation unit 114 of the encryption / decryption module 96 for the co and the license condition information generated in step S509, and transmitted to the upper controller 62. Content key K encrypted with temporary key K temp
The upper controller 62 of the home server 51 that has received the co , the license condition information and their signatures reads the content encrypted with the content key K co from the large-capacity storage unit 68 and has encrypted the content with the temporary key K temp . The content key K co , the license condition information, their signatures, and the content encrypted with the content key K co are transmitted to devices outside the group.

At step S513, the temporary key K temp
Content key K co , which is encrypted with
The device outside the group that has received the content encrypted with the signature and the content key K co is the content key K
The content encrypted by co is output to the recording / reproducing unit 76 of the device outside the group. The recording / reproducing unit 76 of the device outside the group that has received the content encrypted with the content key K co
Saves the content encrypted with the content key K co in the recording medium 80.

In step S514, the encryption processing unit 73 of the device outside the group verifies the signature received from the home server in step S512, and encrypts the content key K co encrypted with the temporary key K temp. In the decoding unit of the decoding module in step S501
Key K shared with home server 51 during mutual authentication of
Decrypt using temp . The control unit of the encryption processing unit 73 is an encryption unit of the encryption / decryption module.
The content key K co is re-encrypted using the storage key K save 2 supplied from the storage module of the encryption processing unit 73.

In step S515, the encryption processing unit 73 of the device outside the group transmits the content key K co encrypted with the storage key K save 2 and the license condition information received in step S513 to the external memory control of the encryption processing unit 73. Unit and store it in the external memory 79. The process of writing data to the external memory by the external memory control unit is described in FIG.
Therefore, the details are omitted.

As described above, the home server 51 purchases the content use right, the billing information is stored on the home server 51 side, and the use right is transferred to the device outside the group. As a result, the home server 51 pays for the content usage right transferred to the device outside the group.

Next, FIG. 90 shows a processing procedure in the case where the home server 51 delivers contents to a device outside the group, and the device outside the group performs a billing process. 15) It is determined whether or not the total of the charging information stored in the charging information has reached the upper limit. If the total has not reached the upper limit, the process proceeds to step S552. Instead, the determination may be made based on the upper limit of the number of billing processes.)

[0377] In step S552, the host controller 72 of the device outside the group inputs the registration information read from the external memory 79 to the encryption processing unit 73. After receiving the registration information, the encryption processing unit 73 verifies the signature of the registration information by the signature verification unit of the encryption / decryption module provided therein, and then performs the “purchase processing” for the ID of the device outside the group (stationary device 52). Is determined to be “purchasable”, and if “purchasable”, the step S
Proceed to 553.

In step S553, the home server 51 and the device outside the group mutually authenticate. The mutual authentication processing is the same as the processing described with reference to FIG. 52, and a description thereof will not be repeated. In step S554, the home server 51
The device and the device outside the group exchange registration information with each other, and check the registration information of each other in step S555.

That is, the home server 51 causes the encryption processing unit 65 to check the registration information received from the device outside the group. Upon receiving the registration information from the device outside the group, the encryption processing unit 65 sends the signature added to the registration information to the signature verification unit 115 of the encryption / decryption module 96.
The verification is performed using the public key supplied from the storage module 92 of the encryption processing unit 65. After successfully verifying the signature, the control unit 91 of the encryption processing unit 65 stores the registration information
D is registered, and it is determined whether or not the item of “registration” is “registration allowed”. Similarly, the device outside the group that has received the registration information of the home server 51 also registers the ID of the home server 51 in the registration information of the home server 51, and determines whether the “registration” item is “registration permitted”. Is determined. It should be noted that the same processing is also performed by a device outside the group. Then, when it is confirmed that the devices of the other party are registered, the home server 51 proceeds to step S556.
Move on to

In step S556, the control section 91 of the home server 51 reads the already purchased content key from the external memory 67 via the external memory control section 97, and in step S557, stores the content key K co in the storage key K save. And re-encrypt with the temporary key K temp to generate their signatures.

In step S558, the home server 51 transmits the content key encrypted with the storage key K temp generated in S557 and the content read from the large-capacity storage unit 68, the handling policy, and the price information to the devices outside the group. I do. In step S559, the device outside the group stores the content received from the home server 51 in the recording medium 80.

