JP2004110817A - Content duplication management system and network equipment - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a convenient content duplication management system for duplicating a content in a given using right. <P>SOLUTION: A request destination terminal stores the content and a duplication permission number, determines whether a requester terminal is a terminal in the same group or not by authentication, and transmits, when it is the terminal within the group, the content and a part of the duplication permission number to the requester terminal. The request destination terminal updates the duplication permission number to a duplication permission number after subtraction of the part. <P>COPYRIGHT: (C)2004,JPO

Description

{Circle around (1)} The present invention relates to a technology for managing the duplication of content when using the content via a network.

2. Description of the Related Art Conventionally, technologies for suppressing unrestricted copying of content include generation management for prohibiting copying of a copy (grandchild copy) and mutual transmission between a transmitting terminal and a receiving terminal as disclosed in Patent Document 1. There is a technique of performing authentication and determining whether content can be copied based on the result.
The above-described generation management and the technology disclosed in Patent Document 1 are mainly applied to a system including a recording device such as a personal computer and a recorder and a recording medium such as a DVD and an SD card. Manages control information for controlling the number of times of copying and the like.
JP 2000-357213 A

However, when the above technology is applied to network distribution of contents, there are the following problems.
For example, in a case where the content is used by a plurality of terminals connected via a home network, all the terminals request the recording device that manages control information for controlling the number of times of copying of the content to copy the content. Since the content is received from the recording device, the content cannot be transmitted and received between terminals other than the recording device. The use of contents in such a system is problematic in that the convenience of the user is low and the user's desire for convenience cannot be satisfied.

Accordingly, the present invention provides a highly convenient content copy management system that allows a user to freely copy content without departing from the usage right given to the user, such as the number of times content is copied. Aim.
In order to achieve the above object, the present invention provides a network device connected to one or more in-group terminals and one or more out-of-group terminals via a network and belonging to the group, and stores contents. Storage means, receiving means for receiving a request for copying the content from a requesting terminal, determining means for determining whether the requesting terminal is an in-group terminal or an out-of-group terminal, and the requesting terminal Is determined to be an in-group terminal, the content is copied to the requesting terminal, and if the requesting terminal is determined to be an out-of-group terminal, the content is copied to the requesting terminal. Control means for limiting.

Here, the storage unit stores, along with the content, copy restriction information indicating a copy permitted number of the content and a copy restriction to a terminal outside the group, and the control unit stores the copy restriction information. The method is characterized in that the content is copied to the requesting terminal by reference.
Here, the in-group terminals include a first type terminal that records contents on an unusable recording medium and a second type terminal that records contents on a general recording medium. Stores the copy restriction information indicating the number of permitted copies to the first type terminal and the number of permitted copies to the second type terminal, and the control means is configured such that the requesting terminal is a terminal in a group In this case, it is determined whether the request source terminal is a terminal of the first type or a terminal of the second type, and by referring to the result of the determination and the copy restriction information, the copy of the content is performed. Is controlled.

The present invention is a network device that is connected to one or more in-group terminals and one or more out-of-group terminals via a network, and belongs to the group, wherein the network device stores content, Accepting a copy request for the content from the original terminal, whether the requesting terminal is an in-group terminal, or determines whether it is an out-of-group terminal, if it is determined that the requesting terminal is an in-group terminal, The content is copied to the requesting terminal, and when it is determined that the requesting terminal is an out-of-group terminal, copying of the content to the requesting terminal is restricted.

According to this configuration, it is possible to limit unlimited copying of contents and outflow of contents to terminals outside the group.
Here, the network device stores, along with the content, copy restriction information indicating the number of permitted copies of the content and the restriction on copying to a terminal outside the group, and refers to the copy restriction information. It may be configured to control copying of the content to the requesting terminal.

According to this configuration, since the network device can control the copy of the content by referring to the copy restriction information attached to the content, there is no need to integrally store the copy restriction information internally. .
Here, the in-group terminals include a first type terminal that records contents on an unusable recording medium and a second type terminal that records contents on a general recording medium, and the network device Stores the copy restriction information indicating the number of permitted copies to the first type terminal and the number of permitted copies to the second type terminal. If the request source terminal is a terminal in a group, the request source The terminal determines whether the terminal is a first type terminal or a second type terminal, and refers to the result of the determination and the copy restriction information to control the copy of the content. You may comprise.

According to this configuration, the network device can control the copy of the content of the terminal in the group for each of the first type terminal and the second type terminal.
Here, the terminals in the group each belong to one or more subgroups, and the network device further stores in advance a first table indicating whether the content can be copied between subgroups, If the requesting terminal is an in-group terminal, determine the subgroup to which the requesting terminal belongs, and control the copy of the content by referring to the result of the determination, the copy restriction information, and the first table. May be configured.

According to this configuration, the network device can further control the copy of the content according to the subgroup to which the terminal belongs.
Here, when the network device determines that the request source terminal is a terminal in a group, the network device transmits a part of the stored copy permitted number to the request source terminal, and the request source terminal is out of the group. When it is determined that the terminal is a terminal, it may be configured to suppress transmitting a part of the stored copy permitted number to the requesting terminal.

According to this configuration, since a part of the number of permitted replications of the network device is transmitted to the terminal in the group of the request source, the total number of permitted replications does not change. The content can be used within the number of permitted copies.
Here, the network device may be configured to transmit copy restriction information including a part of the permitted number of copies to the request source terminal along with the copy of the content.

According to this configuration, the network device transmits the copy restriction information including a part of the copy permission number to the request source terminal with the content attached thereto. The content can be copied to another terminal within the number of permitted copies attached to the content. This makes it possible to construct a system that is more convenient than, for example, a case where the number of permitted replications is centrally managed by the server device.

Here, the network device shares secret information with all the terminals in the group, and when the requesting terminal holds the secret information, determines that the terminal is an in-group terminal, and determines that the requesting terminal is If the confidential information is not held, the terminal may be determined to be an out-of-group terminal.
According to this configuration, the in-group terminals share the secret information, so that it is possible to determine whether the requesting terminal is an in-group terminal or an out-of-group terminal.

Here, the network device generates a first copy permission number, generates a second copy permission number that is a remaining number obtained by subtracting the first copy permission number from the copy permission number, and generates the generated first copy permission number. The number and the content may be transmitted to the requesting terminal, and the generated second permitted number of copies may be overwritten on the permitted number of copies.
According to this configuration, a part of the copy permission number of the network device is transferred to the requesting terminal in the group.Therefore, the total number of copy permission numbers does not change. The content can be used within the number of permitted copies.

Here, the network device receives, from the request source terminal, the number of copy requests as the copy request, and determines whether the stored copy permission number is equal to or greater than the received copy request number. If the number of permitted replications is equal to or greater than the number of replication requests, the number of replication requests is the first number of permitted replications, and if the number of permitted replications is less than the number of required replications, the number of permitted replications is You may comprise so that it may be set to the 1st copy permission number.

According to this configuration, the request source terminal can request a desired number of copy requests. Further, the network device compares the copy request number with the copy permission number and transfers a part of the copy permission number within a range not exceeding the copy permission number. Therefore, the terminals in the group can use the content within the range of the permitted number of duplication.
Here, the in-group terminals include a first type terminal that records content on a non-portable recording medium and a second type terminal that records content on a portable recording medium, and the network device includes: The number of permitted copies, which is composed of the number of permitted duplications to the first type terminal and the number of permitted duplications to the second type terminal, is stored, and the number of requested duplications to the first type terminal and the second type terminal are stored. To the number of copy requests, and determines whether each permitted copy number is equal to or greater than each copy request number.If each permitted copy number is equal to or greater than each copy request number, The total number of replication requests is the first number of permitted replications, and if the number of permitted replications is less than the number of required replications, the sum of the number of permitted replications is the first number of permitted replications. Is also good.

According to this configuration, copying of content can be controlled for each of the first type terminal and the second type terminal.
Here, the network device and the in-group terminal each belong to one or more subgroups, and the network device stores a first table indicating whether the content can be copied between subgroups. The first table may be configured to refer to the first table to determine whether or not the content can be copied to the requesting terminal, and to generate the first permitted number of copies when it is determined that the copy is permitted.

Further, the network device further stores a second table in which a subgroup identifier is associated with the number of permitted replications permitted to a terminal belonging to the subgroup identified by the subgroup identifier, The apparatus is configured to receive the copy request including a subgroup identifier for identifying a subgroup to which the requesting terminal belongs from an original terminal, and to generate the first copy permitted number by referring to the second table. Is also good.

According to this configuration, it is possible to limit the copying of content between terminals. For example, assuming that the group is a home network, copying of adult programs can be restricted to terminals in the children's room, and copying of children's programs can be restricted to terminals in the study.
Here, the network device may be configured to transmit the first table and the second table together with the content and the first permitted number of copies to the request source terminal.

According to this configuration, since information on the subgroup is added to the content and transmitted to the requesting terminal, it is not necessary for all the terminals in the group to previously store the information on the subgroup.
Here, the network device manages a time, and further stores a predetermined time and a number of permitted update duplications. When the time reaches the predetermined time, the network device updates the stored number of permitted duplications by the update duplication. It may be configured to update to the permitted number.

According to this configuration, the number of permitted copies can be updated based on the time.
Here, the network device manages a time, and further stores a predetermined time and information indicating a copy destination terminal. When the time reaches the predetermined time, the network device notifies the copy destination terminal of the copy permitted number. And transmitting the content and the content.
According to this configuration, the copying process can be started based on the time, so that the user can use the above function as a copying reservation function.

Here, when the network device determines that the request source terminal is a terminal outside the group, the network device may transmit the content and the reproduction right of the content to the request source terminal.
According to this configuration, unlimited outflow of the content can be suppressed by transmitting the content to which only the reproduction right is assigned without giving the copy right to the terminal outside the group.

The present invention is also a content copy management system including a first terminal belonging to a group, and a second terminal connected to the first terminal via a network, wherein the first terminal includes: And the number of permitted copies of the content is stored, a copy request of the content is received from the second terminal, and it is determined whether or not the second terminal belongs to the group. If it is determined that the second terminal belongs, the part of the number of permitted copies and the content are transmitted to the second terminal, and if it is determined that the second terminal does not belong to the group, the part of the permitted number of copies is Suppressing transmission to the second terminal, the second terminal transmits a request to copy the content to the first terminal, and a part of the copy permitted number transmitted from the first terminal and the Wherein the receiving and storing the Ceiling.

According to this configuration, unlimited copying of the content and outflow of the content to the terminal outside the group can be suppressed, and the content can be copied within the group within the number of permitted copying within the group.
Here, the content copy management system further includes a plurality of terminals belonging to the group,
The first terminal further transmits search information for searching for a content desired to be copied to the plurality of terminals, each of the plurality of terminals receives the search information, May be configured to search the inside based on the content and determine whether or not the content is held.

According to this configuration, it is possible to specify a device in a group that holds desired content.

≪Group formation management system 1≫
BEST MODE FOR CARRYING OUT THE INVENTION As a best mode for carrying out the present invention, a group formation management system 1 that forms a group within a range in which use of content is permitted and transmits and receives content within the formed group will be described with reference to the drawings.
<Structure>
As shown in FIG. 1, the group formation management system 1 includes an AD server 100, a playback device 200, an in-vehicle device 300, an IC card 400, and a DVD 500.

The playback device 200 in which the AD server 100 and the monitor 251 are connected to the speaker 252 are installed in the user's house and are connected online. The in-vehicle device 300 is mounted on a vehicle owned by the user. The IC card 400 and the DVD 500 can be connected to the AD server 100 and the in-vehicle device 300. The IC card 400 is attached to the AD server 100, and the AD server 100 operates only when the IC card 400 is connected.

The group formation management system 1 is a system in which the AD server 100 manages an AD (Authorized Domain) in which the use of content is permitted.
The AD server 100 receives and manages the registration of client devices, and the AD server 100 and the registered client devices share common secret information (hereinafter, CSI: Common Secret Information) generated by the AD server 100. . The devices in the same AD authenticate each other using the shared CSI, and perform transmission / reception or copying of the content when the authentication is successful. Devices that do not have the CSI cannot transmit or receive or copy content.

(4) Since the playback device 200 is connected to the AD server 100, it can perform authentication and register as a client device. The in-vehicle device 300 is not connected to the AD server 100, but can be registered as a client device by storing the CSI in the IC card 400 and notifying the in-vehicle device 300 of the CSI from the IC card 400.

1. AD server 100
As shown in FIG. 2, the AD server 100 includes a control unit 101, a secret key storage unit 102, a public key certificate storage unit 103, a CRL storage unit 104, a public key encryption processing unit 105, a registration information storage unit 106, and CSI generation. Unit 107, CSI storage unit 108, content storage unit 109, encryption unit 110, ID storage unit 111, drive unit 112, input unit 113, display unit 114, input / output unit 115, input / output unit 116, decryption unit 117, and encryption It is composed of a conversion unit 119.

The AD server 100 is, specifically, a computer system including a microprocessor, a ROM, a RAM, a hard disk unit, and the like. A computer program is stored in the RAM or the hard disk unit. The AD server 100 achieves its function by the microprocessor operating according to the computer program.

The AD server 100 performs device registration, CSI movement and withdrawal management, content delivery, and content copy processing.
Hereinafter, each configuration will be described.
(1) Input / output units 115 and 116, drive unit 112
The input / output unit 115 transmits and receives data to and from the playback device 200. When detecting that the IC card 400 is connected, the input / output unit 116 outputs the detection to the control unit 101. In addition, it transmits and receives data to and from the IC card 400. The drive unit 112 writes and reads data to and from the DVD 500.

(2) Private key storage unit 102, public key certificate storage unit 103, CRL storage unit 104, content storage unit 109, ID storage unit 111, content key storage unit 118
The ID storage unit 111 stores ID_1, which is an ID unique to the AD server 100.
The public key certificate storage unit 103 stores the public key certificate Cert_1.

The public key certificate Cert_1 certifies that the public key PK_1 is a correct public key of the AD server 100. The public key certificate Cert_1 includes signature data Sig_CA1, a public key PK_1, and ID_1. The signature data Sig_CA1 is signature data generated by applying a signature algorithm S to the public key PK_1 and ID_1 of the AD server 100 by CA (Certification @ Authority). Here, the CA is a trusted third-party organization that issues a public key certificate that certifies the validity of the public key of a device belonging to the group formation management system 1. The signature algorithm S is, for example, an ElGamal signature on a finite field. Since the ElGamal signature is publicly known, the description is omitted.

The secret key storage unit 102 is a tamper-resistant area in which the inside cannot be seen from the outside, and stores a secret key SK_1 corresponding to the public key PK_1.
The CRL storage unit 104 stores a CRL (Certification Revocation List). The CRL is a list in which the IDs of invalidated devices, such as a device that has performed an illegal operation and a device to which a secret key has been exposed, are registered, and is issued by the CA. Note that what is registered in the CRL need not be the device ID, and the serial number of the public key certificate of the revoked device may be registered. The CRL is recorded on a recording medium such as broadcast, the Internet, or a DVD and distributed to each device, and each device obtains the latest CRL. The CRL is described in “American National Standards Institute, American National Standards for Financial Services, ANSX9.57: Public Key Crypto foresight.

The content storage unit 109 stores the encrypted content encrypted using the content key. The method of acquiring the content is not the subject of the present invention, and thus the description is omitted. Examples of the method include a method of acquiring the content using the Internet, broadcasting, and the like, and a method of acquiring the content from a recording medium such as a DVD.
The content key storage unit 118 receives the encrypted content key a from the encryption unit 110 and stores it.

(3) Public key encryption processing unit 105
When communicating with another device, the public key encryption processing unit 105 performs authentication and establishes a SAC (Secure Authentication Channel). SAC means a secure communication path that enables encrypted communication. By the process of establishing the SAC, it is possible to confirm that the device of the authentication partner is the correct device recognized by the CA. The detailed establishment method will be described later. Further, the public key encryption processing unit 105 shares the session key SK by authentication.

(4) Registration information storage unit 106
The registration information storage unit 106 is a tamper-resistant area and stores the registration information shown in FIG. The registration information is information for managing the number of devices that can be registered in the AD server 100 and the IDs of the registered devices, and includes a device ID, a maximum, a registered number, a remaining number, and an IC card ID.

The device ID is an area for storing a device ID registered in the AD server 100. When the playback device 200 and the in-vehicle device 300 are registered in the AD server 100, the IDs ID_2 and ID_3 are stored as shown in FIG. 3B.
The maximum indicates the maximum number of devices that can be registered in the AD server 100, and is two in this embodiment. The registered number indicates the number of devices already registered in the AD server 100. The remaining number indicates the number that can be registered in the AD server 100.

In an initial state in which no client device is registered in the AD server 100, the number of registered devices is “0”, and the remaining number is the same as the maximum. When any client device is registered in the AD server 100, “1” is added to the registered number, and “1” is subtracted from the remaining number.
As the IC card ID, the ID of the IC card 400 attached to the AD server 100 is stored in advance and cannot be rewritten.

(5) CSI generation unit 107, CSI storage unit 108
The CSI storage unit 108 is a tamper-resistant area in which CSI cannot be read from the outside, and stores “0” as a value indicating that the device is not registered when the device is not registered in the AD server 100. I have.
The CSI generation unit 107 generates CSI when the device is first registered in the AD server 100 under the control of the control unit 101. When all the registered devices withdraw, the CSI storage unit 108 rewrites the stored value to “0”.

Here, the CSI is arbitrary data generated by the CSI generation unit 107, and has 200 bits in the present embodiment. Note that the bit length of the CSI is not limited to this, and may be any length that cannot be easily estimated and cannot be easily tested.
The CSI generation unit 107 stores the generated CSI in the CSI storage unit 108. Further, it outputs the generated CSI to the connected IC card 400.

The CSI may be updated periodically or irregularly.
(6) Encryption units 110 and 119
When registering the playback device 200, the encryption unit 119 applies the encryption algorithm E to the CSI using the session key SK received from the public key encryption processing unit 105 under the control of the control unit 101, and performs encryption CSI. The generated encrypted CSI is transmitted to the playback device 200 via the input / output unit 115. Here, the encryption algorithm S is, for example, DES. Since DES is known, its description is omitted.

