JP2002207639A - Contents, contents processing method and contents processor - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a contents distribution system which protects copyright while securing user's convenience. SOLUTION: Contents 1 included in a data group 2 having a one-time password (contents authenticator) OTPk are executed by a specific control program and also executed by the specific control program according to a verification authenticator OTPk-1 generated from the contents authetnicator OTPk according to a unidirectional function; each time the contents are executed or as the time passes, information OTPk regarding a use frequency is updated and the contents authenticator and verification authenticator are varied while the relation by the unidirectional function is held. When information regarding the use frequency matches information found previously from a specified use frequency N, the execution of the contents by the control program is limited.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to, for example, a technique for protecting the copyright of contents that can be distributed on a network.

[0002]

2. Description of the Related Art With the spread of computers and various digital devices, various contents have been distributed in digital form. Conventionally, contents are recorded on a specific tangible medium such as a record or a CD (Compact Disk), and these records and CDs are recorded.
Has been supplied, and the user cannot easily copy the same contents, thereby preventing unauthorized use of the contents, thereby protecting the copyright of the contents.

[0003] With the spread of computers and the Internet, contents are no longer tied to a specific medium, and the distribution form has changed. For example, as a method for compressing music data, M
P3 (MPEG1-Layer3) is known. Once music recorded on a CD or the like has been converted to this format, MP
The three types of music can be freely exchanged via the Internet, and can be stored without choosing a recording medium. This MP
No. 3 is convenient for a user who can make unlimited copies while having sufficient sound quality for practical use and does not choose a recording medium. It may seriously impair the interests of the elderly and is a social problem.

[0004] Preventing unauthorized use of contents and protecting the rights of copyright holders have become important issues for sound distribution of contents. A copyright protection system for content that may run through the web in an arbitrary manner will be indispensable.

As described above, most of the contents distributed on the network do not have a copyright protection function, such as the conventional MP3, and are ineffective against illegal copying.

Therefore, in recent years, there have been proposed some systems for encrypting and distributing music and the like. These systems permit the use (execution) of the content only on a specific device, and can use the content without restriction on that device. In these systems, illegal use due to illegal copying can be prevented by strictly limiting the devices that can use the content.

[0007]

However, as described above, in the case of the method of encrypting and distributing contents,
The use (execution) of the content can be performed only by a predetermined device, which is very inconvenient for an authorized user.

[0008] Therefore, an object of the present invention is to provide a content distribution system that protects copyright while ensuring user convenience.

[0009]

Means for Solving the Problems In order to solve the above-mentioned problem, the content of the present invention is a content included in a data group having a content authenticator and executed by a predetermined control program, The control program executes processing based on a verification authenticator having a certain relationship with the content authenticator, and updates the information on the number of times of use with the execution of the content or with the lapse of time, and The authenticator and the verification authenticator are changed while maintaining the certain relationship.

[0010] The content processing method of the present invention is a processing method for executing a content included in a data group having a content authenticator by a predetermined control program.
The content is configured to be executed by a predetermined control program based on a verification authenticator having a certain relationship with the content authenticator. Updating and changing the content authenticator and the verification authenticator while maintaining the certain relationship, and when the information on the usage count matches the information obtained from the specified usage count in advance. In addition, execution of contents by the control program is restricted.

Further, the content processing apparatus of the present invention comprises:
A processing device for executing a content included in a data group having a content authenticator by a predetermined control program, and verifies whether the content authenticator and a verification authenticator of the control program have a predetermined relationship. Verification means to perform;
Means for updating information on the number of uses with the execution of content or with the passage of time; conversion means for changing the content authenticator and the verification authenticator while maintaining the fixed relationship; And control means for restricting the execution of the content by the control program when the information related to the information and the information previously obtained from the designated frequency of use coincide with each other.

Therefore, in the present invention, when the data group or the content is falsified or the data group is copied a plurality of times, the relationship between the verification authenticator of the control program and the content authenticator is the above-mentioned fixed relationship. Therefore, the content can no longer be executed and illegal use can be prevented.

[0013]

Embodiments of the present invention will be described below with reference to the drawings.

As a first embodiment, a user designates the frequency of use (the number of times of use, time of use, etc.) N for a desired content and receives distribution on the Internet. What you pay for will be explained. The content of the present invention is a content of a prepaid system in which the usage frequency N is limited, and it is necessary to prevent the total usage frequency from being changed.
It will prevent unauthorized use. In the following embodiment, description will be made assuming that the number N of times of use is limited.

In the first embodiment, a one-time password (authenticator in the claims) to be described later is generated by a control program using a one-way function.

As means for receiving the supply of the content, the user may download and obtain the content on a homepage, obtain the content as an attached file attached to the E-mail of the content provider, or obtain the content from the content provider on a recording medium. There may be a case where the recorded content is obtained by mail or the like. The payment of the user's consideration may be made by notifying the provider of the credit card number on the Internet or by remittance by another known method.

The number of times N of use of the content is designated by the user, and the price is determined according to the number N of times of use.

First, in supplying the content of the present invention, a control program for executing (controlling) the content and a data group 2 are supplied simultaneously or separately, and the control program and the data group 2 are supplied to a predetermined device on the user side. Is saved.

