JP2002353951A - Device and method for delivering digital contents - Google Patents

Abstract

PROBLEM TO BE SOLVED: To give permission of use only to a specified user, in a system which delivers digital contents. SOLUTION: When delivering the contents of video, music or application software from a server S to a user N, each of contents is enciphered by a session key and sent and an enciphered session key is sent to the user N. Namely, the delivery of contents and the delivery of the session key for restoring these contents are conducted separately. For the contents and a unit number or enciphered session key, a method for transmitting digital data to a specified receiver like digital broadcasting or the Internet or delivering packaged data by a physical means such as home delivery or mail service is to be used.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a digital content delivery apparatus and a delivery system which can effectively restrict improper diversion or the like on the content receiving side in a system for delivering various digital contents such as video, music, and application software. About the method.

[0002]

2. Description of the Related Art In recent years, a system for distributing digital contents such as various images and music using digital broadcasting, the Internet, or the like has been provided and is becoming popular. In such a system, unlimited use on the receiving side is prohibited by encrypting the content.

[0003]

However, the encryption key is constant and does not change for each content. When one key is received by one receiving device, it becomes usable by another receiving device. It has been difficult to give use permission only to a specific receiving device.

[0004] It is therefore an object of the present invention to provide a digital content delivery apparatus and a delivery method which can give use permission only to a specific user in a digital content delivery system.

[0005]

According to the present invention, in order to achieve the above object, a first encrypting means for encrypting digital content and a digital content encrypted by the first encrypting means are delivered to a user. First delivery means, unit key giving means for giving the user a unit key obtained by encrypting the unit number given to the user with a server key set on the server side, and the unit from the user Receiving means for receiving a number, and obtaining the unit key by calculating the unit number received by the receiving means using the server key, and encrypting the data by the first encrypting means based on the unit key. The session key for restoring encrypted digital content to the original digital content A second encryption unit that, and having a second delivery means for delivering the session key encrypted to the user by the second encryption unit. In the digital content delivery device of the present invention, the digital content is encrypted by the first encrypting means, and the digital content is delivered to the user by the first delivering means. Also, the session key for restoring the digital content encrypted by the first encrypting means to the original digital content is based on the unit key obtained by decrypting the user unit number received by the receiving means with the server key. Second
The data is encrypted by the encryption means and delivered to the user by the second delivery means. Therefore, by receiving the unit number from the user and sending the session key encrypted with the unit key obtained based on this unit number separately from the content, the user can use the content, It can be used only for specific users, making unauthorized use of the content difficult,
It is possible to maintain the value of information. In addition, since the unit key required for encrypting the session key is obtained by calculation on the server side based on the unit number delivered from the user, there is no possibility that the unit key leaks outside.

Further, the digital content delivery device of the present invention comprises a first encryption means for encrypting digital content, and a first delivery means for delivering digital content encrypted by the first encryption means to a user. Setting a pair of a first secret key and a first public key in the server, and providing the user with the first public key;
Setting means for setting a pair of second secret key and second public key, receiving means for receiving the second public key encrypted by the first public key, and encryption received by the receiving means Converts the second public key into the first
By decrypting with the secret key, the user is authenticated to obtain the second public key, and the digital content encrypted by the first encrypting means based on the second public key is converted to the original digital content. Second encryption means for encrypting a session key for restoring the content,
A second delivery unit for delivering the session key encrypted by the second encryption unit to the user. In the digital content delivery device of the present invention,
The digital contents are encrypted by the first encrypting means, and the digital contents are delivered to the user by the first delivering means. Also, the session key for restoring the digital content encrypted by the first encryption unit to the original digital content is obtained by decrypting the encrypted second public key received by the reception unit with the first secret key. Thus, the second public key is obtained, the session key is encrypted by the second encrypting means based on the second public key, and the session key is delivered to the user by the second delivering means. Therefore, by receiving the second public key from the user and transmitting the session key encrypted by the second public key separately from the content, the user can use the content, and the specific user can be used. A limited use permission can be given, making unauthorized use of the content difficult and preserving the information value. Further, since the second public key necessary for encrypting the session key is encrypted by the first public key and sent from the user, there is no possibility that the second public key leaks outside.