When the content key is stored in the content key storage unit 118, the encryption unit 110 reads ID_1 from the ID storage unit 111 and reads CSI from the CSI storage unit 104. The read ID_1 and the CSI are concatenated in this order to form an encryption key a, the content key is subjected to an encryption algorithm E using the encryption key a, and is encrypted to generate an encrypted content key a. The key a is stored in the content key storage unit 118.

When writing the encrypted content to the DVD 500, the encryption unit 110 reads out the registered device IDs ID_2 and ID_3 from the registered information storage device 106 from the registered information device ID under the control of the control unit 101. ID_2 and CSI are connected in this order to obtain an encryption key b, and ID_3 and CSI are connected in this order to obtain an encryption key c. An encrypted content key b and an encrypted content key c are generated using the encryption key b and the encryption key c, respectively, and written to the DVD 500.

(7) Decoding unit 117
The decoding unit 117 reads ID_1 stored in the ID storage unit 111 under control of the control unit 101, and reads CSI stored in the CSI storage unit 108. ID_1 and CSI are linked in this order and used as a decryption key, and a decryption algorithm D is applied to the encrypted content key a read from the content key storage unit 118 to generate a content key. The generated content key is output to encryption section 110. Here, the decryption algorithm D is an algorithm that performs the reverse process of the encryption algorithm E.

(8) Control unit 101, input unit 113, display unit 114
The input unit 113 receives an input from a user and outputs the received input to the control unit 101.
When starting the process, when receiving the ID of the IC card from the connected IC card 400, the control unit 101 checks whether or not the received ID matches the IC card ID of the registration information. If they do not match, the fact that the connected IC card is not the attached IC card is displayed on the display unit 114, and the process is terminated. Only when they match, the subsequent processing is continued.

(Registration of playback device 200)
Upon receiving a registration request from the playback device 200 via the input / output unit 115, the control unit 101 controls the public key encryption processing unit 105 and establishes a SAC using a CSI initial value “0” by a method described later. . Here, “0” used for authentication at the time of registration indicates that the playback device 200 is not registered in any AD. From the result of device authentication when establishing SAC, it is determined whether or not the partner device is unregistered. If the value of the CSI held by the device of the authentication partner is “0”, it is determined that the authentication has succeeded and that the device has not been registered. When the value of the CSI held by the device of the authentication partner is not “0”, the control unit 101 determines that the device of the partner is already registered in any AD.

If it is determined that the information has not been registered, the registration information is read from the registration information storage unit 106, and it is determined whether or not the remaining number is “0”. If the remaining number is not “0”, it is determined whether the registered number is “0”. When the registered number is “0”, the CSI generation unit 107 is controlled to generate CSI and stored in the CSI storage unit 108. If the registered number is not “0”, the CSI is read from the CSI storage unit 108, and the generated or read CSI is encrypted by the encryption unit 110 and the encrypted CSI generated is reproduced via the input / output unit 115. Output to the device 200. When receiving a reception notification indicating that the CSI has been received from the playback device 200, “1” is added to the number of registrations in the registration information, and “1” is subtracted from the remaining number, and the process ends.

If the result of device authentication is unsuccessful, if the partner device is already registered, and if the remaining number is “0”, a registration rejection notification indicating that registration is not possible is transmitted to the playback device 200, and the process ends.
When the CSI is generated by the CSI generation unit 107, the SSI is established with the IC card 400 to share the session key SK, and the CSI generated using the session key SK is subjected to the encryption algorithm E to encrypt the CSI. The encrypted CSI is generated, and the generated encrypted CSI is transmitted to the IC card 400.

Note that, in the authentication of the registration process, by confirming whether or not the CSI of the client device of the authentication partner matches the CSI stored in the CSI storage unit 108, registration in the AD managed by the AD server 100 is performed. It may be determined whether or not it has been completed. If the CSI held by the client device matches the CSI stored in the CSI storage unit 108, the client device is notified that it has already been registered in the AD server 100, and then ends the registration process. You may do it.

If the CSI held by the client device is not “0” and is different from the CSI stored in the CSI storage unit 108, it is determined that the CSI is registered in another AD. When it is determined that the client device is registered in another AD, the registration process may be terminated after transmitting the above-mentioned registration disable notification. In addition, it notifies that it has already been registered in another AD, asks whether to continue registration in the AD server 100, and if so, continues the above registration processing and stores it in the CSI storage unit 108. The CSI may be transmitted. In this case, upon receiving the CSI from the AD server 100, the client device overwrites the CSI of another AD with the received CSI.

Also, in the authentication of the registration process, when it is determined that the client device is not an unauthorized device, the registration process may be performed and the CSI may be transmitted regardless of the value of the CSI held by the client device.
<Registration of in-vehicle device 300>
(A) When an input indicating that the CSI is to be copied is received from the input unit 113 while the IC card 400 whose ID has already been confirmed is connected, the control unit 101 determines whether the remaining number is “0”. If it is determined that the value is not “0”, the permission right indicating that the CSI copy is permitted once is transmitted to the IC card 400. Upon receiving the receipt notification from IC card 400, control unit 101 ends the process.

If the remaining number is "0", a message indicating that copying is not possible is displayed on the display unit 114, and the process ends.
(B) When the IC card 400 is connected, confirms the ID, and receives a copy notification indicating that the CSI has been copied, extracts the ID of the copy destination of the CSI included in the copy notification, and as a device ID in the registration information. Remember. Further, a reception notification indicating that the copy destination ID has been received is transmitted to IC card 400.

Here, the description has been made assuming that the CSI has already been generated. However, if the CSI has not been generated, the CSI is generated and transmitted to the IC card 400 in the same manner as when the playback device 200 is registered.
(Content distribution)
When receiving a content delivery request from the playback device 200 via the input / output unit 115, the control unit 101 controls the public key encryption processing unit 105 to establish a SAC by a method described later, and shares the session key SK. In the authentication at the time of establishing the SAC, the CSI stored in the CSI storage unit 108 is used. If the authentication is successful, the partner device holds the CSI generated by the AD server 100. If it is determined that there is, and the authentication fails, it is determined that it is not registered in the AD server 100.

If the authentication fails, a delivery failure notification indicating that the content cannot be delivered is transmitted to the playback device 200.
When the authentication is successful, the decryption unit 117 is controlled to decrypt the encrypted content key a stored in the content key storage unit 118. Next, it controls the encryption unit 119 to encrypt the content key using the session key SK to generate an encrypted content key s, and transmits the encrypted content key s to the playback device 200. In addition, it reads the encrypted content from the content storage unit 109 and transmits it to the playback device 200.

(Record contents on DVD)
When the input to record the content on the DVD 500 is received from the input unit 113, the decryption unit 117 is controlled to decrypt the encrypted content key a stored in the content key storage unit 118 and generate the content key. Next, the content key is encrypted using the encryption key b and the encryption key c generated by using the ID_2 and ID_3 registered in the registration information by controlling the encryption unit 119 to encrypt the content key b and the encrypted content key. A encrypted content key c is generated, and the generated encrypted content keys b and c are written to the DVD 500. The encrypted content is read from the content storage unit 109 and written to the DVD 500.

The content key may be encrypted using an encryption key generated based on an ID unique to the DVD 500 or an encryption key generated based on an ID and CSI unique to the DVD 500.
(Leave)
When receiving the withdrawal request including ID_2 from the playback device 200, the control unit controls the public key encryption processing unit 105 to establish the SAC by a method described later. At this time, authentication is performed using the CSI stored in the CSI storage unit 108. From the authentication result at the time of establishing the SAC, it is determined whether or not the requesting device has been registered. If the device has not been registered, the device cannot withdraw, and therefore, transmits an unregistered notification to the playback device 200 indicating that the device has not been registered. .

If the registration has been completed, a deletion notification indicating that the CSI is to be deleted is transmitted to playback device 200. When receiving a completion notification indicating that the deletion of the CSI has been completed from the playback device 200, ID_2 is deleted from the device ID of the registration information, “1” is subtracted from the registered number, and “1” is added to the remaining number.
2. Playback device 200
As shown in FIG. 4, the playback device 200 includes a control unit 201, a secret key storage unit 202, a public key certificate storage unit 203, a CRL storage unit 204, a public key encryption processing unit 205, a CSI storage unit 208, a content storage unit 209, an ID storage unit 211, an input unit 213, an input / output unit 215, a decryption unit 217, an encryption unit 218, a content key storage unit 219, a decryption unit 220, and a playback unit 221. A monitor 251 and a speaker 252 are connected to the playback unit 221.

The playback device 200 is a computer system similar to the AD server 100, and a RAM or a hard disk unit stores a computer program. When the microprocessor operates according to the computer program, the playback device 200 achieves its function.
(1) Input / output unit 215
The input / output unit 215 transmits and receives data to and from the AD server 100.

(2) Private key storage unit 202, public key certificate storage unit 203, CRL storage unit 204, CSI storage unit 208, ID storage unit 211
The CRL storage unit 204 stores the latest CRL.
The ID storage unit 211 stores ID_2, which is an ID unique to the playback device 200.
The CSI storage unit 208 is a tamper-resistant area and stores “0” indicating that it is not registered. When registered in the AD server 100, the CSI acquired from the AD server 100 is stored.

The public key certificate storage unit 203 stores the public key certificate Cert_2 issued by the CA. The public key certificate Cert_2 includes the public key PK_2 of the playback device 200, the ID_2 of the playback device 200, and the CA signature data Sig_CA2 for them.
The secret key storage unit 202 is a tamper-resistant area, and stores a secret key SK_2 corresponding to the public key PK_2 of the playback device 200.

(3) Public key encryption processing unit 205
When communicating with the AD server 100, the public key encryption processing unit 205 establishes a SAC by a method described later and shares the session key SK. The shared session key SK is output to the decryption unit 217.
(4) Decoding section 217, decoding section 220
When the content is delivered from the AD server 100, the decryption unit 217 uses the session key SK shared by the public key encryption processing unit 205 to add the decryption algorithm to the encrypted content key s distributed from the AD server 100. D to generate a content key. Here, the decryption algorithm D performs processing opposite to the encryption algorithm E.

{Circle around (2)} When reproducing the once stored content, the ID_2 is read from the ID storage unit 211, the CSI is read from the CSI storage unit 208, and the decryption key b is generated by connecting the ID_2 and the CSI in this order. Using the generated decryption key b, a decryption algorithm D is applied to the encrypted content key b read from the content key storage unit 219 to generate a content key, and the generated content key is output to the decryption unit 220.

The decryption unit 220 reads the encrypted content stored in the content storage unit 209, uses the content key received from the decryption unit 217, applies the decryption algorithm D to the read encrypted content, generates the content, and generates the content. The content is output to the playback unit 221.
(5) Encryption unit 218
When storing the content acquired from the AD server 100, the encryption unit 218 reads ID_2 from the ID storage unit 211 and reads CSI from the CSI storage unit 208. ID_2 and CSI are concatenated in this order to generate an encryption key b, and using the generated encryption key b, apply an encryption algorithm E to the content key received from the decryption unit 217 to generate an encrypted content key b. The encrypted content key b is output to the content key storage unit 219.

(6) Content storage unit 209, content key storage unit 219
The content storage unit 209 stores the encrypted content transmitted from the AD server 100.
The content key storage unit 219 stores the encrypted content key b encrypted by the encryption unit 218.

(7) Control unit 201, input unit 213
(Registration)
When the input unit 213 receives an input indicating that registration processing is to be started, the control unit 201 reads ID_2 from the ID storage unit 211 and sends a registration request including ID_2 via the input / output unit 215 to the AD server 100. And establishes the SAC by the method described below.

Upon receiving the registration disable notification from the AD server 100, the control unit 201 displays on the monitor 251 that registration is not possible, and ends the registration process.
When receiving the encrypted CSI from the AD server 100, the control unit 201 controls the decryption unit 217 to decrypt the CSI, generates the CSI, and stores the generated CSI in the CSI storage unit 208. Further, it transmits to the AD server 100 a reception notification indicating that the CSI has been received.

(Content delivery)
When the input unit 213 receives an input indicating that the content is to be acquired and played, the control unit 201 transmits a delivery request to the AD server 100.
Upon receiving the delivery impossible notification from the AD server 100, the control unit 201 displays a message indicating that delivery is impossible on the monitor 251 and ends the process.

(4) When playing back the received content, when the control unit 201 receives the encrypted content key s from the AD server 100, the control unit 201 controls the decryption unit 217 to decrypt and generate a content key. Further, when receiving the encrypted content from the AD server 100, the control unit 205 controls the decryption unit 220 to decrypt the encrypted content to generate the content, and causes the reproduction unit 221 to reproduce the content.

(Play after storing content)
When the input unit 213 receives an input indicating that the content is acquired and stored, the control unit 201 performs the same processing as described above to acquire the content. Upon acquiring the content, the control unit 201 causes the decryption unit 217 to decrypt the encrypted content key s received from the AD server 100, and controls the encryption unit 218 to encrypt the decrypted content key. The key b is stored in the content key storage unit 219. When receiving the encrypted content from the AD server 100, the encrypted content is stored in the content storage unit 209.

When the input unit 213 receives an input indicating that the content stored in the content storage unit 209 is to be reproduced, the control unit 201 controls the decryption unit 217 to decrypt the encrypted content key b, and causes the decryption unit 220 to decrypt the encrypted content key. Is decrypted to generate a content, and the reproducing unit 221 reproduces the content.
(Leave)
When the input unit 213 receives an input to start the withdrawal process, the control unit 101 establishes the SAC by a method described later.

When the control unit 201 receives the non-registration notification from the AD server 100, the control unit 201 displays on the monitor 251 that it is not registered in the AD server 100, and ends the process.
When receiving the deletion notification from the AD server 100, the control unit 201 deletes the CSI stored in the CSI storage unit 208 and stores “0” indicating unregistered. In addition, a deletion completion notification for notifying the AD server 100 that the deletion has been completed is transmitted.

(8) Playback unit 221
The reproduction unit 221 generates a video signal from the content received from the decoding unit 220, and outputs the generated video signal to the monitor 251. Further, it generates an audio signal from the received content and outputs the generated audio signal to the speaker 252.
3. In-vehicle equipment 300
As shown in FIG. 5, the in-vehicle device 300 includes a control unit 301, a secret key storage unit 302, a public key certificate storage unit 303, a CRL storage unit 304, a public key encryption processing unit 305, a CSI storage unit 308, and an ID storage unit 311. , A drive unit 312, an input unit 313, an input / output unit 316, decoding units 317, 318, 320, a reproduction unit 321, a monitor 322, and a speaker 323.

The in-vehicle device 300 is a computer system similar to the AD server 100, and a RAM or a hard disk unit stores a computer program. When the microprocessor operates according to the computer program, the in-vehicle device 300 achieves its function.
(1) Drive unit 312, input / output unit 316
The drive unit 312 reads the encrypted content key c from the DVD 500 and outputs it to the decryption unit 318. In addition, it reads the encrypted content and outputs it to the decryption unit 320.

The input / output unit 316 exchanges data with the IC card 400 under the control of the control unit 301.
(2) Private key storage unit 302, public key certificate storage unit 303, CRL storage unit 304, CSI storage unit 308, ID storage unit 311
The CRL storage unit 304 stores the latest CRL.

The ID storage unit 311 stores ID_3, which is an ID unique to the in-vehicle device 300.
The CSI storage unit 308 is a tamper-resistant area and stores “0” indicating no registration. When the CSI generated by the AD server 100 is received from the IC card 400, the received CSI is stored.
The public key certificate storage unit 303 stores the public key certificate Cert_3 issued by the CA. The public key certificate Cert_3 includes the public keys PK_3 and ID_3 of the in-vehicle device 300, and CA signature data Sig_CA3 for them.

The secret key storage unit 302 is a tamper-resistant area, and stores a secret key SK_3 corresponding to the public key PK_3.
(3) Public key encryption unit 305
The public key encryption processing unit 305 performs authentication with the IC card 400 under the control of the control unit 301, and establishes a SAC by a method described later. Also, it outputs the shared session key SK to decryption section 317 at this time.

(4) Decoding sections 317, 318, 320
Upon receiving the encrypted CSI from the IC card 400 under the control of the control unit 301, the decryption unit 317 performs a decryption algorithm D on the encrypted CSI using the session key SK received from the public key encryption processing unit 305, Is generated, and the generated CSI is output to the CSI storage unit 308.

Upon receiving the encrypted content key c from the drive unit when reproducing the content, the decryption unit 318 reads ID_3 from the ID storage unit 311 and reads CSI from the CSI storage unit 308. The read ID_3 and the CSI are linked in this order to generate a decryption key c. A decryption algorithm D is applied to the encrypted content key c using the decryption key c to generate a content key, and the generated content key is output to the decryption unit 320.

The decryption unit 320 receives the encrypted content from the drive unit 312 and receives the content key from the decryption unit 318. Using the received content key, a decryption algorithm D is applied to the encrypted content to generate a content, and the generated content is output to the playback unit 321.
(5) Control unit 301, input unit 313
When the IC card 400 is connected, the control unit 301 establishes SAC. At this time, “0” stored in the CSI storage unit 308 is used as CSI. If the device authentication fails, the process ends. When a registration completion notification is received from the IC card 400, the fact that the registration has been completed is displayed on the monitor 322, and the process is terminated. When receiving the encrypted CSI from the IC card 400 via the input / output unit 316, the control unit 301 controls the decryption unit 317 to decrypt the CSI, generates the CSI, and stores the generated CSI in the CSI storage unit 308. Further, it transmits a reception notification indicating that the CSI has been received to IC card 400.

The CSI is not copied from the vehicle-mounted device 300 to another device.
When receiving an input to view the content recorded on the DVD 500 from the input unit 313, the control unit 301 controls the drive unit 312 to read the encrypted content key c and the encrypted content from the DVD 500. The decryption unit 318 decrypts the encrypted content key c to generate a content key, and the decryption unit 320 decrypts the encrypted content to generate content. Also, it controls the reproducing unit 321 to reproduce the content.

(6) Playback unit 321, monitor 322, speaker 323
The reproduction unit 321 generates a video signal from the received content and outputs the video signal to the monitor 322, generates an audio signal and outputs it to the speaker 323, and reproduces the content.
4. IC card 400
As shown in FIG. 6, the IC card 400 includes a control unit 401, a secret key storage unit 402, a public key certificate storage unit 403, a CRL storage unit 404, a public key encryption processing unit 405, a CSI storage unit 408, and an ID storage unit 411. , An input / output unit 416, a decryption unit 417, an encryption unit 418, and an ID storage unit 420.

The IC card 400 can be connected to the AD server 100 and the in-vehicle device 300. Used when registering a device that cannot be connected to the AD server 100, such as the in-vehicle device 300, as a device in the AD.
(1) Private key storage unit 402, public key certificate storage unit 403, CRL storage unit 404, CSI storage unit 408, ID storage unit 411, ID storage unit 420
The CRL storage unit 404 stores the latest CRL.

The ID storage unit 411 stores ID_4, which is an ID unique to the IC card 400.
The CSI storage unit 408 is a tamper-resistant area, and stores “0” indicating that the client device is not registered when the client device is not registered in the AD server 100. When the CSI is generated by the AD server 100, the CSI acquired from the AD server 100 is stored in association with the number of copies “0”. Here, the number of copies is the number of times permitted to notify other client devices of the CSI.

The public key certificate storage unit 403 stores the public key certificate Cert_4 issued by the CA. The public key certificate Cert_4 includes the public keys PK_4 and ID_4 of the IC card 400 and the CA signature data Sig_CA4 for them.
The secret key storage unit 402 is a tamper-resistant area, and stores a secret key SK_4 corresponding to the public key PK_4.

The ID storage unit 420 is an area for storing an ID of a CSI copy destination.
(2) Public key encryption unit 405
The public key encryption processing unit 405 establishes a SAC with the AD server 100 under the control of the control unit 401, shares the session key SK, and outputs the shared session key SK to the decryption unit 417.

Further, SAC is established with on-vehicle device 300 to share session key SK, and the shared session key SK is output to encryption section 418.
(3) Decoding unit 417
Upon receiving the encrypted CSI via the input / output unit 416, the decryption unit 417 performs a decryption algorithm D on the encrypted CSI using the session key SK received from the public key encryption processing unit 405 under the control of the control unit 401. To generate CSI. The generated CSI is stored in the CSI storage unit 408.

(4) Encryption unit 418
Under the control of the control unit 401, the encryption unit 418 reads the CSI from the CSI storage unit 408, receives the session key SK from the public key encryption processing unit 405, and applies the encryption algorithm E to the CSI using the session key SK. To generate the encrypted CSI, and transmits the generated encrypted CSI to the vehicle-mounted device 300.

(5) Control unit 401, input / output unit 416
When connected to the AD server 100, the control unit 401 reads ID_4 from the ID storage unit 411, and transmits the read ID_4 to the AD server 100.
When receiving the CSI from the AD server 100, the control unit 401 controls the public key encryption unit 405 to establish a SAC with the AD server 100, share the session key SK, and receive the encrypted CSI. Then, decoding is performed by the decoding unit 417 to generate CSI, and the CSI is stored in the CSI storage unit 408.

When registering the in-vehicle device 300, upon receiving the permission right from the AD server 100, the control unit 401 adds “1” to the number of copies stored in association with the CSI, and Send notifications.
When connected to the in-vehicle device 300, the control unit 405 controls the public key encryption unit 405 to establish the SAC, and shares the session key SK. At this time, authentication is performed using the initial value “0” as the CSI, and it is determined from the authentication result whether or not the in-vehicle device 300 has not been registered. If the authentication has failed, it is determined that the registration has been completed, a registration completion notification is transmitted, and the process ends. If the authentication is successful, it is determined that the user has not been registered, and the ID_3 of the in-vehicle device 300 received at the time of authentication is stored in the ID storage unit 420. The control unit 401 reads out the CSI stored in the CSI storage unit 408, encrypts the CSI in the encryption unit 418, generates an encrypted CSI, and transmits the encrypted CSI to the in-vehicle device 300. Upon receiving the receipt notification from the in-vehicle device 300, the control unit 401 subtracts “1” from the number of copies, and ends the process.

When the control unit 401 is connected to the AD server 100, the control unit 401 reads ID_4 from the ID storage unit 411 and transmits the ID_4 to the AD server 100. Further, it reads the ID of the copy destination of the CSI from the ID storage unit 420, and transmits a copy notification including the read ID to the AD server 100. Upon receiving the receipt notification from the AD server 100, the process ends.
<Operation>
1. Operation of SAC The operation at the time of establishing the SAC will be described with reference to FIGS.

Note that this SAC establishment method is used for authentication between any of the AD server 100, the playback device 200, the in-vehicle device 300, and the IC card 400. Called B. The CSI used for authentication may be “0” indicating unregistered data, or may be a value generated by the AD server 100, but all are described as CSI here.

Here, Gen () is a key generation function, and Y is a parameter unique to the system. Also, the key generation function Gen () satisfies the relationship of Gen (x, Gen (y, z)) = Gen (y, Gen (x, z)). Note that the key generation function can be realized by any known technique, and thus details thereof will not be described here. As an example, reference (1) Shinichi Ikeno and Kenji Koyama, “Modern Cryptography Theory”, and the Diffie-Hellman (DH) public key distribution method are disclosed to the Institute of Telecommunications of Japan.

The device A reads out the public key certificate Cert_A (step S11) and transmits it to the device B (step S12).
The device B that has received the public key certificate Cert_A performs signature verification on the signature data Sig_CA included in the public key certificate Cert_A by using the public key PK_CA of the CA (step S13). . If the verification result is unsuccessful (NO in step S14), the process ends. If the verification result is successful (YES in step S14), the CRL is read (step S15), and it is determined whether or not the ID_A included in the public key certificate Cert_A and received is registered in the CRL (step S16). If it is determined that it has been registered (YES in step S16), the process ends. If it is determined that it has not been registered (NO in step S16), the public key certificate Cert_B of device B is read (step S17) and transmitted to device A (step S18).

{Circle around (2)} Upon receiving the public key certificate Cert_B, the device A performs the signature verification by applying the signature verification algorithm V to the signature data Sig_CA included in the public key certificate Cert_B using the public key PK_CA (step S19). If the verification result is unsuccessful (NO in step S20), the process ends. If the verification result is successful (step S20 YES), the CRL is read (step S21), and it is determined whether or not the received ID_B included in the public key certificate Cert_B is registered in the CRL (step S22). If it is determined that it has been registered (YES in step S22), the process ends. If it is determined that it has not been registered (NO in step S22), the process is continued.

The device B generates a random number Cha_B (step S23) and transmits it to the device A (step S24).
Upon receiving the random number Cha_B, the device A connects Cha_B and CSI in this order to generate Cha_B || CSI (step S25), and uses the secret key SK_A of the device A for the generated Cha_B || CSI. The signature generation algorithm S is performed to generate signature data Sig_A (step S26), and the generated signature data Sig_A is transmitted to the device B (step S27).

Upon receiving the signature data Sig_A, the device B performs signature verification by applying the signature verification algorithm V to the received signature data Sig_A using the PK_A included in Cert_A in step S12 (step S28). In this case (NO in step S29), the process ends, and in the case of success (YES in step S29), the process is continued.
The device A generates a random number Cha_A (step S30) and transmits it to the device B (step S31).

The device B connects the received Cha_A and CSI in this order to generate Cha_A || CSI (step S32), and adds the signature generation algorithm S to the generated Cha_A || CSI using the secret key SK_B of the device B. Is performed to generate signature data Sig_B (step S33), and the generated signature data Sig_B is transmitted to device A (step S34).
Upon receiving the signature data Sig_B, the device A performs signature verification by applying the signature verification algorithm V to the signature data Sig_B using the PK_B included in Cert_B and received in step S18 (step S35), and when the verification result fails ( (NO in step S36), and ends the process. In the case of success (YES in step S36), a random number “a” is generated (step S37), and Key_A = Gen (a, Y) is generated using the generated “a” (step S38), and the generated Key_A is generated. The data is transmitted to the device B (step S39).

When receiving the Key_A, the device B generates a random number “b” (step S40), and generates Key_B = Gen (b, Y) using the generated random number “b” (step S41). The generated Key_B is transmitted to the device A (step S42). Further, using the generated random number “b” and the received Key_A, Key_AB = Gen (b, Key_A) = Gen (b, Gen (a, Y)) is generated (step S43), and Key_AB and CSI are generated. Is used to generate a session key SK = Gen (CSI, Key_AB) (step S44).

Upon receiving Key_B, the device A generates Key_AB = Gen (a, Key_B) = Gen (a, Gen (b, y)) from the generated random number “a” and the received Key_B (step S45), and generates A session key SK = Gen (CSI, Key_AB) is generated using the obtained Key_AB and CSI (step S46).
2. Operation of Registering Playback Device 200 The operation of registering the playback device 200 in the AD server 100 will be described with reference to FIG.

Note that the AD server 100 has already confirmed whether the IC card 400 is connected and the IC card 400 is an attached IC card.
Upon receiving an input from the input unit 213 to start the registration process (step S51), the playback device 200 reads out the ID_2 from the ID storage unit 211 (step S52), and sends a registration request including the ID_2 to the AD server 100. It is transmitted (step S53).

With the AD server 100 as the device A and the playback device 200 as the device B, the SAC is established by the method described above (step S54). At this time, the AD server 100 uses “0” as the CSI, and the playback device 200 uses the CSI stored in the CSI storage unit 208.
The AD server 100 verifies the signature using “0” as the CSI in the signature verification in step S35. Therefore, if the verification result is successful, it is determined that the registration has not been performed, and if the verification result has failed, the registration has been completed. Is determined. When it is determined that the playback device 200 has not been registered, the registration information is read (step S55), and it is determined whether or not the remaining number is “0” (step S56). If it is “0” (YES in step S56), a registration refusal notice is transmitted to playback device 200 (step S57). If the remaining number is not "0" (NO in step S56), it is determined whether the registered number is "0" (step S58). If it is “0” (YES in step S58), CSI is generated by CSI generating section 107 (step S59). If the registered number is not “0” (NO in step S58), the CSI is read from the CSI storage unit 108 (step S60). The generated or read CSI is subjected to an encryption algorithm E by using the session key SK in the encryption unit 119 and encrypted to generate an encrypted CSI (step S61), and the encrypted CSI is transmitted to the playback device 200 (step S61). Step S62).

When the playback device 200 receives the registration disable notification, the playback device 200 displays on the monitor 251 that registration is not possible (step S63), and ends the process. When receiving the encrypted CSI, the decryption unit 217 decrypts the encrypted CSI to generate CSI (step S64), and stores the CSI in the CSI storage unit 208 (step S65). In addition, a reception notification is transmitted to the AD server 100 (step S66).

Upon receiving the receipt notification from the playback device 200, ID_2 is written in the device ID of the registration information, “1” is added to the registered number, and “1” is subtracted from the remaining number (step S67).
3. Operation of Registering In-Vehicle Device 300 (1) The operation when the AD server 100 permits the IC card 400 to copy the CSI will be described with reference to FIG.

When the IC card 400 is connected to the AD server 100, the IC card 400 reads ID_4 from the ID storage unit 411 (Step S71) and transmits ID_4 to the AD server 100 (Step S72).
Upon receiving the ID_4, the AD server 100 reads the IC card ID from the registration information (Step S73), and determines whether the received ID matches the read ID (Step S74). If they do not match (NO in step S74), the fact that the connected IC card is not an attached IC card is displayed on display unit 114 (step S75), and the process ends. If they match (YES in step S74), the process is continued. As described above, it is confirmed whether the connected IC card is the attached IC card, and when the confirmation is completed, the process waits until an input is received.

When input unit 113 receives an input indicating that CSI is to be recorded on IC card 400 (step S76), control unit 101 reads the remaining number from registration information storage unit 106 (step S77), and sets the remaining number to “0”. Is determined (step S78). If it is "0" (YES in step S78), the fact that registration is not possible is displayed on the display unit 114 (step S79). If the remaining number is not “0” (NO in step S78), a permission to permit CSI copying once is transmitted to IC card 400 (step S80).

Upon receiving the permission right from the AD server 100, the IC card 400 adds “1” to the number of copies (step S81), and transmits a receipt notification to the AD server 100 (step S82).
Upon receiving the receipt notification, the AD server 100 adds “1” to the number registered in the registration information, subtracts “1” from the remaining number (step S83), and ends the process.

(2) The operation when copying the CSI from the IC card 400 to the in-vehicle device 300 will be described with reference to FIG.
When the IC card 400 is connected to the in-vehicle device 300, the processes in steps S71 to S75 are performed to confirm the IC card ID. Further, the IC card 400 is used as the device A and the in-vehicle device 300 is used as the device B to perform the SAC establishment process, and share the session key SK (step S91). At this time, the IC card 400 performs authentication using the CSI initial value “0”, and the in-vehicle device 300 performs authentication using the value stored in the CSI storage unit 308.

The control unit 401 of the IC card 400 verifies the signature using “0” as the CSI in the signature verification in step S35. Therefore, if the verification result is successful, it is determined that the registration has not been performed. It is determined that it has been completed. If it is determined that the registration has been completed (NO in step S92), a registration disable notification is transmitted to in-vehicle device 300 (step S93), and the process ends. If it is determined that it is not registered (YES in step S92), the ID_3 of the in-vehicle device 300 received in step S18 is stored in the ID storage unit 420 (step S94). Upon receiving the session key SK from the public key encryption processing unit 405, the encryption unit 418 reads the CSI from the CSI storage unit 408 (Step S95). The CSI is encrypted using the session key SK to generate an encrypted CSI (step S96), and the generated encrypted CSI is transmitted to the in-vehicle device 300 via the input / output unit 416 (step S97).

(4) When the control unit 301 of the in-vehicle device 300 receives the registration refusal notice from the IC card 400, it displays that the registration has been completed on the monitor 322 (step S98), and ends the registration processing. When the encrypted CSI is received from the IC card 400, the decryption unit 317 receives the session key SK from the public key encryption processing unit 305, and decrypts the encrypted CSI using the session key SK to generate CSI (step S99). Then, the generated CSI is stored in the CSI storage unit 308 (step S100). In addition, a receipt notification is transmitted to IC card 400 (step S101).

When receiving the receipt notification from the in-vehicle device 300, the IC card 400 subtracts “1” from the number of copies (Step S102), and ends the process.
(3) Operation when Notifying AD Server 100 that CSI has been Copied When AD card 400 is connected to AD server 100, AD server 100 checks the ID of IC card 400 and checks the attached ID. It confirms that it is an IC card, and when it is confirmed, it waits until an input is received.

The IC card 400 reads ID_3, which is the copy destination ID, from the ID storage unit 420, and transmits a copy notification including ID_3 to the AD server 100.
Upon receiving the copy notification, the AD server 100 stores the ID_3 included in the copy notification as the device ID in the registration information. Further, a receipt notification is transmitted to IC card 400, and the process ends.

IC card 400, upon receiving the receipt notification from AD server 100, ends the process.
4. Operation 1 of content delivery
The operation of distributing content from the AD server 100 to the playback device 200 and playing back the content will be described with reference to FIG.

Upon receiving the input to acquire the content from the input unit 213 (Step S121), the playback device 200 transmits a content delivery request to the AD server 100 (Step S122).
The AD server 100 and the playback device 200 establish a SAC (Step S123). At this time, authentication is performed using the CSI stored in each CSI storage unit.

In the process of step S35, the AD server 100 confirms that the playback device 200 is a device in the same AD.
If the authentication has failed (NO in step S124), AD server 100 transmits a delivery failure notification to playback device 200 (step S125), and ends the process. If the authentication is successful (YES in step S124), the AD server 100 reads the encrypted content key a from the content key storage unit 118 (step S126), decrypts it with the decryption unit 117 (step S127), and further encrypts Encrypting section 110 generates encrypted content key s by encrypting using session key SK shared at the time of authentication (step S128), and transmits generated encrypted content key s to playback device 200 (step S128). S129). In addition, the encrypted content is read from the content storage unit 109 (step S130) and transmitted to the playback device 200 (step S131).

When the playback device 200 receives the delivery failure notification, the playback device 200 displays on the monitor 251 that delivery is impossible (step S132), and ends the process. When receiving the encrypted content key s, the decryption unit 217 decrypts the content key using the session key SK to generate a content key (step S133), and outputs the generated content key to the decryption unit 220. Using the content key received from the decryption unit 217, the decryption unit 220 applies the decryption algorithm D to the encrypted content received from the AD server 100 to generate the content (step S134), and outputs the content to the playback unit 221. The reproduction unit 221 generates a video signal and an audio signal from the received content, outputs the video signal and the audio signal to the monitor 251 and the speaker 252, and reproduces the content (Step S135).

5. Operation 2 of content delivery
The operation when the content received from the AD server 100 is temporarily stored in the playback device 200 and then played back will be described with reference to FIG.
The same processing is performed from step S121 to step S130.
The decryption unit 217 decrypts the encrypted content key s to generate a content key (step S141), and outputs the generated content key to the encryption unit 218. The encryption unit 218 reads CSI from the CSI storage unit 208 and reads ID_2 from the ID storage unit 211 (step S142). ID_2 and CSI are concatenated in this order to generate ID_2 || CSI (step S143), which is used as the encryption key b. The content key is encrypted using the generated encryption key b to generate an encrypted content key b (step S144), and the encrypted content key b is stored in the content key storage unit 219 (step S145). When receiving the encrypted content from the AD server 100, the encrypted content is stored in the content storage unit 209 (step S146).

Upon receiving an input from the input unit 213 to reproduce the stored content (step S147), the decryption unit 217 reads out the encrypted content key b from the content key storage unit 219 (step S148). In addition, the CSI is read from the CSI storage unit 208, the ID_2 is read from the ID storage unit 211 (step S149), and ID_2 and CSI are linked to generate ID_2 || CSI (step S150), which is used as a decryption key. A decryption algorithm D is applied to the encrypted content key b using the generated decryption key to generate a content key (step S151), and the generated content key is output to the decryption unit 220. The decryption unit 220 and the playback unit 221 perform the processes of steps S132 to S133 and play back the content.

6. Operation when Recording on DVD The operation when writing content to the DVD 500 by the AD server 100 will be described with reference to FIG.
When receiving the input to record the content on the DVD from the input unit 113 (step S161), the AD server 100 reads the encrypted content key a from the content key storage unit 118 (step S162), and reads the encrypted content key a from the ID storage unit 111. ID_1 is read, and CSI is read from the CSI storage unit 108 (step S163). The decryption unit 117 generates a decryption key by linking the ID_1 and the CSI (step S164), and decrypts the encrypted content key a using the generated decryption key to generate a content key (step S165). The encrypted content key is output to encryption section 110. Upon receiving the content key, the encryption unit 110 reads the device ID from the registration information storage unit 106 and reads the CSI from the CSI storage unit 108 (Step S166). The read ID_2 and the CSI are linked to generate an encryption key b, and the ID_3 and the CSI are linked to generate an encryption key c (step S167). The content key is encrypted using the generated encryption keys b and c, respectively, to generate the encrypted content keys b and c (step S168). The generated encrypted content key b and encrypted content key c are written to the DVD 500 (step S169). In addition, the encrypted content is read from the content storage unit 109 (step S170), and written to the DVD 500 (step S171).

7. Operation of Withdrawing Playback Device 200 The operation when the playback device 200 withdraws from the AD server 100 will be described with reference to FIG.
The AD server 100 is connected to the IC card 400 and has already confirmed the IC card ID.

Upon receiving the input of withdrawal from the input unit 213 (step S181), the playback device 200 reads out ID_2 from the ID storage unit 211 (step S182), and transmits a withdrawal request including the ID_2 to the AD server 100 (step S182). Step S183).
The AD server 100 and the playback device 200 perform authentication and establish SAC (Step S184). At this time, authentication is performed using the CSI stored in each CSI storage unit.

In the process of step S35, the AD server 100 determines whether or not the playback device 200 has been registered as an AD device. If the device has not been registered (NO in step S185), an unregistered notification is sent to the playback device 200. The data is transmitted (step S186). If registered (YES in step S185), a CSI deletion notification is transmitted (step S187).
Upon receiving the notification of non-registration, the playback device 200 displays on the monitor 322 that the content has not been registered (step S188), and ends the process. Upon receiving the deletion notification, the CSI is deleted from the CSI storage unit 208 (step S189). Further, a deletion completion notification is transmitted to the AD server 100 (step S190).

Upon receiving the deletion completion notification, the AD server 100 deletes ID_2 from the device ID, subtracts “1” from the registered number, and adds “1” to the remaining number (step S191).
<Other modifications>
Although the present invention has been described based on the above embodiment, it is needless to say that the present invention is not limited to the above embodiment. The following cases are also included in the present invention.

(1) In the present embodiment, when registering a device that is not connected to the AD server 100, the CSI is copied using the IC card 400. However, the CSI may be moved between client devices.
An example will be described in which the CSI is moved from the playback device 200 to the playback device 200n and the playback device 200n is registered as an AD device.

Connect the playback device 200 and the playback device 200n, and operate the playback device 200n to transmit a movement notification to the playback device 200. The playback device 200 and the playback device 200n establish a SAC and generate a session key SK. The playback device 200 encrypts the CSI using the session key SK and transmits the encrypted CSI to the playback device 200n. The playback device 200n decrypts and stores the encrypted CSI using the session key, and stores the ID of the playback device 200 that is the transfer source received when the SAC is established. In addition, a reception notification is transmitted to playback device 200. Upon receiving the acknowledgment, the playback device 200 deletes the CSI in the CSI storage unit 208 and stores “0”.

The playback device 200n is connected to the AD server 100, and when the SAC is established, notifies the AD server 100 that the CSI has been moved, transmits the source ID and the ID of the playback device 200n, and 100 rewrites the device ID of the registration information.
(2) The IC card 400 is a device attached to the AD server 100. However, the IC card 400 does not have to be attached.

Similarly to other client devices, the IC card 400 establishes SAC when connected to the AD server 100, registers ID_4 as a device ID, and acquires CSI.
When recording the content key on the DVD 500, the AD server 100 encrypts the content key using an encryption key generated by linking ID_4 of the IC card 400 and CSI.
When the DVD 500 is mounted and the IC card 400 is connected, the in-vehicle device 300 establishes a SAC with the IC card 400 and shares a session key.

The IC card 400 connects the ID_4 stored in the IC card 400 with the CSI to generate a decryption key, encrypts the decryption key using the session key SK to generate an encrypted decryption key, and Send to 300.
The in-vehicle device 300 decrypts the encrypted decryption key using the session key SK to generate a decryption key, decrypts the encrypted content key read from the DVD to generate a content key, and uses the content key to encrypt the encrypted content. And play the content.

{Circle around (2)} As described in (1) above, the same processing as in the case of moving CSI between clients may be performed, and the CSI may be moved from the IC card to the vehicle-mounted device 300. In this case, similarly to the IC card 400 of the first embodiment, an IC card that is not attached may have a function of notifying the AD server 100 of the movement. The IC card that has moved the CSI to the in-vehicle device 300 prohibits the movement of the CSI without deleting the CSI on the spot, and deletes the CSI after notifying the AD server 100 of the movement.

(3) When registering a device which is not connected to the AD server 100 using the IC card 400, the permission right or CSI may be transmitted from the AD server 100 to the IC card 400 via the network.
As an example, when the IC card 400 is connected to a client device such as a PC having a function of connecting to a network and communicating, the IC card 400 performs a process of establishing a SAC using the communication function of the PC and performs permission processing. Receive rights or CSI.

The client device having the communication function is not limited to a PC, but may be a PDA, a mobile phone, or the like.
(4) In the present embodiment, the content is delivered from the AD server 100 to the client device or recorded on a DVD and distributed. However, a SAC is established between the client devices to generate a session key SK, and the content is transmitted to the client device. May be delivered.

(5) In the present embodiment, the in-vehicle device 300 is registered using the IC card 400, but the withdrawal process may be performed using the IC card 400 in the same manner.
In this case, the in-vehicle device 300 connected to the IC card 400 is operated to transmit a withdrawal request to the IC card 400, and the IC card 400 establishes the SAC and confirms that the in-vehicle device 300 has been registered. Then, a deletion notification is transmitted to the in-vehicle device 300. The in-vehicle device 300 deletes the CSI and transmits a deletion completion notification to the IC card 400. Upon receiving the deletion completion notification, the IC card 400 stores the ID of the on-vehicle device 300 withdrawn. When the IC card 400 is connected to the AD server 100, the IC card 400 notifies the AD server 100 of the withdrawal of the in-vehicle device 300 and the ID of the in-vehicle device 300. The AD server 100 deletes the ID of the in-vehicle device 300 from the device ID, subtracts “1” from the registered number, and adds “1” to the remaining number.

(6) In the present embodiment, the AD server 100 checks whether the counterpart device is unregistered or registered based on the CSI value stored in the counterpart device in signature verification when establishing SAC. However, an ID may be received from a device to be authenticated, and whether the device is unregistered or registered may be confirmed based on whether the received ID is stored in the device ID of the registration information. Alternatively, all the client devices registered as devices in the AD may store the registered ID, and the registration and non-registration may be similarly confirmed between the client devices using the ID.

(7) When registering a device that is not connected to the AD server 100, the IC card 400 is used. However, the AD server 100 displays the CSI on the display unit 114, and the user manually inputs the CSI to the client device. You may do it. In this case, the input code may be a value obtained by encrypting the CSI depending on the device or session.
(8) In the present embodiment, when establishing the SAC and encrypting and transmitting the CSI, the cipher text may be transmitted with the signature data of the device transmitting the encrypted CSI.

(9) In the present embodiment, the registration information and the CSI are stored inside each device. However, the registration information and the CSI may be stored in an area that is removable and cannot be read, written, and copied without permission.
(10) In the present embodiment, the device ID and CSI or the random number and CSI are used in combination as an encryption key for encrypting the content or a decryption key for decrypting the content. Instead, a calculation may be performed using the ID and CSI of the device or a random number and CSI, and a value obtained as a result may be used.

(11) In the present embodiment, the maximum number, the registered number, and the remaining number are managed as the registration information, but the present invention is not limited to this.
The maximum number may be set as the initial value of the remaining number, and each time the registration is performed, the remaining number may be decreased by “1”, and if the remaining number is not “0”, the client device may be registered. Further, the maximum number and the number of registered devices may be managed, and if the number of registered devices is equal to or less than the maximum number, the client device may be registered.

(12) Regarding the number of devices in the registration information, a device connected online with the AD server 100 and a device to be registered using the IC card 400 are separated and the maximum number, the number of registered devices, and the like are managed. good.
(13) In the present embodiment, the management is performed based on the registration information stored in the AD server 100. However, a separate management organization may be provided and the following (a) to (c) may be performed.

(A) The management organization sets the maximum number, attaches the signature data of the management organization to the maximum number, records the maximum number on a portable recording medium such as a DVD, and distributes the distribution or via communication. The AD server 100 verifies the signature data, and if the verification result is successful, stores it as the maximum number.
(B) The AD server 100 requests the number of devices to be registered from the management organization. The management institution performs charging according to the number, and when the charging is successful, transmits information for permitting registration of the requested number to the AD server 100, and upon receiving the information, the AD server 100 is permitted. Accept registration of client devices within the range of the number.

(C) The AD server 100 issues a request to the management organization each time it receives registration from the client device, and the management organization charges the request, and when the charging is successful, permits the registration. When permitted, the AD server 100 registers the client device and transmits the CSI.
(14) Although the playback device 200 plays back the content delivered from the AD server 100, the playback device 200 may have a DVD playback function and play back the content recorded on the DVD 500 by the AD server 100.

In addition, the AD server 100 is assumed to link all the device IDs stored in the registration information with the CSI and use them for encrypting the content key. However, the server ID in the device having the function of reproducing the DVD is stored in advance. It is also possible to extract the ID of a device that can play back a DVD and link it to the CSI to use for encrypting the content key.
(15) In the present embodiment, the AD server 100 records the content on a DVD. However, the AD server 100 may record the content on a memory card, MD, MO, CD, BD (Blu-ray Disk), or an IC card. Alternatively, the content may be recorded in a file.

The client device may be a recording device other than the reproducing device, or may be a combination thereof. Further, the client device may be a portable device that is installed in the user's home or mounted on a vehicle, or that can be carried by the user.
(16) Since the IC card 400 is directly connected to the AD server 100 or the in-vehicle device 300, it is not necessary to perform the SAC establishment process.

(17) When establishing the SAC, signature data is generated for data obtained by concatenating CSI with a random number Cha_B or Cha_A. The hash value of the data to be signed is calculated, and the signature data is It may be generated.
(18) When establishing the SAC, the CSI is used when determining whether the authentication partner device is unregistered or registered and when sharing the key. However, it may be used for either one.

Further, in the present embodiment, the authentication is performed in both directions, but may be one-way authentication.
(19) The registration of client devices may be limited by time.
The time is adjusted between the AD server 100 and the client device. The AD server 100 sets a period during which the use of the CSI is permitted, sets the period as validity period information, transmits the validity period information and the CSI to the client device, and subtracts “1” from the registered number.

The client device receives and stores the expiration date information and the CSI. When the period indicated by the expiration date ends, the CSI is deleted.
When the period indicated by the expiration date information ends, the AD server 100 adds “1” to the registered number. If the device ID is stored, the ID of the expired device is deleted.
The expiration date information may be information indicating the start and end dates and times of the expiration date, or may be information indicating only the end dates and times. Further, the period from the start of using the CSI may be limited, or the period during which the client device operates using the CSI may be limited.

(20) In the present embodiment, it has been described that there is one AD server, but one AD may have a plurality of AD servers.
In this case, the client device can select which AD server to communicate with. The selection method may be set by the user, or the client device may select an AD server that is the shortest distance from the client in the AD. Further, among the servers in the AD, a server with a high processing capacity or an AD server with few other tasks may be selected.

Further, as described below, when the AD server requested to register from the client device cannot register the client device anymore, it may search for another AD server that can be registered.
The client device transmits a registration request to one AD server. When the registration number matches the maximum number, the AD server that has received the registration request inquires of another AD server whether the client device can be registered. When the registration is possible, the other AD server registers the requesting client device, responds that the registration is possible to the AD server, and the AD server transmits the CSI to the client device.

If another AD server responds that it cannot be registered, the AD server inquires of another AD server.
Alternatively, a representative AD server may be determined among a plurality of AD servers, and the representative server may manage all the devices in the group. In this case, when the AD server that is not the representative receives the registration request from the client device, it inquires whether the registration is possible with the representative server. If the registration is possible, the client device is registered with the representative server and receives the request from the representative server. The CSI is received via the server in the AD.

Note that the AD server that has received the request may make an inquiry to another AD server when, for example, performing another process.
Also, as in the following (a) and (b), a list of registered devices may be shared between a plurality of AD servers in order to manage the number of registered devices.
(A) When the AD server R and the AD server S in the same AD each register a client device, the ID of the registered device is stored as a device list. Each time the list is updated by writing the ID, the version number is stored in association with the device list.

The servers R and S in the AD exchange the device list regularly or irregularly. The AD server R compares the version number of the device list stored by itself with the version number of the device list received from the AD server S, and stores the newer one as the device list. The AD server S performs the same processing. As a result, the latest device list can always be shared.

The device list may be exchanged every time the device list of one AD server is updated. Further, not only the device list but also the registration information such as the registered number and the maximum number may be shared in the same manner as described above.
(B) The AD server T and the AD server U in the same AD hold a device list T and a device list U, respectively, and when registering a client device, associate the device ID with the registered time. Store. The AD server T and the AD server U exchange the device list regularly or irregularly.

If the number of registrations stored as registration information is less than the maximum number, the server T in the AD stores the newly registered client devices in the device list U received from the server U in the AD in the order of registration. Writes in the device list T held by. Similarly, the AD server U receives the device list T and updates the device list U in the newly registered order.
It is also possible to assign priorities to the client devices in advance, and to register devices with higher priorities with priority. If the total number of client devices newly registered in the servers T and U in the AD exceeds the maximum number, a device having a higher priority may be registered preferentially, or a user may select a device to be registered. good.

According to this method, even if one AD server is turned off, it can be registered in the other AD server, and when the other AD server is updated, the device list is exchanged to maintain consistency. The same device list can be shared between servers in the AD.
(21) In order to avoid duplication of the CSI of each AD, information may be exchanged between servers within the AD that manage the respective ADs, and it may be confirmed whether or not the ADs are duplicated.

In addition, in order to enhance security, the AD server may input each CSI to a hash function, calculate a hash value, exchange the hash values, and check whether the hash values are duplicated.
Instead of the CSI being generated by the AD server, a management institution may be provided, and the management institution may generate the CSI of all the ADs so as not to be duplicated, and may safely send the CSIs to the respective AD servers.

(22) The client device may belong to a plurality of ADs.
Further, the client device may limit the number of ADs that can be registered by limiting the number of CSIs that can be stored. Further, the configuration may be such that each AD server exchanges list information of registered client devices to limit the number of ADs that can be registered by one client device. Further, by exchanging the list information, it is possible to confirm how many ADs the client device belongs to.

Separately, a management institution for managing the number of ADs registered by the client device may be provided.
Further, one AD server may manage a plurality of ADs. In this case, the number of AD servers that can store different CSIs is limited, and ADs within this number can be managed. The AD server may store the number of client devices that can be registered for each CSI, or may store the CSI and the group ID in association with each other.

(23) An identifier is assigned to each of the ADs, and when the content is delivered, the content delivery source device may embed the identifier of the AD registered by the device as a digital watermark in the content.
Thus, when the client device illegally distributes the decrypted content to the outside of the AD, it is possible to specify from which AD the content leaked. Further, when the server that distributes the content manages the ID of the client device registered in each AD, the ID of the client device that has leaked the content may be included in the CRL.

(24) In the present embodiment, the content is delivered after the device is authenticated, but the present invention is not limited to this.
When distributing content, authentication may not be performed as described below.
The device on the content transmitting side generates an encryption key based on the CSI. The content key is encrypted using the generated encryption key, and the encrypted content and the encrypted content key are delivered.

Upon receiving the encrypted content and the encrypted content key, the receiving device generates the same decryption key as the encryption key based on the CSI. The content key is generated by decrypting the encrypted content key using the generated decryption key, and the content is generated by decrypting the encrypted content using the content key.
According to this, only the device that holds the CSI can generate the decryption key and decrypt the content.

In addition, only the encrypted content is delivered without authentication, and then the session key is shared by performing authentication in the same manner as in the embodiment. If the authentication is successful, the content key is encrypted and delivered using the session key. It is good.
Note that the encrypted content may be delivered by communication, or may be recorded on a portable recording medium and distributed.

Further, in addition to delivering the content in response to a request from the receiving device, the transmitting device may determine and deliver the content without request, or may deliver the content according to an external input.
(25) In the present embodiment, the CSI storage unit stores “0” as an initial value. When the CSI generated by the AD server 100 is acquired, the acquired CSI is overwritten. The CSI may be stored in another area. When the acquired CSI is stored in an area different from the initial value, use of the initial value may be suppressed.

Note that the initial value whose use has been suppressed is activated again when the CSI is deleted due to movement or withdrawal.
Although “0” is stored as a value indicating non-registration, the value may not be “0” and may be any value other than a value generated as CSI.
(26) In the present embodiment, the AD server 100 permits the IC card 400 to copy the CSI once, but may grant the permission multiple times.

Also, the IC card 400 authenticates the client device using the CSI, stores the ID of the client device to which the CSI has been copied, and confirms the ID of the client device when copying, so that the same client device can be used. Copying of the CSI multiple times may be prevented.
Further, the function of performing the registration processing of the client device may be mounted on the IC card, and the device to which the IC card is connected may operate as the AD server.

Further, the client device may register with the AD server as a representative of the plurality of client devices, and receive the right to copy the CSI to the other plurality of client devices. An example will be described below with reference to FIG.
An AD server 600 and a client device 601 are installed at the user's house, and the client device 601 is already registered in the AD server 600. The AD server 600 stores the maximum and the remaining number as registration information. Here, it is assumed that the maximum is 4 and the remaining number is 3.

(4) The vehicle owned by the user has on-board devices 602, 603, and 604 that are not registered in the AD server 600. The in-vehicle devices 603 and 604 do not have a function of directly communicating with the AD server 600. The in-vehicle device 602 is portable and has a function of directly communicating with the AD server 600. Further, the in-vehicle devices 602 to 604 can be connected and communicate with each other.

When the in-vehicle device 602 is connected to the AD server 600 as a representative of the in-vehicle device, the in-vehicle device 602 transmits a registration request including the desired number 3, which is the number of client devices to be registered, to the AD server 600.
Upon receiving the registration request, AD server 600 authenticates in-vehicle device 602 and shares a session key as in the embodiment. If the authentication is successful, it is determined whether the desired number included in the registration request is equal to or less than the remaining number stored as the registration information. If it is determined that the remaining number is equal to or less than the remaining number, the stored CSI is read, and the read CSI and a permission right for permitting registration of three units are encrypted using a session key, and the encrypted CSI is mounted on the vehicle as encryption right information. The data is transmitted to the device 602.

(4) Upon receiving the encrypted right information, the in-vehicle device 602 decrypts the encrypted right information using the session key, and generates the CSI and the permission right. Also, by storing the generated CSI, the permission right indicating that one of the permission rights has been used and the remaining two can be registered is stored. In addition, authentication is performed with each of the in-vehicle devices 603 and 604, and if the authentication is successful, the CSI is transmitted, and the permission right for the number of transmitted devices is reduced.

Thus, the in-vehicle devices 602 to 604 can be registered as client devices.
If the remaining number is less than the desired number, a permission to permit registration is transmitted for the number indicated by the remaining number. For example, when the permission right for two devices is transmitted, the in-vehicle device 602 uses the permission right for one device by storing the CSI and transmits the CSI to one of the in-vehicle devices 603 and 604. Use one vehicle's permission. The device to which the CSI is to be transmitted may be selected by the user, or each device may have a priority in advance and transmit to a device having a higher priority.

When registering the IDs of the in-vehicle devices in the AD server 600 when the in-vehicle devices 602 to 604 are registered in the AD server 600, the following process is performed.
The in-vehicle device 602 acquires the IDs of the in-vehicle devices 603 and 604 before registration. When registering in the AD server 600, the acquired ID and the ID of the vehicle-mounted device 602 itself are transmitted to the AD server 600. The AD server 600 stores the received ID as a device ID. When the remaining number is less than the desired number, the AD server 600 stores the IDs of the received IDs corresponding to the number indicated by the remaining number. In this case, the ID to be registered may be selected by the user, or the IDs may be assigned priorities in advance, and the IDs for the number indicated by the remaining number may be stored in order from the ID having the highest priority.

In addition, the in-vehicle device 602 can return to the AD server 600 when the permission right is left.
Although the in-vehicle device 602 acquires the permission right including the right of the in-vehicle device 602, the in-vehicle device 602 is registered in the AD server 600 as in the embodiment, and the CSI is transmitted to the in-vehicle devices 603 and 604. May be obtained.

(27) One AD may be formed by combining a plurality of ADs.
As an example, a case where AD_G is formed by combining AD_E and AD_F will be described with reference to FIG.
AD_E and AD_F are each composed of one AD server and a plurality of client devices (not shown). The AD server E in AD_E can register a maximum of m client devices, and each device in AD_E holds CSI_E. Also, the AD server F of AD_F can register a maximum of n client devices, and each device in AD_F holds CSI_F.

AD_G is formed from these two ADs. First, a device to be the AD server G that manages AD_G is determined between the AD server E and the AD server F. At this time, it may be determined based on the processing performance, the priority of each AD server, or the user. The AD server that is not the AD server G is registered in AD_G as a client device.
The number k that can be registered in the AD server G is m, n, or an average of m and n. Further, the AD server G generates a new CSI_G, authenticates each client device, and transmits the CSI_G to the successfully authenticated device.

If the total number of devices forming AD_E and AD_F exceeds the number k, the device to be registered is selected. In this case, the server G in AD may select the priority order set in advance down, or the user may select it.
As described above, one AD is newly formed from two ADs, and one AD may be added to the other AD. When AD_F is added to AD_E, the device in AD_F is registered in AD server E as a client device of AD_E, and holds CSI_E. At this time, if the number of client devices to be registered exceeds m at the maximum, the device to be registered is selected as described above.

Note that m, n, and k are positive integers.
(28) One AD may be divided into a plurality of ADs.
As an example, a case where AD_I and AD_J are formed from AD_H will be described with reference to FIG.
The AD_H includes an AD server H that manages devices in the AD_H, and a plurality of client devices (not shown).

The AD server H can register p (p is a positive integer) client devices, and each device in AD_H stores CSI_H.
When forming the AD_I and AD_J, the AD server H selects a new device to be the AD server I and the AD server J from the client devices in the AD_H. At this time, a device having a high processing capability may be used as the AD server, or may be selected based on the priorities assigned to the devices in advance. Further, the selection may be made by the user, or may be made based on the processing capability, priority, and the like among the client devices. Note that the AD server H may form a new AD as the AD server I or the AD server J.

After the division, the client devices belonging to each are selected. At this time, each AD server may select it based on the priority order, or the user may select it. Each of the AD servers I and J can register a maximum of p client devices. When a client device of each AD is selected, the AD server I generates CSI_I and transmits the generated CSI_I to the selected client device. Similarly, the AD server J also generates CSI_J and transmits it to the client device.

The AD servers I and J may authenticate each time a client device is selected, or may authenticate when transmitting a newly generated CSI.
Further, as described above, in addition to forming two new ADs from one AD, one new AD is formed from AD_H, and divided into two, the base AD_H and the new AD. good.

(29) When the power of the client device is turned off, the CSI may be temporarily deleted while the client device is registered in the AD server.
In this case, when the client device is registered in the AD server, the AD server stores the ID of the client device and transmits the CSI.
When the client device stores the received CSI, the client device can use the content as an AD device. Upon receiving the power-off instruction, the client device deletes the CSI and turns off the power. At this time, the client device ID stored in the AD server is not deleted.

When the power of the client device is turned on again, the client device transmits the ID to the AD server. The AD server determines whether the stored ID has an ID that matches the received ID, and if there is a matching ID, retransmits the CSI to the client device without updating the registration information. I do.
Note that, similarly, when the wired or wireless communication is interrupted, the CSI may be deleted once, and when the communication is re-established, the ID may be transmitted and the CSI may be acquired again.

(30) In the present embodiment, authentication is performed using CSI. However, the following authentications (a) to (c) may be added.
(A) It authenticates that the client device is connected to the same home LAN as the AD server by using a MAC address, an IP address, and a code unified in the system. This makes it difficult to register another person's client device.

In the case where the server in the AD and the client device communicate wirelessly, the authentication may be performed within the range of radio waves.
When the server in the AD and the client device can communicate with each other, the server transmits the authentication data from the server in the AD to the client device. When the client device receives the data for authentication, the client device transmits response data to the server in the AD. . The AD server measures the time from transmitting the authentication data to receiving the response data. If the measured time is within a preset threshold, it is assumed that the server is installed in the same house. You may authenticate.

Further, a TTL (Time To Live) value may be set within the number of routers in the house so that communication with devices outside the house cannot be performed.
Alternatively, it may be determined whether or not they are installed in the same house by determining whether or not they are connected to the same power supply.
(B) A password is set in the AD server in advance, and when registering the client device, the user manually inputs the password into the client device. The client device transmits a registration request including the input password to the AD server, and the AD server determines whether the password received in the registration request matches a preset password.

A plurality of passwords may be set, for example, each family may set their own password. Further, an ID for identifying each user and a password may be combined.
(C) Instead of the password in (b), biometrics information such as a fingerprint and an iris may be used. As a result, only a preset person can register a client device.

(31) The initial values held by the client device may be the following (a) to (c).
(A) The client device holds one initial value indicating that it is not registered in the AD server. When registered in the AD server, use of the initial value is suppressed.
(B) The client device holds a plurality of initial values corresponding to a plurality of AD servers. When registering with any of the plurality of AD servers, authentication is performed using the initial value corresponding to the AD server, and when registered, the use of the corresponding initial value is suppressed. Further, when registered in another AD server, use of the initial value corresponding to the other AD server is suppressed.

The respective initial values may be identified in association with the group identifier.
(C) The client device holds an initial value indicating that it has not been registered in any of the plurality of AD servers. When registered in any AD server, use of the initial value is suppressed.
(32) The present invention may be the method described above. Further, the present invention may be a computer program that realizes these methods by a computer, or may be a digital signal including the computer program.

Also, the present invention provides a computer-readable recording medium for the computer program or the digital signal, for example, a flexible disk, hard disk, CD-ROM, MO, DVD, DVD-ROM, DVD-RAM, BD (Blu-ray Disc) ), A semiconductor memory or the like. Further, the present invention may be the computer program or the digital signal recorded on these recording media.

In the present invention, the computer program or the digital signal may be transmitted via an electric communication line, a wireless or wired communication line, a network represented by the Internet, or the like.
The present invention may be a computer system including a microprocessor and a memory, wherein the memory stores the computer program, and the microprocessor operates according to the computer program.

Further, the program or the digital signal is recorded on the recording medium and transferred, or the program or the digital signal is transferred via the network or the like, so that it is implemented by another independent computer system. It may be.
(33) The above embodiments and the above modifications may be combined.
<< Content replication management system 1000 >>
The above-described group formation management system 1 has a configuration in which free transmission and reception of content is performed in a group formed by the AD server 100. In the following, as a modified example of transmission and reception of content, copy restriction is applied to content. A description will be given of a content copy management system 1000 that manages transmission and reception of content in accordance with copy restrictions.

The content copy management system 1000 receives content broadcast from a broadcasting station, or receives content transmitted via a network, and divides the received content with members in a group formed by the AD server 100. The system to use. Hereinafter, a description will be given based on an example in which content is broadcast from a broadcasting station.
<Structure>
Here, the configuration of the content copy management system 1000 will be described.

FIG. 19 is a configuration diagram showing the configuration of the content copy management system 1000. As shown in the figure, the content copy management system 1000 includes a home server 1100, a playback device 1200, a playback device 1300, a recording medium 1400, a GW (gateway) 1500, a playback device 1600, and a broadcast station 1800.
A portion surrounded by a solid line in the drawing indicates that the device is located in a home. The home server 1100, the playback device 1200, the playback device 1300, and the gateway 1500 are interconnected via Ethernet (registered trademark). The recording medium 1400 is a portable recording medium that is used by being mounted on the reproducing apparatus 1300. Here, a network inside the gateway 1500 (ie, at home) is referred to as a home network. The home network is connected via a gateway 1500 and the Internet 1700 to a playback device 1600 existing outside the home.

 In this system, the home server 1100, the playback device 1200, the playback device 1300, and the recording medium 1400 are groups formed by the AD server 100, and share common secret information unique to the groups. Hereinafter, the home server 1100, the playback device 1200, the playback device 1300, and the recording medium 1400 may be referred to as “in-group terminals”, and the playback device 1600 may be referred to as “out-of-group terminals”.

1. Home server 1100
FIG. 20 is a block diagram showing the configuration of the home server 1100. As shown in the figure, the home server 1100 includes a data receiving unit 1101, a signal processing unit 1102, an operation input unit 1103, a control unit 1104, a reproduction control unit 1105, a recording control unit 1106, an input / output unit 1107, a storage unit 1108, It comprises a communication unit 1109 and a display unit 1110.

The home server 1100 is, specifically, a computer system including a CPU, a ROM, a RAM, a HDD, a network interface, and the like, and achieves various functions by the CPU executing a computer program.
Here, a DVD recorder is assumed as home server 1100, and has a configuration of receiving content via broadcasting. However, home server 1100 in the present invention is not limited to a DVD recorder, and may be a personal computer or the like. It may be. Home server 1100 may be configured to receive content via Internet 1700.

(1) Data receiving unit 1101
Data receiving section 1101 receives a broadcast wave broadcast from broadcast station 1800 via an antenna.
(2) Signal processing unit 1102
The signal processing unit 1102 generates the content information 1121 from the broadcast wave received by the data receiving unit 1101, and outputs the generated content information 1121 to the control unit 1104. Specifically, the signal processing unit 1102 extracts a transport stream from a broadcast wave, accumulates the extracted transport stream, and generates content information 1121.

FIG. 21 is a diagram showing the data structure of the content information 1121. As shown in the drawing, the content information 1121 includes a content 1122 and copy restriction information 1123.
The content 1122 is, for example, digital data of a movie, and the copy restriction information 1123 is metadata relating to the copy of the content 1122. The copy restriction information 1123 includes a content identifier, a permitted number of copies, and a flag indicating whether or not copying to a terminal outside the group is permitted.

The content identifier is a symbol for uniquely identifying the content. The content identifier of the content 1122 is “A-0001” as shown in FIG.
The number of possible copies is the number of possible copies when the content is copied to another device. Note that the number of possible copies includes the number of possible copies to the first type terminal and the number of possible copies to the second type terminal. Here, the first type terminal is a terminal that copies content to a non-portable recording medium, and the second type terminal is a terminal that copies content to a portable recording medium. The number of times that the content information 1121 can be copied is “10 (first type 5, second type 5)” as shown in FIG. 5, so that the number of times is five for the first type terminal and five for the second type terminal. , The content can be copied.

The flag indicating whether copying to a terminal outside the group is permitted is set to either "OK" or "NG". "OK" indicates that copying of the content to the terminal outside the group is permitted. "NG" indicates that copying of content to a terminal outside the group is prohibited. As shown in the figure, since the flag of the content information 1121 is “NG”, in the present embodiment, copying the content 1122 to a terminal outside the group is prohibited.

(3) Operation input unit 1103
The operation input unit 1103 includes a remote control and an infrared signal light receiving unit, and when a user presses a button on the remote control, generates an input signal corresponding to the pressed button. The operation input unit 1103 outputs the generated input signal to the control unit 1104.
In particular, the input signal relating to the copy of the content includes the content identifier of the content requested to be copied, the requested number of times of copying, and the like.

(4) Control unit 1104
The control unit 1104 includes a CPU, a ROM, a RAM, and the like, and controls the entire home server 1100 when the CPU executes a computer program. When receiving an input signal from the operation input unit 1103, the control unit 1104 performs various processes such as a recording process, a reproduction process, a duplication request process, and a duplication process according to the received input signal.

In the recording process, the control unit 1104 receives the content from the signal processing unit 1102, and outputs the received content to the recording control unit 1106.
In the reproduction process, when reproducing the content received by the data receiving unit 1101, the control unit 1104 receives the content from the signal processing unit 1102 and outputs the received content to the reproduction control unit 1105. When playing back the content stored in the storage unit 1108 or the content stored in the DVD-RAM mounted on the input / output unit 1107, the control unit 1104 controls the storage unit 1108 or the input / output unit 1107. , And outputs the received content to the reproduction control unit 1105.

In the copy request processing, the control unit 1104 receives from the operation input unit 1103 the content identifier, the device identifier of the request destination terminal, and the requested copy count.
Note that the device identifier includes information indicating whether the terminal identified by the device identifier is a first type terminal or a second type terminal.
The control unit 1104 converts the received request copy count and the copy request including the content identifier, the device identifier of the request destination terminal, the common secret information 1133 stored therein, and the device identifier 1134 stored therein, The request is transmitted to the request destination terminal via the communication unit 1109.

Next, the copying process will be described. As shown in FIG. 22, the control unit 1104 includes an authentication unit 1131 and a copy restriction information updating unit 1132. As shown in the figure, the authentication unit 1131 stores therein common secret information 1133, a device identifier 1134, and a table 1135, and the copy restriction information updating unit 1132 stores therein tables 1136 and 1137. ing.

The common secret information 1133 is information that the in-group terminals (home server 1100, playback device 1200, playback device 1300, and recording medium 1400) hold in advance, and are used for mutual authentication of the in-group terminals.
The device identifier 1134 is a symbol for uniquely identifying the home server 1100. As shown, the device identifier 1134 of the home server 1100 is “IDA”.

The table 1135 is a table in which a device identifier is associated with a subgroup identifier for identifying a subgroup to which the terminal identified by the device identifier belongs. As shown in the figure, the terminal identified by the device identifier “IDA” (that is, the home server 1100) belongs to “subgroup A”. The terminal identified by the device identifier “IDB” belongs to “subgroup B”. The terminal identified by the device identifier “IDC” belongs to “subgroup C”. The terminal identified by the device identifier “IDM” belongs to “subgroup D”.

The table 1136 is a table indicating whether content duplication between subgroups is possible. “A → B” written in the “OK” column on the left side of the table 1136 indicates that copying of content from a terminal belonging to the subgroup A to a terminal belonging to the subgroup B is permitted. Similarly, “A ← B” indicates that copying of content from a terminal belonging to subgroup B to a terminal belonging to subgroup A is permitted. On the other hand, “B → C” written in the “NG” column on the right side of the table 1136 indicates that copying of content from a terminal belonging to group B to a terminal belonging to subgroup C is prohibited. Similarly, “D → C” indicates that copying of content from a terminal belonging to subgroup D to a terminal belonging to subgroup C is prohibited.

The table 1137 is a table in which the upper limit of the number of possible copies that can be held for each subgroup is defined. As shown in the figure, the number of times that a terminal belonging to the subgroup A can hold the number of possible copies is “first type 5 and second type 5”. The upper limit of the number of copies that can be held by the terminal belonging to the subgroup B is “first type 3 and second type 2”. Similarly, the upper limit of the number of copies that can be held by the terminal belonging to the subgroup C is “first type 1 and second type 1”. Similarly, the upper limit of the number of copies that can be held by a terminal belonging to subgroup D is “first type 2 and second type 2”.

Note that the table 1135, the table 1136, and the table 1137 are shared by the home server 1100, the playback device 1200, and the playback device 1300 in advance.
The authentication unit 1131 receives, via the communication unit 1109, a copy request including the content identifier, the device identifier of the requesting terminal, the common secret information, and the requested copy count from the requesting terminal.
The authentication unit 1131 performs authentication using the received common secret information. The authentication method used here is, for example, a challenge-response type handshake using zero knowledge proof. The home server 1100 and the requesting terminal generate and share a secret key by a secret key sharing method, and perform the above-described authentication using the shared secret key.

As a result of the authentication, when it is determined that the request source terminal is an out-of-group terminal, the authentication unit 1131 transmits an error message to the request source terminal via the communication unit 1109 to the effect that the duplication of the content is rejected.
As a result of the authentication, when it is determined that the request source terminal is a terminal in the group, the copy restriction information is updated as described below.

As a first specific example, the authentication unit 1131 includes, from the request source terminal, the content identifier “A-0001”, the device identifier “IDB”, and the number of requested copies “3 (first type 2, second type 1)”. A case where a copy request is received will be described.
The authentication unit 1131 determines from the device identifier “IDB” of the request source terminal that the request source terminal is a “first type terminal”.