The content 1 according to the present invention is executed by a control program for executing the content 1.

FIG. 1 shows the structure of a data group 2 for supplying the content 1, and the data group 2 is composed of the content 1,
It is composed of a header 3 and a signature 4.

The contents of the content 1 include, for example,
In addition to music data and video data, application software and the like can be considered.

The header 3 embeds the one-time password OTP, the content ID 5 and other information.

The signature 4 is generated from the header 3 and the content 1, so that falsification of the header 3 and the content 1 can be detected. This signature 4 is performed by the content provider. Note that the signature 4 is used to detect tampering of the header 3 and the content 1 and is not an essential component of the content 1 of the present invention.

Although FIG. 1 shows a header-integrated structure in which the header 3 is combined with the content 1 and the signature 4, the present invention is not limited to this, and as shown in FIG.
The header 3 is combined with the signature 4 and the content 1 is combined with the signature 4 'and the content ID 5 to form two data groups 2 and 2'. A header separation type that performs association may be used. In such a case, the signature 4 in the combination of the header 3 and the signature 4 creates a signature 4 from the header 3 and
The signature 4 'in the combination of the signature 4' and the signature 4 'creates a signature 4' from the content 1 and the content ID5.

Here, a distribution system for such content 1 will be briefly described below.

The distribution system includes a content supplier that supplies the content 1, a distributor that distributes the content, and a user who receives distribution of the content (see FIG. 3).

The content provider creates and distributes the data group 2 including the content 1 and the control program. These are distributed for a fee or free of charge. Further, the supplier of the data group 2 including the content 1 and the supplier of the control program need not be the same, but are assumed to be the same in the following description.

The distributor enters between the content supplier and the user and mediates distribution between the data group 2 including the content 1 and the control program. Such a distributor is not always necessary, and the content provider may directly provide the user with the data group 2 including the content 1 and the control program.

[0029] Such a content 1 is provided by a content supplier or distributor on the basis of a user's request.
The data group 2 including the content is supplied to the user.

In the following description, a case will be described in which such a distributor is omitted, and the content provider directly provides the user with the data group 2 including the content 1 and the control program.

The control program requests distribution of the data group 2 including the content 1 and receives the data, executes the content 1, and manages the one-time password OTP (corresponding to “authenticator” in the claims) (content usage). Management based on the number of times).

Such a control program may be a shared control program capable of executing various contents 1 or may be dedicated to one content. The following example will be described as a shared control program. When a dedicated control program is used, the dedicated control program is supplied to the user together with a data group including one content.

Such a control program is obtained by a user's obtaining procedure as follows.

First, a user requests a control program for executing a desired content from a content provider.

When a fee is required for supplying the control program, the content provider performs a charging process for the user.

The user who has obtained the control program installs the content 1 in a device for executing the content 1 such as his / her personal computer (PC) to prepare an environment in which the content 1 can be executed.

The procedure for obtaining the content will be described below with reference to the flowchart shown in FIG.

Step 1 First, the user makes a decision on the desired content 1 and the number of uses N thereof.

Step 2 The user inputs the content ID 5 of the desired content 1 and the number of uses N to the personal computer (PC). The number of uses N specified here is the prescribed number of uses N of the content 1 on the personal computer (PC) and cannot be increased.

Step 3 The control program installed in the personal computer (PC) generates a one-time password OTP using the one-way function f (x) based on the user's input in “Step 2”. Generate a seed x.

The seed x is appropriately set by the control program. Generally, random numbers are considered appropriate.

Step 4 The control program generates a one-time password OTP group as follows using the one-way function f (x) based on the seed x set in “Step 3”. In addition, the number of one-time passwords OTP to be generated is N + 1, which is one more than the number of times the user uses the content (the specified number of times N), and N + 1 one-time password groups (OTP _{N to} OTP ₀ ) Will be generated.

[0043] _{OTP N = f (x) OTP} N-1 = f (OTP N) = f 2 (x) · · · OTP k = f (OTP k + 1) = f (N-k + 1) (x OTP _k−1 = f (OTP _k ) = f ^{(N−k + 2)} (x) OTP ₁ = f (OTP ₂ ) = f ^N (x) OTP ₀ = f (OTP ₁ ) = f ^{(N + 1)} (x).

It should be noted that the one-time password OTP is one-time password OTP due to the property of the one-way function.
it is difficult to determine the _k-1 from the next one-time password OTP _k, in reverse, to obtain the one-time password OTP _k-1 before the one-time password OTP _k has become easy. The expressions “next” and “previous” mean that the one-time password OTP group is OTP ₀ ,
_{OTP 1, ···, OTP k-} 1, OTP k, ··· OTP
_{This is because N-1} and OTP _N are used in this order. Further, among the one-time passwords OTP generated by the one-way function f (x), the one-time password OTP ₀ generated last is not actually used, and the other one-time passwords OTP _{1 to} OTP are not used. _{Since N} is used, the prescribed use count of the content 1 is N times, and the one-time password OTP _N generated first from the seed x is the last one in which the content 1 can be used in the order of use. One-time password OTP.

