JP2004110770A - Content delivery system and data communication control device - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a content delivery system for suppressing the transmission of a content to a device possible having the potential to break through the copyright protection of the content. <P>SOLUTION: In the content delivery system 1, the content includes content additional information according to properties, and a data communication control device 40 stores a determination table in which the content additional information is made to correspond to the device ID of a client device which can transmit the content having this content additional information. The data communication control device 40 determines the propriety of the transmission of the content to each client device by use of the determination table, and suppresses the transmission of the content when the transmission is determined to be improper. <P>COPYRIGHT: (C)2004,JPO

Description

[0001]
BACKGROUND OF THE INVENTION
The present invention relates to a content delivery technique for transmitting and receiving content between devices connected to a home network.
[0002]
[Prior art]
In recent years, businesses that record and distribute content such as movies and music on DVDs and CDs, and distribute via the Internet or broadcasting satellites have become widespread. The content distributed from the vendor to the user has a copyright, and from the viewpoint of protecting the copyright of the content, the vendor needs to manage the content so that the user does not deviate from the usage right given.
[0003]
Non-Patent Document 1 discloses DTCP (Digital Transmission Content Protection). DTCP is a mutual authentication system between devices connected by an IEEE 1394 high-speed serial bus. According to this technology, a device that has the right to use content has a secret key, performs mutual authentication between the devices using the secret key, and transmits and receives content using a key shared by authentication. Even if the device is connected to the home network, the device that does not have a valid right cannot use the content.
[0004]
[Non-Patent Document 1] 5C Digital Transmission Content Protection White Paper (Revision 1.0 July 14, 1998)
[0005]
[Problems to be solved by the invention]
On the other hand, many contents are provided to users. Among these contents, there are high-value contents in which usage rights indicating the number of times of copying are set. The high value content is, for example, a digital high-quality video or a movie that has just been released. When such high-value content is distributed to a PC (Personal Computer) in the home, the PC decrypts and rewrites the usage right, and has the possibility of using the high-value content outside the given right. Therefore, it is desired to suppress transmission of high value content to a PC.
[0006]
[Means for Solving the Problems]
In order to solve the above problems, an object of the present invention is to provide a content delivery system that suppresses transmission of content to a device that has a possibility of breaking through copyright protection of the content.
In order to achieve the above object, the present invention is a content delivery system for transmitting content from a transmitting device to a receiving device classified into a category via a routing device, and includes additional information related to the use of the content A determination table including a transmitting device that transmits content and a device identifier of the receiving device to the routing device, and additional information and a device identifier of the receiving device that belongs to a category that can use the content having the additional information. Storing the content and the device identifier from the transmission device, selecting a determination table having additional information that matches the additional information included in the received content, and the device identifier is included in the selected determination table. It is determined whether or not it is included, and if it is included, the content is transmitted to the receiving device. Transmission and suppress routing device of the content to the receiving device when not, characterized in that it is composed of a receiving apparatus for receiving a content transmitted from the routing device.
[0007]
The present invention also provides a content delivery system for transmitting content from a transmitting device to a receiving device classified into a category through a routing device, wherein the content including additional information related to the use of the content and a destination address are A transmission device that transmits to the routing device, an address conversion table that associates a device identifier of the reception device with a network address, and a reception device that belongs to a category that can use additional information and content having the additional information. A determination table composed of device identifiers is stored, the content and the transmission destination address are received from the transmission device, and a device identifier corresponding to the received transmission destination address is obtained from the address conversion table and received. A format having additional information that matches the additional information included in the content. A table is selected, it is determined whether or not the device identifier is included in the selected determination table, and if it is included, the content is transmitted to the receiving device; otherwise, the content to the receiving device is transmitted. It is comprised from the routing apparatus which suppresses transmission of this, and the receiver which receives the content transmitted from the said routing apparatus.
[0008]
DETAILED DESCRIPTION OF THE INVENTION
<< First Embodiment >>
As a first embodiment according to the present invention, a content delivery system 1 will be described with reference to the drawings.
<Configuration>
FIG. 1 is a configuration diagram showing the configuration of the content delivery system 1. As shown in FIG. 1, the content delivery system 1 includes a broadcast receiving device 10, a TV (Television) 20, a PC (Personal Computer) 30, a data communication control device 40, a table update server 50, and a broadcasting device 60.
[0009]
In FIG. 1, a broadcast receiving device 10, a TV 20, a PC 30, and a data communication control device 40 that are surrounded by a broken line are devices that exist in the home of a user who views content. Each of the broadcast receiving device 10, the TV 20, and the PC 30 is connected to the data communication control device 40 via a LAN cable, and communicates with the data communication control device 40. The table update server 50 and the broadcast device 60 are devices that exist in the center that provides the content. The table update server 50 is connected to the data communication control device 40 via the Internet 70. Broadcast content via satellite 80.
[0010]
Hereinafter, each device will be described in detail.
1. Broadcast receiving apparatus 10
The broadcast receiving device 10 receives and stores content broadcast from the broadcasting device 60 via the broadcasting satellite 80. In addition, the broadcast receiving apparatus 10 plays the role of a server apparatus that provides content at home, and is connected to the data communication control apparatus 40 via a LAN cable. The TV 20 or the PC 30 is connected via the data communication control apparatus 40. In response to the content reproduction request received from, the content is transmitted to the data communication control device 40.
[0011]
FIG. 2 is a block diagram illustrating a configuration of the broadcast receiving apparatus 10. As shown in the figure, the broadcast receiving apparatus 10 includes a receiving unit 101, a processing unit 102, a content storage unit 103, a control unit 104, an encryption unit 105, a communication unit 106, and a storage unit 107.
(1) Receiving unit 101
The receiving unit 101 includes an antenna, and receives a digital broadcast wave broadcast from the broadcast device 60 via the broadcast satellite 80 via the antenna. The receiving unit 101 extracts a packet constituting the content from the received digital broadcast wave, and outputs the extracted packet to the processing unit 102 in order.
[0012]
(2) Processing unit 102
The processing unit 102 receives packets in order from the reception unit 101, generates assembled content from the received packets, and stores the generated content in the content storage unit 103.
(3) Content storage unit 103
The content storage unit 103 is specifically a hard disk unit, and stores the content output from the processing unit 102.
[0013]
Content 150 illustrated in FIG. 3 is an example of content stored in the content storage unit 103. As shown in the figure, the content 150 includes header information, content information, and a termination code. Further, the header information includes a content ID 151, right information 152, content additional information 154, header information data size, and the like.
[0014]
The content ID is a symbol used to uniquely identify the content, and the content ID 151 of the encrypted content 150 is “Program.01”.
The right information describes the type of content and copy control information. Specifically, the content type is either “High Value” or “Free”, and the copy control information is “Copy Free”, “Copy Once”, “Copy No more”, or “Copy Never”. It is. In the right information 152 of the encrypted content 150, the content type is “High Value”, and the copy control information is “Copy Never”.
[0015]
The content additional information is information used for determining whether delivery is possible when delivering to a device in the home via a LAN cable. It is set to any one of “0”, “1”, and “2”. The content additional information 154 of the content 150 is “2”. Details of the content additional information will be described later.
The header information data size indicates the data length of the header information in bytes. Note that the header information data size is not specified in FIG.
[0016]
The content information is data of the main content. The end code is a predetermined bit string indicating the end of the content.
(4) Control unit 104
The control unit 104 includes a CPU, a ROM, a RAM, and the like. The control unit 104 controls the broadcast receiving apparatus 10 as a whole when the CPU executes a computer program recorded in the ROM.
[0017]
The control unit 104 receives a content reproduction request from the data communication control device 40 via the communication unit 106. The control unit 104 reads the content ID included in the received content reproduction request, and reads the content including the same content ID from the content storage unit 103. The control unit 104 outputs the read content to the encryption unit 105.
[0018]
The control unit 104 receives the encrypted content from the encryption unit 105 and outputs the received encrypted content to the communication unit 106.
(5) Encryption unit 105
The encryption unit 105 includes a CPU, ROM, RAM, and the like, and stores a content key KC therein. The content key KC stored in the encryption unit 105 is shared with the data communication control device 40 by storing in the ROM in advance.
[0019]
The encryption unit 105 receives content from the control unit 104, and generates encrypted content from the received content as shown below.
The encryption unit 105 detects the start position of the content information by looking at the header information data size included in the content header information. The encryption unit 105 uses the content key KC as the encryption key from the start position of the content information and applies the encryption algorithm E1 to generate encrypted content information. The encryption unit 105 performs encryption processing on the content information until the end code is detected. The encryption algorithm E1 is specifically DES.
[0020]
As described above, the encryption unit 105 generates encrypted content including header information, encrypted content information, and a termination code, and outputs the generated encrypted content to the control unit 104.
(6) Communication unit 106
The communication unit 106 is a LAN connection unit including an IEEE 1394 connector.
[0021]
The communication unit 106 connects the device ID “IDC” and the certificate “CIDC” stored in the storage unit 197 when starting the network connection by connecting to the data communication control device 40 via the LAN cable. The read device ID “IDC” and certificate “CIDC” are transmitted to the data communication control device 40. This process is performed only when the broadcast receiving apparatus 10 is connected to the data communication control apparatus 40 for the first time.
[0022]
The communication unit 106 receives the network address “IPC” from the data communication control device 40 and stores the received network address “IPC” in the storage unit 107. The network address “IPC” is specifically an IP address.
The communication unit 106 receives the encrypted content from the control unit 104, divides the received encrypted content into packets, and transmits the divided packets to the data communication control device 40 in order.