In addition, the digital content delivery method of the present invention includes a first encryption step of encrypting digital content, and a first delivery step of delivering digital content encrypted by the first encryption step to a user. Providing a unit key obtained by encrypting a unit number assigned to the user with a server key set on the server side to the user, and receiving the unit number from the user And obtaining the unit key by calculating the unit number received in the receiving step by using the server key. Based on the unit key, the digital content encrypted by the first encryption unit is obtained. Security for restoring original digital content A second encryption step of encrypting the activation key, and having a second delivery step of delivering the session key encrypted by the second encryption step to the user. In the digital content distribution method of the present invention, the digital content
The data is encrypted in an encryption step and delivered to the user in a first delivery step. Also, the session key for restoring the digital content encrypted by the first encryption step to the original digital content is based on the unit key obtained by decrypting the user's unit number received by the receiving means with the server key. In a second encryption step, the data is encrypted, and is delivered to the user in a second delivery step. Therefore, by receiving the unit number from the user and sending the session key encrypted by the unit key obtained based on this unit number separately from the content, the user can use the content, It can be used only by specific users, making unauthorized use of the content difficult,
It is possible to conserve information value. In addition, since the unit key required for encrypting the session key is obtained by calculation on the server side based on the unit number delivered from the user, there is no possibility that the unit key leaks outside.

Further, the digital content delivery method of the present invention includes a first encryption step of encrypting digital content, and a first delivery step of delivering digital content encrypted by the first encryption step to a user. A first secret key and a first
Set a public key and give the user the first
A setting step of setting a public key, a pair of a second secret key and a second public key, a receiving step of receiving the second public key encrypted with the first public key, Decrypting the encrypted second public key received in the step with the first secret key to obtain the second public key, and, based on the second public key, performing the first encryption step. A second encryption step of encrypting a session key for restoring the digital content encrypted by the second encryption method to the original digital content, and a second encryption step of delivering the session key encrypted by the second encryption step to a user. And a delivery step. In the digital content delivery method of the present invention, digital content is encrypted in a first encryption step, and the encrypted content is delivered to a user by a first delivery means. Also, the session key for restoring the digital content encrypted by the first encryption step to the original digital content is obtained by decrypting the encrypted second public key received by the receiving means with the first secret key. Then, the second public key is obtained, and based on the second public key, the session key is encrypted in the second encryption step, and the encrypted session key is delivered to the user in the second delivery step. Therefore, by receiving the second public key from the user and transmitting the session key encrypted by the second public key separately from the content, the user can use the content, and the specific user can be used. A limited use permission can be given, making unauthorized use of the content difficult and preserving the information value. Further, since the second public key necessary for encrypting the session key is encrypted by the first public key and sent from the user, there is no possibility that the second public key leaks outside.

[0009]

BEST MODE FOR CARRYING OUT THE INVENTION Hereinafter, embodiments of a digital content delivery apparatus and delivery method according to the present invention will be described. The embodiments described below are preferred specific examples of the present invention, and various technically preferable limitations are added. However, the scope of the present invention is not limited to the embodiments described below. The embodiments are not limited to these embodiments unless otherwise specified.

FIG. 1 is an explanatory diagram showing a digital content delivery method executed by the digital content delivery device according to the first embodiment of the present invention. The digital content delivery system according to the embodiment of the present invention includes:
Server (Server) S to Receiver (Receiv
er Unit) N, when the content is delivered to the session key (Session)
Key), and the session key is separately sent to a user of the content in secret. Then, in the first embodiment of the present invention, the session key (Session Ke)
y) is a symmetric key (S
ymmetric Key) is used.

[0011] As an infrastructure for realizing a delivery system, one that can transmit digital data to a specific receiving device such as digital broadcasting or the Internet, or one that is packaged by physical distribution means such as home delivery or mailing is used. Any method can be used as long as delivery is performed. In this embodiment, the delivery of the content and the delivery of the session key for restoring the content are performed separately.
The two deliveries may be performed using different media or the same media. Also, the destination and the delivery method for delivering the content and the session key may be set in advance on the server side, or may be designated by the user each time. In addition, the contents to be distributed widely include video, music, application software, and the like.
It is not necessarily limited to one that involves billing.