Step 5 The control program uses the content ID specified by the user.
5. Specified number of uses N, seed x, one-time password OT
Of the group P, at least OTP ₀ , OTP ₁ , OTP _N
Save. Here, all of the one-time password groups OTP _{0 to} OTP _N generated in the above “Step 4” may be stored, but in this case, the one-time password OTP is obtained by the one-way function f (x). Is generated, and the specified number of uses N and the species x are known.
All of the one-time password OTP can be generated at any time, therefore, it is not necessary to the store for one-time password OTP ₂ ~OTP _N-1 no need for the time being.

It should be noted that the one-time passwords OTP ₀ , OTP ₁ , OT stored by the control program in “Step 5”
Of P _N , OTP ₀ is stored by the control program as the last used one-time password, and f (OTP ₁ ) calculated by the one-way function from the next one-time password OTP ₁ in “Step 19”. OTP ₁ is used by the content provider to create signature 4 in step 10 and OTP _N is used as the last one-time password that can be used in step 2
3) is used to determine whether the specified number of uses N has ended.

Step 6 The control program sends the content ID, the one-time password OTP ₁ , and the specified number of uses N to the content supplier.

Step 7 Upon receiving the provision of various information from the control program, the content provider first determines whether the contacted control program is a reliable partner.
If unreliable, interrupt the process. If reliable, go to the next “Step 8”.

Step 8 When a fee is required for supplying the data group 2, the content provider performs a charging process for the user. Usually, such content is of value and payment is made. In addition, such consideration is based on contents I
It is determined based on D5 and the prescribed number of times N.

Step 9 The content provider encrypts the content 1. This encryption is based on a common key cryptosystem, and a decryption key for decrypting this is supplied to the user in "Step 11". Although the encryption of the content 1 is not an essential component in the content distribution method of the present invention, only the portion of the content 1 is extracted from the data group 2 and its data format is converted and used for another application. In order to prevent fraud such as the above, it is preferable that there is. Further, the encryption is not limited to the common key encryption method, but may be a public key encryption method, and a known encryption technique can be applied.

Step 10 The content provider adds the one-time password OT to the content 1 encrypted in step 9.
A data group 2 is generated by attaching a header 3 and a signature 4 in which P ₁ , a content ID 5 and other information are embedded.
Note that the signature 4 is given to the one-time password OTP ₁ sent from the control program in the above “Step 6”.

Step 11 The content provider sends the data group 2 generated in step 10 and the decryption key of the encrypted content 1 to the user.

Step 12 The data group 2 and the decryption key transmitted to the user in step 11 are verified by the user's control program.

Step 13 If the verification in Step 12 is valid, the data group 2 is stored in a predetermined location by the control program, and the user inputs a command to execute the content 1 concerned. Wait until.

Next, a procedure for executing the content 1 will be described.

First, in the personal computer (PC), the user activates the control program to execute the content 1 and instructs execution of the desired content 1. As a result, the control program performs the processing in the following order and executes the content 1.

The contents 1 according to the control program
Is required to input the one-time password OTP. For example, when the content 1 is executed for the first time, the one-time password OTP next to the one-time password OTP ₀ generated last is used. Enter ₁ . Further, if the content 1 has been used k-1 times and the next use is the k-th time, the user enters the k-time one-time password OTP _k .

When the user inputs the one-time password OTP, the user may be allowed to actually know the one-time password OTP, and may manually input the one-time password OTP every time the content 1 is executed. But,
Here, the user may select the “play button”, “execute button” or “Enter
By inputting an "r key" or the like, a process equivalent to inputting the one-time password OTP with reference to the header 3 by the control program is performed, and the content 1 is executed. That is, the content authenticator replaces the password to be entered by the user. Therefore, the content 1 is executed without the user being notified of the one-time password OTP.

Hereinafter, the process of executing the content 1 by the control program will be described with reference to the flowchart shown in FIG.

Step 14 The control program replaces the one-time password OTP _{? In} the header 3 of the data group 2 including the specified content 1 with "OTP ₁ ". This is "Step 10"
This is because the signature 4 is performed on “OTP ₁ ” as described above.

Step 15 The control program verifies the signature 4. If the signature 4 is valid, the process proceeds to the next step “Step 16”. If the signature 4 is not valid, it is determined that data other than the one-time password OTP has been falsified, and the process proceeds to “Step 17”.

Step 16 The control program calculates f (OTP _? ) From the one-time password OTP _? Read from the header 3 of the data group 2 including the content 1 based on the above one-way function, 18 ". Here, the reason why the one-time password is expressed as “OTP _? ” _Is that it cannot be determined at present whether the data group 2 is valid or falsified. If the data group 2 is valid, the one-time password is “OTP
_k ". In addition, one-time password OTP _k say here will be referred to as "content authenticator" in the number of times of use k-th as set forth in the appended claims.

Step 17 The control program displays that the content 1 is invalid, notifies the user of the fact, and performs error processing.