[0023]
(7) Storage unit 107
The storage unit 107 is connected to the communication unit 106 and stores a network address “IPC”, a device ID “IDC”, and a certificate “CIDC”. The network address “IPC” is an IP address transmitted from the data communication control device 40 when the broadcast receiving device 10 is connected to the data communication control device 40 as described above. The device ID “IDC” is a MAC address assigned to the network interface card (NIC) at the time of manufacture. The certificate “CIDC” is data issued by a certificate issuing organization used for authenticating the device ID “IDC”.
[0024]
The device ID “IDC” and the certificate “CIDC” are stored at the OS level or the BIOS level in order to prevent tampering by the user.
2. TV20
The TV 20 is a device that decodes and reproduces content, and is specifically a computer system including a microprocessor, ROM, RAM, LAN connection unit, and the like.
[0025]
FIG. 4 is a block diagram showing the configuration of the TV 20. As shown in the figure, the TV 20 includes a communication unit 201, a storage unit 202, an input unit 203, a control unit 204, a decoding unit 205, an audio decoder 206, a video decoder 207, a speaker 208, and a monitor 209.
(1) Communication unit 201
The communication unit 201 is a LAN connection unit including an IEEE 1394 connector.
[0026]
The communication unit 201 connects the device ID “IDA” and the certificate “CIDA” stored in the storage unit 202 when starting network connection by connecting to the data communication control device 40 via a LAN cable. The read device ID “IDA” and the certificate “CIDA” are transmitted to the data communication control device 40. This process is performed only when the TV 20 is connected to the data communication control device 40 for the first time.
[0027]
The communication unit 201 receives the network address “IPA” from the data communication control device 40 and stores the received network address “IPA” in the storage unit 202. The network address “IPA” is specifically an IP address.
The communication unit 201 receives the content reproduction request and the network address “IPA” output from the control unit 204, and transmits the received content reproduction request and the network address “IPA” to the data communication control device 40.
[0028]
Further, the communication unit 201 receives the encrypted content divided into packets from the data communication control device 40, and outputs the received encrypted content to the decryption unit 205.
(2) Storage unit 202
The storage unit 202 is connected to the communication unit 201 and stores a network address “IPA”, a device ID “IDA”, and a certificate “CIDA”. The network address “IPA” is an IP address transmitted from the data communication control device 40 when the TV 20 is connected to the data communication control device 40 as described above. The device ID “IDA” is composed of a MAC address assigned at the time of NIC (network interface card) manufacture and category information indicating the category of the device. The MAC address includes a manufacturer code unique to the NIC, a product number, and the like. The category information is information indicating the copyright protection function level of the device. Specifically, the category information is “2”. The certificate “CIDA” is data issued by a certificate issuing authority used for authenticating the validity of the device ID “IDA”.
[0029]
The device ID “IDA” and the certificate “CIDA” are stored at the OS level or the BIOS level in order to prevent tampering by the user.
(3) Input unit 203
Specifically, the input unit 203 is a user interface including buttons and the like. When the user operates a button or the like, the input unit 203 generates an input signal corresponding to the operation, and outputs the generated input signal to the control unit 204.
[0030]
When the user's button operation indicates a content playback request, the input unit 203 generates a content playback request including the content ID as an input signal, and outputs the generated content playback request to the control unit 204.
(4) Control unit 204
The control unit 204 includes a CPU, a ROM, a RAM, and the like. The control unit 204 controls the entire TV 20 when the CPU executes a computer program recorded in the ROM.
[0031]
The control unit 204 receives an input signal from the input unit 203 and performs processing according to the received input signal. Upon receiving a content reproduction request including a content ID as an input signal from the input unit 203, the control unit 204 reads out the network address “IPA” stored in the storage unit 202, and reproduces the read network address “IPA” and the content. Both the request and the request are transmitted to the data communication control device 40 via the communication unit 201.
[0032]
(5) Decoding unit 205
The decryption unit 205 includes a CPU, ROM, RAM, and the like, and stores a device key KA therein.
The decryption unit 205 receives the encrypted content from the communication unit 201, and decrypts the received encrypted content into content as described below.
[0033]
The decrypting unit 205 looks at the header information data size included in the header information of the encrypted content, and detects the start position of the encrypted content information. The decryption unit 205 decrypts the content information from the start position of the encrypted content information by using the device key KA as the decryption key for the encrypted content information and applying the decryption algorithm D2. The decrypting unit 205 decrypts the encrypted content information until the end code is detected. The decryption algorithm D2 is an algorithm for decrypting data encrypted by the encryption algorithm E2, and is specifically DES.
[0034]
The decoding unit 205 separates the decoded content information into an audio stream and a video stream, outputs the audio stream to the audio decoder 206, and outputs the video stream to the video decoder 207.
(6) Audio decoder 206
The audio decoder 206 receives the audio stream from the decoding unit 205, expands the received audio stream into an audio signal, and outputs the expanded audio signal to the speaker 208.
[0035]
(7) Video decoder 207
The video decoder 207 receives the video stream from the decoding unit 205, expands the received video stream into a video signal, and outputs the expanded video signal to the monitor 209.
3. PC30
The PC 30 is a personal computer system that includes a microprocessor, ROM, RAM, a hard disk unit, a display unit, a keyboard, a mouse, a LAN connection unit, and the like.
[0036]
FIG. 5 is a block diagram showing the configuration of the PC 30. As shown in the figure, the PC 30 includes a communication unit 301, a storage unit 302, an input unit 303, a control unit 304, an audio decoder 305, a video decoder 306, a speaker 307, and a monitor 308.
(1) Communication unit 301
The communication unit 301 is a LAN connection unit including an IEEE 1394 connector.
[0037]
The communication unit 301 connects the device ID “IDB” and the certificate “CIDB” stored in the storage unit 302 when starting network connection by connecting to the data communication control device 40 via a LAN cable. The read device ID “IDB” and the certificate “CIDB” are transmitted to the data communication control device 40. This process is performed only when the PC 30 is connected to the data communication control device 40 for the first time.
[0038]
The communication unit 301 receives the network address “IPB” from the data communication control device 40 and stores the received network address “IPB” in the storage unit 302. The network address “IPB” is specifically an IP address.
The communication unit 301 receives the content reproduction request and the network address “IPB” from the control unit 304, and transmits the received content reproduction request and the network address to the data communication control device 40.
[0039]
In addition, the communication unit 301 receives the encrypted content divided into packets from the data communication control device 40, and outputs the received encrypted content to the control unit 304.
(2) Storage unit 302
The storage unit 302 is connected to the communication unit 301 and stores a network address “IPB”, a device ID “IDB”, and a certificate “CIDB”. The network address “IPB” is an IP address transmitted from the data communication control device 40 when the PC 30 is connected to the data communication control device 40 as described above. The device ID “IDB” includes a MAC address assigned at the time of NIC (network interface card) manufacture and category information indicating a category of the device. The MAC address includes a manufacturer code unique to the NIC, a product number, and the like. The category information is information indicating the copyright protection function level of the device. Specifically, the category information is “1”. The certificate “CIDB” is data issued by a certificate issuing organization used for authenticating the device ID “IDB”.
[0040]
The device ID “IDB” and the certificate “CIDB” are stored at the OS level or the BIOS level in order to prevent tampering by the user.
(3) Input unit 303
Specifically, the input unit 303 is a user interface including a keyboard, a mouse, and the like. When the user operates a keyboard, mouse, or the like, the input unit 303 generates an input signal corresponding to the operation, and outputs the generated input signal to the control unit 304.
[0041]
When the user's button operation indicates a content playback request, the input unit 303 generates a content playback request including the content ID as an input signal, and outputs the generated content playback request to the control unit 304.
(4) Control unit 304
The control unit 304 includes a CPU, ROM, RAM, HDD, and the like. The control unit 304 controls the entire PC 30 when the CPU executes a computer program recorded in the ROM or the HDD.
[0042]
The control unit 304 receives an input signal from the input unit 303 and performs processing according to the received input signal. Upon receiving a content reproduction request including a content ID as an input signal from the input unit 303, the control unit 304 reads out the network address “IPB” stored in the storage unit 302, and reproduces the read network address “IPB” and the content. Both the request and the request are transmitted to the data communication control device 40 via the communication unit 301.
[0043]
Further, the control unit 304 stores a device key KB therein. The device key KB is a decryption key used for decrypting the encrypted content when the PC 30 receives the encrypted content from the data communication control device 40.
When receiving the encrypted content including the encrypted content information obtained by encrypting the content information with the device key KB from the data communication control device 40, the control unit 304 decrypts the content as described below.
[0044]
The control unit 304 detects the start position of the encrypted content information by looking at the header information data size included in the header information of the encrypted content. From the start position of the encrypted content information, the control unit 304 uses the device key KB as a decryption key for the encrypted content information and applies a decryption algorithm D2 to decrypt the content information. The control unit 304 performs decryption processing on the encrypted content information until the end code is detected, and decrypts the content information. The control unit 304 separates the decoded content information into an audio stream and a video stream, outputs the audio stream to the audio decoder 305, and outputs the video stream to the video decoder 306.
[0045]
(5) Audio decoder 305
The audio decoder 305 receives the audio stream from the control unit 304, expands the received audio stream into an audio signal, and outputs the expanded audio signal to the speaker 307.
(6) Video decoder 306
The video decoder 306 receives the video stream from the control unit 304, expands the received video stream into a video signal, and outputs the expanded video signal to the monitor 308.
[0046]
4). Data communication control device 40
The data communication control device 40 is a device that relays content from the broadcast receiving device 10 to the TV 20 or the PC 30. In addition, the data communication control device 40 is connected to the table update server 50 via the Internet 70, and is connected between the inside of the home network and the outside, and is a secure router that suppresses the transmission of content to the outside network Or a gateway. In response to an instruction from the table update server 50, the determination table stored therein is updated.