The authentication unit 1131 refers to the internal table 1135 to determine the subgroup to which the own apparatus belongs and the subgroup to which the requesting terminal belongs. Here, since the device identifier of the own device is “IDA”, the own device belongs to “subgroup A”, and the device identifier of the request source terminal is “IDB”. Is determined to belong to The authentication unit 1131 restricts the copy of the request destination subgroup identifier “subgroup A”, the request source subgroup identifier “subgroup B”, and the requested copy count “3 (first type 2, second type 1)”. The information is passed to the information updating unit 1132.

The copy restriction information updating unit 1132 sends the request destination subgroup identifier “subgroup A”, the request source subgroup identifier “subgroup B”, and the requested copy count “3 (first type 2, second type) from the authentication unit 1131. 1) ”, it is determined by referring to the table 1136 whether or not copying of content from“ subgroup A ”to“ subgroup B ”is permitted. According to the table 1136, since “A → B: OK”, it is determined that copying of the content is permitted.

The copy restriction information updating unit 1132 refers to the table 1137 to determine whether the requested number of times of replication “3 (first type 2, second type 1)” is within the number of times permitted for the requesting terminal. Judge. According to the table 1137, since the number of times of copying permitted for the subgroup B is “first type 3, second type 2,” it is determined that the requested number of times of copying is within the permitted number of times of copying.

The copy restriction information updating unit 1132 specifies the content including the content identifier “A-0001” from the storage unit 1108 via the recording control unit 1106, and reads the copy restriction information 1123 included in the specified content information 1121. .
The copy restriction information updating unit 1132 compares the allowable number of copies and the requested number of copies included in the copy restriction information 1123 with each other. Since the permitted number of copies included in the copy restriction information 1123 is “10 (first type 5, second type 5)”, the required number of copies “first type 2, second type 1” is less than the permitted number of copies. It is determined that there is.

If it is determined that the requested number of copies is equal to or less than the permitted number of copies, the copy restriction information updating unit 1132 generates copy restriction information 1124 to be added to the content 1122 to be transmitted to the requesting terminal. As shown in FIG. 23A, the copy restriction information 1124 includes a content identifier “A-0001”, a permitted number of copies “3 (first type 2, second type 1)”, and whether or not copying to a terminal outside the group is possible. The flag "NG" is displayed.

The copy restriction information updating unit 1132 transmits the generated content information 1125 including the generated copy restriction information 1124 and the content 1122 to the request source terminal via the communication unit 1109.
When receiving the information indicating that the reception of the content information 1125 is completed from the request source terminal via the communication unit 1109, the copy restriction information updating unit 1132 stores the copy restriction information 1123 in FIG. 21 in FIG. It is updated to the indicated copy restriction information 1126.

Specifically, from the number of permitted copies “10 (first type 5, second type 5)” included in the copy restriction information 1123, the number of permitted copies “3 ( The first type 2 and the second type 1) are subtracted to generate the copy restriction information 1126 including the number of possible copies “7 (first type 3 and second type 4)”.
The copy restriction information updating unit 1132 adds the generated copy restriction information 1126 to the content 1122 via the recording control unit 1106 instead of the copy restriction information 1123.

Hereinafter, the description will be continued assuming that the home server 1100 stores the content information 1127 including the copy restriction information 1126 and the content 1122 shown in FIG.
As a second specific example, the authentication unit 1131 includes, from the request source terminal, the content identifier “A-0001”, the device identifier “IDC”, and the number of required copies “2 (first type 1, second type 1)”. A case where a copy request is received will be described.

The authentication unit 1131 determines from the device identifier “IDC” of the request source terminal that the request source terminal is a “first type terminal”.
The authentication unit 1131 refers to the internal table 1135 and determines that the own device belongs to “subgroup A” and the request source terminal belongs to “subgroup C”. The authentication unit 1131 restricts the copy of the request destination subgroup identifier “subgroup A”, the request source subgroup identifier “subgroup C”, and the request copy count “2 (first type 1, second type 1)”. The information is passed to the information updating unit 1132.

The copy restriction information updating unit 1132 sends the request destination subgroup identifier “subgroup A”, the request source subgroup identifier “subgroup C”, and the requested copy count “2 (first type 1, second type) from the authentication unit 1131. 1) ”, it is determined with reference to the table 1136 that copying of the content from“ subgroup A ”to“ subgroup C ”is permitted.

The copy restriction information updating unit 1132 refers to the table 1137 and determines that the requested copy count “2 (first type 1, second type 1)” is within the copy count permitted for “subgroup C”. to decide.
The copy restriction information updating unit 1132 specifies the content information including the content identifier “A-0001” from the storage unit 1108 via the recording control unit 1106, and copies the copy restriction information 1123 included in the specified content information 1121. read out.

The copy restriction information updating unit 1132 compares the permitted number of copies included in the copy restriction information 1123 with the requested number of copies, and the requested number of copies “first type 1 and second type 1” indicates the permitted number of copies. Judge that: The copy restriction information updating unit 1132 generates copy restriction information 1151 to be added to the content 1122 to be transmitted to the request source terminal. As shown in FIG. 24A, the copy restriction information 1151 includes a content identifier “A-0001”, a permitted number of copies “2 (first type 1, second type 1)”, and availability of copying to a terminal outside the group. The flag "NG" is displayed.

The copy restriction information updating unit 1132 transmits the generated content information 1150 including the copy restriction information 1151 and the content 1122 to the request source terminal via the communication unit 1109.
When the copy restriction information updating unit 1132 receives, from the request source terminal, information indicating that the reception of the content information 1150 is completed via the communication unit 1109, the copy restriction information updating unit 1132 converts the copy restriction information 1126 in FIG. The copy restriction information 1152 shown in b) is updated. Specifically, from the number of possible copies “7 (first type 3, second type 4)” included in the copy restriction information 1126, the number of possible copies “2 ( The first type 1 and the second type 1) are subtracted from each other to generate copy restriction information 1152 including the number of possible copies “5 (first type 2 and second type 3)”.

The copy restriction information updating unit 1132 adds the generated copy restriction information 1152 to the content 1122 via the recording control unit 1106 instead of the copy restriction information 1126.

(5) Playback control unit 1105
The reproduction control unit 1105 receives the content generated by the signal processing unit 1102 from the control unit 1104, and outputs the received content to the display unit 1110. Further, the reproduction control unit 1105 reads the content stored in the storage unit 1108, decodes the read content, and outputs the decoded content to the display unit 1110. Further, the reproduction control unit 1105 reads the content stored in the DVD-RAM mounted on the input / output unit 1107 via the input / output unit 1107, decodes the read content, and outputs the decoded content to the display unit 1110.

(6) Recording control unit 1106
The recording control unit 1106 receives information from the control unit 1104, reads information from the storage unit 1108, or writes information to the storage unit 1108. Specifically, the recording control unit 1106 reads the copy restriction information included in the content stored in the storage unit 1108 in response to the instruction from the copy restriction information update unit 1132 of the control unit 1104, and reads the read copy restriction information. Is output to the copy restriction information updating unit 1132. Further, the recording control unit 1106 receives the copy restriction information from the copy restriction information update unit 1132, and adds the received copy restriction information to the corresponding content information stored in the storage unit 1108.

Further, the recording control unit 1106 receives information from the control unit 1104, reads information from the DVD-RAM via the input / output unit 1107, or writes information to the DVD-RAM.
(7) Input / output unit 1107
The input / output unit 1107 is specifically a DVD-RAM drive unit, and writes information received from the control unit 1104 via the recording control unit 1106 to the DVD-RAM with the DVD-RAM mounted. Also, the input / output unit 1107 reads information from the mounted DVD-RAM, and outputs the read information to the reproduction control unit 1105 or the recording control unit 1106.

(8) Storage unit 1108
The storage unit 1108 is specifically a hard disk drive unit, and stores content broadcast from a broadcasting station, and stores content transmitted from another terminal via the communication unit 1109.
(9) Communication unit 1109
The communication unit 1109 is connected to a terminal in the group via Ethernet (registered trademark), and is between the control unit 1104 and the terminal in the group. The transmission / reception of a copy request and the transmission / reception of content according to the copy request are performed.

When transmitting the content, the communication unit 1109 encrypts the content using the secret key generated at the time of authentication, and transmits the encrypted content to the terminals in the group. Similarly, at the time of content reception, the encrypted content encrypted by the terminal in the group is received using the secret key generated at the time of authentication, and the received encrypted content is decrypted with the secret key. Output to

(10) Display unit 1110
The display unit 1110 is specifically a display unit, and displays the content output from the reproduction control unit 1105.
2. Playback device 1200
FIG. 25 is a block diagram showing a configuration of the playback device 1200. As shown in the figure, the playback device 1200 includes an operation input unit 1201, a control unit 1202, a playback control unit 1203, a recording control unit 1204, a communication unit 1205, a display unit 1206, and a storage unit 1207.

The playback device 1200 is, specifically, a computer system including a CPU, a ROM, a RAM, a hard disk unit, a network interface, and the like, and achieves various functions by the CPU executing a computer program. Here, a hard disk recorder is assumed as the playback device 1200, but the playback device 1200 in the present invention is not limited to a hard disk recorder, and may be a DVD recorder or a personal computer.

(1) Operation input unit 1201
The operation input unit 1201 includes a remote controller and an infrared signal receiving unit, and when a user presses a button on the remote controller, generates an input signal corresponding to the pressed button and outputs the generated input signal to the control unit 1202. I do.
(2) Control unit 1202
The control unit 1202 includes a CPU, a ROM, a RAM, and the like, and controls the entire reproduction apparatus 1200 by executing a computer program by the CPU. The control unit 1202 receives an input signal from the operation input unit 1201 and performs various processes such as a recording process, a reproduction process, a duplication request process, and a duplication process according to the received input signal.

The control unit 1202 includes an authentication unit 1211 and a copy restriction information update unit 1212 as shown in FIG. The authentication unit 1211 stores therein common secret information 1213, a device identifier 1214, and a table 1135, and the copy restriction information updating unit 1212 stores therein tables 1136 and 1137.
The common secret information 1213 is information held in advance by terminals in the group, and is used for mutual authentication of terminals in the group.

The device identifier 1214 is a symbol for uniquely identifying the playback device 1200. As illustrated, the device identifier 1214 of the playback device 1200 is “IDB”.
The tables 1135, 1136, and 1137 are the same as the tables stored in the control unit 1104 of the home server 1100, and therefore, are denoted by the same reference numerals and description thereof is omitted.

In the recording process, the control unit 1202 receives the content from the communication unit 1205, and outputs the received content to the recording control unit 1204.
In the reproduction processing, the control unit 1202 reads the content from the storage unit 1207 and outputs an instruction to decode the read content to the reproduction control unit 1203.
In the copy request process, the control unit 1202 receives, from the operation input unit 1201, the content identifier, the device identifier of the request destination terminal, and the requested number of times of copying. The control unit 1202 transmits, via the communication unit 1205, a copy request including the content identifier, the device identifier of the request destination terminal, the number of required copies, the shared secret information 1213 held inside, and the device identifier 1214 held internally. And sends it to the request destination terminal.

In the copying process, the authentication unit 1211 receives, via the communication unit 1205, a copy request including the content identifier, the device identifier, the common secret information, and the requested copy count from the requesting terminal. The authentication unit 1211 performs a challenge-response type handshake using zero knowledge proof using the received common secret information, and determines whether the request source terminal is a terminal in the group.

As a result of the authentication, when it is determined that the request source terminal is an out-of-group terminal, the authentication unit 1211 transmits an error message to the request source terminal via the communication unit 1205 to reject the content copy.
As a result of the authentication, when it is determined that the request source terminal is a terminal in the group, the copy restriction information is updated as described below.

Hereinafter, the description will be continued assuming that the reproduction device 1200 receives the content from the home server 1100 as a result of the duplication request processing, and stores the content information 1125 illustrated in FIG. .
As a first specific example, the authentication unit 1211 includes the content identifier “A-0001”, the device identifier “IDC”, the common secret information 1313, and the required copy count “2 (first type 1, second type 1)”. A case where a copy request is received will be described.

The authentication unit 1211 determines from the device identifier “IDC” of the request source terminal that the request source terminal is a “first type terminal”.
The authentication unit 1211 refers to the table 1135 and determines the subgroup to which the own apparatus belongs and the subgroup to which the requesting terminal belongs. Here, since the device identifier of the own device is “IDB”, the own device belongs to “subgroup B”, and the device identifier of the request source terminal is “IDC”. Is determined to belong to The authentication unit 1211 restricts the copy of the request destination subgroup identifier “subgroup B”, the request source subgroup identifier “subgroup C”, and the request copy count “2 (first type 1, second type 1)”. The information is passed to the information updating unit 1212.

The copy restriction information update unit 1212 sends the request destination subgroup identifier “subgroup B”, the request source subgroup identifier “subgroup C” and the number of copies “2 (first type 1, second type 1) from the authentication unit 1211. Is received, it is determined by referring to the table 1136 whether or not copying of the content from “subgroup B” to “subgroup C” is permitted. According to the table 1136, since “B → C: NG”, it is determined that copying of the content is prohibited. In this case, the copy restriction information updating unit 1212 outputs an error message indicating that the copy request is rejected to the request source terminal.

As a second specific example, the authentication unit 1211 includes the content identifier “A-0001”, the device identifier “IDM”, the common secret information 1411, and the number of required copies “3 (first type 2, second type 1)”. A case where a copy request is received will be described.
The authentication unit 1211 determines from the device identifier “IDM” of the request source terminal that the request source terminal is a “second type terminal”.

The authentication unit 1211 refers to the table 1135 and determines the subgroup to which the own apparatus belongs and the subgroup to which the requesting terminal belongs. Here, since the device identifier of the own device is “IDB”, the own device belongs to “subgroup B”, and the device identifier of the request source terminal is “IDM”. Is determined to belong to The authentication unit 1211 restricts the copy of the request destination subgroup identifier “subgroup B”, the request source subgroup identifier “subgroup D”, and the number of required copies “3 (first type 2 and second type 1)”. The information is passed to the information updating unit 1212.

The copy restriction information update unit 1212 sends the request destination subgroup identifier “subgroup B”, the request source subgroup identifier “subgroup D”, and the requested copy count “3 (first type 2, second type) from the authentication unit 1211. 1) ”, it is determined by referring to the table 1136 whether or not copying of content from“ subgroup B ”to“ subgroup D ”is permitted. According to the table 1136, since “B → D: OK”, it is determined that copying of the content is permitted.

The copy restriction information updating unit 1212 refers to the table 1137 to determine whether the requested number of times of replication “3 (first type 2, second type 1)” is within the number of times permitted by the requesting terminal. Judge. According to the table 1137, since the number of times of copying permitted for the subgroup B is “first type 3, second type 2,” it is determined that the requested number of times of copying is within the permitted number of times of copying.

The copy restriction information updating unit 1212 specifies the content including the content identifier “A-0001” from the storage unit 1207 via the recording control unit 1204, and reads the copy restriction information 1124 included in the specified content information 1125. .
The copy restriction information updating unit 1212 compares the allowable number of copies and the required number of copies included in the copy restriction information 1124 with each other. Since the number of possible copies is “3 (first type 2, second type 1)”, it is determined that the requested number of times of replication “first type 2, second type 1” is equal to or less than the number of possible copies.

If it is determined that the requested number of times of copying is equal to or less than the allowable number of times of copying, the copy restriction information updating unit 1212 generates copy restriction information 1161 to be added to the content 1122 to be transmitted to the request source terminal. As shown in FIG. 27, the copy restriction information 1161 includes a content identifier “A-0001”, a permitted number of copies “3 (first type 2, second type 1)”, and a flag indicating whether or not copying to a terminal outside the group is possible. It consists of "NG".

The copy restriction information updating unit 1212 transmits the content information 1162 including the generated copy restriction information 1161 and the content 1122 to the request source terminal via the communication unit 1205.
When receiving from the requesting terminal via the communication unit 1205 the information indicating that the reception of the content information 1162 has been completed, the copy restriction information updating unit 1212 calculates the copy restriction information 1161 based on the number of times the copy restriction information 1124 can be copied. The number of possible copies “3 (first type 2, second type 1)” is subtracted. As a result of the subtraction, the copy count of the copy restriction information 1124 is “0 (first type 0, second type 0)”. In this case, the copy restriction information updating unit 1212 deletes the content information 1125 stored in the storage unit 1207 via the recording control unit 1204.

(3) Reproduction control unit 1203
Upon receiving an instruction from the control unit 1202, the reproduction control unit 1203 reads the content stored in the storage unit 1207, decodes the read content, and outputs the decoded content to the display unit 1206.
(4) Recording control unit 1204
The recording control unit 1204 reads information from the storage unit 1207 or writes information to the storage unit 1207 in response to an instruction from the control unit 1202.

Specifically, the recording control unit 1204 reads the copy restriction information included in the content stored in the storage unit 1207 in response to an instruction from the copy restriction information update unit 1212 of the control unit 1202, and reads the read copy restriction information. Is output to the copy restriction information updating unit 1212. Further, the recording control unit 1204 receives the copy restriction information from the copy restriction information update unit 1212, and adds the received copy restriction information to the corresponding content information stored in the storage unit 1207.

(5) Communication unit 1205
The communication unit 1205 is connected to a terminal in the group via the Ethernet (registered trademark), and performs transmission and reception of a copy request and transmission and reception of a content corresponding to the copy request between the control unit 1202 and the terminal in the group.
When transmitting the content, the communication unit 1205 encrypts the content using the secret key generated at the time of authentication, and transmits the encrypted content to the terminals in the group. Similarly, at the time of receiving the content, the encrypted content is received by the terminal in the group using the secret key generated at the time of authentication, and the received encrypted content is decrypted with the secret key. Output to

(6) Display unit 1206
The display unit 1206 is specifically a display unit, and displays the content output from the reproduction control unit 1203.
(7) Storage unit 1207
The storage unit 1207 is a hard disk drive unit, and stores contents written by the recording control unit 1204.

3. Playback device 1300
FIG. 28 is a block diagram showing a configuration of the playback device 1300. As shown in the figure, the playback device 1300 includes an operation input unit 1301, a control unit 1302, a playback control unit 1303, a recording control unit 1304, a communication unit 1305, a display unit 1306, an input / output unit 1307, and a storage unit 1308. You.

The playback device 1300 is, specifically, a computer system including a CPU, a ROM, a RAM, a hard disk unit, a network interface, a memory card slot, and the like. The CPU achieves various functions by executing a computer program.
Here, it is assumed that the playback device 1300 is a memory card recorder having a built-in HDD. The playback device 1300 records the content on the hard disk, or plays the content recorded on the hard disk. In addition, the reproducing device 1300 mounts a portable recording medium such as a memory card in a memory card slot, records contents on the portable recording medium, or reproduces contents recorded on the portable recording medium. I do. Therefore, the playback device 1300 operates as a first type terminal when recording contents on a built-in hard disk, and operates as a second type terminal when recording contents on a portable recording medium such as a memory card. I do.

Note that the playback device 1300 according to the present invention is not limited to a memory card recorder having a built-in HDD, but is equipped with a portable recording medium such as a memory card, and inputs and outputs contents to and from the portable recording medium. A terminal that performs the operation may be a DVD recorder, a personal computer, or the like.
(1) Operation input unit 1301
The operation input unit 1301 includes a remote controller and an infrared signal receiving unit, and when a user presses a button on the remote controller, generates an input signal corresponding to the pressed button and outputs the generated input signal to the control unit 1302. I do.

(2) Control unit 1302
The control unit 1302 includes a CPU, a ROM, a RAM, and the like, and controls the entire playback device 1300 by the CPU executing a computer program. The control unit 1302 receives an input signal from the operation input unit 1301 and performs various processes such as a recording process, a reproduction process, a duplication request process, a duplication process, and a duplication process on the recording medium 1400 in accordance with the received input signal. Do.

The control unit 1302 includes an authentication unit 1311 and a copy restriction information update unit 1312 as shown in FIG. The authentication unit 1311 stores therein common secret information 1313, a device identifier 1314, and a table 1135, and the copy restriction information updating unit 1312 stores therein a table 1136 and a table 1137.
The common secret information 1313 is information shared by all the terminals in the group, and is used for mutual authentication of the terminals in the group.

The device identifier 1314 is a symbol for uniquely identifying the playback device 1300, and as shown, the device identifier 1314 of the playback device 1300 is “IDC”.
The tables 1135, 1136, and 1137 are the same as the tables stored in the control unit 1104 of the home server 1100, and therefore, are denoted by the same reference numerals and description thereof is omitted.

In the recording process, the control unit 1302 receives the content from the communication unit 1305, and outputs the received content to the recording control unit 1204. Further, control unit 1302 receives the content from communication unit 1305 and outputs the received content to input / output unit 1307.
In the reproduction process, the control unit 1302 reads the content from the storage unit 1308 and outputs an instruction to decode the read content to the reproduction control unit 1303. Further, the control unit 1302 reads the content from the recording medium 1400 via the input / output unit 1307 and outputs an instruction to decode the read content to the reproduction control unit 1303.

In the copy request process, the control unit 1302 transmits a copy request including the common secret information 1313 and the device identifier 1314 stored therein, the content identifier received from the operation input unit 1301, the device identifier of the request destination terminal, and the requested number of times of copying. , To the request destination terminal via the communication unit 1305.
As a result of the copy request processing, the control unit 1302 receives, for example, the content information 1150 shown in FIG. 24A from the home server 1100 via the communication unit 1305. The content information 1150 is composed of copy restriction information 1151 and content 1122. The copy restriction information 1151 includes a content identifier “A-0001”, a permitted number of copies “2 (first type 1, second type 1)”, and a flag “NG” indicating whether or not copying to a terminal outside the group is possible.

In the copy process, the authentication unit 1311 receives a content copy request including the content identifier, the device identifier, the common secret information, and the number of times of copying from the requesting terminal via the communication unit 1305. The authentication unit 1311 performs a challenge-response type handshake using zero knowledge proof using the received common secret information, and determines whether the request source terminal is a device in the home network.

As a result of the authentication, when it is determined that the request source terminal is an out-of-group terminal, the authentication unit 1311 transmits an error message to the request source terminal via the communication unit 1305 to the effect that the duplication of the content is refused.
As a result of the authentication, when it is determined that the request source terminal is a terminal in the group, the authentication unit 1311 and the copy restriction information updating unit 1312 transmit the table 1135, the table 1136, and the table 1137 similarly to the home server 1100 and the playback device 1200. , Generating copy restriction information, and transmitting the content information including the generated copy restriction information and the content to the request source terminal via the communication unit 1305.

The copy restriction information updating unit 1312 updates the copy restriction information of the content stored in the storage unit 1308. When the permitted number of copies included in the updated copy restriction information is “0”, the copy restriction information updating unit 1312 deletes the content.
Next, a process performed by the control unit 1302 when the recording medium 1400 is mounted on the input / output unit 1307 will be described.

(Replication request processing)
In the copy request process, upon receiving a command from the operation input unit 1301 indicating that content is copied to the recording medium 1400, the control unit 1302 via the input / output unit 1307 controls the shared secret held by the recording medium 1400. Reads the information 1411 and the device identifier 1412, and sets the copy request communication unit 1305 including the read common secret information 1411 and the device identifier 1412, the content identifier received from the operation input unit 1301, the device identifier of the request destination terminal, and the requested number of times of duplication. To the request destination terminal via the Internet.

As a result of the copy request processing, for example, the control unit 1302 receives the content information 1162 shown in FIG. 27 from the playback device 1200 via the communication unit 1305, and transmits the received content information 1162 via the input / output unit 1307. Output to the recording medium 1400.
(Replication processing)
A case where a request to copy the content stored in the recording medium 1400 is received from the request source terminal will be described.

Here, as a specific example, the authentication unit 1311 includes the content identifier “A-0001”, the device identifier “IDA”, the common secret information 1133, and the required copy count “2 (first type 1, second type 1)”. A case where a copy request is received will be described.
The copy request received here is such that the request source terminal (home server 1100) already stores therein the content information identified by the content identifier “A-0001”, and the number of times the content information can be copied is “ 5 (first type 2, second type 3) ".

The authentication unit 1311 outputs the received common secret information 1133 to the recording medium 1400 via the input / output unit 1307.
When the authentication unit 1311 receives, from the input / output unit 1307, information indicating that the authentication of the requesting terminal has failed and the requesting terminal is an out-of-group terminal, an error indicating that the duplication request is rejected to the requesting terminal. The message is transmitted to the request source terminal via the communication unit 1305. The authentication unit 1311 receives, from the input / output unit 1307, information indicating that the authentication of the requesting terminal has succeeded and the requesting terminal is an in-group terminal, and refers to the table 1135 to refer to the table 1135 to which the recording medium 1400 belongs. The group and the subgroup to which the requesting terminal belongs are determined. Here, since the device identifier of the recording medium 1400 is “IDM”, the recording medium 1400 belongs to “subgroup D”, and the device identifier of the requesting terminal is “IDA”. A ".

The authentication unit 1311 is configured to receive the device identifier “IDM” from the recording medium 1400 when the recording medium 1400 is mounted on the input / output unit 1307.
The authentication unit 1311 restricts the copy of the request destination subgroup identifier “subgroup D”, the request source subgroup identifier “subgroup A”, and the request copy count “2 (first type 1, second type 1)”. The information is passed to the information updating unit 1312.

The copy restriction information update unit 1312 sends the request destination subgroup identifier “subgroup D”, the request source subgroup identifier “subgroup A”, and the requested copy count “2 (first type 1, second type) from the authentication unit 1311. 1) ”, it is determined by referring to the table 1136 whether or not copying of content from“ subgroup D ”to“ subgroup A ”is permitted. According to the table 1136, since “D → A: OK”, it is determined that copying of the content is permitted.

The copy restriction information updating unit 1312 refers to the table 1137, and obtains the total of the requested copy count “2 (first type 1, second type 1)” and the copy count already held by the home server 1100. Is determined to be within the number of copies permitted by the requesting terminal. According to the table 1137, since the number of times of copying permitted for the subgroup A is “first type 5, second type 5,” the sum of the requested number of times of copying and the number of times of duplication already held is permitted. It is determined that the number is within the number of times of copying.

The copy restriction information update unit 1312 specifies the content information including the content identifier “A-0001” from the recording medium 1400 via the input / output unit 1307, and copies the content information included in the specified content information 1162 (FIG. 27). The restriction information 1161 is read.
The copy restriction information updating unit 1312 compares the allowable number of copies and the required number of copies included in the copy restriction information 1161 with each other. Since the number of possible copies is “3 (first type 2, second type 1)”, it is determined that the requested number of copies “2 (first type 1, second type 1)” is equal to or less than the number of possible copies. Is done.

If it is determined that the requested number of times of copying is equal to or less than the allowable number of times of copying, the copy restriction information updating unit 1312 transmits the number of allowable times of copying the content information with the content identifier “A-0001” to the home server 1100 via the communication unit 1305. And outputs an instruction to add “first type 1 and second type 1”.
The home server 1100 adds “the first type 1 and the second type 1” to the number of permitted copies of the stored content information 1153 (FIG. 24B), and shows the copy restriction information 1152 in FIG. The copy restriction information 1171 is updated.

Next, upon receiving information indicating that the update of the copy restriction information has been completed from the home server 1100 via the communication unit 1305, the copy restriction information update unit 1312 reads the recording medium 1400 via the input / output unit 1307. The stored copy restriction information 1161 included in the content information 1162 is subtracted by the “first type 1 and second type 1” from the permitted copy count, and updated to the copy restriction information 1181 shown in FIG. .

If the number of possible copies is reduced to “0” as a result of subtracting the number of possible copies after the copy processing, the copy restriction information updating unit 1312 deletes the content information stored in the recording medium 1400.
(3) Reproduction control unit 1303
Upon receiving an instruction from the control unit 1302, the reproduction control unit 1303 reads the content stored in the storage unit 1308, decodes the read content, and outputs the decoded content to the display unit 1306.

(4) Recording control unit 1304
The recording control unit 1304 receives information from the control unit 1302, reads information from the storage unit 1308, or writes information to the storage unit 1308. The recording control unit 1304 receives information from the control unit 1302, reads information from the recording medium 1400 via the input / output unit 1307, or writes information to the recording medium 1400.

Specifically, the recording control unit 1304 receives the instruction from the copy restriction information updating unit 1312 of the control unit 1302, reads the copy restriction information included in the content stored in the storage unit 1308, and reads the read copy restriction information. The information is output to the copy restriction information update unit 1312. Further, the recording control unit 1304 receives the copy restriction information from the copy restriction information update unit 1312, and adds the received copy restriction information to the corresponding content information stored in the storage unit 1308.

(5) Communication unit 1305
The communication unit 1305 is connected to a terminal in the group via the Ethernet (registered trademark), and performs transmission and reception of a copy request and transmission and reception of a content according to the copy request between the control unit 1302 and the terminal in the group.
When transmitting the content, the communication unit 1305 encrypts the content using the secret key generated at the time of authentication, and transmits the encrypted content to the terminals in the group. Similarly, at the time of receiving the content, the control unit 1302 receives the encrypted content encrypted by the terminal in the group using the secret key generated at the time of authentication, and decrypts the received encrypted content with the secret key. Output to

(6) Display unit 1306
The display unit 1306 is specifically a display unit, and displays the content output from the reproduction control unit 1303.
(7) Input / output unit 1307
The input / output unit 1307 is, for example, a memory card slot, and stores information received from the control unit 1302 via the recording control unit 1304 in the recording medium 1400 in a state where a portable recording medium 1400 such as a memory card is mounted. The information written or read in the recording medium 1400 is read, and the read information is output to the control unit 1302, the reproduction control unit 1303, or the recording control unit 1304.

(8) Storage unit 1308
The storage unit 1308 is a hard disk drive unit, and stores contents written by the recording control unit 1304.
4. Recording medium 1400
As shown in FIG. 31, the recording medium 1400 includes an input / output unit 1401, a control unit 1402, and a storage unit 1403.

The recording medium 1400 is a portable recording medium that includes an IC chip and has an authentication function. As an example, a memory card is assumed here.
The recording medium 1400 receives the content stored in the storage unit 1308 of the playback device 1300 by being attached to the input / output unit 1307 of the playback device 1300, and stores the received content in the storage unit 1403. The storage medium 1400 is connected to the home network by being attached to the input / output unit 1307 of the playback device 1300, receives contents from terminals in the group connected to the home network, and stores the received contents in the storage unit 1403. To be stored. The content stored in the storage unit 1403 is transmitted to a terminal in a group on the home network.

(1) Input / output unit 1401
The input / output unit 1401 performs input / output of information between the control unit 1402 and the control unit 1302 of the playback device 1300 when the recording medium 1400 is mounted on the input / output unit 1307 of the playback device 1300.
(2) Control unit 1402
The control unit 1402 stores the common secret information 1411 and the device identifier 1412 as shown in FIG. The common secret information 1411 is information shared by the terminals in the group in advance, and is used for mutual authentication of the terminals in the group. The device identifier 1412 “IDM” is a symbol that uniquely identifies the recording medium 1400. When the recording medium 1400 is mounted on the playback device 1300, the control unit 1402 outputs a device identifier “IDM” to the control unit 1302.

The control unit 1402 receives, via the playback device 1300, the common secret information included in the copy request received by the playback device 1300 from the request source terminal. The control unit 1402 performs a challenge-response type handshake using the received common secret information, and determines whether the request source terminal is a terminal in the group.
The control unit 1402 outputs the result of the determination to the control unit 1302 via the input / output unit 1401 and the input / output unit 1307.

The control unit 1402 writes the content information received from the playback device 1300 via the input / output unit 1401 to the storage unit 1403. As an example, control unit 1402 receives content information 1162 shown in FIG. 27 from playback device 1200 via playback device 1300, and writes received content information 1162 to storage unit 1403.
In addition, the control unit 1402 reads the content information from the storage unit 1403 in response to a copy request received from the playback device 1300 via the input / output unit 1401, and stores the read content information in the playback device 1300 via the input / output unit 1401. Output to

(3) Storage unit 1403
The storage unit 1403 is a storage area having tamper resistance, and stores content information written from the control unit 1403.
6. Playback device 1600
Since the playback device 1600 has the same configuration as the playback device 1200 or the playback device 1300, the configuration of the playback device 1600 is not illustrated.

The playback device 1600 is connected to a home network via the Internet 1700. Since the playback device 1600 is an out-of-group terminal and does not have common secret information, it cannot receive a copy of content from an in-group terminal.
<Operation>
Here, the operation of the content copy processing in the content copy management system 1000 will be described using the flowcharts shown in FIGS.

Here, description will be made based on transmission and reception of information between a request source terminal that transmits a content copy request and a request destination terminal that receives a copy request. All the terminals in the group that constitute the system can be request destination terminals. Also, all in-group terminals and all out-of-group terminals that constitute the system can be requesting terminals.
The request source terminal accepts the input of the content identifier, the device identifier of the request destination terminal, and the required number of times of copying by the user's operation (step S1000).

Next, the request source terminal transmits a copy request including the content identifier, the device identifier of the request destination terminal, the required number of times of copying, the common secret information, and the device identifier of the request source terminal to the request destination terminal via the network, The request destination terminal receives the copy request (step S1002).
Upon receiving the copy request, the request destination terminal authenticates the request source terminal based on the common secret information included in the copy request (step S1003). If the authentication fails and the requesting terminal is determined to be a terminal outside the group (NG in step S1004), the request destination terminal transmits an error message indicating that the duplication request is rejected to the requesting terminal (step S1004). S1400). If the authentication is successful and the requesting terminal is determined to be a terminal in the group (OK in step S1004), the authentication unit of the request destination terminal refers to the table 1135 stored therein, and refers to the request source terminal. Is determined (step S1005).

Next, the copy restriction information updating unit refers to the internally stored table 1136 to determine whether the copy of the content from the subgroup to which the request destination terminal belongs to the subgroup to which the request source terminal belongs is permitted. A determination is made (step S1006). If the result of the determination is that copying of the content is not permitted (NO in step S1007), the copy restriction information updating unit transmits an error message indicating that the copy request is rejected to the requesting terminal (step S1008).

If the request source terminal receives the error message (YES in step S1010), the process ends. When the request source terminal does not receive the error message (NO in step S1010), the process continues.
As a result of the determination in step S1006, if the copy of the content is permitted (YES in step S1007), the copy restriction information updating unit refers to the table 1137 stored therein, and determines that the requested copy count is permitted. It is determined whether the number is within the permitted number of copies (step S1009). If the result of the determination indicates that the requested number of times of replication is equal to or greater than the maximum number of times of replication in the table 1137 (NO in step S1100), the processing is continued using the maximum number of times of replication described in the table 1137 as the required number of times of replication (step S1101).

Next, the copy restriction information updating unit specifies the content requested to be copied via the recording control unit (step S1102). The copy restriction information updating unit reads the permitted number of copies of the copy restriction information included in the specified content (step S1103). If the requested number of times of copying is equal to or greater than the readable number of times of copying (NO in step S1104), the copy restriction information updating unit sets the readable number of times of copying as the number of times of copying (step S1105). If the requested number of times of copying is equal to or less than the readable number of times of copying (YES in step S1104), the requested number of times of copying is set as the number of times of copying. The copy restriction information updating unit generates copy restriction information to be added to the content transmitted to the request source terminal (step S1106).

The request destination terminal reads the content specified in step S1102 from the storage unit, transmits content information obtained by adding the copy restriction information generated in step S1106 to the read content to the request source terminal, and the request source terminal transmits the content information. Receive (Step S1107). When the reception of the content information is completed, the request source terminal transmits a reception completion notification to the request destination terminal, and the request destination terminal receives the reception completion notification (step S1108). The request source terminal stores the received content information (step S1109). Upon receiving the reception completion notification, the request destination terminal updates the copy restriction information of the content information stored in the storage unit (Step S1110).

When the permitted number of copies included in the updated copy restriction information is “0” (YES in step S1200), the request destination terminal deletes the content information stored in the storage unit (step S1200). Step S1201), the process ends.
When the request destination terminal is a recording medium, the recording medium has a control unit for performing authentication, but does not have a copy restriction information updating unit for generating copy restriction information. Is realized by the control unit of the reproducing apparatus on which the recording medium is mounted.

(Modification of Content Copy Management System 1000)
As described above, the present invention has been described by taking the content copy management system 1000 as an example. However, it is needless to say that the present invention is not limited to the above embodiment, and the following cases are also included in the present invention.
(1) In the above embodiment, the table 1135, the table 1136, and the table 1137 are stored in the control unit of each terminal. However, these tables are not stored in each terminal but are stored in the meta-data of the contents. The present invention includes a case where the data is included in the content information as data.

In this case, the home server 1100 may be configured to receive the content information from the broadcast station 1800 and add the tables 1135, 1136, and 1137 to the received content information. Upon receiving the request from the requesting terminal, the home server 1100 transmits the content information including the copy restriction information, the table 1135, the table 1136, the table 1137, and the content to the requesting terminal. The tables 1135, 1136, and 1137 may be stored in the home server in advance, or may be created by the user.

(2) The subgroup in the home may be configured to be set by the user. For example, the user operates the remote controller of the home server 1100 to classify and register the home server 1100 as a “subgroup A”, the playback device 1200 as a “subgroup B”, and the playback device 1300 as a “subgroup C”. May be.
In addition, the home server 1100 may be configured to generate the tables 1135, 1136, and 1137 when receiving the registration of the subgroup by the user's operation, and transmit the generated tables to the terminals in the group. As described above, the content may be transmitted to the request source terminal as metadata of the content.

(3) In the content copy management system 1000 in the above embodiment, the “flag indicating whether or not copying to a terminal outside the group” is set to “NG” in the copy restriction information, and the content to the terminal outside the group is set to “NG”. Although the description has been limited to the case where information is not transmitted, the present invention is not limited to this.
For example, the present invention includes a configuration in which content information is transmitted to an out-of-group terminal while further copying from an out-of-group terminal to another device is restricted.

Here, the operation when the “flag indicating whether or not copying to a terminal outside the group is possible” includes content information in which “OK” is set and the content information in which the flag is set to “NG” is described. This will be described with reference to a flowchart.
If the authentication fails in step S1004 in the flowchart of FIG. 32, that is, if the request source terminal is an out-of-group terminal, the process proceeds to step S1300 in FIG.

(4) The request destination terminal specifies the specified content information (step S1300), and reads the “flag indicating whether or not copying to a terminal outside the group is possible” included in the content information (step S1301). If the flag is “NG” (NG in step S1302), the request destination terminal transmits an error message indicating that the copy request is rejected to the request source terminal that is a terminal outside the group (step S1303).

If the flag is “OK” (OK in step S1302), the request destination terminal generates copy restriction information in which the permitted number of copies is “0 (first type 0, second type 0)” (step S1304) It continues to step S1107 in FIG.
As a result, the out-of-group terminal can reproduce the received content, but cannot copy the received content to another device.

(4) The present invention includes a configuration in which the permitted number of copies included in the copy restriction information is changed at a predetermined time.
Specifically, the copy restriction information updating unit of each terminal includes a clock. The copy restriction information includes a predetermined time, a current number of copies that can be performed, and an updated number of copies. When the time reaches the predetermined time, the copy restriction information updating unit updates the current number of copies that can be performed with the updated number of copies. To update the copy restriction information.

If the permitted number of copies after the update is “0”, the copy restriction information updating unit deletes the content information stored in the storage unit.
Further, it is assumed that the total number of possible copies within a group is constant even when the number of possible copies of a terminal is updated at a predetermined time.
When the terminal is a recording medium, the terminal may not be connected to the reproducing device at a predetermined time. However, when the recording medium is connected to the reproducing device, the reproducing device checks the predetermined time and checks the current time. May be configured to update the current number of possible copies to the updated number of possible copies after the predetermined time has passed.

(5) The present invention includes a configuration in which copying of content to a predetermined terminal at a predetermined time is started.
Specifically, the copy restriction information update unit of each terminal includes a clock. The storage unit of the request destination terminal stores content information including the content and the copy restriction information, and the copy restriction information includes a copy time, a device identifier of the copy destination terminal, and a copy count. When the time reaches the duplication time, the duplication restriction information updating means generates duplication restriction information including the designated number of duplications, and transmits the generated duplication restriction information and the content to the terminal identified by the device identifier. You may comprise.

(6) The present invention includes a case where each in-group terminal has a function of searching for specific content information.
Specifically, a terminal that searches for content information transmits search information that includes a content identifier to all terminals in a group. The copy restriction information updating unit of each terminal that has received the search information is included in the search information based on the content information stored in the storage unit and the content information stored in the storage unit of the connected recording medium. Search for content information having a content identifier. As a result of the search, when the content information to be searched exists, the copy restriction information updating unit may be configured to return a message indicating that the content information to be searched exists to the terminal.

As a result of the search, if there are two or more terminals having the content information to be searched, the requesting terminal may copy from the terminal that originally returned the message. Alternatively, the number of possible copies may be returned together with the message, and the terminal may be copied from the terminal having the largest number of possible copies. Alternatively, copying may be performed from a terminal having a wider communication band, or may be copied from a closer terminal.
If the number of copies requested by the requesting terminal exceeds the permitted number of times that the requesting terminal has, the above search function is used to search for a terminal holding the same content information. Alternatively, by copying from a plurality of terminals to the requesting terminal, the number of copies requested by the requesting terminal may be satisfied.

(7) The present invention includes a case where the content information, the common secret information, and the device identifier are stored in a tamper-resistant storage area.
(8) The present invention includes a case where a part or all of the content information is encrypted.
(9) In the above embodiment, as shown in FIG. 25, FIG. 26, and FIG. 29, the intra-group terminals have a configuration in which the tables 1135, 1136, and 1136 are shared. Is included in the present invention.

(10) In the above embodiment, the copying of the content to the terminal outside the group is “permitted” or “prohibited” by the “flag indicating whether copying to the terminal outside the group is permitted” included in the copy restriction information attached to the content. Is set, but when copying to a terminal outside the group is permitted, the copy restriction information includes the number of times of copying permitted to the terminal outside the group.

In this case, the content can be copied to a terminal outside the group as long as the number of copies is within the permitted number of times included in the copy restriction information.
(11) The present invention also includes a configuration in which, when the content is copied to a terminal outside the group, the number of times of copying to the terminal within the group included in the copy restriction information is updated to “0”.
(12) The present invention may be the method described above. Further, the present invention may be a computer program that realizes these methods by a computer, or may be a digital signal including the computer program.

The present invention also provides a computer-readable recording medium for the computer program or the digital signal, for example, a floppy (registered trademark) disk, a hard disk, a CD-ROM, an MO, a DVD, a DVD-ROM, a DVD-RAM, a BD ( (Blu-ray @ Disc), a semiconductor memory, or the like. Further, the present invention may be the computer program or the digital signal recorded on these recording media.

In the present invention, the computer program or the digital signal may be transmitted via an electric communication line, a wireless or wired communication line, a network represented by the Internet, or the like.
The present invention may be a computer system including a microprocessor and a memory, wherein the memory stores the computer program, and the microprocessor operates according to the computer program.

Further, the program or the digital signal is recorded on the recording medium and transferred, or the program or the digital signal is transferred via the network or the like, so that it is implemented by another independent computer system. It may be.
(13) The present invention includes a configuration in which the above-described embodiment and the above-described modification are combined.

The content copy management system described above can be used as a mechanism for preventing unauthorized use of content when digitalized works such as movies and music are distributed via broadcasts and networks.

FIG. 1 is a block diagram illustrating an overall configuration of a group formation management system 1. FIG. 2 is a block diagram illustrating a configuration of an AD server 100. FIG. 3 is a diagram illustrating a configuration of registration information. FIG. 2 is a block diagram illustrating a configuration of a playback device 200. FIG. 3 is a block diagram showing a configuration of the on-vehicle device 300. FIG. 2 is a block diagram showing a configuration of an IC card 400. It is a flowchart which shows the process of SAC establishment. FIG. 8 is continued. It is a flowchart which shows the process of SAC establishment. The continuation of FIG. 9 is a flowchart showing an operation when the playback device 200 is registered in the AD server 100. 5 is a flowchart showing an operation when registering the in-vehicle device 300. 5 is a flowchart showing an operation when registering the in-vehicle device 300. It is a flowchart which shows the operation | movement at the time of delivering a content. It is a flowchart which shows a part of operation | movement at the time of delivering a content. 5 is a flowchart showing an operation when recording content on a DVD. 6 is a flowchart illustrating an operation when withdrawing from the AD server 100. FIG. 3 is a block diagram illustrating a configuration in a case where a representative device registers a plurality of client devices in an AD server. It is a figure showing the concept in case one group is formed from a plurality of groups. It is a figure showing the concept in case one group is divided and a plurality of groups are formed. 1 is a configuration diagram illustrating a configuration of a content copy management system 1000. FIG. FIG. 2 is a block diagram showing a configuration of a home server 1100. FIG. 3 is a diagram showing a data structure of content information 1121. It is a figure which shows the control part 1104 functionally. (A) is a figure showing the data structure of content information 1125. (B) It is a figure showing the data structure of contents information 1127. (A) is a figure showing the data structure of content information 1150. (B) is a diagram showing a data structure of content information 1153. FIG. 18 is a block diagram illustrating a configuration of a playback device 1200. It is a figure which shows the control part 1202 functionally. It is a figure showing the data structure of contents information 1162. FIG. 21 is a block diagram showing a configuration of a playback device 1300. It is a figure which shows the control part 1302 functionally. (A) is a figure showing the data structure of contents information 1172. (B) It is a figure showing the data structure of contents information 1182. FIG. 3 is a block diagram illustrating a configuration of a recording medium 1400. 32 is a flowchart showing the operation of the content copy management system 1000, and continues to FIGS. 30 and 32. 32 is a flowchart showing the operation of the content copy management system 1000, continuing from FIG. 29 and continuing to FIG. 31 is a flowchart showing the operation of the content copy management system 1000, and continues from FIG. 30 is a flowchart showing the operation of the content copy management system 1000, and continues from FIG.

Explanation of reference numerals

1 Group formation management system 100 AD server 200 Playback device 300 In-vehicle device 400 IC card 500 DVD
600 AD server 601 Client device 602, 603, 604 In-vehicle device 1000 Content duplication management system 1101 Data receiving unit 1102 Signal processing unit 1103 Operation input unit 1104 Control unit 1105 Playback control unit 1106 Recording control unit 1107 Input / output unit 1108 Storage unit 1109 Communication unit 1110 Display unit 1131 Authentication unit 1132 Copy restriction information update unit 1200 Playback device 1201 Operation input unit 1202 Control unit 1203 Playback control unit 1204 Recording control unit 1205 Communication unit 1206 Display unit 1207 Storage unit 1300 Playback device 1301 Operation input unit 1302 Control Unit 1303 playback control unit 1304 recording control unit 1305 communication unit 1306 display unit 1307 input / output unit 1308 storage unit 1311 authentication unit 1312 Copy restriction information update unit 1400 Recording medium 1401 Input / output unit 1402 Control unit 1403 Storage unit 1500 Gateway 1600 Playback device 1700 Internet 1800 Broadcasting station

Claims (20)

A network device that is connected to one or more in-group terminals and one or more out-of-group terminals via a network and belongs to the group,
Storage means for storing content;
Receiving means for receiving a request for copying the content from a requesting terminal;
Whether the requesting terminal is an in-group terminal, or a determining means for determining whether it is an out-of-group terminal,
If the requesting terminal is determined to be an in-group terminal, the content is copied to the requesting terminal, and if the requesting terminal is determined to be an out-of-group terminal, the requesting terminal of the content is And control means for restricting copying to the network device. The storage unit stores, along with the content, copy restriction information indicating a copy permission number of the content and a copy restriction to a terminal outside the group,
The network device according to claim 1, wherein the control unit refers to the copy restriction information and controls copying of the content to the request source terminal. The in-group terminals include a first type terminal that records content on an unusable recording medium and a second type terminal that records content on a general recording medium,
The storage means stores the copy restriction information indicating the number of permitted copies to the first type terminal and the number of permitted copies to the second type terminal,
When the requesting terminal is a terminal in a group, the control means determines whether the requesting terminal is a terminal of the first type or a terminal of the second type, and a result of the determination The network device according to claim 2, wherein the network device controls copying of the content with reference to the copy restriction information. The in-group terminals each belong to one or more subgroups,
The storage unit further stores in advance a first table indicating whether the content can be copied between subgroups,
When the requesting terminal is a terminal in a group, the control unit determines a subgroup to which the requesting terminal belongs, and refers to a result of the determination, the copy restriction information, and the first table, The network device according to claim 2, wherein the network device controls content duplication. When it is determined that the requesting terminal is a terminal in a group, the control unit transmits a part of the stored copy permitted number to the requesting terminal, and the requesting terminal is an out-of-group terminal. The network device according to claim 2, wherein, when it is determined that there is, the transmission of a part of the stored copy permitted number to the request source terminal is suppressed. The network device according to claim 5, wherein the control unit transmits copy restriction information including a part of the permitted number of copies to the request source terminal along with the copy of the content. The network device shares secret information with all group terminals,
When the requesting terminal holds the secret information, the determining unit determines that the requesting terminal is a terminal in a group, and when the requesting terminal does not hold the secret information, it is a terminal outside the group. The network device according to claim 2, wherein the determination is performed. The control means includes:
A first generation unit that generates a first copy permission number;
A second generation unit that generates a second copy permission number that is a remaining number obtained by subtracting the first copy permission number from the copy permission number,
The network device according to claim 7, wherein the generated first copy permitted number and the content are transmitted to the request source terminal, and the generated second copy permitted number is overwritten on the copy permitted number. The receiving unit receives, from the request source terminal, the number of copy requests as the copy request,
The first generation unit determines whether the number of permitted copies stored in the storage unit is equal to or greater than the accepted number of duplicate requests, and the number of permitted duplicates is equal to or greater than the number of duplicate requests. In this case, the number of copy requests is the first copy permission number, and if the copy permission number is less than the copy request number, the copy permission number is the first copy permission number. 9. The network device according to 8. The in-group terminals include a first type terminal that records content on a non-portable recording medium and a second type terminal that records content on a portable recording medium,
The storage means stores the number of permitted duplications including the number of permitted duplications to the first type terminal and the number of permitted duplications to the second type terminal,
The receiving unit receives the number of copy requests including the number of copy requests to the first type terminal and the number of copy requests to the second type terminal;
The first generation unit determines whether each copy permission number is equal to or more than each copy request number. If each copy permission number is equal to or more than each copy request number, the first generation unit calculates the sum of each copy request number as the second copy request number. 10. The network device according to claim 9, wherein, when the number of permitted duplications is less than the number of requested duplications, the total number of permitted duplications is the first permitted number of duplications. . The network device and the terminal in the group each belong to one or more subgroups,
The first generation unit stores a first table indicating whether the content can be copied between subgroups, and refers to the first table to determine whether the content can be copied to the requesting terminal. 11. The network device according to claim 10, wherein when it is determined that copying is permitted, the first copy permitted number is generated. 12. The first generation unit further stores a second table in which a subgroup identifier is associated with the number of permitted duplications permitted to terminals belonging to the subgroup identified by the subgroup identifier,
The receiving unit receives, from the request source terminal, the copy request including a subgroup identifier for identifying a subgroup to which the request source terminal belongs,
The network device according to claim 6, wherein the first generation unit generates the first permitted number of copies by referring to the second table. The network device according to claim 7, wherein the control unit transmits the first table and the second table to the request source terminal together with the content and the first copy permitted number. The network device further includes a time management unit that ticks a time,
The control unit stores a predetermined time and an update copy permitted number, and when the time counted by the time management unit reaches the predetermined time, the control unit stores the update permitted number stored in the storage unit as the update copy. The network device according to claim 2, wherein the network device is updated to a permitted number. The network device further includes:
Equipped with time management means that ticks the time,
The control means stores a predetermined time and information indicating a duplication destination terminal, and when the time engraved by the time management means reaches the predetermined time, a part of the duplication permitted number and the content are transmitted to the duplication destination terminal. The network device according to claim 2, wherein The control means transmits the content and the reproduction right of the content to the requesting terminal when the determining means determines that the requesting terminal is an out-of-group terminal. Item 2. The network device according to Item 1. A content duplication management system including a first terminal belonging to a group, and a second terminal connected to the first terminal via a network,
The first terminal includes:
Storage means for storing the content and the number of permitted copies of the content;
Receiving means for receiving a request for copying the content from the second terminal;
Determining means for determining whether the second terminal belongs to the group,
When it is determined that the second terminal belongs to the group, a part of the copy permission number and the content are transmitted to the second terminal, and it is determined that the second terminal does not belong to the group. And control means for suppressing transmission of a part of the number of permitted copies to the second terminal,
The second terminal,
Requesting means for transmitting a request for copying the content to the first terminal;
A content copy management system, comprising: an acquisition unit that receives and stores a part of the permitted number of copies transmitted from the first terminal and the content. The content copy management system further includes a plurality of terminals belonging to the group,
The first terminal further includes search information transmitting means for transmitting search information for searching for content desired to be copied to the plurality of terminals,
The content according to claim 17, wherein each of the plurality of terminals receives the search information, searches the inside based on the search information, and determines whether or not the terminal holds the content. Replication management system. A content copy management method, which is connected to one or more in-group terminals and one or more out-of-group terminals via a network and is used in a network device belonging to the group,
The network device stores content,
The content copy management method includes:
A receiving step of receiving a request for copying the content from a requesting terminal;
Whether the requesting terminal is a terminal in a group, or a determining step of determining whether it is a terminal outside the group,
If the requesting terminal is determined to be an in-group terminal, the content is copied to the requesting terminal; if the requesting terminal is determined to be an out-of-group terminal, the requesting terminal of the content is And c. Controlling the copying to the content. A content copy management program that is connected to one or more in-group terminals and one or more out-of-group terminals via a network, and is used in a network device belonging to the group.
The network device stores content,
The content copy management program includes:
A receiving step of receiving a request for copying the content from a requesting terminal;
Whether the requesting terminal is a terminal in a group, or a determining step of determining whether it is a terminal outside the group,
If the requesting terminal is determined to be an in-group terminal, the content is copied to the requesting terminal; if the requesting terminal is determined to be an out-of-group terminal, the requesting terminal of the content is And a control step of restricting copying to a content copy management program.

Images