Step 18 The control program extracts the “last used password OTP _k−1 ” stored in the apparatus, and proceeds to “Step 19”. Here, when the content 1 is the first execution, the “last used password OTP” is “OTP ₀ ” as described above. It should be noted that the one-time password OTP _k-1 referred to here is the “verification authenticator” at the k-th use count described in the claims
It turns out that. Here, the "certain relationship between the content authenticator and the verification authenticator" described in the claims is a relationship calculated by a one-way function.

The verification authenticator must be strictly stored by the control program. If the user inputs this, for example, if OTP ₀ is input each time, the content having OTP ₁ can be used many times.

Step 19 The control program collates the "last used password OTP _k-1 " extracted in "Step 18" with f (OTP _? ) Calculated in "Step 16". As a result of the comparison, if they match, (OTP _k−1 = f (O
TP _k )), proceed to “Step 20”, and if they do not match (OTP _k−1 ≠ f (OTP _? )), Go to “Step 21”.
Proceed to.

Step 20 The control program determines the result of the collation in "Step 19"
If they match (OTP _k-1 = f (OTP _k )), the one-time password OTP in the data group 2 is determined to be valid, the content 1 is decrypted, and the content 1 is executed. After execution, the process proceeds to “Step 22”.

Step 21 The control program determines the result of the collation in "Step 19"
If they do not match (OTP _{k-1 {} f (OTP _? )), The one-time password OTP _? Display a message and end the process.

Step 22 The control program determines the last used password OTP _k
Is saved, and the process proceeds to “Step 23”. In addition, one-time password OTP _k say here will be referred to as "verification authenticator" in the next time as set forth in the appended claims (the number of times of use k + 1 th).

Step 23 The control program executes the stored one-time password OT
It is determined whether P _k matches the first one-time password OTP _N generated in the seed x (the one stored in “Step 5”). One-time password OTP _N
Is the first one-time password generated from the seed x on the basis of the one-way function f (x).
This is because the password is the last one-time password, and can be used to determine whether the specified number of uses N has been completed. Then, the control program executes OTP _k
If OTP _N and OTP _N match (OTP _k = OTP _N ), it is determined that the specified number of uses N has been used up, and the process proceeds to “Step 24”. In addition, in the case where the OTP _k and OTP _N does not match (OTP _k ≠ OTP _N), defined using the number of times N is not used up, go to "step 25". Note that the one-time password OTP _N referred to here is “information obtained from the specified frequency of use” described in the claims, and the one-time password OTP _N
TP _k is “information on the number of uses” described in the claims.

Step 24 Since the number of uses of the content 1 has reached the specified number of uses N, the control program displays the end of the specified number of times and ends the processing.

Step 25 The control program executes the next one-time password OTP.
Generate _{k + 1} . Such a one-time password OTP _{k + 1}
Is the seed x, the one-way function f (x) and the remaining number of uses N-
It can be easily generated from k times.

Step 26 The data group 2 is updated with the one-time password OTP _{k + 1} generated in “Step 25” as the next one-time password OTP of the content 1. Thus, the data group 2 up to now has the one-time password O
A data group 2 having a different TP is created. The one-time password OTP _{k + 1} referred to here is the “content authenticator” in the (next) use number k + 1 times described in the claims.

As described above, since the one-time password OTP in the data group 2 is continuously updated each time it is used, the data group 2 having a specific one-time password OTP is used.
Means a disposable data group that can be used only once.

When the content 1 is to be executed again, the process returns to the above-mentioned "Step 14", and the processes of "Step 14" to "Step 26" are sequentially performed by the control program.

Therefore, in the first embodiment, even if an attacker (a person who intends to make an unauthorized use) saves a copy of the data group 2 at a certain point in time, it is no longer used. , The one-time password OTP embedded in the header 3 of the data group 2
Is in a shifted state in relation to the “last used password OTP” stored in the control program, and even if an attempt is made to use this, the control program assumes that the “disposable data group 2” can no longer be used. By judging, the data group 2 copied in this way is the meaningless content 1, and unauthorized use can be prevented.

Even if the attacker makes a plurality of copies of the data group 2 before use and saves it, one data group 2
When the content 1 is executed, the control program executed executes the one-time password OTP input at that time.
Is stored and the one-time password OTP in the header 3 of the data group 2 is updated, whereas the one-time password OTP embedded in the other copied data group 2 is not updated. Depending on the control program, the control program becomes infeasible, meaningless, and the number of times of use cannot be increased by copying.

Further, with respect to an attack that attempts to falsify the one-time password OTP of the data group 2, the remaining number of usable times cannot be increased, and this attack does not make sense. That is, for example, the one-time password O of the data group 2 of the content 1 used k times
This is because even if the TP is rewritten to the one-time password OTP at the time of non-use, the one-time password is meaningless and cannot be executed by the control program.

In the first embodiment,
In generating the one-time password, a one-way function was used.
" _k " and the "content authenticator" can be set to the same value, and there is no need to use a usage counter, and an extremely simple control program can be obtained.

Of course, the present invention is not limited to this, and the use number counter is reduced or increased by one each time the content 1 is used by using the use number counter.
When the usage counter n = 0 or n = N, it may be determined that the specified number N of usages of the content has been reached.