[0047]
FIG. 6 is a block diagram showing a configuration of the data communication control device 40. As shown in the figure, the data communication control device 40 includes a communication unit 401, a communication unit 402, a communication unit 403, an authentication unit 404, a decryption unit 405, an encryption unit 406, a communication control unit 407, and a transmission / reception unit 408. .
(1) Communication unit 401, communication unit 402, communication unit 403
The communication unit 401 is specifically a LAN connection unit including an IEEE 1394 connector and is connected to the broadcast receiving apparatus 10 via a LAN cable. When the communication unit 401 starts connection with the broadcast receiving device 10, the communication unit 401 receives the device ID “IDC” and the certificate “CIDC” from the broadcast receiving device 10, and receives the received device ID “IDC” and certificate “CIDC”. Is output to the communication control unit 407. In addition, the communication unit 401 transmits the network address “IPC” output from the communication control unit 407 to the broadcast receiving apparatus 10. Further, the communication unit 401 receives the content reproduction request and the network address transmitted from the TV 20 or the PC 30 via the communication control unit 407, and transmits the received content reproduction request and the network address to the broadcast receiving apparatus 10.
[0048]
The communication unit 402 has the same configuration and function as the communication unit 401 and is connected to the TV 20 via a LAN cable. When the communication unit 402 starts connection with the TV 20, the communication unit 402 receives the device ID “IDA” and the certificate “CIDA” from the TV 20, and sends the received device ID “IDA” and certificate “CIDA” to the communication control unit 407. Output. In addition, the communication unit 402 transmits the network address “IPA” output from the communication control unit 407 to the TV 20. Further, the communication unit 402 receives the content reproduction request and the network address “IPA” from the TV 20, and outputs the received content reproduction request and the network address “IPA” to the communication unit 401 via the communication control unit 407.
[0049]
In addition, the communication unit 402 divides the encrypted content output from the communication control unit 407 into packets, and sequentially transmits the divided packets to the TV 20.
The communication unit 403 has the same configuration and function as the communication unit 401 and the communication unit 402, and is connected to the PC 30 via a LAN cable. When starting the connection with the PC 30, the communication unit 403 receives the device ID “IDB” and the certificate “CIDB” from the PC 30, and sends the received device ID “IDB” and the certificate “CIDB” to the communication control unit 407. Output. In addition, the communication unit 403 transmits the network address “IPB” output from the communication control unit 407 to the PC 30. The communication unit 403 receives the content reproduction request and the network address “IPB” from the PC 30, and outputs the received content reproduction request and the network address “IPB” to the communication unit 401 via the communication control unit 407. Further, the communication unit 403 divides the encrypted content output from the communication control unit 407 into packets, and sequentially transmits the divided packets to the PC 30.
[0050]
(2) Authentication unit 404
Specifically, the authentication unit 404 includes a CPU, a ROM, a RAM, and the like. The authentication unit 404 receives the device ID and certificate from the communication control unit 407.
The device ID is composed of a MAC address assigned at the time of NIC (network interface card) manufacture and category information indicating the category of the device. The MAC address includes a manufacturer code unique to the NIC, a product number, and the like. The category information is information indicating the copyright protection function level of the device. Specifically, the category information is “1” or “2”. “1” indicates that the copyright protection level is low, and “2” indicates that the copyright protection level is high. As a specific example, the category information included in the device ID of the broadcast receiving apparatus 10 is “2”. The category information included in the device ID of the TV 20 is “2”. The category information included in the device ID of the PC 30 is “1”.
[0051]
The certificate is data in which the device ID, the NIC manufacturer, the certificate issuing organization name, and the serial number are digitally signed by the certificate issuing organization.
The authentication unit 404 receives the device ID “IDC” and the certificate “CIDC” transmitted from the broadcast receiving apparatus 10 via the communication unit 401 and the communication control unit 407. The authentication unit 404 uses the certificate “CIDC” to authenticate whether the device ID “IDC” is correct. When it is authenticated that the device ID “IDC” is correct, the authentication unit 404 outputs the device ID “IDC” to the communication control unit 407 together with a signal indicating that the device ID is authenticated.
[0052]
The authentication unit 404 receives the device ID “IDA” and the certificate “CIDA” transmitted from the TV 20 via the communication unit 402 and the communication control unit 407. The authentication unit 404 uses the certificate “CIDA” to authenticate whether the device ID “IDA” is correct. When it is authenticated that the device ID “IDA” is correct, the authentication unit 404 outputs the device ID “IDA” to the communication control unit 407 together with a signal indicating that the device ID is authenticated.
[0053]
The authentication unit 404 receives the device ID “IDB” and the certificate “CIDB” transmitted from the PC 30 via the communication unit 403 and the communication control unit 407. The authentication unit 404 uses the certificate “CIDB” to authenticate whether the device ID “IDB” is correct. When it is authenticated that the device ID “IDB” is correct, the authentication unit 404 outputs the device ID “IDB” to the communication control unit 407 together with a signal indicating that the device ID is authenticated.
[0054]
If the authentication unit 404 determines that the device ID received from the communication control unit 407 is an unauthorized device ID as a result of authentication, the authentication unit 404 discards the device ID and certificate.
(3) Decoding unit 405
The decryption unit 405 includes a CPU, ROM, RAM, and the like, and stores a content key KC therein. The content key KC stored in the decryption unit 405 is shared with the broadcast receiving apparatus 10 by storing in the ROM in advance.
[0055]
The decryption unit 405 receives the encrypted content and the destination device ID from the broadcast receiving device 10 via the communication unit 401 and the communication control unit 407. The decryption unit 405 looks at the header information data size included in the received header information of the encrypted content, and detects the start position of the encrypted content information. The decryption unit 405 decrypts the content information from the start position of the encrypted content information by using the content key KC as the decryption key for the encrypted content information and applying the decryption algorithm D1. The decryption unit 405 performs decryption processing on the encrypted content information until an end code is detected. Subsequently, the decryption unit 405 outputs the decrypted content and the transmission destination device ID to the encryption unit 406.
[0056]
(4) Encryption unit 406
The encryption unit 406 includes a CPU, ROM, RAM, and the like, and stores a device key KA and a device key KB therein. The device key KA is key information used as an encryption key when transmitting content to the TV 20, and the device key KB is key information used as an encryption key when transmitting content to the PC 30.
[0057]
The encryption unit 406 stores the device key KA and the device ID “IDA” of the TV 20 in association with each other and the device key KB and the device ID “IDB” of the PC 30 in association with each other.
The encryption unit 406 receives the content and the destination device ID from the decryption unit 405. The encryption unit 406 determines the received transmission destination device ID. When the transmission destination device ID is “IDA”, the encryption unit 406 generates encrypted content information by applying the encryption algorithm E2 to the content information included in the content using the device key KA as the encryption key. The encryption unit 406 outputs the encrypted content including the header information, the encrypted content information, and the end code and the transmission destination device ID to the communication control unit 407.
[0058]
When the destination device ID is “IDB”, the encryption unit 406 generates encrypted content information by applying the encryption algorithm E2 to the content information using the device key KB as an encryption key. The encryption unit 406 outputs the encrypted content including the header information, the encrypted content information, and the end code and the transmission destination device ID to the communication control unit 407.
[0059]
(5) Communication control unit 407
The communication control unit 407 includes a CPU, a ROM, a RAM, and the like. The communication control unit 407 controls the entire data communication control device 40 when the CPU executes a computer program recorded in the ROM.
(Create address translation table)
Upon receiving the device ID and certificate from each of the communication unit 401, the communication unit 402, and the communication unit 403, the communication control unit 407 outputs the received device ID and certificate to the authentication unit 404.
[0060]
Upon receiving the signal indicating that the certificate has been authenticated and the device ID “IDC” from the authentication unit 404, the communication control unit 407 transmits the network ID “IPC” to the broadcast receiving apparatus 10 identified by the device ID “IDC”. Assign. The communication control unit 407 associates the network address “IPC” with the device ID “IDC” and stores them in the address conversion table. Similarly, upon receiving the signal indicating that the certificate has been authenticated and the device ID “IDA” from the authentication unit 404, the communication control unit 407 transmits the network ID “IPA” to the TV 20 identified by the device ID “IDA”. Assign. The communication control unit 407 associates the network address “IPA” with the device ID “IDA” and stores them in the address conversion table. Similarly, upon receiving a signal indicating that the certificate has been authenticated and the device ID “IDB” from the authentication unit 404, the communication control unit 407 transmits the network ID “IPB” to the PC 30 identified by the device ID “IDB”. Assign. The communication control unit 407 associates the network address “IPB” with the device ID “IDB” and stores them in the address conversion table.
[0061]
FIG. 7 is a diagram of the address conversion table 420 generated as described above. When receiving a content transmission request from the TV 20 and the PC 30, the communication control unit 407 determines whether or not content transmission is possible using the address conversion table 420 and a determination table described later.
The network addresses “IPA”, “IPB”, and “IPC” are specifically IP addresses, and an example of an IP address assignment method is DHCP (Dynamic Host Configuration Protocol). For DHCP, see A. S. It is described in detail by Tannenbaum, translated by Tadanori Mizuno et al., "Computer Network 3rd Edition" Pearson Education.
[0062]
The communication control unit 407 performs the above processing when another device is connected to the communication unit of the data communication control device 40.