In step S560, the device outside the group (stationary device 52) verifies the signature such as the handling policy and price information. In step S561, the host controller 72 of the device outside the group can be purchased using the display means 78. The content information (for example, a usable form and price that can be purchased) is displayed, and the user selects a purchase item using the input unit 77. Note that the purchase item selection processing may be performed prior to the proxy purchase processing. Input means 77
Is transmitted to the upper controller 72, which generates a purchase command based on the signal and inputs the purchase command to the encryption processor 73. Upon receiving this, the encryption processing unit 73 proceeds to step S
Billing information and license condition information are generated from the handling policy and price information input at 560. Since the billing information has been described with reference to FIG. 42, its details are omitted. Since the license condition information has been described with reference to FIG. 41, the details are omitted.

In step S562, the encryption processing unit 7
3 saves the billing information generated in step S561 in the storage module in the encryption processing unit 73. Step S56
In 3, the encryption processing unit 73 verifies the signature of the content key encrypted in step S557, decrypts the content key with the temporary key K temp , and re-encrypts the content key with the storage key K save2 . Then, in step S564, the storage key K save
The content key K co encrypted by the encryption processing unit 73
From the external memory 79.

As described above, the home server 51 transfers the content usage right already purchased to the device outside the group, and the device outside the group also saves the billing information. You will pay for the right to use the content.

In the above configuration, the registration information (Registrat
As described above with respect to steps S502 and S554, devices having different ion lists) exchange each other's registration information, and after confirming that the devices are registered, one device has Content can be delivered to the other device. Therefore,
According to the above configuration, it is possible to exchange content between devices in different groups.

In the above-described embodiment, the signature of the content is verified at the time of the purchase process. In addition, there is a case where the necessity of verification is described in the handling policy or the price information, and the operation is performed according to the necessity.

[0387]

As described above, according to the present invention, the content key is converted by the purchase reservation before the expiration date of the delivery key, so that the content key is converted even after the expiration date of the delivery key. The content can be fully purchased using the content key.

[Brief description of the drawings]

FIG. 1 is a block diagram showing the overall configuration of an electronic music distribution system according to the present invention.

FIG. 2 is a block diagram illustrating a configuration of an electronic distribution service center.

FIG. 3 is a schematic diagram illustrating an example of periodically updating a key.

FIG. 4 is a schematic diagram illustrating an example of periodically updating a key.

FIG. 5 is a schematic diagram illustrating an example of periodically updating a key.

FIG. 6 is a schematic diagram illustrating an example of periodically updating a key.

FIG. 7 is a schematic diagram illustrating data contents of a user registration database.

FIG. 8 is a schematic diagram showing registration information for each group.

FIG. 9 is a block diagram illustrating a configuration of a content provider.

FIG. 10 is a flowchart illustrating a signature generation processing procedure.

FIG. 11 is a flowchart illustrating a signature verification processing procedure.

FIG. 12 is a flowchart illustrating an elliptic curve encryption method.

FIG. 13 is a flowchart illustrating a decryption process of elliptic curve encryption.

FIG. 14 is a block diagram illustrating a configuration of a service provider.

FIG. 15 is a block diagram showing a configuration of a user home network.

FIG. 16 is a schematic diagram used for describing the operation of an external memory control unit.

FIG. 17 is a block diagram illustrating a configuration of a recording medium dedicated to electronic distribution.

FIG. 18 is a block diagram showing data contents of each device.

FIG. 19 is a block diagram showing data contents held by a recording medium.

FIG. 20 is a schematic block diagram illustrating a flow of data in the entire system.

FIG. 21 is a schematic block diagram illustrating a flow of a public key certificate.

FIG. 22 is a schematic diagram illustrating a content provider secure container.

FIG. 23 is a schematic diagram illustrating a content provider secure container.

FIG. 24 is a schematic diagram illustrating a content provider secure container.

FIG. 25 is a schematic diagram illustrating a content provider secure container.

FIG. 26 is a schematic diagram illustrating a public key certificate of a content provider.

FIG. 27 is a schematic diagram illustrating a public key certificate of a content provider.

FIG. 28 is a schematic diagram illustrating a public key certificate of a content provider.

FIG. 29 is a schematic diagram illustrating a service provider secure container.

FIG. 30 is a schematic diagram illustrating a service provider secure container.

FIG. 31 is a schematic diagram illustrating a public key certificate of a service provider.