Next, a description will be given of a second embodiment in which, within the prescribed number of uses N specified by the user, the number of times the content 1 is distributed by a plurality of devices is executed separately. Here, a case will be described in which the prescribed use count N is distributed to two devices.

In the second embodiment described below, after the content 1 has already been used k times in the first device PC-A, the remaining usage times (R = N−k) times are reduced. It is distributed to the first device PC-A and the second device PC-B, respectively, i times for the first device PC-A, and (Nki) times for the second device PC-B. Will be described.

Then, in the first device PC-A, using the content 1 k times means that the last used one-time password OTP is “OTP _k ”,
When the content 1 is used in one device as in the first embodiment, the next one-time password O
TP is “OTP _{k + 1} ”.

As described above, the remaining number of uses R = N−k of the content 1 is determined by the two devices (PC-A and PC-A).
-B) the second device PC to be transferred to be distributed to
-B and transfer these various types of information to
The information of the first device PC-A itself also needs to be rewritten.

The information to be rewritten to the first device PC-A and the information to be transferred to the second device PC-B are as follows.

First device PC-A Type: x One-way function: f (x) Number of one-time passwords (initial prescribed use count): N Specified use count: k + i Last usable one-time password: OTP _{k + i} Last one-time password: OTP _k data group (one-time password OTP _{k + 1} ) Second device PC-B type: x One-way function: f (x) Number of one-time passwords (initial specification) Number of uses): N Specified number of uses: N Last one-time password that can be used: OTP _N Last one-time password used: OTP _{k + i} data group (one-time password OTP _{k + i + 1} ).

The feature of the above information rewriting and transfer is that after rewriting or transfer, the last used one-time password OTP and the last usable one-time password OTP are converted into predetermined ones according to the distribution ratio. It is.

The rewriting of information in the first device PC-A and the transfer of information to the second device PC-B are as follows.
After the user has determined the distribution ratio, the user inputs the distribution ratio to the first device PC-A.

More specifically, the rewriting of the information in the first device PC-A is performed by setting the control program of the first device PC-A to "N" the specified number of times of use stored in the PC-A. to "k + i" from, rewrite each of the last one-time password that can be used to "OTP k + _i" from "OTP _N". In the first device PC-A, there is no need to rewrite the one-time password OTP of the data group 2 stored therein.

Further, the first device PC-A uses the “seed x” in the control program to enable the execution of the content 1 on the second device PC-B and to limit the number of uses. , "One-way function f (x)", "number of one-time passwords (initial prescribed number of uses) N", "prescribed number of uses N", "last one-time password OTP _{N that} can be used", "last use" A control program in which the information of the converted one-time password OTP _{k + i} is converted is prepared, and the one-time password OTP of the data group 2 is converted into OTP _{k + i + 1} , and these are converted into the second data.
To the device PC-B. Such transfer is generally performed through a network, but the information is recorded on a recording medium, for example, a floppy disk (FD), and then transferred to the second device PC-B. Is also good. However, if the information is transferred from the first device PC-A via a floppy (registered trademark) disk (FD), if the information is transferred to another device, the second information is transferred. As a result, it is possible to increase a plurality of devices having the same number of times of use as the device PC-B.
Information transferred from the first device PC-A to the second device PC-B is encrypted with a dedicated key so that it can be decrypted only by the second device PC-B, and the upper transfer can be performed only once. It is necessary to take measures such as doing so.

The process of transferring important information between different devices can use a method used for electronic money or the like, and thus a detailed description is omitted.

In view of the above, the second device P
In order to prevent falsification of information transferred to CB, it is preferable to transfer the information to the second device PC-B on the network.

For the rewriting and conversion of the control program and the data group 2, the prescribed number of uses in each of the devices PC-A and PC-B is determined based on the distribution ratio, and the seed x and the unidirectionality are determined. It can be easily obtained by the function f (x).

As described above, when information and data are rewritten and transferred after conversion in each of the devices PC-A and PC-B, the first device PC-A executes the content 1 as follows. Is done. Note that the processing for executing the content 1 by the following control program is the same as that of FIG.
Therefore, the step numbers shown in FIG. 5 are used and illustration is omitted. The description thereof is the same as that of the first embodiment, so that the description is simplified.

That is, in the first device PC-A, the one-time password OTP when the content 1 is first executed after distribution is “OTP _{k + 1} ”, and the one-time password OTP _{k + 1} and last used one-time password O
The relationship with TP _k is based on the above one-way function, and OTP _k =
It is determined whether or not f (OTP _{k + 1} ) (step 19).

As a result, if the content is valid, after executing the content 1 (step 20), the one-time password “OTP _{k + 1} ” used last is stored (step 22).

Next, it is determined whether the one-time password OTP _{k + 1} used for executing the content 1 is the last one-time password OTP _{k + i} usable (step 23).

As a result, if the one-time password OTP _{k + 1} used for execution does not match the last one-time password OTP _{k + i} that can be used, the next one-time password is replaced with the one-way function f (x). (Step 25), and updates the one-time password of the data group 2 to “OTP _{k + 2} ” (Step 26).