(Creation table creation)
The communication control unit 407 stores a determination table A and a determination table B in which no data is written in advance. The communication control unit 407 writes the device ID in the determination table A, the determination table B, or the determination table every time a device is connected to the data communication control device 40 via a LAN cable.
[0063]
Upon receiving a signal indicating that the certificate has been authenticated and the device ID “IDC” from the authentication unit 404, the communication control unit 407 reads the category information included in the device ID “IDC”. The communication control unit 407 writes the device ID “IDC” in the determination table A when the category information is “1”, and writes the device ID “IDC” in the determination table A and the determination table B when the category information is “2”. "Is written.
[0064]
Similarly, upon receiving a signal indicating that the certificate has been authenticated and the device ID “IDA” from the authentication unit 404, the communication control unit 407 reads the category information included in the device ID “IDA”. When the category information is “1”, the communication control unit 407 writes the device ID “IDA” in the determination table A. When the category information is “2”, the communication control unit 407 stores the device ID “IDA” in the determination table A and the determination table B. "Is written. Further, similarly, upon receiving a signal indicating that the certificate has been authenticated and the device ID “IDB” from the authentication unit 404, the communication control unit 407 reads the category information included in the device ID “IDB”. When the category information is “1”, the communication control unit 407 writes the device ID “IDB” in the determination table A. When the category information is “2”, the communication control unit 407 stores the device ID “IDB” in the determination table A and the determination table B. "Is written.
[0065]
The determination table A created as described above is the determination table A430 shown in FIG. As shown in the figure, the determination table A 430 includes content additional information “1” and device IDs of devices that can transmit. According to this, it is understood that the content having the content additional information “1” can be transmitted to the device having the device ID “IDA”, the device ID “IDB”, and the device ID “IDC”. Similarly, the determination table B created as described above is a determination table B440 shown in FIG. As shown in the figure, the determination table B 440 includes content additional information “2” and device IDs of devices that can be transmitted. According to this, it is understood that the content having the content additional information “2” can be transmitted to the device having the device ID “IDA” and the device ID “IDC”.
[0066]
(Content playback request transfer)
When the communication control unit 407 receives the content reproduction request and the network address “IPA” from the TV 20 via the communication unit 402, the communication control unit 407 receives the received content reproduction request and the network address “IPA” via the communication unit 401. Transmit to device 10. When the communication control unit 407 receives the content reproduction request and the network address “IPB” from the PC 30 via the communication unit 403, the communication control unit 407 transmits the received content reproduction request and the network address “IPB” via the communication unit 401. Transmit to the broadcast receiver 10.
[0067]
(Judgment)
When the communication control unit 407 receives the encrypted content and the transmission destination address from the broadcast receiving apparatus 10 via the communication unit 401, the communication control unit 407 transmits the encrypted content to the device corresponding to the transmission destination address as follows. It is determined whether or not it is possible.
[0068]
The communication control unit 407 reads the address conversion table stored therein, and reads the device ID corresponding to the transmission destination address received from the broadcast receiving apparatus 10. The communication control unit 407 reads content additional information included in the header information of the encrypted content received from the broadcast receiving device 10.
When the read content additional information is “1”, the communication control unit 407 reads the determination table A430 stored therein. The communication control unit 407 determines whether or not the device ID is included in the determination table A430. When the device ID is included in the determination table A430, the communication control unit 407 transmits the encrypted content to the device corresponding to the device ID. The encrypted content and the device ID are sent to the decryption unit 405. If the determination table A430 does not include the device ID, the communication control unit 407 determines that it is impossible to transmit the encrypted content to a device corresponding to the device ID, and the encrypted content and the transmission destination Discard the address.
[0069]
When the read content additional information is “2”, the communication control unit 407 reads the determination table B440 stored therein. The communication control unit 407 determines whether or not the device ID is included in the determination table B440 as before, and if the device ID is included in the determination table B440, the encrypted content corresponds to the device ID. The encrypted content and the device ID are sent to the decrypting unit 405. If the determination table A430 does not include the device ID, the communication control unit 407 determines that it is impossible to transmit the encrypted content to a device corresponding to the device ID, and the encrypted content and the transmission destination Discard the address.
[0070]
When the read content additional information is “0”, the communication control unit 407 sends the encrypted content information and the device ID to the decryption unit 405 without referring to the determination table.
As a specific example, the communication control unit 407 receives and transmits encrypted content obtained by encrypting the content 150 illustrated in FIG. 3 using the content key KC as an encryption key from the broadcast receiving device 10 via the communication unit 401. Consider a case where “IPA” is received as the destination address. The communication control unit 407 reads the address conversion table 420 stored therein, and determines that the device ID of the device corresponding to the transmission destination address “IPA” is “IDA”. Subsequently, the communication control unit 407 reads the content additional information included in the header information and determines that the content additional information of the content 150 is “2”. Next, the communication control unit 407 reads the determination table B440 corresponding to the content additional information “2”, and the device ID “IDA” is included in the determination table B440. It is determined that it can be transmitted to.
[0071]
On the other hand, the communication control unit 407 receives the encrypted content obtained by encrypting the content 150 shown in FIG. 3 using the content key KC as the encryption key from the broadcast receiving device 10 via the communication unit 401, and the transmission destination address. Assuming that “IPB” is received as The communication control unit 407 reads the address conversion table 420 stored therein, and determines that the device ID of the device corresponding to the transmission destination address “IPB” is “IDB”. Subsequently, the communication control unit 407 reads the content additional information included in the header information, and determines that the content additional information 154 of the content 150 is “2”. Next, the communication control unit 407 reads the determination table B440 corresponding to the content additional information “2”, and since the device ID “IDB” is not included in the determination table B440, the content 150 has the device ID “IDB”. It is determined that transmission to the device is impossible.
[0072]
In the above determination process, the communication control unit 407 accumulates and accumulates packets received from the broadcast receiving apparatus 10 via the communication unit 401 in order to determine content additional information included in the header information of the encrypted content. The content additional information is determined from the received packet. When the determination of the content additional information is completed, the communication control unit 407 ends the accumulation of packets, and sequentially outputs the packets to the decoding unit 405 or discards the packets.
[0073]
(Content transmission)
The communication control unit 407 receives the encrypted content and the transmission destination device ID from the encryption unit 406. The communication control unit 407 selects the communication unit to which the device identified by the transmission destination device ID is connected, and transmits the encrypted content to the device having the transmission destination device ID via the selected communication unit.
[0074]
(Update judgment table)
The communication control unit 407 is connected to the table update server 50 via the transmission / reception unit 408 and the Internet 70, and is stored in the communication control unit 407 from the table update server 50 via the Internet 70 and the transmission / reception unit 408. When an instruction to update the determination table is received, the determination table is updated by adding or deleting the device ID to the determination table according to the received instruction.
[0075]
(6) Transmission / reception unit 408
The transmission / reception unit 408 is connected to the table update server 50 via the Internet 70, receives a table update instruction from the table update server 50, and outputs the received table update instruction to the communication control unit 407.
5. Table update server 50
The table update server 50 is an apparatus owned by an administrator of content distributed in the content delivery system 1. Specifically, the table update server 50 is a computer system including a CPU, a ROM, a RAM, a hard disk unit, an Internet connection unit, and the like, and controls data communication existing in the content user's home via the Internet 70. The device 40 is connected.
[0076]
The table update server 50 transmits an instruction to update the determination table stored therein by the communication control unit 407 of the data communication control device 40 to the communication control unit 407 via the Internet 70 and the transmission / reception unit 408. Details of the determination table update process will be described later.
6. Broadcasting device 60
The broadcasting device 60 broadcasts the digitized content on the digital broadcasting wave via the broadcasting satellite 80. Specifically, the content is configured by multiplexing video data and audio data.
<Operation>
Below, operation | movement of the content delivery system 1 is demonstrated using a flowchart.
[0077]
1. Device ID registration process
FIG. 9 is a flowchart showing the operation of the device ID registration process when the broadcast receiving apparatus 10 or the TV 20 or the PC 30 is connected to the home network by being connected to the data communication control apparatus 40 for the first time.
The broadcast receiving device 10 or the TV 20 or the PC 30 reads out the device ID and certificate stored therein and transmits them to the data communication control device 40 via the communication unit. The data communication control device 40 passes through the communication unit. The device ID and certificate are received (step S101). Here, the device ID of the broadcast receiving apparatus 10 is “IDC”, and the certificate is “CIDC”. The device ID of the TV 20 is “IDA”, and the certificate is “CIDA”. The device ID of the PC 30 is “IDB”, and the certificate is “CIDB”.
[0078]
The data communication control device 40 authenticates the received certificate (step S102). If the certificate authentication fails (NO in step S103), the data communication control device 40 discards the received device ID and certificate and ends the process. If the certificate authentication is successful (YES in step S103), a network address is assigned (step S105). The data communication control device 40 associates the assigned network address with the device ID and writes them in the address conversion table (step S106). The data communication control device 40 transmits the assigned network address to the broadcast receiving device 10 or the TV 20 or the PC 30, and the broadcast receiving device 10 or the TV 20 or the PC 30 receives the assigned network address (step S107).
[0079]
Subsequently, the data communication control device 40 determines the category information of the received device ID and writes the device ID in the determination table corresponding to the category information (step S108).
2. Content delivery processing
FIG. 10 is a flowchart showing the overall operation of the content delivery system 1 in the content delivery process.
[0080]
The broadcast device 60 broadcasts the digitized content on the digital broadcast wave via the broadcast satellite 80, and the broadcast reception device 10 receives the content via the antenna (step S201) and stores it in the content storage unit 103. Store.