Hereinafter, a specific operation of the digital content delivery system according to the first embodiment of the present invention will be described. The operation shown in FIG. 1 includes (1) preparation operation, (2) content delivery, (3) use permission, and (4) decoding. Hereinafter, each operation will be described in order. (1) Preparation Operation First, the server S sends a server key (Server Ke).
y) Prepare Ks. This server key Ks is a key that needs to be kept confidential. On the other hand, the receiving side is composed of a user N who uses the content and a receiver N such as a communication terminal owned by the user N. In this description, the receiver N and the user N are collectively referred to as a unit. And The unit number Un (here, Unit #) is given to the receiver N in advance, and the server S seeds the unit number Un (S
A unit key (Unit Key) Kn obtained by encrypting with the server key Ks is given to each of the receivers N in advance as (ed). It is assumed that the unit key Kn is never issued outside the unit on the user N side. In the following description, X (Y) is the key X
Means the encryption of Y.

(2) Delivery of Content Assuming that the content number (Content # in this case) to be sent to the receiver N (Unit #) is M, Qm indicates the original digital content of the content number M. The content Qm is transformed into digital content Pm by being deformed by system-specific compression or the like. Further, the digital content Pm is encrypted by the Session Key = Km to become Km (Pm). The user obtains the encrypted content Km (Pm) by communication means such as broadcasting or a website, or distribution means using a packaged recording medium (arrow a in FIG. 1).

(3) Use Permission The user N who owns the receiver N requests the server S for use permission. Note that, as described above, the use of the content includes both the case of pay and the case of free.
At this time, the receiver N sends the unit number Un and the content number M to the server S, as shown by the arrow b in FIG. The server S determines the unit key K from the unit number Un.
n = Ks (Un) is calculated, and Kn (Km) and Kn (M +
Tm) to the user N (receiver N) (arrow c in FIG. 1). Here, in M + Tm, it is assumed that M means the content number and Tm means the expiration date. Note that Tm is not limited to the one indicating the absolute time, but may be the one indicating the number of times of use. This Tm is held in the register memory of the receiver N. After that, the expiration date of the content M is changed to the receiver N when Tm is an absolute time.
If Tm is the number of times of use, it is managed by the counter of the receiver N.

(4) Decoding The user N inputs and sets the Km (Pm), Kn (Km), and Kn (M + Tm) received from the server S as described above in the decoding processing area Na of the receiver N. (Arrow d in FIG. 1). This can be realized, for example, by calling the decoding processing screen of the receiver N and performing a predetermined operation on this screen. Note that Km (Pm), Kn
When (Km) and Kn (M + Tm) are directly received by the receiver N by a communication means such as a network, Km (Pm) is already stored in the receiver N at the time of the decoding process.
Since m), Kn (Km), and Kn (M + Tm) are held, preparation for decoding is performed by setting these data in the decoding processing area of the receiver N again.

On the other hand, Km (Pm), Kn (Km), Kn
(M + Tm) means other than receiver N (for example, home delivery)
When receiving the data, the recording medium holding the data is set in the reading device of the receiver N, and the data is read and set in the decoding processing area of the receiver N. Further, data having a small number of digits may be received in writing or the like and manually input by key operation. Thereafter, the user N instructs the receiver N to start decoding.
In the receiver N, first, Kn (M + Tm) is solved to confirm the validity of M and Tm, and then Kn (Km) is solved to obtain Km
Take out. Then, using this Km, Km (Pm) is solved to obtain Pm. Then, Pm is returned to Qm (arrow e in FIG. 1). In this way, it is possible to obtain the original digital content Qm.

As described above, in the digital content delivery system according to the present embodiment, the session key is separately sent to the user separately from the content, thereby making unauthorized use of the content difficult and preserving the information value. It becomes possible. In addition, the encrypted contents can be delivered through public media such as broadcasting and websites, and the license for use and the key for decrypting the contents can be delivered by selecting the device, the content, and the expiration date. Etc. can be easily managed. Further, the unit key Kn necessary for encrypting the session key Km can be obtained by calculation on the server side based on the unit number Un delivered from the user, so that the unit key does not leak to the outside and the security is improved. It is advantageous in increasing.