Here, the used one-time password O
Last one-time password OT that can use TP _{k +?}
If it matches P _{k + i} , it is determined that the specified number of times k + i has been completed, the end of the specified number of times is displayed, and the process ends (step 24).

For the second device PC-B, the one-time password OTP when the content 1 is to be executed for the first time after distribution is “OTP _{k + i + 1} ”. Time password OT
P _{k + i + 1} and last used one-time password OTP
The relationship with _{k + i} is based on the above one-way function, and OTP _{k + i} =
It is determined whether or not f (OTP _{k + i + 1} ) (step 19).

As a result, if the content is valid, after executing the content 1 (step 20), the one-time password “OTP _{k + i + 1} ” used last is stored (step 22).

Next, it is determined whether or not the one-time password OTP _{k + i + 1} used for executing the content 1 is the last one-time password OTP _N that can be used (step 23).

As a result, if the one-time password OTP _{k + i + 1} used for execution does not match the last one-time password OTP _N that can be used, the next one-time password is replaced with the one-way function f (x). (Step 25), and updates the one-time password of the data group 2 to "OTP _{k + i + 2} " (Step 26).

Here, the used one-time password O
Last one-time password O that can use TP _{k + i +?}
If it matches TP _N is determined to have been terminated prescribed number of uses N, to display the prescribed count, and ends the process (Step 24).

As described above, even when the remaining number of uses R of the content 1 is distributed to the two devices PC-A and PC-B, the user cannot cheat such as increasing the number of uses.

In the second embodiment, a case where k of the total number of times of use are used in the first device PC-A and then distributed to two devices PC-A and PC-B. As described above, it is needless to say that the total number of times of use of unused contents can be distributed.

Further, in the second embodiment,
The case where the remaining number of uses R is distributed to the two devices PC-A and PC-B has been described, but it is needless to say that the remaining number of uses R can be similarly distributed to a plurality of devices.

Further, in the second embodiment, similarly to the first embodiment, the control program determines whether or not the specified number of uses N has been completed, first. Is performed by comparing the one-time password OTP _N generated at the time with the one-time password OTP _k input every time the user uses the content (step 2).
3) The present invention is not limited to this.
Each time the content 1 is used, the usage counter n is decremented or incremented by one.
When = 0 or n = N, it may be determined that the prescribed number of times N of use of the content has been reached.

Next, a third embodiment of the content of the present invention will be described. This third embodiment is similar to the first embodiment.
The difference from the first embodiment is that the one-time password OTP is generated by using a random number, and accordingly, a usage counter is used. The point is to judge by whether or not it has reached.

The procedure for the user to make a decision on the content 1 and the number of uses N thereof and to input the content ID 5 and the number of uses N of the desired content 1 into the personal computer (PC) is the first procedure.
Since this is the same as “Step 1 and Step 2” in the embodiment, the subsequent procedure (Step 30 to) will be described with reference to the flowchart shown in FIG.

Step 30 The control program installed in the personal computer (PC) uses the random number and the first one-time password OT based on the user's input in "Step 2".
To generate a P _1.

Step 31 The control program saves the one-time password OTP ₁ generated in “Step 30”, the content ID 5 specified by the user and the specified number of uses N, and sets the use number counter to n = 0. Note that the specified number of times N used here means “information obtained from a specified number of times of use” described in the claims, and the number of times of use counter value n is described in the claims. This is "information on the frequency of use".

Step 32 The control program sends the content ID, the one-time password OTP ₁ , and the specified number of times N to the content supplier.

Step 33 When the content provider receives various information from the control program, it first determines whether the contacted control program is a reliable partner.
If unreliable, interrupt the process. If reliable, the process proceeds to the next “Step 34”.

Step 34 If a fee is required to supply the data group 2, the content provider performs a billing process for the user. Usually, such content is of value and payment is made.

Step 35 The content provider encrypts the content 1.

Step 36: The content provider adds the one-time password OTP to the content 1 encrypted in step 35.
_{1. A} data group 2 is generated by attaching a header 3 and a signature 4 in which a content ID 5 and other information are embedded. Note that the signature 4 is made to the one-time password OTP ₁ which is sent from the control program in the "Step 33".

Step 37 The content provider sends the data group 2 generated in step 36 and the decryption key of the encrypted content 1 to the user.

Step 38 The data group 2 and the decryption key transmitted to the user in step 37 are verified in the control program of the user.

Step 39 If the verification in step 38 is valid, the data group 2 is stored in a predetermined place by the control program, and the user inputs a command to execute the content 1 concerned. Wait until.

Next, a procedure for executing the content 1 will be described.

First, in the personal computer (PC), the user activates the control program to execute the content 1 and instructs execution of the desired content 1. As a result, the control program performs the processing in the following order and executes the content 1.

Hereinafter, the process of executing the content 1 by the control program will be described with reference to the flowchart shown in FIG.

Note that the content 1 according to the control program
Is required to enter the one-time password OTP. For example, when the content 1 is executed for the first time, the one-time password OTP ₁ is entered. In addition, if the content 1 has been used k-1 times and the next use is the k-th time, the k-time one-time password OTP _k is input.

Step 40 The control program replaces the one-time password OTP _{? In} the header 3 of the data group 2 including the specified content 1 with "OTP ₁ ". This is "Step 36"
This is because the signature 4 is performed on “OTP ₁ ” as described above.

Step 41 The control program verifies the signature 4. If the signature 4 is valid, the process proceeds to the next step “Step 42”. If the signature 4 is invalid, it is determined that data other than the one-time password OTP has been falsified, and the process proceeds to “Step 43”.

Step 42 The control program reads the one-time password OTP _{? From} the header 3 of the data group 2 including the content 1,
Proceed to “Step 44”. Here, the reason why the one-time password is expressed as “OTP _? ” _Is that it cannot be determined at present whether the data group 2 is valid or falsified. And a valid data group 2
, The one-time password is “OTP _k ”. In addition, one-time password OTP _k say here will be referred to as "content authenticator" in the number of times of use k-th as set forth in the appended claims.

Step 43 The control program displays that the content 1 is illegal, notifies the user of the fact, and performs error processing.

Step 44 The control program executes the “regular O2” stored in the apparatus.
TP _k ”is taken out and the process proceeds to“ Step 45 ”. In addition,
The regular one-time password OTP is rewritten each time the content 1 is executed in “Step 51” described later. Here, when the content 1 is the first execution, the “regular password OTP” is “OTP ₁ ” as described above. It should be noted that the one-time password OTP _k referred to here is the “verification authenticator” at the k-th use count described in the claims.
It turns out that. Here, the "certain relationship between the content authenticator and the verification authenticator" described in the claims is a relationship between the same values generated using random numbers.

Step 45 The control program executes the “correct”
Regular password OTP _kAnd "Step 42"
And one time read from the header 3 of the data group 2
Password OTP_?Is checked against Match result
If you do (OTP_k= OTP_?), "Step 46"
If it does not match (OTP_k≠ OTP_?), "S
Proceed to Step 47 ".

Step 46 The control program determines the result of the collation in “Step 45”
If they match (OTP _k = OTP _? ), The one-time password OTP in the data group 2 is determined to be valid, the content 1 is decrypted, and the content 1 is executed. After the execution, the process proceeds to “Step 48”.

Step 47 The control program determines the result of the collation in “Step 45”
If they do not match (OTP _k ≠ OTP _? ), It is determined that the one-time password OTP _{? In} the data group 2 is invalid, that is, it is highly likely that the data group 2 has been tampered with, and an error message is displayed. The process ends.

Step 48 The control program adds one to the number of use times counter for which n = k−1 (n = k), and sets “Step 4
Go to 9 ".

Step 49 The control program determines whether or not the usage counter is n <N (the specified usage count). If n <N, the specified use number N of the content 1 has not been used up, and the process proceeds to “Step 51”. If n ≧ N, it is determined that the specified number of uses N has been used up, and the process proceeds to “Step 50”.

Step 50 Since the number of uses of the content 1 has reached the specified number of uses N, the control program displays the end of the specified number of times and ends the processing.

Step 51 The control program executes the following one-time password OTP.
Generate _{k + 1} using random numbers. It should be noted that the one-time password OTP _{k + 1} referred to here is the “verification authenticator” in the next (use number k + 1) described in the claims.
It turns out that.

Step 52 The data group 2 is updated using the one-time password OTP _{k + 1} generated in “step 51” as the next one-time password OTP of the content 1. Thus, the data group 2 up to now has the one-time password O
A data group 2 having a different TP is created. The one-time password OTP _{k + 1} referred to here is the “content authenticator” in the (next) use number k + 1 times described in the claims.

As described above, since the one-time password OTP in the data group 2 is continuously updated each time it is used, the data group 2 having a specific one-time password OTP is used.
Means a disposable data group that can be used only once.

Then, when the content 1 is executed again, the process returns to the above-mentioned “Step 40”, and the processes of “Step 40” to “Step 52” are sequentially performed by the control program.

Thus, the one-time password OTP
Is generated by using random numbers in the third embodiment, similarly to the first embodiment, the data group at the time when the attacker (the person who attempts unauthorized use) Even if a copy of the data group 2 is stored, if it is used, the one-time password OTP embedded in the header 3 of the data group 2 is the “regular password OTP” stored in the control program. , The control program determines that the "disposable data group 2" can no longer be used, and the data group 2 copied in this manner is meaningless. Therefore, it is possible to prevent unauthorized use.

Even if the attacker makes a plurality of copies of the data group 2 before use and saves it, one data group 2
When the content 1 is executed, the control program executed executes the one-time password OTP input at that time.
Is stored and the one-time password OTP in the header 3 of the data group 2 is updated, whereas the one-time password OTP embedded in the other copied data group 2 is not updated. Some control programs become infeasible, meaningless, and the number of uses cannot be increased by copying.

In the third embodiment, when the number of times of use is distributed, the remaining counter value of the number-of-uses counter is distributed, and the respective control programs,
The counter value of the number-of-times-of-use counter 2 may be converted according to the distribution ratio.

In each of the above embodiments, the number of times of use is the number of times of use. However, the present invention is not limited to this, and the use time may be limited.

In addition, the specific shapes and structures of each part shown in each of the above embodiments are only examples of the embodiment of the present invention, and the technical features of the present invention are not limited thereto. The scope should not be construed as limiting.

[0145]

As is apparent from the above description, the content of the present invention is included in a data group provided with a content authenticator and is a content executed by a predetermined control program. While performing processing based on the verification authenticator having a certain relationship with the content authenticator, with the execution of the content or with the elapse of time, information on the number of uses is updated, and the content authenticator and the It is characterized in that the verification authenticator is changed while maintaining the above-mentioned fixed relationship.

The content processing method according to the present invention is a processing method for executing a content included in a data group having a content authenticator by a predetermined control program.
The content is configured to be executed by a predetermined control program based on a verification authenticator having a certain relationship with the content authenticator. Updating and changing the content authenticator and the verification authenticator while maintaining the certain relationship, and when the information on the usage count matches the information obtained from the specified usage count in advance. In addition, execution of content by the control program is restricted.

Furthermore, the content processing apparatus of the present invention
A processing device for executing a content included in a data group having a content authenticator by a predetermined control program, and verifies whether the content authenticator and a verification authenticator of the control program have a predetermined relationship. Verification means to perform;
Means for updating information on the number of uses with the execution of the content or with the passage of time; conversion means for changing the content authenticator and the verification authenticator while maintaining the fixed relationship; And control means for restricting the execution of the content by the control program when the information on the content and the information previously obtained from the designated frequency of use coincide with each other.

Therefore, according to the present invention, when a data group or content is falsified or a plurality of data groups are copied, the relationship between the verification authenticator of the control program and the content authenticator is the above-mentioned fixed relationship. Therefore, the content can no longer be executed and illegal use can be prevented.

According to the second aspect of the present invention, the content authenticator is changed by the control program based on a one-way function with each execution of content or with the passage of time. The number of generated authenticators can be used as information on the number of uses, and can serve as both. Therefore, it is not necessary to use a use counter that counts the number of uses. it can.

According to the third and fourth aspects of the present invention, since all or a part of the data group including the content is encrypted, only the part of the content is extracted from the data group and the data format is converted. To protect it from unauthorized use by other applications.

[Brief description of the drawings]

FIG. 1 is a diagram conceptually showing the structure of content according to the present invention.

FIG. 2 is a diagram showing a modification of the content shown in FIG.

FIG. 3 is a diagram for explaining a content distribution system of the present invention.

FIG. 4 is a flowchart together with FIG. 5 for explaining acquisition and execution of content according to the first embodiment, and this diagram illustrates a content acquisition procedure.

FIG. 5 is a diagram for explaining processing of a control program.

FIG. 6 is a flowchart for explaining acquisition and execution of content according to the third embodiment, together with FIG. 7; FIG. 6 illustrates a procedure for acquiring content;

FIG. 7 is a diagram for explaining processing of a control program.

[Explanation of symbols]

1 content, 2 data group, 2 'data group, OT
P _k … Content authenticator (k-th), OTP _k-1 … Verification authenticator (k-th)

──────────────────────────────────────────────────続 き Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI Theme coat ゛ (Reference) G10L 11/00 G10L 9/00 E H04L 9/32 H04L 9/00 673C

Claims (6)

[Claims] 1. Content that is included in a data group having a predetermined authenticator (hereinafter, referred to as “content authenticator”) and is executed by a predetermined control program, wherein the control program includes a content authenticator and a content authenticator. The process is executed based on the verification authenticator having a certain relation, and the information on the frequency of use is updated with each execution of the content or with the elapse of time, and the content authenticator and the verification authenticator are Content that is changed while maintaining a certain relationship. 2. The content according to claim 1, wherein the content authenticator is changed by the control program based on a one-way function with each execution of the content or as time elapses. Content characterized by that. 3. The content according to claim 1, wherein all or a part of a data group including the content is encrypted. 4. The content according to claim 2, wherein all or a part of a data group including the content is encrypted. 5. A processing method for executing a content included in a data group having a predetermined authenticator (hereinafter, referred to as “content authenticator”) by a predetermined control program, wherein the content is a predetermined control program. Is executed based on a verification authenticator having a certain relationship with the content authenticator. The information on the number of uses is updated with each execution of the content or with the elapse of time, and the content authentication is performed. And the verification authenticator is changed while maintaining the above-mentioned fixed relationship. When the information on the usage frequency matches the information obtained in advance from the specified usage frequency, the content by the control program is deleted. A content processing method characterized in that execution is restricted. 6. A processing device for executing a content included in a data group having a predetermined authenticator (hereinafter referred to as “content authenticator”) by a predetermined control program, wherein the content authenticator and the control program Verification means for verifying whether or not the verification authenticator has a certain relationship; means for updating information on the number of usages with each execution of content or with the passage of time; Converting means for changing the authenticator while maintaining the above-mentioned fixed relationship; and when the information on the usage frequency matches information obtained in advance from the specified usage frequency, the content of the content by the control program is changed. A content processing apparatus comprising: a control unit for restricting execution.