The TV 20 or the PC 30 transmits the content reproduction request including the content ID and the network address stored therein to the broadcast receiving device 10 via the data communication control device 40, and the broadcast receiving device 10 transmits the content reproduction request and the network. The address is received (step S202). Here, the network address of the TV 20 is “IPA”, and the network address of the PC 30 is “IPB”.
[0081]
The broadcast receiving apparatus 10 reads the content having the content ID included in the content reproduction request from the content storage unit 103 and encrypts it using the content key KC (step S203). The broadcast receiving device 10 transmits the encrypted content and the transmission destination address to the data communication control device 40, and the data communication control device 40 receives the encrypted content and the transmission destination address (step S204).
[0082]
The data communication control device 40 determines whether or not the received encrypted content can be transmitted to the received transmission destination address (step S205). As a result of the determination, if transmission is impossible (NO in step S206), the data communication control device 40 discards the encrypted content and the transmission destination address received from the broadcast receiving device 10 (step S207). If the result of determination is that transmission is possible (YES in step S206), the data communication control device 40 decrypts the received encrypted content using the content key KC (step S208). Subsequently, the data communication control device 40 encrypts the decrypted content using a device key shared with the device corresponding to the transmission destination address, the TV 20 or the PC 30 (step S209).
[0083]
The data communication control device 40 transmits the encrypted content encrypted using the device key to the device corresponding to the transmission destination address, the TV 20 or the PC 30, and the TV 20 or the PC 30 receives the encrypted content (step S210). . The TV 20 or the PC 30 decrypts the received encrypted content into content using the device key stored therein (step S211), and reproduces the decrypted content (step S212).
[0084]
3. Operation of judgment processing
FIG. 11 is a flowchart showing an operation of determining whether or not content delivery is possible in the data communication control device 40, and is a detail of step S205 of the flowchart shown in FIG.
The communication control unit 407 of the data communication control device 40 obtains a device ID corresponding to the transmission destination address received from the broadcast receiving device 10 with reference to the address conversion table stored therein (step S301). Subsequently, the communication control unit 407 reads the content additional information from the header information included in the encrypted content received from the broadcast receiving device 10, and determines the value (step S302).
[0085]
If the content additional information is “0” (“0” in step S303), the process proceeds to step S208 in the flowchart shown in FIG. When the content additional information is “1” (“1” in step S303), the communication control unit 407 reads the determination table A stored therein (step S304). When the content additional information is “2” (“2” in step S303), the communication control unit 407 reads the determination table B stored therein (step S305). The communication control unit 407 determines whether the device ID obtained in step S301 is included in the read determination table (step S306). Distribution is possible when the device ID is included in the determination table, and distribution is not possible when the device ID is not included in the determination table.
[0086]
Subsequently, the process proceeds to step S206 in the flowchart shown in FIG.
4). Operation of judgment table update processing
FIG. 12 is a flowchart showing the operation of the determination table update process in the table update server 50 and the data communication control device 40.
[0087]
The table update server 50 transmits update start information I_S indicating start of table update to the data communication control device 40, and the data communication control device 40 receives the update start information I_S (step S401). Subsequently, the data communication control device 40 transmits reception confirmation information I_R indicating that the update start information I_S has been received to the table update server 50, and the table update server 50 receives the reception confirmation information I_R (step S402). .
[0088]
The table update server 50 generates update information (step S403), transmits the generated update information to the data communication control device 40, and the data communication control device 40 receives the update information (step S404). The data communication control device 40 updates the determination table based on the received update information (step S405). When the data communication control device 40 finishes updating the determination table, the data communication control device 40 transmits the update end information I_A to the table update server 50, and the table update server 50 receives the update end information I_A (step S06) and ends the process.
[0089]
<< Second Embodiment >>
A content delivery system 2 will be described with reference to the drawings as a second embodiment of the present invention.
<Configuration>
FIG. 13 is a configuration diagram showing the configuration of the content delivery system 2. As shown in the figure, the content delivery system 2 includes a broadcast receiving device 10a, a TV (Television) 20a, a PC (Personal Computer) 30a, a data communication control device 40a, a table update server 50a, a broadcasting device 60a, and a PDA (Personal Digital). Assistance) 90a.
[0090]
In FIG. 13, a broadcast receiving device 10a, a TV 20a, a PC 30a, and a data communication control device 40a surrounded by a broken line are devices existing in the home of the user who views the content. Each of the broadcast receiving device 10a, the TV 20a, and the PC 30a is connected to the data communication control device 40a via a LAN cable, and communicates with the data communication control device 40a. The table update server 50a and the broadcast device 60a are devices that exist in a center that provides content, the table update server 50a is connected to the data communication control device 40a via the Internet 70a, and the broadcast device 60a Content is received via the satellite 80a.
[0091]
The PDA 90a is a device owned by the user, and can be connected to the Internet 70a using radio waves even outside the home, and can be connected to the data communication control device 40a via the Internet 70a. Hereinafter, such a device is sometimes referred to as a “remote device”.
Here, the content delivery system 2 will be described with a focus on differences from the content delivery system 1 according to the first embodiment.
[0092]
(Data communication control device 40a)
The data communication control device 40a authenticates each device when the broadcast receiving device 10a, the TV 20a, the PC 30a, and the PDA 90a are connected for the first time. As for the details of the authentication method, authentication is performed using the device ID and certificate transmitted from each apparatus, as in the first embodiment. The data communication control device allocates a network address to the device that has been successfully authenticated, and transmits the network address to each device. The data communication control device 40a distributes the group key KG to devices other than the PC 30a.
[0093]
Here, the network address is the same as in the first embodiment. The group key KG is key data unique to the network. The data communication control device 40a determines whether or not to distribute the group key KG according to the category information included in the device ID of each device. Here, the data communication control device 40a does not transmit the group key KG to the PC 30, and transmits the group key KG to the broadcast receiving device 10a, the TV 20a, and the PDA 90a, but excludes the PC 30a. However, the present invention is not limited to this, and control is performed so that the group key KG is not distributed to a device whose content transmission is to be suppressed.
[0094]
The group key KG may be held in advance by the data communication control device 40a, or may be transmitted from the center side.
The data communication control device 40a creates an address conversion table 500 as shown in FIG. 14 as each device is connected. The address conversion table 500 is a table created by describing a device ID, a network address, a group key flag, and a remote flag for each connected device. The device ID and network address are the same as in the first embodiment, the group key flag is either “0” or “1”, and the group key KG is distributed to the corresponding device. Set to “1”, “0” if the group key KG is not distributed. The remote flag is either “0” or “1”, and is set to “1” when the corresponding device is a remote device and “0” when the corresponding device is not a remote device.
[0095]
Here, the data communication control device 40a may determine whether or not each device is a remote device by using the device ID of each device, or may be configured to determine by another method. The data communication control device 40a may be configured to register only the device that has transmitted the group key KG in the address conversion table.
The data communication control device 40a stores in advance the number of devices that can be registered and the number of group keys KG that can be distributed. For example, the number of devices that can be registered by the data communication control device 40a and the number of group keys KG that can be distributed are eight. The data communication control device 40a decrements the number of group keys KG that can be distributed every time the group key KG is transmitted after a certain device is connected and the device is successfully authenticated. For example, it is assumed that the data communication control device 40a distributes the group key KG to the broadcast receiving device 10a, the TV 20a, and the PDA 90a after authentication. At this time, the number of distributable group keys stored in the data communication control device 40a is “5”. Here, when the device that has received the distribution of the group key KG, for example, the PDA 90a returns the group key KG to the data communication control device 40a, the number of group keys that can be distributed is incremented to “6”. To do.
[0096]
The data communication control device 40a receives the encrypted content obtained by encrypting the content with the group key KG from the broadcast receiving device 10a, and transmits the received encrypted content to the transmission destination device. The accessory device that has received the encrypted content decrypts and reproduces the content using the group key KG.
In addition, the data communication control device 40a periodically checks whether or not communication with the devices registered in the address conversion table 500 is possible. The data communication control device 40a deletes the device that cannot communicate from the address conversion table 500, and transmits a new group key KG1 to the device that can communicate.
[0097]
As described above, the data communication control device 40a sets an expiration date for the group key KG, and updates the group key KG to a new group key KG1 in accordance with periodic communication checks with each device. To distribute.
<Operation>
Here, the operation of the content delivery system 2 will be described.
[0098]
FIG. 15 is a flowchart showing the operation of device ID registration processing when the broadcast receiving device 10a, TV 20a, PC 30a or PDA 90a is connected to the home network by being connected to the data communication control device 40a for the first time.
The broadcast receiving device 10a, the TV 20a, the PC 30a, or the PDA 90a reads the device ID and certificate stored therein and transmits them to the data communication control device 40a. The data communication control device 40a sends the device ID and certificate. Receive (step S501). Here, the device ID of the broadcast receiving apparatus 10a is “IDC”, and the certificate is “CIDC”. The device ID of the TV 20a is “IDA”, and the certificate is “CIDA”. The device ID of the PC 30a is “IDB”, and the certificate is “CIDB”. The device ID of the PDA 90a is “IDE”, and the certificate is “CIDE”.
[0099]
The data communication control device 40a checks the number of registrable devices stored therein and determines whether the number of registrable devices has been exceeded. If the registered number is exceeded (NO in step S502), the received device ID and certificate are discarded (step S505), and the process ends. If the registered number has not been exceeded (YES in step S502), the data communication control device 40a authenticates the received certificate (step S503). If the certificate authentication fails (NO in step S504), the data communication control device 40 discards the received device ID and certificate (step S505) and ends the process. If the certificate authentication is successful (YES in step S504), a network address is assigned (step S506).
[0100]
Subsequently, the data communication control device 40a determines whether the device is the PC 30a from the device ID. If it is PC 30a (YES in step S507), the group key flag is set to “0” (step S509). If it is not PC 30a (NO in step S507), the group key flag is set to “1” (step S508). .
[0101]
Subsequently, the data communication control device 40a determines whether the device is a PDA 90a from the device ID. If it is PDA 90a (YES in step S510), the remote flag is set to “1” (step S512), and if it is not PDA 90a (NO in step S510), the remote flag is set to “0” (step S511).
[0102]
Next, the data communication control device 40a writes the assigned network address, device ID, the set group key flag, and the set remote flag in the address conversion table 500 in association with each other (step S513). The data communication control device 40a transmits the assigned network address to the device. At this time, when the group key flag is “1”, the group key KG and the network address are output, and the group key flag is “ In the case of “0”, only the network address is output (step S514).
[0103]
The broadcast receiving device 10a, the TV 20a, the PC 30a, or the PDA 90a receives the “network address” or “network address and group key KG” (step S515).
FIG. 16 is a flowchart showing the overall operation of the content delivery system 2 in the content delivery process.
[0104]
The broadcast device 60a broadcasts the digitized content on a digital broadcast wave via the broadcast satellite 80a, and the broadcast reception device 10a receives the content via the antenna (step S601) and stores it.
The TV 20a, the PC 30a, or the PDA 90a transmits the content reproduction request including the content ID and the network address stored therein to the broadcast receiving device 10a via the data communication control device 40a. The broadcast receiving device 10a And the network address are received (step S602). Here, the network address of the TV 20a is “IPA”, the network address of the PC 30a is “IPB”, and the network address of the PDA 90a is “IDE”.
[0105]
The broadcast receiving device 10a reads the content having the content ID included in the content reproduction request and encrypts it using the group key KG (step S603). The broadcast receiving device 10a transmits the encrypted content and the transmission destination address to the data communication control device 40a, and the data communication control device 40 receives the encrypted content and the transmission destination address (step S604).
[0106]
The data communication control device 40a transmits the received encrypted content to the received transmission destination address (step S605). The TV 20a, PC 30a, or PDA 90a receives the encrypted content (step S606). When the group key KG is stored therein, the TV 20a, the PC 30a, or the PDA 90a decrypts the content using the group key KG for the received encrypted content (step S607), and reproduces the decrypted content (step S607). Step S608).
[0107]
≪Summary≫
As described above, the present invention is a secure router or home gateway capable of suppressing distribution of high-value content to a PC, and a system including the same.
Each device has category information, and transmits its own category information and MAC address to the secure router when connected to the network. Based on the category information, the secure router can identify whether each device is a PC, a TV, a broadcast receiving device, an air conditioner, a DVD recorder, a refrigerator, or the like. . Since the secure router stores the value level of the content that can be transmitted according to the category information, it reads the category information received from each device and determines the value level of the content that can be transmitted to each device. be able to.
[0108]
When the PC is connected to the secure router, the PC transmits a MAC address and category information indicating the PC to the secure router. Since the secure router determines that the PC is connected from the category information and does not transmit content with a high value level to the PC, the MAC address of the PC is not written in the table with a high value level.
[0109]
When the TV is connected to the secure router, the TV transmits the MAC address and category information indicating the TV to the secure router. The secure router determines that the TV is connected from the category information, and writes the MAC address of the TV in the high value level table and the low value level table in order to transmit the content regardless of the content value level. .
[0110]
When a secure router relays content from a broadcast receiving device to a client such as a PC or TV, the secure router receives the content and the destination address from the broadcast receiving device, reads the value level included in the received content, and reads the value level. To determine whether the MAC address of the destination device is included. The secure router transmits the content to the client when the MAC address is included in the table, and does not transmit the content to the client when the MAC address is not included in the table.
[0111]
≪Other variations≫
Although the present invention has been described based on the above embodiment, the present invention is not limited to the above embodiment, and the following cases are also included in the present invention.
(1) In the above embodiment, the TV 20 or the PC 30 has a configuration for transmitting a content request to the broadcast receiving device 10, but the broadcast receiving device 10 stores a content destination address in advance, When the broadcast receiving device 10 receives the content, the broadcast receiving device 10 includes a configuration in which the received content and a transmission destination address stored in advance are transmitted to the data communication control device 40.
[0112]
(2) In the above embodiment, the home network is configured to be connected via a LAN cable. However, a configuration in which each device in the home communicates by wireless LAN is also included in the present invention.
(3) In the above embodiment, the content key KC sharing method, the device key KA, and the device key KB sharing method are stored in the ROM in advance. However, the present invention also includes the case of sharing by communication. It is. The key sharing method by communication is described in detail in Tatsuaki Okamoto, Hiroshi Yamamoto, “Contemporary Cryptography”, Sangyo Tosho, 1977. Also, the encryption algorithm is not limited to DES.
[0113]
(4) In the above embodiment, the determination table generated by the data communication control device 40 is composed of the content additional information and the device ID of the device capable of transmitting the content having the content additional information. The configuration of the determination table is not limited to this. For example, it may be composed of content additional information and a device ID of an apparatus that cannot transmit content having the content additional information.
[0114]
(5) Content includes digitized movies, music, still images, moving images, game software, computer programs, various data, and the like. Further, the content distribution route is not limited to digital broadcasting, and distribution routes such as Internet distribution, analog broadcast waves, cable television, and packages are also included in the present invention.
(6) The device ID in the above embodiment is a combination of the device identifier of the claim and the category information.
[0115]
(7) In the above embodiment, the determination table is composed of the content additional information and the device ID of the device that can be transmitted. In the present invention, the determination table is the content additional information and the device that can be transmitted. It may be composed of a MAC address. Further, the present invention also includes a determination table including content additional information and a network address of a device that can transmit.
[0116]
(8) A configuration in which the broadcast receiving apparatus 10 includes the data communication control apparatus 40 is also included in the present invention. That is, the broadcast receiving apparatus 10 also has the configuration and function of the data communication control apparatus 40, stores the determination table and the address conversion table therein, and uses the determination table and the address conversion table when receiving content. To route content.
[0117]
(9) In the first embodiment, there are two transmission destination devices, the TV 20 and the PC 30, but it is needless to say that the number may be three or more. Further, there are two types of content, “free” or “high value”, but other types may be used. Also. There are three types of content additional information, “0”, “1”, or “2”, but there may be more than this.
[0118]
(10) The content additional information may be a part or all of the content identifier.
(11) If the data size of the content is large, the data communication control device 40 does not receive all the content from the broadcast receiving device 10 and determines whether or not content transmission is possible. May be transmitted to the destination device while receiving data from the broadcast receiving device 10.
[0119]
In the above embodiment, the data communication control apparatus has a configuration for obtaining a device ID by using an address conversion table when a network address is received. However, there is no network address, and transmission is possible only with the device ID. The present invention also includes a configuration for determining whether or not. In this case, the TV 20 or the PC 30 transmits the content request and the device ID to the broadcast receiving device 10 via the data communication control device 40, and the broadcast receiving device 10 transmits the content and the device ID to the data communication control device 40. To do.
[0120]
(12) In the second embodiment, the data communication control device 40a stores the number of devices that can be registered and the number of group keys KG that can be distributed, so that the number of registered devices and the number of group keys KG distributed. However, a configuration in which the number of remote devices that can be registered is stored and the number of registered remote devices is limited is also included in the present invention. At this time, a remote flag included in the address conversion table 500 may be used.
[0121]
(13) Whether to register in the address conversion table depending on whether each device such as a TV or PC is connected to the data communication control device 40 or the data communication control device 40a by wire or wirelessly. The configuration to be determined is also included in the present invention.
For example, a noise signal is generated on a wired line, and the signal is detected by each device such as a TV or a PC, thereby determining whether the connection is wired or wireless. If noise is detected in each device such as a TV or a PC, it is determined that it is connected to the data communication control device 40 by wire and registered in the address conversion table. If no noise is detected, it is connected wirelessly. Or it is determined that it is connected via another routing device and is not registered in the address translation table.
[0122]
Noise may be generated from each device. Further, a special signal other than a regular signal may be generated and detected instead of noise, and a wave collision may be generated in the communication path instead of the signal. Further, the RTS / CTS protocol may be used.
Accordingly, it is possible to discriminate between a device in the home and a device outside the home, transmit content to the device in the home, and control to suppress transmission of content to the device outside the home.
[0123]
(14) In the second embodiment, the number of times content is transmitted outside the home network may be limited. Further, the number of transmissions may be changed depending on the type of content (high value content, free content, etc.). In addition, content transmission to devices connected to a plurality of routers may be restricted.
[0124]
(15) In the second embodiment, the remote device is of course not limited to the PDA 90a. For example, a portable terminal, a villa TV, and the like are also included in the present invention.
(16) The broadcasting device 60 and the broadcasting device 60a are not limited to satellite broadcasting, and terrestrial broadcasting is also included in the present invention.
[0125]
(17) The present invention may be the method described above. Further, the present invention may be a computer program that realizes these methods by a computer, or may be a digital signal composed of the computer program.
Further, the present invention assumes that the computer program or the digital signal is recorded on a computer-readable recording medium such as a flexible disk, a hard disk, a CD-ROM, an MO, a DVD-ROM, a DVD-RAM, or a semiconductor memory. Also good. Further, the computer program or the digital signal recorded in these recording media may be transmitted via a network such as an electric communication circuit, a wireless or wired communication circuit, or the Internet.
[0126]
The present invention may also be a computer system including a microprocessor and a memory, wherein the memory stores the computer program, and the microprocessor operates according to the computer program.