FIG. 2 is an explanatory diagram showing a digital content delivery method executed by the digital content delivery device according to the second embodiment of the present invention. In the first embodiment described above, the symmetric key (Symmetric Ke) used in the secret key cryptosystem as the session key is used.
Although the case where y) is used has been described, in the second embodiment, an asymmetric key (Asymmetric Key) used in a public key cryptosystem is used as a session key. That is, in the operation shown in FIG. 2, the delivery of the session key (including the use permission request and the authentication thereof) described in FIG.
).

Hereinafter, a specific operation of the digital content delivery system according to the second embodiment of the present invention will be described focusing on parts different from FIG. First, the server S has a unique sign key Ds (first secret key) and a public key Es (first public key) that are paired with each other. The user N is provided with a private key (second secret key) Dn and a unit public key En (second public key) unique to the paired unit, and also with the public key Es of the server S. . Then, from the user N to the server S
, The unit public key En of the user N is encrypted by using the public key Es of the server S instead of sending Un + M in FIG. 1, and Es (En + Un) + M
(Arrow b in FIG. 2). Also, as the permission proof by the server S, Ds (Un) using the sign key Ds by the server S instead of Kn (M + Tm) in FIG.
+ M + Tm). Also, the session key Km is encrypted with the unit public key En of the user N and sent in the form of En (Km) (arrow c in FIG. 2), and the user N uses the unit public key En to generate the session key Km. The content is decrypted and the content is restored using the session key Km. In the second embodiment, the same effects as those in the first embodiment can be obtained. Also, in the second embodiment, the second public key En required to encrypt the session key Km is the first public key En.
Since it is encrypted by the public key Es and sent from the user, there is no possibility that the second public key En leaks to the outside,
This is advantageous in increasing safety.

When the user N requests the use permission, a sign of payment acceptance is required for the billing, and this payment method is usually a digital signature, etc.
Since this is basically independent of the system, the system does not necessarily require the use of the PKI because no sign by the user N is required. However, as compared with the case where a symmetric key is used, this is effective when it is desired to occasionally change Ds used for the signature of the certificate of the server S, and has the advantage that the system can be more flexible.

[0021]

As described above, the digital content distribution apparatus of the present invention receives a unit number from a user, and sets a session key encrypted with a unit key obtained based on the unit number as a content. By sending it separately, the user can use the content, so that it is possible to give permission to use only to a specific user, making unauthorized use of the content difficult and preserving the value of information. It becomes possible. In addition, since the unit key required for encrypting the session key is obtained by calculation on the server side based on the unit number delivered from the user, there is no possibility that the unit key is leaked to the outside, and in order to enhance security, It is advantageous.

Further, in the digital content delivery device of the present invention, the user uses the content by receiving the second public key from the user and sending the session key encrypted by the second public key separately from the content. Therefore, the use permission can be given only to a specific user, making unauthorized use of the content difficult and preserving the information value. Also,
Since the second public key necessary for encrypting the session key is encrypted by the first public key and sent from the user, the second public key does not leak to the outside, which is advantageous in improving security. is there.

Also, in the digital content delivery method of the present invention, a user receives a unit number from a user, and sends a session key encrypted by a unit key obtained based on the unit number, separately from the content, so that the user can receive the unit number. Can use the content, so that use permission can be given only to a specific user, making unauthorized use of the content difficult and preserving the information value. In addition, since the unit key required for encrypting the session key is obtained by calculation on the server side based on the unit number delivered from the user, there is no possibility that the unit key is leaked to the outside, thereby improving security. Is advantageous.

[0024] In the digital content delivery method of the present invention, the user receives the second public key from the user and sends the session key encrypted by the second public key separately from the content, so that the user can use the content. Therefore, the use permission can be given only to a specific user, making unauthorized use of the content difficult and preserving the information value. Also,
Since the second public key necessary for encrypting the session key is encrypted by the first public key and sent from the user, the second public key does not leak to the outside, which is advantageous in improving security. is there.