FIG. 32 is a schematic diagram illustrating a public key certificate of a user device.

FIG. 33 is a schematic diagram showing a handling policy of single content.

FIG. 34 is a schematic diagram showing a handling policy of album contents.

FIG. 35 is a schematic diagram showing another example of a single content handling policy.

FIG. 36 is a schematic diagram illustrating another example of a handling policy for album content.

FIG. 37 is a schematic diagram illustrating price information of single content.

FIG. 38 is a schematic diagram illustrating price information of album contents.

FIG. 39 is a schematic diagram illustrating another example of price information of a single content.

FIG. 40 is a schematic diagram illustrating another example of price information of album content.

FIG. 41 is a schematic diagram showing license condition information.

FIG. 42 is a schematic diagram showing billing information.

FIG. 43 is a schematic diagram illustrating another example of billing information.

FIG. 44 is a schematic diagram showing a list of usage right contents.

FIG. 45 is a schematic diagram showing usage rights.

FIG. 46 is a schematic diagram showing a single content.

FIG. 47 is a schematic diagram showing album contents.

FIG. 48 is a schematic diagram showing key data for single content.

FIG. 49 is a block diagram for explaining an encryption process of an individual key;

FIG. 50 is a schematic diagram showing key data for album content.

FIG. 51 is a timing chart showing a mutual authentication process using a symmetric key technology.

FIG. 52 is a timing chart showing a mutual authentication process using the asymmetric key encryption technology.

FIG. 53 is a schematic block diagram illustrating an operation of transmitting billing information.

FIG. 54 is a schematic block diagram showing a profit distribution processing operation.

FIG. 55 is a schematic block diagram showing a transmission operation of a content use result.

FIG. 56 is a flowchart showing a procedure of content distribution and reproduction processing.

FIG. 57 is a flowchart showing a procedure of transmission processing to a content provider.

FIG. 58 is a flowchart showing a procedure for registering payment information.

FIG. 59 is a flowchart showing a device ID new registration processing procedure;

FIG. 60 is a flowchart showing a procedure of additional registration processing of a device.

FIG. 61 is a flowchart showing a process of determining a registration information update start condition.

FIG. 62 is a flowchart showing a registration information update processing procedure.

FIG. 63 is a flowchart showing a registration information update proxy processing procedure by the stationary device;

FIG. 64 is a flowchart showing a registration information update proxy processing procedure by the stationary device;

FIG. 65 is a flowchart showing the transmission processing procedure of the secure container.

FIG. 66 is a flowchart showing the transmission processing procedure of the secure container.

FIG. 67 is a flowchart showing a purchase processing procedure of the home server.

FIG. 68 is a flowchart showing a tampering check processing procedure when reading data;

FIG. 69 is a flowchart showing a tampering check processing procedure when writing data.

FIG. 70 is a flowchart showing a procedure of a falsification check process when rewriting data.

FIG. 71 is a flowchart showing a tampering check processing procedure at the time of data deletion.

FIG. 72 is a flowchart showing a procedure of content reproduction processing by the home server.

FIG. 73 is a flowchart showing a procedure of content reproduction processing by the home server.

FIG. 74 is a flowchart showing a procedure of a content use right proxy purchase process by the home server.

FIG. 75 is a flowchart showing a procedure of a content change process of a purchased user.

FIG. 76 is a schematic diagram showing the contents of a rule part of a handling policy.

FIG. 77 is a schematic diagram showing the contents of a rule section of price information.

FIG. 78 is a schematic diagram showing a modification example of the right content.

FIG. 79 is a flowchart showing the procedure for redistributing the content usage right.

FIG. 80 is a flowchart showing a content use right purchase processing procedure in the stationary device.

FIG. 81 is a schematic diagram showing the transition of the rule part of the license condition information.

FIG. 82 is a flowchart showing the procedure of a management transfer right transfer process.

FIG. 83 is a flow chart showing a procedure for returning a management transfer right.

FIG. 84 is a block diagram showing an information transmission system according to the present invention.

FIG. 85 is a block diagram showing an information transmission system according to the present invention.

FIG. 86 is a flowchart showing the remote playback processing procedure.

FIG. 87 is a flowchart showing a reservation purchase processing procedure.

FIG. 88 is a flowchart showing the main purchase processing procedure after reservation purchase.

FIG. 89 is a flowchart showing a proxy purchase processing procedure when the home server performs charging.

FIG. 90 is a flowchart showing a proxy purchase processing procedure when a device outside the group performs charging.

FIG. 91 is a block diagram showing a conventional example.

[Explanation of symbols]

1 ... Electronic distribution service center, 2 ... Content provider, 3 ... Service provider, 4 ... Network, 5 ... User home network, 10 ... Electronic music distribution system, 11 ... Service provider management unit,
12 Content provider management unit, 13 Copyright management unit, 14 Key server, 15 History data management unit, 16 Profit sharing unit, 17 Mutual authentication unit, 18
... User management section, 19... Billing section, 20... Accounting section, 21... Audit section, 22.
... Content server, 32 Digital watermark adding unit, 3
4 Content encryption unit, 35 Content key generation unit, 36 Content key encryption unit, 37 Handling policy generation unit, 38 Signature generation unit, 39 Mutual authentication unit, 41
…… Content server, 42 …… Certificate verification unit, 43…
... Signature verification unit, 44 ... Pricing unit, 45 ... Signature generation unit, 46 ... Mutual authentication unit, 51 ... Home server, 52
... Stationary equipment, 53 ... Portable equipment, 62, 72, 82 ...
... Higher-level controller, 65, 73, 83 ... Encryption processor, 66, 74, 84 ... Decompressor, 67, 79, 85 ...
… External memory, 120… recording media exclusively for electronic distribution.

Claims (4)

[Claims]
1. An information transmitting system for transmitting content data encrypted with a predetermined content key from an information transmitting device to an information receiving device, wherein the information transmitting device uses an individual key unique to the information transmitting device to generate the content key. Receiving the content key encrypted with at least the individual key and an externally supplied encrypted individual key obtained by encrypting the individual key with a delivery key updated at a predetermined cycle. The information receiving device transmits the individual key with the given distribution key before the distribution key is updated, and decrypts the content key with the decrypted individual key before the distribution key is updated. An information transmission system storing the decrypted content key so that the content can be decrypted after the distribution key is updated.
2. The information transmission system according to claim 1, wherein the information receiving device encrypts the content key decrypted using the distribution key before updating with a storage key and stores the encrypted content key.
3. An information receiving apparatus for receiving content data encrypted with a content key distributed from an information transmitting apparatus, wherein at least the content key encrypted with an individual key is updated at a predetermined cycle. Receiving an encrypted individual key obtained by encrypting the individual key with a distribution key from an information transmitting apparatus before the distribution key is updated, and providing the distribution key given before the distribution key is updated; Decrypting the individual key, decrypting the content key with the decrypted individual key, and storing the decrypted content key so that the content can be decrypted after the distribution key is updated. An information receiving apparatus characterized by the above-mentioned.
4. The information receiving apparatus according to claim 3, wherein the content key decrypted using the distribution key before update is encrypted with a storage key and stored.
JP24229699A 1999-08-27 1999-08-27 Infromation transmission system and infromation receiver Pending JP2001069134A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP24229699A JP2001069134A (en) 1999-08-27 1999-08-27 Infromation transmission system and infromation receiver

Applications Claiming Priority (8)

Application Number Priority Date Filing Date Title
JP24229699A JP2001069134A (en) 1999-08-27 1999-08-27 Infromation transmission system and infromation receiver
CNB008018219A CN1296846C (en) 1999-08-27 2000-08-25 Information transmission system, transmitter, and transmission method as well as information reception system, receiver and reception method
EP00955022A EP1134670A4 (en) 1999-08-27 2000-08-25 Information transmission system, transmitter, and transmission method as well as information reception system, receiver and reception method
PCT/JP2000/005742 WO2001016776A1 (en) 1999-08-27 2000-08-25 Information transmission system, transmitter, and transmission method as well as information reception system, receiver and reception method
US09/830,392 US7099479B1 (en) 1999-08-27 2000-08-25 Information transmission system, transmitter, and transmission method as well as information reception system, receiver and reception method
KR1020017005331A KR100735503B1 (en) 1999-08-27 2000-08-25 Information transmission system, transmitter, and transmission method as well as information reception system, receiver and reception method
US11/385,830 US8005226B2 (en) 1999-08-27 2006-03-22 Information sending system, information sending device, information receiving device, information distribution system, information receiving system, information sending method, information receiving method, information distribution method, apparatus, sending method of information receiving device, playback method of apparatus, method of using contents and program storing medium
US11/454,196 US8036388B2 (en) 1999-08-27 2006-06-16 Information sending system, information sending device, information receiving device, information distribution system, information receiving system, information sending method, information receiving method, information distribution method, apparatus, sending method of information receiving device, playback method of apparatus, method of using contents and program storing medium

Publications (1)

Publication Number Publication Date
JP2001069134A true JP2001069134A (en) 2001-03-16

Family

ID=17087136

Family Applications (1)

Application Number Title Priority Date Filing Date
JP24229699A Pending JP2001069134A (en) 1999-08-27 1999-08-27 Infromation transmission system and infromation receiver

Country Status (1)

Country Link
JP (1) JP2001069134A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002288044A (en) * 2001-03-23 2002-10-04 Sanyo Electric Co Ltd Data recording device
JP2007133911A (en) * 2003-05-07 2007-05-31 Samsung Electronics Co Ltd Computer readable recording medium which records packaged content for certifying content provider and guaranteeing content integrity
JP2008521333A (en) * 2004-11-17 2008-06-19 サムスン エレクトロニクス カンパニー リミテッド Content transmission method in home network using user binding
JP2009282525A (en) * 2001-03-28 2009-12-03 Macrovision Corp Content security method providing long-term renewable security, device for the same, and computer-readable storage medium

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002288044A (en) * 2001-03-23 2002-10-04 Sanyo Electric Co Ltd Data recording device
JP2009282525A (en) * 2001-03-28 2009-12-03 Macrovision Corp Content security method providing long-term renewable security, device for the same, and computer-readable storage medium
JP2007133911A (en) * 2003-05-07 2007-05-31 Samsung Electronics Co Ltd Computer readable recording medium which records packaged content for certifying content provider and guaranteeing content integrity
JP2008521333A (en) * 2004-11-17 2008-06-19 サムスン エレクトロニクス カンパニー リミテッド Content transmission method in home network using user binding
US8234493B2 (en) 2004-11-17 2012-07-31 Samsung Electronics Co., Ltd. Method for transmitting content in home network using user-binding

Similar Documents

Publication Publication Date Title
CN103348623B (en) Termination, checking device, key distribution device, content reproducing method and cryptographic key distribution method
JP5113299B2 (en) DRM providing apparatus, system and method thereof
JP5895230B2 (en) Controller incorporated in recording medium apparatus, recording medium apparatus, recording medium apparatus manufacturing system, and recording medium apparatus manufacturing method
USRE42019E1 (en) Distribution system, semiconductor memory card, receiving apparatus, computer-readable recording medium and receiving method
US6550011B1 (en) Media content protection utilizing public key cryptography
US7599495B2 (en) Content delivery service providing apparatus and content delivery service terminal unit
US6901385B2 (en) Semiconductor memory card that records contents for trial and purchase, recording apparatus, reproducing apparatus, and sales method
TW514844B (en) Data processing system, storage device, data processing method and program providing media
CN1770299B (en) Method and device for controlling distribution and use of digital works.
US6807641B1 (en) Content provider system
US7272858B2 (en) Digital rights management (DRM) encryption and data-protection for content on a relatively simple device
US7020636B2 (en) Storage-medium rental system
US7231669B2 (en) Binding content to a portable storage device or the like in a digital rights management (DRM) system
JP4750038B2 (en) System, method, and service for distributing and playing multimedia content on physical media
JP4151246B2 (en) Information distribution terminal, computer program, and information providing method
KR100632495B1 (en) Information processing apparatus and method and program storage medium
US7934266B2 (en) Contents reproduction device, contents reproduction control method, program
KR100394924B1 (en) Copyright management device, electronic-production sales device, electronic-book display device, key information management device, and electronic-production distribution management system in which these devices are connected via communication lines
US7853532B2 (en) Information processing apparatus and method, and data communication system and method
CN1330122C (en) Information processing appts.
DE60029371T2 (en) Information recording device and information reproducing device with license management
US7757101B2 (en) Data processing apparatus, data processing system, and data processing method therefor
US8393005B2 (en) Recording medium, and device and method for recording information on recording medium
US8301569B2 (en) Content information providing system, content information providing server, content reproduction apparatus, content information providing method, content reproduction method and computer program
TWI244584B (en) Data processing system, data processing method, and program providing medium