Further, the program or the digital signal is recorded on the recording medium and transferred, or the program or the digital signal is transferred via a network or the like, and is executed by another independent computer system. It is good.
[0127]
(18) The above embodiment and the above modifications may be combined.
[0128]
【The invention's effect】
As described above, the present invention is a content delivery system for transmitting content from a transmitting device to a receiving device classified into a category via a routing device, and receiving and receiving content including additional information related to the use of the content A determination table including a transmission device that transmits the device identifier of the device to the routing device, and a device identifier of the reception device that belongs to a category that can use the content including the additional information. Whether the content and the device identifier are received from the transmission device, a determination table having additional information that matches the additional information included in the received content is selected, and whether the device identifier is included in the selected determination table If it is included, the content is transmitted to the receiving device, and is not included Transmission and suppress routing device of the content to the receiving device in case, characterized in that it is composed of a receiving apparatus for receiving a content transmitted from the routing device.
[0129]
According to this configuration, whether or not content transmission is possible is determined according to the content additional information and the device category, and content transmission is suppressed when it is determined that transmission is impossible. As a result, the content can be protected.
The present invention also provides a content delivery system for transmitting content from a transmitting device to a receiving device classified into a category through a routing device, wherein the content including additional information related to the use of the content and a destination address are A transmission device that transmits to the routing device, an address conversion table that associates a device identifier of the reception device with a network address, and a reception device that belongs to a category that can use additional information and content having the additional information. A determination table composed of device identifiers is stored, the content and the transmission destination address are received from the transmission device, and a device identifier corresponding to the received transmission destination address is obtained from the address conversion table and received. A format having additional information that matches the additional information included in the content. A table is selected, it is determined whether or not the device identifier is included in the selected determination table, and if it is included, the content is transmitted to the receiving device; otherwise, the content to the receiving device is transmitted. It is comprised from the routing apparatus which suppresses transmission of this, and the receiver which receives the content transmitted from the said routing apparatus.
[0130]
According to this configuration, whether or not content transmission is possible is determined according to the content additional information and the device category. Thus, by removing the device identifier of the PC from the determination table having additional information indicating that the content is high value content, transmission of the high value content to the PC can be suppressed and the content can be protected.
[0131]
Here, the routing device stores the category information indicating the category and the additional information of the content that can be used by the device belonging to the category in association with each other. The category information indicating the category to which the receiving device belongs is acquired, and according to the acquired category information, additional information on the content that can be used by the receiving device is extracted from the association storage unit, and the extracted additional information is extracted. You may comprise so that the determination table which consists of information and the said apparatus identifier may be produced | generated.
[0132]
According to this configuration, the category information of a device having a low content protection function, such as a PC, is stored in advance in association with the additional information of the free content without associating the additional information of the high value content. Transmission of high value content to a PC can be suppressed, and high value content can be protected.
Here, the routing device further acquires a certificate used for authenticating the device identifier and the category information from the receiving device, verifies the acquired certificate, and based on the verification result, the device identifier And authenticating whether the category information is correct, and when the device identifier and the category information are verified to be correct, generate a network address, send the generated network address to the receiving device, and You may comprise so that the address conversion table which matched the network address and the said apparatus identifier may be produced | generated.
[0133]
According to this configuration, since a network address is assigned only to a device whose certificate has been authenticated, the device identifier or category information is altered, and the PC behaves as if it is a TV and receives high-value content. Can be suppressed.
Here, the routing device receives request information indicating a request for content from the receiving device and the network address of the receiving device, and transmits the received request information and the network address to the transmitting device. The request information and the network address are received from the receiving device via the routing device, and the content corresponding to the request information as the content and the network address as the transmission destination address are transmitted to the routing device. It may be configured.
[0134]
According to this configuration, even when the transmission device has a plurality of contents, the transmission device can select content according to the request of the reception device and transmit the content to the routing device.
Here, the content is composed of content information and additional information, the content information is composed of video data and audio data, the transmission device and the reception device share a device key, and the transmission The apparatus generates encrypted content information by encrypting the content information using a device key, and transmits the content composed of the generated encrypted content information and the additional information to the routing apparatus. The routing apparatus The content is received, and when the content is determined to be transmittable, the content is transmitted to the receiving device, and the receiving device receives the content from the routing device and uses a device key. The content information may be decrypted.
[0135]
According to this configuration, since the transmission device shares a device key that is different for each reception device with the reception device, the transmission device does not hold the device key even if there is an unauthorized device that has acquired the content through the communication path. The encrypted content cannot be decrypted, and the use of the content by an unauthorized device can be prevented.
Here, the content is composed of content information and additional information, the content information is composed of video data and audio data, the transmission device and the reception device share a device key, and the transmission The apparatus generates encrypted content information by encrypting the content information using a device key, transmits the content composed of the generated encrypted content information and the additional information to the routing apparatus, and the routing apparatus The content is received, and when the content is determined to be transmittable, the content is transmitted to the receiving device, and the receiving device receives the content from the routing device and uses a device key. The content information may be decrypted.
[0136]
According to this configuration, since the transmission apparatus does not need to hold a device key that is different for each reception apparatus, the encryption process in the transmission apparatus is reduced.
Here, the content delivery system further includes a table update device that transmits update information for updating the determination table stored in the routing device to the routing device, and the routing device updates the table update. The update information may be received from the apparatus, and the determination table may be updated based on the received update information.
[0137]
According to this configuration, when a certain device is illegal, the device ID of the unauthorized device can be deleted from the determination table by transmitting update information from the table update device.
[Brief description of the drawings]
FIG. 1 is a configuration diagram showing a configuration of a content delivery system 1. FIG.
FIG. 2 is a block diagram showing a configuration of the broadcast receiving apparatus 10;
FIG. 3 is a diagram illustrating a data structure of content.
4 is a block diagram showing a configuration of a TV 20. FIG.
FIG. 5 is a block diagram illustrating a configuration of a PC.
6 is a block diagram showing a configuration of a data communication control device 40. FIG.
7 is a diagram showing a data structure of an address conversion table stored in the data communication control device 40. FIG.
8A is a diagram showing a data structure of a determination table A stored in the data communication control device 40. FIG. 4 is a diagram illustrating a data structure of a determination table B stored in the data communication control device 40. FIG.
FIG. 9 is a flowchart showing an operation of device ID registration processing;
FIG. 10 is a flowchart showing an operation of content delivery processing.
FIG. 11 is a flowchart showing an operation of a content delivery availability determination process.
FIG. 12 is a flowchart illustrating an operation of a determination table update process.
13 is a configuration diagram showing a configuration of a content delivery system 2. FIG.
FIG. 14 is a diagram showing a data structure of an address conversion table 500 stored in the data communication control device 40a.
FIG. 15 is a flowchart showing an operation of device ID registration processing in the content delivery system 2;
FIG. 16 is a flowchart showing an operation of content delivery processing in the content delivery system 2;
[Explanation of symbols]
1 Content delivery system
2 Content delivery system
10 Broadcast receiver
10a Broadcast receiving device
20 TV
20a TV
30 PC
30a PC
40 Data communication control device
40a Data communication control device
50 table update server
50a table update server
60 Broadcasting equipment
60a broadcasting equipment
70 Internet
70a Internet
80 Broadcast satellite
80a Broadcasting satellite
90a PDA
101 Receiver
102 processing unit
103 Content storage unit
104 Control unit
105 Cryptographic part
106 Communication unit
107 storage unit
150 content
150 Encrypted content
197 Memory unit
201 Communication unit
202 storage unit
203 Input section
204 Control unit
205 Decoding unit
206 Audio decoder
207 Video decoder
208 Speaker
209 monitor
301 Communication unit
302 storage unit
303 Input section
304 control unit
305 Audio Decoder
306 Video decoder
307 Speaker
308 monitor
401 communication unit
402 Communication unit
403 communication unit
404 Authentication section
405 decryption unit
406 Cryptographic part
407 Communication control unit
408 transceiver

Claims (21)

A content delivery system for transmitting content from a transmitting device to a receiving device classified into a category via a routing device,
A transmission device that transmits content including additional information related to use and a device identifier of the reception device to the routing device;
Stores a determination table composed of additional information and a device identifier of a receiving device belonging to a category capable of using the content having the additional information, and receives the content and the device identifier from the transmitting device. And selecting a determination table having additional information that matches the additional information included in the received content, determining whether or not the device identifier is included in the selected determination table, and if included, A routing device that transmits to the receiving device and suppresses transmission of the content to the receiving device if not included;
A content delivery system comprising: a receiving device that receives content transmitted from the routing device. A content delivery system for transmitting content from a transmitting device to a receiving device classified into a category via a routing device,
A transmission device for transmitting content including additional information related to use and a transmission destination address to the routing device;
An address conversion table in which a device identifier of a receiving device is associated with a network address, and a determination table including additional information and a device identifier of a receiving device belonging to a category that can use content having the additional information Is received, the content and the transmission destination address are received from the transmission device, a device identifier corresponding to the received transmission destination address is obtained from the address conversion table, and matches the additional information included in the received content Select a determination table having additional information, determine whether or not the device identifier is included in the selected determination table, transmit the content to the receiving device if included, and receive if not included A routing device that suppresses transmission of the content to the device;
A content delivery system comprising: a receiving device that receives content transmitted from the routing device. The routing device
Table generation information storage means for storing category information indicating a category and additional information of content that can be used by devices belonging to the category in association with each other;
Device information acquisition means for acquiring, from the receiving device, a device identifier and category information indicating a category to which the receiving device belongs;
In accordance with the acquired category information, content additional information that can be used by the receiving device is extracted from the table generation information storage means, and a determination table including the extracted additional information and the device identifier is generated. The content delivery system according to claim 2, further comprising a table generation unit. The acquisition means includes
Further obtaining a certificate used for authenticating the device identifier and the category information from the receiving device,
The table generating means includes
An authentication unit that verifies the acquired certificate and authenticates whether the device identifier and the category information are correct based on a result of the verification;
An address generating unit that generates a network address when the device identifier and the category information are verified to be correct;
The content delivery according to claim 3, further comprising: an address conversion table that transmits the generated network address to the receiving device and generates an address conversion table in which the network address is associated with the device identifier. system. The routing device receives request information indicating a content request from the receiving device and the network address of the receiving device, and transmits the received request information and the network address to the transmitting device.
The transmission device receives request information and a network address from the reception device via a routing device, and transmits the content corresponding to the request information as the content and the network address as the transmission destination address to the routing device. The content delivery system according to claim 4, wherein the content delivery system transmits the content. The content is composed of content information and additional information, the content information is composed of video data and audio data, and the transmitting device and the receiving device share a device key,
The transmission device encrypts content information using a device key to generate encrypted content information, and transmits content composed of the generated encrypted content information and the additional information to the routing device.
When the routing device receives the content and determines that the content can be transmitted, the routing device transmits the content to the receiving device;
The content delivery system according to claim 5, wherein the reception device receives the content from the routing device and decrypts the content information using a device key. The content includes content information and additional information, the content information includes video data and audio data, the routing device shares a content key with the transmission device, and the reception device and device Share a key,
The transmission device encrypts content information using a content key to generate encrypted content information, transmits the content composed of the generated encrypted content information and the additional information to the routing device,
When the routing device receives the content and determines that the content can be transmitted, the routing device decrypts the content information using a content key, and then encrypts the content information using a device key. Generating encrypted content information, and transmitting the encrypted content composed of the generated encrypted content information and the additional information to the receiving device,
6. The content delivery system according to claim 5, wherein the receiving device receives the encrypted content from the routing device and decrypts the content information using a device key. The content delivery system further includes:
A table updating device for transmitting update information for updating the determination table stored in the routing device to the routing device;
The content delivery system according to claim 2, wherein the routing device receives update information from the table update device and updates the determination table based on the received update information. A routing device that relays content from a transmitting device to a receiving device classified into a category,
A determination table storage means for storing a determination table composed of additional information and a device identifier of a receiving device belonging to a category capable of using content having the additional information;
Receiving means for receiving the content and the device identifier of the receiving device from the transmitting device;
Determination means for selecting a determination table having additional information that matches the additional information included in the received content, and determining whether or not the device identifier is included in the selected determination table;
When it is determined that the device identifier is included in the determination table, the content is transmitted to the receiving device, and when it is determined that the device identifier is not included in the determination table, A routing device comprising routing means for suppressing transmission of the content. A routing device that relays content from a transmitting device to a receiving device having a category,
An address conversion table in which a device identifier of a receiving device is associated with a network address, and a determination table including additional information and a device identifier of a receiving device belonging to a category that can use content having the additional information Table storage means for storing
Receiving means for receiving the content and the destination address from a transmitting device;
A device identifier corresponding to the received transmission destination address is obtained from the address conversion table, and a determination table having additional information that matches additional information included in the received content is selected. The selected determination table includes the device identifier. Determining means for determining whether or not
And routing means for transmitting the content to the receiving device when the device identifier is included in the determination table and suppressing transmission of the content to the receiving device when not included. apparatus. The determination means includes
A table generation information storage unit storing category information indicating a category and additional information of content that can be used by devices belonging to the category;
An acquisition unit that acquires a device identifier and category information indicating a category to which the receiving device belongs, from the receiving device;
A table generation unit that extracts additional information of content that can be used by the receiving device from the table generation information storage unit according to the acquired category information and generates a determination table including the extracted additional information and the device identifier The routing apparatus according to claim 10, further comprising: The acquisition unit
Further obtaining a certificate used for authenticating the device identifier and the category information from the receiving device,
The table generator is
An authentication unit that verifies the acquired certificate and authenticates whether the device identifier and the category information are correct based on a result of the verification;
An address generating unit that generates a network address when the device identifier and the category information are verified to be correct;
An address conversion table generating unit that transmits the generated network address to the receiving device and generates an address conversion table in which the network address and the device identifier are associated with each other;
The routing apparatus according to claim 11, comprising: The routing device
Receives request information indicating a request for content and the network address of the receiving device from the receiving device, transmits the received request information to the transmitting device, and responds to the request information from the transmitting device. 13. The routing device according to claim 12, wherein the content to be received and a destination address are received. The content is composed of content information and additional information, the content information is composed of video data and audio data, and the receiving means is an encrypted content in which content information is encrypted with a content key as the content. Receiving information and the additional information;
The routing device further includes:
Key storage means for storing the content key shared with the transmitting device and a device key shared with the receiving device;
Decryption means for decrypting encrypted content information received from the transmission device using the content key;
Encrypting content information decrypted by the decrypting means using the device key, generating encrypted content information, and encrypting means for generating content composed of the encrypted content information and the additional information; The routing device according to claim 13, further comprising: A routing device that relays content from a transmitting device to a receiving device classified into a category,
A determination table storage means for storing a determination table composed of additional information and a device identifier of a receiving device belonging to a category capable of using content having the additional information;
Receiving means for receiving the content and the device identifier of the receiving device from the transmitting device;
Determination means for selecting a determination table having additional information that matches the additional information included in the received content, and determining whether or not the device identifier is included in the selected determination table;
When it is determined that the device identifier is included in the determination table, and when there is no determination table including the additional information, the content is transmitted to the receiving device, and the device identifier is included in the determination table. Routing means for suppressing transmission of the content to the receiving device if it is determined that
A routing device comprising: A content delivery method used in a content delivery system for transmitting content from a transmitting device to a receiving device classified into a category via a routing device,
The routing device stores a determination table composed of additional information and a device identifier of a receiving device belonging to a category in which content having the additional information can be used,
The content delivery method is:
A transmission step of transmitting content including additional information related to use and a device identifier of the receiving device to the routing device;
The content and the device identifier are received from the transmission device, a determination table having additional information that matches the additional information included in the received content is selected, and whether or not the device identifier is included in the selected determination table A routing step that transmits the content to the receiving device if included, and suppresses transmission of the content to the receiving device if not included;
A content delivery method comprising: a reception step of receiving content transmitted from the routing device. A content delivery method program used in a content delivery system for sending content from a transmitting device to a receiving device classified into a category via a routing device,
The routing device stores a determination table composed of additional information and a device identifier of a receiving device belonging to a category in which content having the additional information can be used,
The content delivery program includes:
A transmission step of transmitting content including additional information related to use and a device identifier of the receiving device to the routing device;
The content and the device identifier are received from the transmission device, a determination table having additional information that matches the additional information included in the received content is selected, and whether or not the device identifier is included in the selected determination table A routing step that transmits the content to the receiving device if included, and suppresses transmission of the content to the receiving device if not included;
A content delivery program comprising: a receiving step of receiving content transmitted from the routing device. A computer-readable recording medium recording a content delivery program used in a content delivery system for transmitting content from a transmitting device to a receiving device classified into a category via a routing device,
The routing device stores a determination table composed of additional information and a device identifier of a receiving device belonging to a category in which content having the additional information can be used,
The content delivery program includes:
A transmission step of transmitting content including additional information related to use and a device identifier of the receiving device to the routing device;
The content and the device identifier are received from the transmission device, a determination table having additional information that matches the additional information included in the received content is selected, and whether or not the device identifier is included in the selected determination table A routing step that transmits the content to the receiving device if included, and suppresses transmission of the content to the receiving device if not included;
And a receiving step of receiving content transmitted from the routing device. A routing method used in a routing device that relays content from a transmitting device to a receiving device classified into a category,
The routing device stores a determination table composed of additional information and a device identifier of a receiving device belonging to a category that can use content having the additional information,
The routing method is:
A receiving step of receiving the content and a device identifier of the receiving device from a transmitting device;
A determination step of selecting a determination table having additional information that matches the additional information included in the received content, and determining whether or not the device identifier is included in the selected determination table;
When it is determined that the device identifier is included in the determination table, the content is transmitted to the receiving device, and when it is determined that the device identifier is not included in the determination table, A routing step for suppressing transmission of the content. A routing program used in a routing device that relays content from a transmitting device to a receiving device classified into a category,
The routing device stores a determination table composed of additional information and a device identifier of a receiving device belonging to a category that can use content having the additional information,
The routing program is
A receiving step of receiving the content and a device identifier of the receiving device from a transmitting device;
A determination step of selecting a determination table having additional information that matches the additional information included in the received content, and determining whether or not the device identifier is included in the selected determination table;
When it is determined that the device identifier is included in the determination table, the content is transmitted to the receiving device, and when it is determined that the device identifier is not included in the determination table, And a routing step for suppressing transmission of the content. A computer-readable recording medium that records a routing program used in a routing device that relays content from a transmitting device to a receiving device classified into a category,
The routing device stores a determination table composed of additional information and a device identifier of a receiving device belonging to a category that can use content having the additional information,
The routing computer
A receiving step of receiving the content and a device identifier of the receiving device from a transmitting device;
A determination step of selecting a determination table having additional information that matches the additional information included in the received content, and determining whether or not the device identifier is included in the selected determination table;
When it is determined that the device identifier is included in the determination table, the content is transmitted to the receiving device, and when it is determined that the device identifier is not included in the determination table, And a routing step for suppressing transmission of the content.

Images