[Brief description of the drawings]

FIG. 1 is an explanatory diagram showing a digital content delivery method executed by a digital content delivery device according to a first embodiment of the present invention.

FIG. 2 is an explanatory diagram showing a digital content delivery method executed by a digital content delivery device according to a second embodiment of the present invention.

[Explanation of symbols]

S: server, N: user, Na: decoding processing area.

Claims (14)

[Claims] A first encryption unit for encrypting the digital content; a first delivery unit for delivering the digital content encrypted by the first encryption unit to a user; and a unit number assigned to the user. Unit key giving means for giving the user a unit key obtained by encrypting the user with a server key set on the server side, receiving means for receiving the unit number from the user, and receiving by the receiving means Calculating the unit number by using the server key to obtain the unit key, and restoring the digital content encrypted by the first encryption unit to the original digital content based on the unit key. A second encryption unit for encrypting the session key; Digital content delivery apparatus, characterized in that it comprises a second delivery means for delivering the encrypted session key to the user, the Te. A first encryption unit for encrypting the digital content; a first delivery unit for delivering the digital content encrypted by the first encryption unit to a user; Setting means for setting a first private key and a first public key, and setting the first public key, a paired second secret key and a second public key for the user, and the first public key Receiving means for receiving the second public key encrypted by the first public key, and decrypting the encrypted second public key received by the receiving means with the first private key, thereby obtaining the second public key. And encrypting a session key for restoring the digital content encrypted by the first encryption means to the original digital content based on the second public key. Second encryption means for digital content delivery apparatus characterized by having a second delivery means for delivering the session key encrypted to the user by the second encryption unit. 3. The digital content delivery device according to claim 1, wherein the first delivery means and the second delivery means deliver using different types of media. 4. The digital content delivery device according to claim 3, wherein at least one of said first delivery means and said second delivery means delivers using a communication means. 5. The digital content delivery device according to claim 4, wherein said communication means includes the Internet. 6. The digital content delivery device according to claim 3, wherein said first delivery means delivers using a digital broadcasting means. 7. At least one of the first delivery means and the second delivery means is means for storing data to be delivered on a recording medium, and the recording medium is delivered using a distribution means. The digital content delivery device according to claim 1 or 2, wherein 8. A first encryption step for encrypting digital content, a first delivery step for delivering the digital content encrypted by the first encryption step to a user, and a unit number assigned to the user A unit key providing step for giving the user a unit key obtained by encrypting with a server key set on the server side; a receiving step for receiving the unit number from the user; Calculating the unit number by using the server key to obtain the unit key, and restoring the digital content encrypted by the first encryption unit to the original digital content based on the unit key. A second encryption step for encrypting the session key When digital content delivery method characterized in that it comprises a second delivery step of delivering the session key encrypted to the user by the second encryption step. 9. A first encrypting step for encrypting the digital content, a first delivering step for delivering the digital content encrypted by the first encrypting step to a user, and a first paired with the server. Setting a first secret key and a first public key, setting the user with the first public key, a pair of a second secret key and a second public key, and setting the first public key. Receiving the second public key encrypted by the first public key, decrypting the encrypted second public key received by the receiving step with the first secret key, And restoring the digital content encrypted by the first encryption step to the original digital content based on the second public key Digital content distribution method, comprising: a second encryption step of encrypting a session key for encrypting a session key; and a second distribution step of delivering the session key encrypted by the second encryption step to a user. . 10. The digital content delivery method according to claim 8, wherein the first delivery step and the second delivery step deliver using different types of media. 11. The digital content delivery method according to claim 10, wherein at least one of said first delivery step and said second delivery step is delivered using communication means. 12. The digital content delivery device according to claim 11, wherein said communication means includes the Internet. 13. The digital content delivery device according to claim 10, wherein the first delivery step delivers the content using digital broadcasting means. 14. At least one of the first delivery step and the second delivery step is a step of storing data to be delivered on a recording medium, and the recording medium is delivered using a physical distribution means. The digital content delivery method according to claim 1 or 2, wherein: