JP2004120736A - Group formation managing system, group managing device, and member device - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a group formation managing system that fixes the range of a group and allows contents to be used freely among devices in the group. <P>SOLUTION: The formation managing system comprises at least one registered member device holding common secret information fixed to the group, a new member device for transmitting a request for registration to the group and holding the acquired common secret information, and a group managing device. The group managing device is designed to receive the request for the registration in the group from the new member device, to register the new member device when the number of the registered member devices is less than the limited number equal to the maximum number to be registered in the group, and to output the common secret information to all of the member devices. The group managing device is designed to authenticate the member devices and deliver the content after the authentication is successfully performed by using the common secret information when the content is to be used. Therefore, devices not having the secret information i.e. the member devices not being registered in the group can be prevented from using the content. <P>COPYRIGHT: (C)2004,JPO

Description

{Circle over (1)} The present invention relates to a group formation management system for forming and managing groups in which digital content can be used mutually.

2. Description of the Related Art In recent years, digital works (hereinafter, contents) such as music, video, and games can be easily obtained by distribution through the Internet, digital broadcasting, and package media.
According to Patent Literature 1, a music data management system is disclosed for the purpose of making it possible to use contents with a desired information processing device while preventing the use of a third party who does not have a legitimate right. .

In the music data management system, a plurality of personal computers (hereinafter, PCs) transmit a credit card number and the like to the approval server together with the ID of the content management program of the PC.
The approval server receives the ID, the credit card number, and the like. If the credit card numbers are the same, the PCs are classified into the same group. PCs and users are registered by recording IDs, credit card numbers, etc. for each group. When the registration is completed, the approval server sends the group key to the PC together with the group ID and password.

The PC stores the received group key, group ID and password.
Thus, PCs having the same group key can transmit and receive content using the group key.
In this technique, any device can be registered as a device in a group, and the number of devices registered in one group can be freely increased.

Non-Patent Document 1 discloses a standard called DTCP (Digital Transmission Content Protection).
DTCP is a protection standard for digital contents distributed via a bus defined by IEEE1394, which is one of the high-speed serial bus standards. Each device that uses the content has a private key distributed based on a contract with an administrator called a DTLA (Digital Transmission Licensing Administrator). When viewing the content, the transmitting device and the receiving device perform mutual authentication using the secret key, and the receiving device that succeeds in authentication can view the content.

In this technique, different devices form a group and use the content each time the content is used, as long as the device has a secret key distributed from the DTLA.
JP 2002-169726 A "5C Digital Transmission Content Protection White Paper" Revision1.0 July 14,1998

As described above, according to the technologies disclosed in Patent Literature 1 and Non-Patent Literature 1, a group is formed, and the use of contents between devices included in the group is permitted, but from the viewpoint of copyright protection, On the other hand, there is a demand to make the devices forming a group more fixed. On the other hand, from the user side, not only a physically limited transmission range such as an IEEE1394 bus, but also, for example, using an IP (Internet Protocol), There is a demand to freely use contents in a wider range.

Therefore, an object of the present invention is to provide a group formation management system, a group management device, and a member device in which the range of a group is fixed and contents can be freely used among devices in the group.

In order to achieve the above object, the present invention provides one or more registered member devices that hold common secret information unique to a group, and a request for registration to a group, and obtains the common secret information. A request for registration is received from a new member device and a new member device to be held, and the number of the registered member devices registered in the group is less than the limit number which is the maximum number that can be registered in the group. In this case, the group formation management system includes a group management device that registers the new member device and outputs the common secret information to the member device.

Also, a group management device that manages the registration of a member device to a group, a receiving unit that receives a registration request from the member device to register the device, and when the registration request is received, the member device becomes valid. If it is a device, it is determined whether or not the number of registered member devices registered in the group is smaller than the maximum number that can be registered in the group, and if the number is smaller, the member device is registered. A group management device comprising: a determination unit; and a communication unit that outputs common secret information unique to a group to the member device when determining that the number is smaller than the limited number.

Requesting means for requesting the group management device to register with the group; a request means for requesting the group management device to register with the group; and a common secret unique to the group, which is authenticated by the group management device. A member device comprising an acquisition unit for acquiring information and a holding unit for holding the acquired common secret information.
As a result, if the number of registered member devices is less than the limit number, the common secret information is output to the new member device, so that the number of member devices registered in the group is limited, and the range of the group is made more fixed. I can do it.

Further, the present invention is a registration device for registering a member device in a group management device, acquiring a common secret information unique to a group from the group management device, and holding means for holding the member device, wherein the storage device is connected to the member device. And a notifying means for notifying the member device of the common secret information.
As a result, a member device that does not have a function of directly communicating with the group management device can also be registered in the group.

The present invention provides one or more registered member devices that hold common secret information unique to a group, and a new member device that transmits a request for registration to a group and acquires and holds common secret information. And accepting a registration request from a new member device, and when the number of the registered member devices registered in the group is less than the maximum number that can be registered in the group, the new member device And a group management device that outputs the common secret information to the member device.

The group formation management system further includes a member device that transmits a request for registration to the group, acquires and holds common secret information unique to the group, and receives a request for registration from the member device and registers the group. If the number of member devices that have been registered is less than the maximum number that can be registered in the group, the group device is configured to register the member device and output the common secret information to the member device. In the initial state, no member device is registered in the group management device.

Also, a group management device that manages the registration of a member device to a group, a receiving unit that receives a registration request from the member device to register the device, and when the registration request is received, the member device becomes valid. If it is a device, it is determined whether or not the number of registered member devices registered in the group is smaller than the maximum number that can be registered in the group, and if the number is smaller, the member device is registered. A group management device comprising: a determination unit; and a communication unit that outputs common secret information unique to a group to the member device when determining that the number is smaller than the limited number.

Requesting means for requesting the group management device to register with the group; a request means for requesting the group management device to register with the group; and a common secret unique to the group, which is authenticated by the group management device. A member device comprising an acquisition unit for acquiring information and a holding unit for holding the acquired common secret information.
According to this configuration, if the number of registered member devices is less than the limit number, the common secret information is output to the new member device. It can be.
it can.

Here, the member device holds a first initial value, and the determination unit holds a second initial value, and uses the second initial value and the first initial value to determine whether the member device is valid. Authentication means for authenticating the group, and if the authentication result is successful, includes a number determination means for determining whether the registered number is less than the limited number, and wherein the communication means includes, as the common secret information, The member device may output common secret information indicating that the member device has been registered in the group managed by the management device, and the member device may acquire and hold the common secret information and suppress use of the first initial value. .

Further, the member device holds the first initial value indicating that the device is not registered in the group management device, and the authentication unit determines that the second initial value indicates that the device is not registered in the group management device. And the first initial value.
Further, the member device holds the first initial value indicating that the member device is not registered in any group management device, and the authentication unit determines that the member device is not registered in any group management device. The authentication may be performed using the second initial value indicating that the information is not registered and the first initial value.

In addition, the holding unit further holds a first initial value, and the obtaining unit receives authentication from the group management device using the first initial value, and, when the authentication result is successful, the common secret information. And the holding unit may hold the obtained common secret information and suppress use of the first initial value.
Further, the holding unit may hold the first initial value indicating that the first initial value is not registered in the group management device.

Further, the holding unit may hold the first initial value indicating that the member device is not registered in any group management device.
The holding unit may overwrite the held first initial value with the acquired common secret information.
According to this configuration, since authentication is performed using the first initial value held by the member device and the second initial value held by the group management device, if the member device holds the initial value, it is not registered in the group. Can be determined.

Here, after acquiring the common secret information and holding it by the holding means, further, a communication unit that outputs the common secret information to the another member device, and the communication unit outputs the common secret information, Deletion means for deleting the common secret information held by the holding means may be provided, and the holding means may activate the first initial value again when the common secret information is deleted.

Further, the requesting unit further requests the group management device to withdraw from the group, and the obtaining unit further obtains a notification that the common secret information is deleted from the group management device, The holding unit may delete the held common secret information and activate the first initial value again.
According to this configuration, the member device from which the common secret information has been deleted can be registered in the group as a member device holding the initial value because the first initial value is activated again.

Here, the group management device may further include a generation unit that generates the common secret information, and the communication unit may output the generated common secret information.
According to this configuration, since the group management device generates the common secret information, the group can be managed only by the devices in the group.
Here, the common secret information is generated by a management device outside the group, the determination unit acquires the common secret information from the management device outside the group, and the communication unit transmits the acquired common secret information to the management device. It may be output to member devices.

According to this configuration, since the common secret information is generated by the management device outside the group, the common secret information that does not overlap with the common secret information of another group can be generated.
Here, when receiving the registration request, the receiving unit notifies the management device outside the group that the registration request has been received, and the management device outside the group can register the registered number in the group. It is determined whether or not the number is less than the maximum number, which is the maximum number. The communication means may output the common secret information when the result of the determination indicates that the limited number is smaller than the limited number.

According to this configuration, since the management device outside the group determines whether the number of registered devices is smaller than the limited number, processing in the group management device can be reduced.
Here, the limited number includes a first limited number and a second limited number, and the determining unit determines whether the number of registered member devices is smaller than the first limited number or the second limited number. May be determined.

Here, the first limited number is the maximum number of member devices that can be connected to the group management device out of the limited number, and the second limited number is the group management device in the limited number. Is the maximum number of member devices that cannot be connected to, and the determining unit, when the requesting member device is a member device that can be connected to the group management device, the number of registered connectable member devices is: It is determined whether the number is smaller than the first limited number. If the requesting member device is a member device that cannot be connected to the group management device, the number of registered member devices that cannot be connected is equal to the second limited number. It may be determined whether the number is smaller or not.

According to this configuration, the number of member devices to be registered in the group is limited based on the first limited number and the second limited number, so that the number can be managed according to the user's request.
Here, the communication unit further outputs an inquiry request for inquiring whether or not the member device can be registered to another group management device, and the other group management device transmits the inquiry request to the other group management device. Reception, the registered number of member devices already registered in the other group management device, determines whether or not less than the limit number of the other group management device, if it is determined to be less, register the member device, The common secret information may be output to the group management device, and the communication unit may output the common secret information to the member device when receiving the common secret information from the another group management device.

According to this configuration, when there are a plurality of group management devices in one group, even if the member device cannot register with the group management device that has requested registration, another member that can register the group management device is registered. You can register with a group to find it.
Here, the determination unit may have a function of preventing unauthorized access from the outside, and the limited number and the common secret information may be stored in an area that cannot be read and written from outside.

Further, the holding unit may include a storage unit that is prohibited from reading and writing from outside, and the storage unit may store and hold the common secret information acquired from the group management device.
Further, the storage unit may be a recording medium that is removable from the member device.
According to this configuration, in the group management device, the limited number and the common secret information are stored in a storage unit that is not readable and writable, and the common secret information is also stored in the same storage unit in the member devices. Retained without being known or rewritten.

Further, the determination means may be configured by a portable module that is detachable from the group management device.
According to this configuration, in the group management device, since the IC card determines whether or not the member device can be registered, the IC card can be attached to an arbitrary device and can be used as an AD server.
Here, the determining unit stores the remaining number obtained by subtracting the registered number from the limited number, and when the receiving unit receives the registration request, determines whether the remaining number is “0”, When determining that the value is not “0”, the communication unit outputs the common secret information to the member device. When determining that the value is not “0”, the determining unit subtracts “1” from the remaining number. It is good.

According to this configuration, when the remaining number is not “0”, the member device is registered, so that the number of devices registered in the group can be limited.
Here, after the common secret information is output to the member device, the receiving unit further receives a withdrawal request indicating that registration to a group is canceled from the member device, and the communication unit includes: Further, when the withdrawal request is received, a deletion notification instructing to delete the common secret information is output to the member device, and the receiving unit further indicates that the deletion of the common secret information is completed. A completion notification may be received from the member device, and the determination unit may further reduce the registered number when the completion notification is received.

Further, the requesting unit further requests the group management device to withdraw from the group, and the obtaining unit further obtains a notification that the common secret information is deleted from the group management device, The holding unit may delete the held common secret information.
According to this configuration, the group management device reduces the number of registered members when the registered member device leaves the group, so that the number of devices that can be registered in the group can be kept constant. Further, since the member device deletes the common secret information, it is possible to prevent the use of the content by the member device withdrawn from the group.

Here, when the determining unit determines that the registered number is smaller than the limited number, the determining unit further issues validity period information indicating a period during which use of the common secret information is permitted in the member device, The communication unit outputs the expiration date information to the member device, and the determining unit increases the registered number when determining that the registered number is smaller than the limit number, and furthermore, according to the expiration date information, The progress of the indicated period is monitored, and when the period indicated by the expiration date information ends, the number of registered devices may be reduced.

Further, the acquisition unit acquires common secret information including expiration date information indicating a period during which use of the common secret information is permitted, and the holding unit monitors the elapse of the period indicated by the expiration date information. The common secret information may be deleted when the period ends.
According to this configuration, the use of the content is permitted to the member devices only during the period indicated by the expiration date information. Therefore, even if the member devices are not connected online with the group management device, once the registration process is performed, the respective devices are registered. The device can manage the common secret information. In addition, since the member device deletes the common secret information and the group management device reduces the number of registered devices, the number of devices that can be registered in the group can be kept constant.

Here, the determination unit may acquire the number of client devices that can be registered in the group from a management device outside the group, pay a fee in accordance with the acquired number, and set the acquired number as the limited number. .
According to this configuration, the group management device pays the price when setting the limited number. Therefore, the management device can charge according to the number. In addition, it is possible to flexibly set the limited number.

Here, the determining means further obtains a new registerable number of the member devices from a management device outside the group, pays a fee according to the obtained number, and adds the obtained number to the limited number. The set number may be set as a new limited number.
According to this configuration, the number of devices that can be registered in a group can be flexibly managed because the number of devices that can be registered in a group can be increased because the number of devices that can be registered can be increased and billing can be performed according to the number of devices.

Here, after the common secret information is output to the member device, the receiving unit further receives a communication request from the member device, and the determining unit further determines the common secret information and the request source. The authentication may be performed using the common secret information held by the member device, and if the authentication result is successful, the communication unit may further perform communication with the member device.
Further, the member device acquires the common secret information, holds the shared secret information by the holding unit, and further communicates with the another member device, the shared secret information and the common secret held by the another member device. An authentication unit for authenticating the another member device using information may be provided.

According to this configuration, the authentication is performed using the value of the common secret information held by the device of the authentication partner and the common secret information held by the device itself. Can be done.
Here, the group management device further includes a content storage unit that stores the encrypted content encrypted using the content key and the content key, and a key generated based on the common secret information. Encryption means for encrypting the content key to generate an encrypted content key, wherein the communication means may further output the encrypted content and the encrypted content key to the member device.

Further, the requesting unit further requests the group management device to deliver the content, and the obtaining unit further includes, from the group management device, an encrypted content generated by encrypting the content using a content key. And an encrypted content key generated by encrypting using the encryption key generated based on the common secret information, and the member device further obtains the same encryption key as the encryption key based on the common secret information. Decryption means for generating a content key by generating a decryption key, decrypting the encrypted content key using the generated decryption key, and decrypting the encrypted content using the generated content key. May be provided.

According to this configuration, since the content key is encrypted using the key based on the common secret information, the devices that can use the content can be limited to the devices that hold the common secret information.
Further, the determining means further authenticates the member device using the common secret information and the common secret information held by the member device, and shares a session key with the member device using the common secret information. The encryption unit may encrypt the content key using the session key generated based on the common secret information when the authentication is successful.

According to this configuration, since the member devices are authenticated using the common secret information, use of the content can be permitted only to the devices that have been confirmed to be registered in the same group. Also, since the content key is encrypted using the session key dependent on the common secret information, the content cannot be used by a device that does not hold the common secret information.
Here, the communication unit stores the common secret information, further acquires another common secret information, overwrites and stores the another common secret information on the common secret information, and periodically stores the common secret information. Alternatively, the another common secret information acquired irregularly may be output to the member device.

Further, after acquiring the common secret information and holding the same by the holding unit, the obtaining unit further obtains another common secret information different from the common secret information from the group management device, the holding unit includes: The another common secret may be overwritten on the common secret.
According to this configuration, the common secret information of the group is updated regularly or irregularly. Even if the common secret information is known to an external device, the common secret information is updated. Can be prevented from being used.

Here, the group management device further includes a content storage unit that stores the encrypted content encrypted using the content key and the content key, and a key generated based on the common secret information. The content key may be encrypted by encrypting the content key to generate an encrypted content key, and the writing unit may be configured to write the generated encrypted content key and the encrypted content to a portable recording medium.

Further, the receiving unit receives the registration request including an identifier for identifying the member device, and the encryption unit uses a key generated from the identifier included in the registration request and the common secret information. Alternatively, the content key may be encrypted to generate an encrypted content key.
In addition, the encryption unit may encrypt the content key using a key generated based on the common secret information and an identifier unique to the recording medium.

According to this configuration, since the content key is encrypted and recorded using the key generated based on the common secret information, the use of the content by a device that does not hold the common secret information can be prevented. In addition, since the content key is encrypted using a key generated using the common secret information and the identifier of the device registered in the group, the content key can be used only by the device having the registered identifier. Use of content by unauthorized devices can be prevented.

Here, the group management device further associates an identifier for identifying a plurality of groups with a common secret information unique to each of the groups and a limited number which is a maximum number that can be registered in each of the groups. When the receiving unit receives a registration request including any one of the identifiers, the determining unit determines that the number of registered member devices registered in the group identified by the received identifier is Determining whether the number is less than the limited number corresponding to the identifier, if it is determined to be less, register the member device in the group identified by the identifier, select the common secret information corresponding to the identifier The communication means may output the selected common secret information.

According to this configuration, one group management device can manage a plurality of groups.
Here, the receiving unit further receives a registration request for registering another predetermined number of member devices from the new member device, and the determining unit adds the predetermined number to the registered number. It is determined whether or not the number exceeds the limit number, and when it is determined that the number does not exceed the limit number, a permission right for permitting the provision of the common secret information to the predetermined number of member devices is generated, and the communication unit includes: The generated common secret information to which the permission right has been added may be output to the new member device.

Further, the request unit further requests registration of a predetermined number of other member devices, and the acquisition unit further assigns the common secret information from the group management device to the predetermined number of member devices. Acquiring the common secret information to which the permission right to permit is added, the holding unit acquires and holds the common secret information to which the permission right is added, and the member device further transmits the common secret information to another member device. A communication unit that outputs secret information, wherein the holding unit, when the common secret information is output, reduces the right to grant the common secret information to the other member devices from the permission right by one time. good.

Further, the holding unit further holds an identifier unique to the member device, and the communication unit further acquires an identifier unique to the other member device from the other member device; May further transmit an identifier of the member device and another member device to the group management device.
According to this configuration, the new member device acquires the common secret information from the group management device as a representative of the plurality of member devices, and adds the common secret information to the other predetermined number of member devices. Can be registered at once. Further, even if the predetermined number of member devices do not have a function of directly communicating with the group management device, if the representative member device has a communication function, another predetermined number of member devices can be registered. In addition, since the ID of each member device is registered, it is possible to limit the devices to which the ID is registered at the time of content distribution or the like.

Here, the receiving unit receives the registration request including a first identifier unique to the member device, the determining unit further stores the received first identifier, and the communication unit transmits the shared secret information to the member device. After the output, the receiving unit further receives a second identifier unique to the member device, and the determining unit further determines whether the received second identifier matches the stored first identifier. And the communication means may output the common secret information to the member device again when the judgment means judges that the two coincide with each other.

Further, the member device, the holding unit further holds an identifier unique to the member device, the request unit further transmits the identifier to the group management device, the holding unit, When the power-off instruction is received after holding the common secret information, the held common secret information is deleted, the power is turned off, and when the power is turned on, the requesting means sets the identifier to the group management device. The group management device may transmit the common secret information again when the identifier acquired again matches the stored identifier.

Further, the member device, the holding unit further holds an identifier unique to the member device, the request unit further transmits the identifier to the group management device, the holding unit, When communication with the group management device is interrupted after holding the common secret information, the held common secret information is deleted, and when communication with the group management device is re-established, the request unit Transmitting the identifier to the group management device again, and when the identifier acquired again by the group management device matches the stored identifier, the acquisition unit may acquire the common secret information again. .

According to this configuration, when the communication is cut off or the power is turned off, the member device deletes the common secret information and uses the common secret information illegally to acquire the common secret information as necessary. To be done.
Here, when it is determined that the group management device becomes a new group management device that manages a new group that is newly formed by combining the groups managed by the plurality of group management devices, the communication unit includes a unique group management device. The new common secret information is output to each member device, and when it is determined that another group management device is the new group management device, the group management device further updates the new group management device from the other group management device. An acquisition unit for acquiring the new common secret information unique to the group, and a holding unit for holding the acquired new common secret information may be provided.

Further, the communication unit may further determine which group management device becomes the new group management device with another group management device that manages another group.
In addition, the holding unit further stores a priority assigned to the group management device, and the communication unit stores a higher priority among the priority and the priority assigned to the other group management devices. The group management device to which the priority is assigned may be determined to be the new group management device.

Further, after holding the common secret information, the obtaining unit obtains another common secret information different from the common secret information from the same or another group management device as the group management device, The another common secret information may be held, and use of the common secret information may be suppressed.
According to this configuration, one group can be formed by combining a plurality of groups.

Here, the member devices of the group managed by the group management device and the other group management devices are each assigned a priority, and after being determined as the new group management device, the receiving unit further includes: The priority order of the member devices is acquired, and the group management device further includes a selection unit that selects new member devices to be registered in the new group within the limited number in order from the device having the highest priority order acquired by the reception unit. The communication means may output the new common secret information to the selected new member device.

According to this configuration, when a plurality of groups are combined, even if the number of member devices exceeds the limited number, the member devices to be registered can be selected according to the priority order and limited to within the limited number.
Here, the group management device further includes a member device that becomes a group management device that manages another group from member devices registered in the group management device after the communication unit outputs the common secret information. And dividing the member devices registered in the group into a member device of a group managed by the group management device and a member device of another group managed by the another group management device. Distribution means, and the communication means may output common secret information different from the common secret information to member devices divided into groups managed by the group management device.

Further, after holding the common secret information, if the member device is selected as a new group management device different from the group management device by the group management device, furthermore, the new group management device and the group management Selecting means for dividing an original member device registered in the group management device into a member device to be registered in the group management device and a member device to be registered in the new group management device; Communication means for outputting new common secret information unique to the new group managed by the new group management device to the member device selected as the new group management device may be provided.

Further, the member devices registered in the group management device are each assigned a priority, the obtaining unit obtains the priority of the other member devices, and the selecting unit displays the obtained priority. Based on this, the member devices may be divided.
According to this configuration, one group can be divided into a plurality of groups.
Further, the member device obtains the common secret information and, after holding the common secret information by the holding unit, further outputs the common secret information to the another member device; and the communication unit outputs the common secret information. And outputting a common secret information held by the holding means.

According to this configuration, the member devices registered in the group can be exchanged. Also, since the member device that has output the common secret information to the other member devices deletes the common secret information, the number of member devices holding the common secret information, that is, the number of member devices registered in the group is kept constant. I can do it.
Here, the request unit, the acquisition unit, and the holding unit are portable modules that can be attached to and detached from the member device, and the portable module acquires the common secret information when connected to the group management device. good.

The portable module may further include a notifying unit that notifies the member device of the common secret information held by the holding unit, and a notifying unit that notifies the member device of the common secret information. Management means for prohibiting further notification of the common secret information to the member device, and the member device further includes storage means for acquiring and storing the common secret information from the portable module. Is also good.

According to this configuration, since the IC card acquires the common secret information, even a member device that does not have a communication function with the group management device can acquire the common secret information with the IC card and register the common secret information in the group.
Here, the acquisition unit is further generated by encrypting the encrypted content using a content key, and encrypting the content key using an encryption key generated using the common secret information. Acquiring an encrypted content key, the member device further reads the common secret information from the connected portable module, and generates the same decryption key as the encryption key from the read common secret information, A decryption unit may be provided for decrypting the encrypted content key using the generated decryption key to generate a content key, and decrypting the encrypted content using the content key.

According to this configuration, the member device can use the content only when the IC card is connected. Further, since the IC card obtains the common secret information and generates the decryption key, the IC card can be connected to any device and the content can be used as a device in the group.
Here, the holding unit further holds a maximum number that can hold the common secret information, and the request unit, when the number of common secret information held by the holding unit is less than the maximum number, The group management device may be requested to register with the group.

Further, the holding unit further holds an identifier for identifying a plurality of groups, the requesting unit requests registration by adding any one of the identifiers, and the holding unit transmits the shared secret information. May be stored in association with the identifier transmitted in the registration request.
According to this configuration, since the member device can hold a plurality of common secret information, it can be registered in a plurality of groups. When a registration is requested with a group identifier added, a group to be registered can be specified.

The present invention is also a registration device for registering a member device in a group management device, wherein the holding device acquires and holds common secret information unique to a group from the group management device, and is connected to the member device. And a notifying means for notifying the member device of the common secret information.
According to this configuration, by using the registered device, even a member device that cannot be connected to the group management device can be registered in the group.

Here, the registered device may further include a management unit that prohibits the notification unit from further notifying the member device of the common secret information after notifying the common secret information to the member device. good.
According to this configuration, when the common secret information is notified to the member devices, further notification is prohibited, so that the devices registered in the group can be limited to the limited number or less.

Here, the registered device further includes a receiving unit that receives a request for acquiring the common secret information from the member device, and the notifying unit notifies the common secret information when the request is received. It is good.
According to this configuration, the shared secret information is held by the registered device, and when a request is accepted, the registered device is connected to an arbitrary device to notify the shared secret information, and the content is used as a device in the group. Can be done. Also, the member devices do not hold the common secret information but the registration device does, so the number of devices in the group can be limited.

The present invention is also a member device that registers and uses content in a group management device, and includes a distance from the group management device, a communication time with the group management device, a processing capability of the group management device, or the group. Selecting means for selecting one group management device from a plurality of group management devices based on a preset condition among processing states of the management device, and requesting means for requesting the selected group management device to register And member means for acquiring from the group management device common common secret information within the group, and holding means for holding the acquired common secret information.

According to this configuration, when there are a plurality of group management devices in the group, the member device selects a group management device with relatively good conditions from among the plurality of group management devices and registers the selected device in the group management device. Can be done.
BEST MODE FOR CARRYING OUT THE INVENTION Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.
1. 1. Configuration of Group Formation Management System 1, as shown in FIG. 1, the group formation management system 1 includes an AD server 100, a playback device 200, an in-vehicle device 300, an IC card 400, and a DVD 500.

The playback device 200 in which the AD server 100 and the monitor 251 are connected to the speaker 252 are installed in the user's house and are connected online. The in-vehicle device 300 is mounted on a vehicle owned by the user. The IC card 400 and the DVD 500 can be connected to the AD server 100 and the in-vehicle device 300. The IC card 400 is attached to the AD server 100, and the AD server 100 operates only when the IC card 400 is connected.

The group formation management system 1 is a system in which the AD server 100 manages an AD (Authorized Domain) which is a range in which use of content is permitted.
The AD server 100 receives and manages registration of client devices, and the AD server 100 and the registered client devices share common secret information (hereinafter, CSI: Common Secret Information) generated by the AD server 100. . The devices in the same AD authenticate each other using the shared CSI, and when the authentication is successful, transmit / receive or copy the content. Devices that do not have the CSI cannot send or receive or copy content.

Since the playback device 200 is connected to the AD server 100, it can perform authentication and register as a client device. The in-vehicle device 300 is not connected to the AD server 100, but can be registered as a client device by storing the CSI in the IC card 400 and notifying the in-vehicle device 300 of the CSI from the IC card 400.
1.1 Configuration of Server 100 in AD As shown in FIG. 2, the server 100 in the AD includes a control unit 101, a secret key storage unit 102, a public key certificate storage unit 103, a CRL storage unit 104, and a public key encryption processing unit 105. Registration information storage unit 106, CSI generation unit 107, CSI storage unit 108, content storage unit 109, encryption unit 110, ID storage unit 111, drive unit 112, input unit 113, display unit 114, input / output unit 115, input It comprises an output unit 116, a decryption unit 117 and an encryption unit 119.

The AD server 100 is, specifically, a computer system including a microprocessor, a ROM, a RAM, a hard disk unit, and the like. A computer program is stored in the RAM or the hard disk unit. The AD server 100 achieves its functions by the microprocessor operating according to the computer program.

The AD server 100 performs device registration, CSI transfer and withdrawal management, content delivery, and content copy processing.
Hereinafter, each configuration will be described.
(1) Input / output units 115 and 116, drive unit 112
The input / output unit 115 transmits and receives data to and from the playback device 200. When detecting that the IC card 400 is connected, the input / output unit 116 outputs the detection to the control unit 101. Also, it transmits and receives data to and from the IC card 400. The drive unit 112 writes and reads data to and from the DVD 500.
(2) Secret key storage unit 102, public key certificate storage unit 103, CRL storage unit 104, content storage unit 109, ID storage unit 111, content key storage unit 118
The ID storage unit 111 stores ID # 1, which is an ID unique to the AD server 100.

The public key certificate storage unit 103 stores the public key certificate Cert # 1.
The public key certificate Cert # 1 certifies that the public key PK # 1 is a correct public key of the AD server 100. The public key certificate Cert # 1 includes signature data Sig # CA1, a public key PK # 1 and an ID # 1. The signature data Sig # CA1 is signature data generated by applying a signature algorithm S to the public key PK # 1 and ID # 1 of the AD server 100 by a CA (Certification Authority). Here, the CA is a trusted third-party organization that issues a public key certificate that certifies the validity of the public key of the device belonging to the group formation management system 1. The signature algorithm S is, for example, an ElGamal signature on a finite field. Since the ElGamal signature is publicly known, its description is omitted.

The secret key storage unit 102 is a tamper-resistant area in which the inside cannot be seen from the outside, and stores a secret key SK # 1 corresponding to the public key PK # 1.
The CRL storage unit 104 stores a CRL (Certification Revocation List). The CRL is a list in which IDs of invalidated devices, such as a device that has performed an illegal operation and a device to which a secret key has been exposed, are registered, and is issued by the CA. What is registered in the CRL need not be the device ID, and the serial number of the public key certificate of the revoked device may be registered. The CRL is recorded on a recording medium such as broadcast, the Internet or a DVD and distributed to each device, and each device obtains the latest CRL. The CRL is disclosed in detail in "American National Standards Institute, American National Standard for financial Services, ANSX9.57: Public Key Cryptography for the Financial Industry: Certificate Management, 1997."

The content storage unit 109 stores the encrypted content encrypted using the content key. The method of acquiring the content is not the subject of the present invention, and thus the description is omitted. Examples of the method include a method of acquiring the content using the Internet, broadcasting, and the like, and a method of acquiring the content from a recording medium such as a DVD.
The content key storage unit 118 receives the encrypted content key a from the encryption unit 110 and stores it.
(3) Public key encryption processing unit 105
When communicating with another device, the public key encryption processing unit 105 performs authentication and establishes a SAC (Secure Authentication Channel). SAC means a secure communication path that enables encrypted communication. By establishing the SAC, it is possible to confirm that the device to be authenticated is the correct device recognized by the CA. The detailed establishment method will be described later. Further, the public key encryption processing unit 105 shares the session key SK by authentication.
(4) Registration information storage unit 106
The registration information storage unit 106 is a tamper-resistant area and stores the registration information shown in FIG. The registration information is information for managing the number of devices that can be registered in the AD server 100 and the IDs of registered devices, and includes a device ID, a maximum, a registered number, a remaining number, and an IC card ID.

The device ID is an area for storing the ID of the device registered in the AD server 100. When the playback device 200 and the in-vehicle device 300 are registered in the AD server 100, the IDs ID # 2 and ID # 3 are stored as shown in FIG. 3B.
The maximum indicates the maximum number of devices that can be registered in the AD server 100, and is two in this embodiment. The registered number indicates the number of devices already registered in the AD server 100. The remaining number indicates the number that can be registered in the AD server 100.

In an initial state in which no client device is registered in the AD server 100, the number of registered devices is “0” and the remaining number is the same as the maximum. When any client device is registered in the AD server 100, “1” is added to the number of registered devices, and “1” is subtracted from the remaining number.
As the IC card ID, the ID of the IC card 400 attached to the AD server 100 is stored in advance and cannot be rewritten.
(5) CSI generation unit 107, CSI storage unit 108
The CSI storage unit 108 is a tamper-resistant area in which the CSI cannot be read from the outside, and stores “0” as a value indicating that the device is not registered when the device is not registered in the AD server 100. I have.

The CSI generation unit 107 generates a CSI when the device is first registered in the AD server 100 under the control of the control unit 101. When all the registered devices withdraw, the CSI storage unit 108 rewrites the stored value to “0”.
Here, the CSI is arbitrary data generated by the CSI generation unit 107, and is 200 bits in the present embodiment. The bit length of the CSI is not limited to this, and may be any length that cannot be easily estimated and cannot be easily tested.

The CSI generation unit 107 stores the generated CSI in the CSI storage unit 108. Further, it outputs the generated CSI to the connected IC card 400.
The CSI may be updated periodically or irregularly.
(6) Encryption units 110 and 119
When registering the playback device 200, the encryption unit 119 applies the encryption algorithm E to the CSI using the session key SK received from the public key encryption processing unit 105 under the control of the control unit 101, and performs encryption CSI. The generated encrypted CSI is transmitted to the playback device 200 via the input / output unit 115. Here, the encryption algorithm S is DES as an example. Since DES is known, its description is omitted.

When storing the content key in the content key storage unit 118, the encryption unit 110 reads ID # 1 from the ID storage unit 111 and reads CSI from the CSI storage unit 104. The read ID # 1 and the CSI are connected in this order to form an encryption key a, and the content key is subjected to an encryption algorithm E using the encryption key a and encrypted to generate an encrypted content key a. The encrypted content key a is stored in the content key storage unit 118.

When writing the encrypted content to the DVD 500, the encryption unit 110 controls the ID # 2 and ID # of the device registered from the device ID of the registration information from the registration information storage unit 106 under the control of the control unit 101. Read 3 ID # 2 and CSI are linked in this order to form an encryption key b, and ID # 3 and CSI are linked in this order to form an encryption key c. An encrypted content key b and an encrypted content key c are generated using the encryption key b and the encryption key c, respectively, and written to the DVD 500.
(7) Decoding unit 117
The decoding unit 117 reads out ID # 1 stored in the ID storage unit 111 and reads out CSI stored in the CSI storage unit 108 under the control of the control unit 101. ID # 1 and CSI are linked in this order and used as a decryption key. A decryption algorithm D is applied to the encrypted content key a read from the content key storage unit 118 to generate a content key. The generated content key is output to encryption section 110. Here, the decryption algorithm D is an algorithm that performs the reverse process of the encryption algorithm E.
(8) Control unit 101, input unit 113, display unit 114
The input unit 113 receives an input from a user and outputs the received input to the control unit 101.

When starting the processing, when receiving the ID of the IC card from the connected IC card 400, the control unit 101 checks whether or not the received ID matches the IC card ID of the registration information. If they do not match, the fact that the connected IC card is not the attached IC card is displayed on the display unit 114, and the process is terminated. Only when they match, the subsequent processing is continued.
<Registration of playback device 200>
Upon receiving a registration request from the playback device 200 via the input / output unit 115, the control unit 101 controls the public key encryption processing unit 105 and establishes a SAC by using a CSI initial value “0” by a method described later. . Here, “0” used for authentication at the time of registration indicates that the playback device 200 is not registered in any AD. From the result of device authentication when establishing SAC, it is determined whether or not the partner device is unregistered. If the value of the CSI held by the device of the authentication partner is “0”, it is determined that the authentication has succeeded and that the device has not been registered. If the value of the CSI held by the device of the authentication partner is not “0”, the control unit 101 determines that the device of the partner is already registered in any AD.

If it is determined that the information has not been registered, the registration information is read from the registration information storage unit 106, and it is determined whether or not the remaining number is “0”. If the remaining number is not “0”, it is determined whether the registered number is “0”. When the registered number is “0”, the CSI generation unit 107 is controlled to generate a CSI, and the CSI is stored in the CSI storage unit 108. If the registered number is not “0”, the CSI is read from the CSI storage unit 108, and the generated or read CSI is encrypted by the encryption unit 110, and the encrypted CSI generated is reproduced via the input / output unit 115. Output to the device 200. When receiving a reception notification indicating that the CSI has been received from the playback device 200, “1” is added to the number of registrations in the registration information, and “1” is subtracted from the remaining number, and the process ends.

If the result of device authentication is unsuccessful, if the partner device is already registered, and if the remaining number is “0”, a registration rejection notification indicating that registration is not possible is transmitted to the playback device 200, and the process ends.
When the CSI is generated by the CSI generation unit 107, the SAC is established with the IC card 400 to share the session key SK, and the CSI generated using the session key SK is subjected to the encryption algorithm E to encrypt the CSI. The encrypted CSI is generated, and the generated encrypted CSI is transmitted to the IC card 400.

In the authentication of the registration process, by confirming whether or not the CSI of the client device of the authentication partner matches the CSI stored in the CSI storage unit 108, registration in the AD managed by the AD server 100 is performed. It may be determined whether or not it has been completed. If the CSI held by the client device matches the CSI stored in the CSI storage unit 108, the client device is notified that it is already registered in the AD server 100, and then ends the registration process. You may do it.

If the CSI held by the client device is not “0” and is different from the CSI stored in the CSI storage unit 108, it is determined that the CSI is registered in another AD. When it is determined that the client device is registered in another AD, the registration process may be terminated after transmitting the above-mentioned registration failure notification. In addition, it notifies that it has already been registered in another AD, asks whether to continue registration in the AD server 100, and if so, continues the above-mentioned registration processing and stores it in the CSI storage unit 108. The transmitted CSI may be transmitted. In this case, when the client device receives the CSI from the AD server 100, it overwrites the CSI of another AD with the received CSI.

Further, in the authentication of the registration process, when it is determined that the client device is not an unauthorized device, the registration process may be performed and the CSI may be transmitted regardless of the value of the CSI held by the client device.
<Registration of in-vehicle device 300>
(A) When an input indicating that the CSI is to be copied is received from the input unit 113 while the IC card 400 whose ID has already been confirmed is connected, the control unit 101 determines whether the remaining number is “0”. If it is not “0”, the permission right indicating that the CSI copy is permitted once is transmitted to the IC card 400. Upon receiving the receipt notification from IC card 400, control unit 101 ends the process.

If the remaining number is "0", a message indicating that copying is not possible is displayed on the display unit 114, and the process ends.
(B) When the IC card 400 is connected, confirms the ID, and receives a copy notification indicating that the CSI has been copied, extracts the ID of the copy destination of the CSI included in the copy notification, and as a device ID in the registration information. Remember. Further, it transmits a reception notification indicating that the ID of the copy destination has been received to IC card 400.

Here, the description has been made assuming that the CSI has already been generated. However, if the CSI has not been generated, the CSI is generated and transmitted to the IC card 400 in the same manner as when the playback device 200 is registered.
<Content distribution>
Upon receiving a content delivery request from the playback device 200 via the input / output unit 115, the control unit 101 controls the public key encryption processing unit 105 to establish SAC by a method described later, and shares the session key SK. In the authentication at the time of establishing the SAC, the CSI stored in the CSI storage unit 108 is used. Therefore, if the authentication is successful, the partner device holds the CSI generated by the AD server 100, and thus the registered device is registered. If it is determined that there is, and the authentication fails, it is determined that it is not registered in the AD server 100.

If the authentication fails, a delivery failure notification indicating that the content cannot be delivered is transmitted to the playback device 200.
When the authentication is successful, the decryption unit 117 is controlled to decrypt the encrypted content key a stored in the content key storage unit 118. Next, it controls the encryption unit 119 to encrypt the content key using the session key SK to generate an encrypted content key s, and transmits the encrypted content key s to the playback device 200. In addition, it reads the encrypted content from the content storage unit 109 and transmits it to the playback device 200.
<Record content on DVD>
When the input to record the content on the DVD 500 is received from the input unit 113, the decryption unit 117 is controlled to decrypt the encrypted content key a stored in the content key storage unit 118 and generate the content key. Next, the content key is encrypted by using the encryption key b and the encryption key c generated by using the ID # 2 and ID # 3 registered in the registration information by controlling the encryption unit 119 to encrypt the encrypted content. A key b and an encrypted content key c are generated, and the generated encrypted content keys b and c are written to the DVD 500. In addition, the encrypted content is read from the content storage unit 109 and written to the DVD 500.

The content key may be encrypted using an encryption key generated based on an ID unique to the DVD 500 or an encryption key generated based on an ID unique to the DVD 500 and CSI.
<Leave>
When a withdrawal request including ID # 2 is received from the playback device 200, the public key encryption processing unit 105 is controlled to establish SAC by a method described later. At this time, authentication is performed using the CSI stored in the CSI storage unit 108. From the authentication result at the time of establishing SAC, it is determined whether or not the requesting device has been registered. If the device has not been registered, the device cannot be withdrawn. .

If the registration has been completed, a deletion notification indicating that the CSI is to be deleted is transmitted to playback device 200. Upon receiving a completion notification indicating that the deletion of the CSI has been completed from the playback device 200, ID # 2 is deleted from the device ID of the registration information, "1" is subtracted from the registered number, and "1" is added to the remaining number. .
1.2 Configuration of Playback Device 200 As shown in FIG. 4, the playback device 200 includes a control unit 201, a private key storage unit 202, a public key certificate storage unit 203, a CRL storage unit 204, a public key encryption processing unit 205, It comprises a CSI storage unit 208, a content storage unit 209, an ID storage unit 211, an input unit 213, an input / output unit 215, a decryption unit 217, an encryption unit 218, a content key storage unit 219, a decryption unit 220, and a playback unit 221. . A monitor 251 and a speaker 252 are connected to the playback unit 221.

The playback device 200 is a computer system similar to the AD server 100, and a computer program is stored in a RAM or a hard disk unit. When the microprocessor operates according to the computer program, the playback device 200 achieves its function.
(1) Input / output unit 215
The input / output unit 215 exchanges data with the AD server 100.
(2) Private key storage unit 202, public key certificate storage unit 203, CRL storage unit 204, CSI storage unit 208, ID storage unit 211
The CRL storage unit 204 stores the latest CRL.

The ID storage unit 211 stores ID # 2, which is an ID unique to the playback device 200.
The CSI storage unit 208 is a tamper-resistant area and stores “0” indicating that it is not registered. When registered in the AD server 100, the CSI acquired from the AD server 100 is stored.
The public key certificate storage unit 203 stores a public key certificate Cert # 2 issued by a CA. This public key certificate Cert # 2 includes the public key PK # 2 of the playback device 200, the ID # 2 of the playback device 200, and the CA signature data Sig # CA2 for them.

The secret key storage unit 202 is a tamper-resistant area, and stores a secret key SK # 2 corresponding to the public key PK # 2 of the playback device 200.
(3) Public key encryption processing unit 205
When communicating with the AD server 100, the public key encryption processing unit 205 establishes SAC by a method described later and shares the session key SK. The shared session key SK is output to the decryption unit 217.
(4) Decoding section 217, decoding section 220
When the content is delivered from the AD server 100, the decryption unit 217 uses the session key SK shared by the public key encryption processing unit 205 to add the decryption algorithm to the encrypted content key s distributed from the AD server 100. Apply D to generate a content key. Here, the decryption algorithm D performs processing opposite to that of the encryption algorithm E.

{Circle around (1)} When playing back the once stored content, ID # 2 is read from ID storage unit 211, CSI is read from CSI storage unit 208, and ID # 2 and CSI are linked in this order to generate decryption key b. Using the generated decryption key b, a content key is generated by applying the decryption algorithm D to the encrypted content key b read from the content key storage unit 219, and the generated content key is output to the decryption unit 220.

The decryption unit 220 reads the encrypted content stored in the content storage unit 209, uses the content key received from the decryption unit 217, applies the decryption algorithm D to the read encrypted content, generates the content, and generates the content. The content is output to the playback unit 221.
(5) Encryption unit 218
When storing the content acquired from the AD server 100, the encryption unit 218 reads out ID # 2 from the ID storage unit 211 and reads out CSI from the CSI storage unit 208. ID # 2 and CSI are connected in this order to generate an encryption key b, and the generated encryption key b is used to apply an encryption algorithm E to the content key received from the decryption unit 217 to generate an encrypted content key b. , And outputs the generated encrypted content key b to the content key storage unit 219.
(6) Content storage unit 209, content key storage unit 219
The content storage unit 209 stores the encrypted content transmitted from the AD server 100.

The content key storage unit 219 stores the encrypted content key b encrypted by the encryption unit 218.
(7) Control unit 201, input unit 213
<Registration>
When the input unit 213 receives an input indicating that registration processing is started, the control unit 201 reads out ID # 2 from the ID storage unit 211, and sends a registration request including ID # 2 via the input / output unit 215. The data is transmitted to the AD server 100, and the SAC is established by a method described later.

When receiving the registration disable notification from the AD server 100, the control unit 201 displays on the monitor 251 that registration is not possible, and ends the registration process.
When receiving the encrypted CSI from the AD server 100, the control unit 201 controls the decryption unit 217 to decrypt the CSI, generates the CSI, and stores the generated CSI in the CSI storage unit 208. Further, it transmits a reception notification indicating that the CSI has been received to AD server 100.
<Content delivery>
When the input unit 213 receives an input indicating that the content is acquired and played, the control unit 201 transmits a delivery request to the AD server 100.

Upon receiving the delivery impossible notification from the AD server 100, the control unit 201 displays on the monitor 251 that delivery is impossible, and ends the process.
When reproducing the received content, the control unit 201, upon receiving the encrypted content key s from the AD server 100, controls the decryption unit 217 to decrypt the content key and generate a content key. In addition, when receiving the encrypted content from the AD server 100, the control unit 205 controls the decryption unit 220 to decrypt the encrypted content to generate the content, and causes the playback unit 221 to play back the content.
<Play after storing content>
When the input unit 213 receives an input indicating that the content is acquired and stored, the control unit 201 performs the same processing as described above to acquire the content. Upon acquiring the content, the control unit 201 causes the decryption unit 217 to decrypt the encrypted content key s received from the AD server 100, and controls the encryption unit 218 to encrypt the decrypted content key. The key b is stored in the content key storage unit 219. When receiving the encrypted content from the AD server 100, the encrypted content is stored in the content storage unit 209.

When the input unit 213 receives an input indicating that the content stored in the content storage unit 209 is to be reproduced, the control unit 201 controls the decryption unit 217 to decrypt the encrypted content key b, and causes the decryption unit 220 to decrypt the encrypted content key. Is decrypted to generate a content, and the reproducing unit 221 reproduces the content.
<Leave>
When the input unit 213 receives an input to start the withdrawal process, the control unit 101 establishes SAC by a method described later.

When the control unit 201 receives the non-registration notification from the AD server 100, the control unit 201 displays on the monitor 251 that it is not registered in the AD server 100, and ends the process.
When receiving the deletion notification from the AD server 100, the control unit 201 deletes the CSI stored in the CSI storage unit 208 and stores “0” indicating that the CSI is not registered. In addition, a deletion completion notification for notifying the AD server 100 that the deletion has been completed is transmitted.
(8) Playback unit 221
The reproduction unit 221 generates a video signal from the content received from the decoding unit 220, and outputs the generated video signal to the monitor 251. Further, it generates an audio signal from the received content and outputs the generated audio signal to the speaker 252.
1.3 Configuration of In-Vehicle Device 300 As shown in FIG. 5, the in-vehicle device 300 includes a control unit 301, a secret key storage unit 302, a public key certificate storage unit 303, a CRL storage unit 304, a public key encryption processing unit 305, a CSI The storage unit 308 includes an ID storage unit 311, a drive unit 312, an input unit 313, an input / output unit 316, decoding units 317, 318, and 320, a reproduction unit 321, a monitor 322, and a speaker 323.

The in-vehicle device 300 is a computer system similar to the AD server 100, and a RAM or a hard disk unit stores a computer program. When the microprocessor operates according to the computer program, the in-vehicle device 300 achieves its function.
(1) Drive unit 312, input / output unit 316
The drive unit 312 reads the encrypted content key c from the DVD 500 and outputs it to the decryption unit 318. In addition, it reads the encrypted content and outputs it to the decryption unit 320.

The input / output unit 316 exchanges data with the IC card 400 under the control of the control unit 301.
(2) Secret key storage unit 302, public key certificate storage unit 303, CRL storage unit 304, CSI storage unit 308, ID storage unit 311
The CRL storage unit 304 stores the latest CRL.

The ID storage unit 311 stores ID # 3 which is an ID unique to the in-vehicle device 300.
The CSI storage unit 308 is a tamper-resistant area and stores “0” indicating unregistered. When the CSI generated by the AD server 100 is received from the IC card 400, the received CSI is stored.
The public key certificate storage unit 303 stores the public key certificate Cert # 3 issued by the CA. The public key certificate Cert # 3 includes the public key PK # 3 and the ID # 3 of the vehicle-mounted device 300, and the CA signature data Sig # CA3 for them.

The secret key storage unit 302 is a tamper-resistant area, and stores a secret key SK # 3 corresponding to the public key PK # 3.
(3) Public key encryption unit 305
The public key encryption unit 305 performs authentication with the IC card 400 under the control of the control unit 301, and establishes SAC by a method described later. Also, it outputs the shared session key SK to decryption section 317 at this time.
(4) Decoding sections 317, 318, 320
Upon receiving the encrypted CSI from the IC card 400 under the control of the control unit 301, the decryption unit 317 performs a decryption algorithm D on the encrypted CSI using the session key SK received from the public key encryption processing unit 305, and Is generated, and the generated CSI is output to the CSI storage unit 308.

Upon receiving the encrypted content key c from the drive unit when reproducing the content, the decryption unit 318 reads out the ID # 3 from the ID storage unit 311 and reads out the CSI from the CSI storage unit 308. The read ID # 3 and the CSI are linked in this order to generate a decryption key c. A decryption algorithm D is applied to the encrypted content key c using the decryption key c to generate a content key, and the generated content key is output to the decryption unit 320.

The decryption unit 320 receives the encrypted content from the drive unit 312 and receives the content key from the decryption unit 318. Using the received content key, a decryption algorithm D is applied to the encrypted content to generate a content, and the generated content is output to the playback unit 321.
(5) Control unit 301, input unit 313
When the IC card 400 is connected, the control unit 301 establishes SAC. At this time, “0” stored in the CSI storage unit 308 is used as CSI. If the device authentication fails, the process ends. When a registration completion notification is received from the IC card 400, the registration is displayed on the monitor 322, and the process is terminated. When receiving the encrypted CSI from the IC card 400 via the input / output unit 316, the control unit 301 controls the decryption unit 317 to decrypt the CSI, generates the CSI, and stores the generated CSI in the CSI storage unit 308. Further, it transmits a reception notification indicating that the CSI has been received to IC card 400.

The CSI is not copied from the in-vehicle device 300 to another device.
When receiving an input from the input unit 313 to view the content recorded on the DVD 500, the control unit 301 controls the drive unit 312 to read the encrypted content key c and the encrypted content from the DVD 500. The decryption unit 318 decrypts the encrypted content key c to generate a content key, and the decryption unit 320 decrypts the encrypted content to generate content. Also, it controls the reproducing unit 321 to reproduce the content.
(6) Playback unit 321, monitor 322, speaker 323
The reproduction unit 321 generates a video signal from the received content and outputs the video signal to the monitor 322, generates an audio signal and outputs it to the speaker 323, and reproduces the content.
1.4 Configuration of IC Card 400 As shown in FIG. 6, the IC card 400 includes a control unit 401, a secret key storage unit 402, a public key certificate storage unit 403, a CRL storage unit 404, a public key encryption processing unit 405, and a CSI. The storage unit 408 includes an ID storage unit 411, an input / output unit 416, a decryption unit 417, an encryption unit 418, and an ID storage unit 420.

The IC card 400 can be connected to the AD server 100 and the in-vehicle device 300. Used when registering a device that cannot be connected to the AD server 100, such as the in-vehicle device 300, as a device in the AD.
(1) Private key storage unit 402, public key certificate storage unit 403, CRL storage unit 404, CSI storage unit 408, ID storage unit 411, ID storage unit 420
The CRL storage unit 404 stores the latest CRL.

The ID storage unit 411 stores ID # 4, which is an ID unique to the IC card 400.
The CSI storage unit 408 is a tamper-resistant area, and stores “0” indicating that the client device is not registered when the client device is not registered in the AD server 100. When the CSI is generated by the AD server 100, the CSI acquired from the AD server 100 is stored in association with the number of copies “0”. Here, the number of copies is the number of times permitted to notify another client device of the CSI.

The public key certificate storage unit 403 stores a public key certificate Cert # 4 issued by a CA. This public key certificate Cert # 4 includes the public key PK # 4 and ID # 4 of the IC card 400, and the signature data Sig # CA4 of the CA for them.
The secret key storage unit 402 is a tamper-resistant area, and stores a secret key SK # 4 corresponding to the public key PK # 4.

The ID storage unit 420 is an area for storing a copy destination ID of the CSI.
(2) Public key encryption unit 405
The public key encryption processing unit 405 establishes SAC with the AD server 100 under the control of the control unit 401, shares the session key SK, and outputs the shared session key SK to the decryption unit 417.
Further, SAC is established with on-vehicle device 300 to share session key SK, and the shared session key SK is output to encryption section 418.
(3) Decoding unit 417
Upon receiving the encrypted CSI via the input / output unit 416, the decryption unit 417 performs a decryption algorithm D on the encrypted CSI using the session key SK received from the public key encryption processing unit 405 under the control of the control unit 401. To generate CSI. The generated CSI is stored in the CSI storage unit 408.
(4) Encryption unit 418
Under the control of the control unit 401, the encryption unit 418 reads the CSI from the CSI storage unit 408, receives the session key SK from the public key encryption processing unit 405, and performs an encryption algorithm E on the CSI using the session key SK. To generate the encrypted CSI, and transmits the generated encrypted CSI to the vehicle-mounted device 300.
(5) Control unit 401, input / output unit 416
When connected to the AD server 100, the control unit 401 reads ID # 4 from the ID storage unit 411, and transmits the read ID # 4 to the AD server 100.

When receiving the CSI from the AD server 100, the control unit 401 controls the public key encryption processing unit 405 to establish a SAC with the AD server 100, share the session key SK, and receive the encrypted CSI. Then, the CSI is generated by decoding by the decoding unit 417, and the CSI is stored in the CSI storage unit 408.
When registering the in-vehicle device 300, upon receiving the permission right from the AD server 100, the control unit 401 adds “1” to the number of copies stored in association with the CSI, and Send notifications.

(4) When connected to the in-vehicle device 300, the public key encryption processing unit 405 is controlled to establish SAC and share the session key SK. At this time, authentication is performed using the initial value “0” as the CSI, and it is determined from the authentication result whether the in-vehicle device 300 has not been registered. If the authentication has failed, it is determined that the registration has been completed, a registration completion notification is transmitted, and the process ends. If the authentication is successful, it is determined that the user has not been registered, and the ID # 3 of the in-vehicle device 300 received at the time of authentication is stored in the ID storage unit 420. The control unit 401 reads out the CSI stored in the CSI storage unit 408, encrypts the CSI in the encryption unit 418, generates an encrypted CSI, and transmits the encrypted CSI to the in-vehicle device 300. Upon receiving the receipt notification from the in-vehicle device 300, the control unit 401 subtracts “1” from the number of copies, and ends the process.

When the control unit 401 is connected to the AD server 100, the control unit 401 reads ID # 4 from the ID storage unit 411 and transmits the ID # 4 to the AD server 100. Further, it reads the ID of the CSI copy destination from the ID storage unit 420 and transmits a copy notification including the read ID to the AD server 100. Upon receiving the receipt notification from the AD server 100, the process ends.
2. Operation of group formation management system 1 2.1 Operation of SAC The operation of establishing the SAC will be described with reference to FIGS.

Note that this SAC establishment method is used for authentication between any of the AD server 100, the playback device 200, the in-vehicle device 300, and the IC card 400. Called B. The CSI used for authentication may be “0” indicating no registration, or may be a value generated by the AD server 100, but all are described here as CSI.

Here, Gen () is a key generation function, and Y is a system-specific parameter. Also, the key generation function Gen () satisfies the relationship of Gen (x, Gen (y, z)) = Gen (y, Gen (x, z)). Note that the key generation function can be realized by any known technique, and thus details thereof will not be described here. For example, reference (1) Shinichi Ikeno and Kenji Koyama, "Modern Cryptography Theory", and the Diffie-Hellman (DH) public key distribution method are disclosed to the Institute of Telecommunications of Japan.

The device A reads out the public key certificate Cert # A (step S11) and transmits it to the device B (step S12).
The device B that has received the public key certificate Cert # A performs a signature verification algorithm V on the signature data Sig # CA included in the public key certificate Cert # A using the CA's public key PK # CA. To verify the signature (step S13). If the verification result is unsuccessful (NO in step S14), the process ends. If the verification result is successful (YES in step S14), the CRL is read (step S15), and it is determined whether or not the ID # A included in the public key certificate Cert # A and received is registered in the CRL (step S15). Step S16). If it is determined that it has been registered (YES in step S16), the process ends. If it is determined that it has not been registered (NO in step S16), the public key certificate Cert # B of device B is read (step S17) and transmitted to device A (step S18).

Upon receiving the public key certificate Cert # B, the device A applies the signature verification algorithm V to the signature data Sig # CA included in the public key certificate Cert # B using the public key PK # CA and signs the signature. Verification is performed (step S19). If the verification result is unsuccessful (NO in step S20), the process ends. If the verification result is successful (step S20 YES), the CRL is read (step S21), and it is determined whether or not the received ID # B included in the public key certificate Cert # B is registered in the CRL (step S22). ). If it is determined that it has been registered (YES in step S22), the process ends. If it is determined that it has not been registered (NO in step S22), the process is continued.

The device B generates a random number Cha # B (step S23) and transmits it to the device A (step S24).
Upon receiving the random number Cha # B, the device A connects the Cha # B and the CSI in this order to generate Cha_B || CSI (step S25), and the generated Cha_B || The signature generation algorithm S is performed using SK # A to generate signature data Sig # A (step S26), and the generated signature data Sig # A is transmitted to the device B (step S27).

Upon receiving the signature data Sig # A, the device B performs a signature verification algorithm V on the received signature data Sig # A using the PK # A included in the Cert # A in step S12 to verify the signature (step S12). (S28) If the verification result is unsuccessful (NO in step S29), the process is terminated, and if the verification is successful (YES in step S29), the process is continued.
The device A generates a random number Cha # A (step S30) and transmits it to the device B (step S31).

The device B generates the Cha # A || CSI by connecting the received Cha # A and the CSI in this order (step S32), and adds the secret key SK # of the device B to the generated Cha # A || CSI. A signature generation algorithm S is performed using B to generate signature data Sig # B (step S33), and the generated signature data Sig # B is transmitted to the device A (step S34).
Upon receiving the signature data Sig # B, the device A performs signature verification by applying the signature verification algorithm V to the signature data Sig # B using the PK # B included in Cert # B and received in step S18 (step S35). If the verification result is unsuccessful (NO in step S36), the process ends. In the case of success (YES in step S36), a random number “a” is generated (step S37), and Key # A = Gen (a, Y) is generated using the generated “a” (step S38). Key # A is transmitted to device B (step S39).

Upon receiving Key # A, device B generates a random number “b” (step S40), and generates Key # B = Gen (b, Y) using the generated random number “b” (step S41). The generated Key # B is transmitted to the device A (step S42). Further, using the generated random number "b" and the received Key # A, Key # AB = Gen (b, Key # A) = Gen (b, Gen (a, Y)) is generated (step S43). ), Generates a session key SK = Gen (CSI, Key # AB) using Key # AB and CSI (step S44).

Upon receiving the Key # B, the device A obtains Key # AB = Gen (a, Key # B) = Gen (a, Gen (b, y)) from the generated random number “a” and the received Key # B. Then, a session key SK = Gen (CSI, Key # AB) is generated using the generated Key # AB and CSI (Step S46).
2.2 Operation of Registering Playback Device 200 An operation when registering the playback device 200 in the AD server 100 will be described with reference to FIG.

Note that the AD server 100 has already confirmed whether the IC card 400 is connected and whether the IC card 400 is an attached IC card.
Upon receiving an input from the input unit 213 indicating that registration processing is to be started (step S51), the playback device 200 reads out ID # 2 from the ID storage unit 211 (step S52), and sends a registration request including ID # 2 to the AD. It is transmitted to the internal server 100 (step S53).

With the AD server 100 as the device A and the playback device 200 as the device B, the SAC is established by the above-described method (step S54). At this time, the AD server 100 uses “0” as the CSI, and the playback device 200 uses the CSI stored in the CSI storage unit 208.
The AD server 100 verifies the signature by using “0” as the CSI in the signature verification in step S35. Therefore, if the verification result is successful, it is determined that the registration has not been performed, and if the verification result has failed, the registration has been completed. Judge. When it is determined that the playback device 200 has not been registered, the registration information is read (step S55), and it is determined whether or not the remaining number is “0” (step S56). If it is “0” (YES in step S56), a registration disable notification is transmitted to the playback device 200 (step S57). If the remaining number is not “0” (NO in step S56), it is determined whether the registered number is “0” (step S58). If it is “0” (YES in step S58), CSI generation section 107 generates CSI (step S59). If the registered number is not “0” (NO in step S58), the CSI is read from the CSI storage unit 108 (step S60). The generated or read CSI is subjected to an encryption algorithm E by using the session key SK in the encryption unit 119 and encrypted to generate an encrypted CSI (step S61), and the encrypted CSI is transmitted to the playback device 200 (step S61). Step S62).

Upon receiving the registration disable notification, the playback device 200 displays on the monitor 251 that registration is not possible (step S63), and ends the process. When receiving the encrypted CSI, the decryption unit 217 decrypts the encrypted CSI to generate a CSI (step S64), and stores the CSI in the CSI storage unit 208 (step S65). In addition, a reception notification is transmitted to the AD server 100 (step S66).
When receiving the acknowledgment from the playback device 200, the ID # 2 is written in the device ID of the registration information, "1" is added to the registered number, and "1" is subtracted from the remaining number (step S67).
2.3 Operation of Registering In-Vehicle Device 300 (1) The operation when the AD server 100 permits the IC card 400 to copy the CSI will be described with reference to FIG.

When the IC card 400 is connected to the AD server 100, the IC card 400 reads ID # 4 from the ID storage unit 411 (Step S71) and transmits ID # 4 to the AD server 100 (Step S72).
When receiving the ID # 4, the AD server 100 reads the IC card ID from the registration information (step S73), and determines whether the received ID matches the read ID (step S74). If they do not match (NO in step S74), the fact that the connected IC card is not the attached IC card is displayed on the display unit 114 (step S75), and the process ends. If they match (YES in step S74), the process is continued. As described above, it is confirmed whether the connected IC card is the attached IC card, and when the confirmation is completed, the apparatus waits until an input is received.

When the input unit 113 receives an input indicating that the CSI is to be recorded on the IC card 400 (step S76), the control unit 101 reads the remaining number from the registration information storage unit 106 (step S77), and sets the remaining number to “0”. Is determined (step S78), and if it is "0" (YES in step S78), information indicating that registration is not possible is displayed on the display unit 114 (step S79). If the remaining number is not “0” (NO in step S78), a permission to permit CSI copying once is transmitted to IC card 400 (step S80).

Upon receiving the permission right from the AD server 100, the IC card 400 adds "1" to the number of copies (step S81), and transmits a receipt notification to the AD server 100 (step S82).
Upon receiving the receipt notification, the AD server 100 adds “1” to the number registered in the registration information, subtracts “1” from the remaining number (step S83), and ends the process.
(2) The operation when copying the CSI from the IC card 400 to the in-vehicle device 300 will be described with reference to FIG.

(4) When the IC card 400 is connected to the in-vehicle device 300, the processes in steps S71 to S75 are performed to confirm the IC card ID. Further, the IC card 400 is used as the device A and the in-vehicle device 300 is used as the device B to perform the SAC establishment process and share the session key SK (step S91). At this time, the IC card 400 performs authentication using the CSI initial value “0”, and the in-vehicle device 300 performs authentication using the value stored in the CSI storage unit 308.

The control unit 401 of the IC card 400 verifies the signature by using “0” as the CSI in the signature verification in step S35. Therefore, if the verification result is successful, it is determined that the registration has not been performed. It is determined that it has been completed. If it is determined that registration has been completed (NO in step S92), a registration refusal notice is transmitted to in-vehicle device 300 (step S93), and the process ends. If it is determined that the information has not been registered (YES in step S92), the ID # 3 of the in-vehicle device 300 received in step S18 is stored in the ID storage unit 420 (step S94). Upon receiving the session key SK from the public key encryption processing unit 405, the encryption unit 418 reads the CSI from the CSI storage unit 408 (Step S95). The CSI is encrypted using the session key SK to generate an encrypted CSI (step S96), and the generated encrypted CSI is transmitted to the in-vehicle device 300 via the input / output unit 416 (step S97).

(4) When the control unit 301 of the in-vehicle device 300 receives the registration refusal notice from the IC card 400, it displays that the registration has been completed on the monitor 322 (step S98), and ends the registration processing. When the encrypted CSI is received from the IC card 400, the decryption unit 317 receives the session key SK from the public key encryption processing unit 305 and decrypts the encrypted CSI using the session key SK to generate CSI (step S99). Then, the generated CSI is stored in the CSI storage unit 308 (step S100). In addition, a receipt notification is transmitted to IC card 400 (step S101).

When receiving the receipt notification from the in-vehicle device 300, the IC card 400 subtracts “1” from the number of copies (Step S102), and ends the process.
(3) Operation when Notifying AD Server 100 of Copy of CSI When the IC card 400 is connected to the AD server 100, the AD server 100 checks the ID of the IC card 400 and checks the attached ID. Check if it is an IC card, and if it is, wait for input.

The IC card 400 reads the ID # 3 of the copy destination from the ID storage unit 420, and transmits a copy notification including the ID # 3 to the AD server 100.
Upon receiving the copy notification, the AD server 100 stores the ID # 3 included in the copy notification as the device ID in the registration information. In addition, a receipt notification is transmitted to IC card 400, and the process ends.

Upon receiving the receipt notification from AD server 100, IC card 400 ends the process.
2.4 Content Delivery Operation 1
The operation when the content is distributed from the AD server 100 to the playback device 200 and played back will be described with reference to FIG.
Upon receiving the input to acquire the content from the input unit 213 (Step S121), the playback device 200 transmits a content delivery request to the AD server 100 (Step S122).

The AD server 100 and the playback device 200 establish SAC (step S123). At this time, authentication is performed using the CSI stored in each CSI storage unit.
In the process of step S35, the AD server 100 confirms that the playback device 200 is a device in the same AD.
If the authentication has failed (NO in step S124), AD server 100 transmits a delivery failure notification to playback device 200 (step S125), and ends the process. If the authentication is successful (YES in step S124), the AD server 100 reads the encrypted content key a from the content key storage unit 118 (step S126), decrypts it with the decryption unit 117 (step S127), and further encrypts the content key a. Encrypting section 110 generates an encrypted content key s by encrypting using session key SK shared at the time of authentication (step S128), and transmits the generated encrypted content key s to playback apparatus 200 (step S128). S129). In addition, the encrypted content is read from the content storage unit 109 (step S130) and transmitted to the playback device 200 (step S131).

When receiving the delivery failure notification, the playback device 200 displays on the monitor 251 that delivery is impossible (step S132), and ends the process. When receiving the encrypted content key s, the decryption unit 217 decrypts the content key using the session key SK to generate a content key (step S133), and outputs the generated content key to the decryption unit 220. Using the content key received from the decryption unit 217, the decryption unit 220 generates a content by applying the decryption algorithm D to the encrypted content received from the AD server 100 (step S134), and outputs the content to the playback unit 221. The reproduction unit 221 generates a video signal and an audio signal from the received content, outputs the video signal and the audio signal to the monitor 251 and the speaker 252, and reproduces the content (Step S135).
2.5 Content Delivery Operation 2
The operation when the content received from the AD server 100 is temporarily stored in the playback device 200 and then played back will be described with reference to FIG.

The same processing is performed from step S121 to step S130.
The decryption unit 217 decrypts the encrypted content key s to generate a content key (step S141), and outputs the generated content key to the encryption unit 218. The encryption unit 218 reads out the CSI from the CSI storage unit 208 and reads out ID # 2 from the ID storage unit 211 (Step S142). ID # 2 and CSI are concatenated in this order to generate ID # 2 || CSI (step S143), which is used as an encryption key b. The content key is encrypted using the generated encryption key b to generate an encrypted content key b (step S144), and the encrypted content key b is stored in the content key storage unit 219 (step S145). When receiving the encrypted content from the AD server 100, the encrypted content is stored in the content storage unit 209 (step S146).

Upon receiving an input to reproduce the stored content from the input unit 213 (step S147), the decryption unit 217 reads the encrypted content key b from the content key storage unit 219 (step S148). Further, the CSI is read from the CSI storage unit 208, the ID # 2 is read from the ID storage unit 211 (step S149), the ID # 2 and the CSI are linked to generate the ID # 2 || CSI (step S150), and the decoding is performed. The key. A decryption algorithm D is applied to the encrypted content key b using the generated decryption key to generate a content key (step S151), and the generated content key is output to the decryption unit 220. The decryption unit 220 and the playback unit 221 perform the processes of steps S132 to S133 and play back the content.
2.6 Operation when Recording on DVD The operation when writing the content to the DVD 500 by the AD server 100 will be described with reference to FIG.

Upon receiving the input to record the content on the DVD from the input unit 113 (step S161), the AD server 100 reads the encrypted content key a from the content key storage unit 118 (step S162), and reads the encrypted content key a from the ID storage unit 111. The ID # 1 is read, and the CSI is read from the CSI storage unit 108 (Step S163). The decryption unit 117 generates a decryption key by linking ID # 1 and CSI (step S164), and decrypts the encrypted content key a using the generated decryption key to generate a content key (step S165). , And outputs the generated content key to the encryption unit 110. Upon receiving the content key, the encryption unit 110 reads out the device ID from the registration information storage unit 106 and reads out the CSI from the CSI storage unit 108 (Step S166). The read ID # 2 and CSI are linked to generate an encryption key b, and the ID # 3 and CSI are linked to generate an encryption key c (step S167). The content key is encrypted using the generated encryption keys b and c, respectively, to generate the encrypted content keys b and c (step S168). The generated encrypted content key b and the generated encrypted content key c are written to the DVD 500 (step S169). In addition, the encrypted content is read from the content storage unit 109 (step S170), and written to the DVD 500 (step S171).
2.7 Operation of Withdrawing Playback Device 200 The operation when the playback device 200 withdraws from the AD server 100 will be described using FIG.

Note that the AD server 100 is connected to the IC card 400 and has already confirmed the IC card ID.
Upon receiving the input of withdrawal from the input unit 213 (step S181), the playback device 200 reads out ID # 2 from the ID storage unit 211 (step S182), and issues a withdrawal request including the ID # 2 to the AD server 100. (Step S183).

The AD server 100 and the playback device 200 perform authentication and establish SAC (step S184). At this time, authentication is performed using the CSI stored in each CSI storage unit.
In the process of step S35, the AD server 100 determines whether or not the playback device 200 has been registered as a device in the AD. The data is transmitted (step S186). If registered (YES in step S185), a CSI deletion notification is transmitted (step S187).

Upon receiving the notification of non-registration, the playback device 200 displays on the monitor 322 that the content has not been registered (step S188), and ends the process. Upon receiving the deletion notification, the CSI is deleted from the CSI storage unit 208 (step S189). Further, a deletion completion notification is transmitted to the AD server 100 (step S190).
Upon receiving the deletion completion notification, the AD server 100 deletes ID # 2 from the device ID, subtracts “1” from the registered number, and adds “1” to the remaining number (step S191).
3. Other Modifications Although the present invention has been described based on the above embodiment, it is needless to say that the present invention is not limited to the above embodiment. The following cases are also included in the present invention.
(1) In the present embodiment, when registering a device that is not connected to the AD server 100, the CSI is copied using the IC card 400. However, the CSI may be moved between client devices.

An example will be described in which the CSI is moved from the playback device 200 to the playback device 200n and the playback device 200n is registered as an AD device.
The playback device 200 is connected to the playback device 200n, and the playback device 200n is operated to transmit a movement notification to the playback device 200. The playback device 200 and the playback device 200n establish a SAC and generate a session key SK. The playback device 200 encrypts the CSI with the session key SK and transmits the encrypted CSI to the playback device 200n. The playback device 200n decrypts and stores the encrypted CSI using the session key, and stores the ID of the playback device 200 that is the transfer source received when the SAC is established. In addition, a reception notification is transmitted to playback device 200. Upon receiving the acknowledgment, the playback device 200 deletes the CSI in the CSI storage unit 208 and stores “0”.

When the playback device 200n is connected to the AD server 100 and establishes the SAC, it notifies the AD server 100 that the CSI has been moved, transmits the source ID and the ID of the playback device 200n, 100 rewrites the device ID of the registration information.
(2) Although the IC card 400 is a device attached to the AD server 100, it does not have to be attached.

Similarly to other client devices, the IC card 400 establishes SAC when connected to the AD server 100, registers ID # 4 as a device ID, and acquires CSI.
When recording the content key on the DVD 500, the AD server 100 encrypts the content key using an encryption key generated by linking ID # 4 of the IC card 400 and CSI.
When the DVD 500 is mounted and the IC card 400 is connected, the in-vehicle device 300 establishes a SAC with the IC card 400 and shares a session key.

The IC card 400 generates a decryption key by linking ID # 4 and CSI stored in the IC card 400, and encrypts the decryption key using the session key SK to generate an encryption decryption key. Transmit to on-vehicle device 300.
The in-vehicle device 300 decrypts the encrypted decryption key using the session key SK to generate a decryption key, decrypts the encrypted content key read from the DVD to generate a content key, and uses the content key to encrypt the encrypted content. And play the content.

Further, as in the above (1), the same processing as in the case of moving the CSI between the clients may be performed, and the CSI may be moved from the IC card to the in-vehicle device 300. In this case, similarly to the IC card 400 of the first embodiment, an IC card that is not attached may have a function of notifying the AD server 100 of the movement. The IC card that has moved the CSI to the in-vehicle device 300 prohibits the movement of the CSI without deleting the CSI on the spot, and deletes the CSI after notifying the AD server 100 of the movement.
(3) When registering a device that is not connected to the AD server 100 using the IC card 400, a permission right or CSI may be transmitted from the AD server 100 to the IC card 400 via a network.

As an example, when the IC card 400 is connected to a client device having a function of connecting to a network such as a PC and communicating, the IC card 400 uses the communication function of the PC to perform SAC establishment processing and perform authorization. Receive rights or CSI.
The client device having the communication function is not limited to a PC, but may be a PDA, a mobile phone, or the like.
(4) In the present embodiment, content is delivered from the AD server 100 to the client device or recorded on a DVD and distributed. However, a SAC is established between the client devices to generate a session key SK, and May be delivered.
(5) In the present embodiment, the in-vehicle device 300 is registered using the IC card 400, but the withdrawal processing may be performed using the IC card 400 in the same manner.

In this case, the in-car device 300 connected to the IC card 400 is operated to transmit a withdrawal request to the IC card 400, and the IC card 400 establishes SAC and confirms that the in-car device 300 has been registered. Then, a deletion notification is transmitted to the in-vehicle device 300. The in-vehicle device 300 deletes the CSI and transmits a deletion completion notification to the IC card 400. Upon receiving the deletion completion notification, the IC card 400 stores the ID of the withdrawn in-vehicle device 300. When connected to the AD server 100, the IC card 400 notifies the AD server 100 that the in-vehicle device 300 has withdrawn and the ID of the in-vehicle device 300. The AD server 100 deletes the ID of the vehicle-mounted device 300 from the device ID, subtracts “1” from the registered number, and adds “1” to the remaining number.
(6) In the present embodiment, the AD server 100 checks whether the partner device is unregistered or registered based on the CSI value stored in the partner device in signature verification at the time of establishing SAC. However, an ID may be received from a device to be authenticated, and whether the device is unregistered or registered may be confirmed based on whether the received ID is stored in the device ID of the registration information. Alternatively, all the client devices registered as devices in the AD may store the registered ID, and the registration and non-registration may be similarly confirmed between the client devices using the ID.
(7) When registering a device that is not connected to the AD server 100, the IC card 400 is used. However, the AD server 100 displays the CSI on the display unit 114, and the user manually inputs the CSI to the client device. You may do it. In this case, the input code may be a value obtained by encrypting the CSI depending on the device or session.
(8) In the present embodiment, when establishing the SAC and encrypting and transmitting the CSI, the cipher text may be added with the signature data of the device transmitting the encrypted CSI and transmitted.
(9) In this embodiment, the registration information and the CSI are stored inside each device. However, the registration information and the CSI may be stored in an area that is detachable and cannot be read, written, and copied without permission.
(10) In the present embodiment, the device ID and CSI or the random number and CSI are used in combination as the encryption key for encrypting the content or the decryption key for decrypting the content. Instead, a calculation may be performed using the ID and CSI of the device or a random number and CSI, and a value obtained as a result may be used.
(11) In the present embodiment, the maximum number, the registered number, and the remaining number are managed as the registration information, but the present invention is not limited to this.

The maximum number may be set as the initial value of the remaining number, and each time the registration is performed, the remaining number may be decreased by “1”, and if the remaining number is not “0”, the client device may be registered. Further, the maximum number and the number of registered devices may be managed, and if the number of registered devices is equal to or less than the maximum number, the client device may be registered.
(12) Regarding the number of devices in the registration information, the device connected online with the AD server 100 and the device to be registered using the IC card 400 are separated and the maximum number, the number of registered devices, and the like are managed. good.
(13) In the present embodiment, the management is performed based on the registration information stored in the AD server 100. However, a separate management organization may be provided, and the following (a) to (c) may be performed.

(A) The management organization sets the maximum number, attaches the signature data of the management organization to the maximum number, records it on a portable recording medium such as a DVD, and distributes it or distributes it via communication. The AD server 100 verifies the signature data, and if the verification result is successful, stores it as the maximum number.
(B) The AD server 100 requests the number of devices to be registered from the management organization. The management institution performs charging according to the number, and when the charging is successful, transmits information for permitting registration of the requested number to the AD server 100, and upon receiving the information, the AD server 100 is permitted. Accept registration of client devices within the range of the number.

(C) The AD server 100 issues a request to the management organization every time it receives registration from the client device, and the management organization charges the request, and when the charging is successful, permits the registration. When permitted, the AD server 100 registers the client device and transmits the CSI.
(14) Although the playback device 200 plays back the content delivered from the AD server 100, the playback device 200 may have a DVD playback function and play back the content recorded on the DVD 500 by the AD server 100.

In addition, the AD server 100 is configured to link all the device IDs stored in the registration information to the CSI and use them for encrypting the content key. It is also possible to extract the ID of a device that can play back a DVD and connect it to the CSI to use it for encrypting the content key.
(15) In the present embodiment, the AD server 100 records the content on a DVD. However, the AD server 100 may record the content on a memory card, MD, MO, CD, BD (Blu-ray Disk), or an IC card. The content may be recorded in a file.

The client device may be a recording device other than the reproducing device, or may be a combination thereof. Further, the client device may be a portable device that is installed in the user's home or mounted on a vehicle, or that can be carried by the user.
(16) Since the IC card 400 is directly connected to the AD server 100 or the in-vehicle device 300, it is not necessary to perform the SAC establishment process.
(17) When establishing a SAC, signature data is generated for data obtained by concatenating CSI with a random number Cha # B or Cha # A. A hash value of the data to be signed is calculated, and the hash value The signature data may be generated by using
(18) When establishing the SAC, the CSI is used when determining whether the authentication partner device is unregistered or registered, and when sharing the key. However, it may be used for either one.

Further, in the present embodiment, the authentication is performed in both directions, but may be one-way authentication.
(19) The registration of client devices may be limited by time.
The time is adjusted between the AD server 100 and the client device. The AD server 100 sets a period during which use of the CSI is permitted, sets the period as validity period information, transmits the validity period information and the CSI to the client device, and subtracts “1” from the registered number.

The client device receives and stores the expiration date information and the CSI. When the period indicated by the expiration date information ends, the CSI is deleted.
When the period indicated by the expiration date information ends, the AD server 100 adds “1” to the registered number. If the device ID is stored, the ID of the expired device is deleted.
The expiration date information may be information indicating the start and end dates and times of the expiration date, or may be information indicating only the end dates and times. Further, the period from the start of use of the CSI may be limited, or the period during which the client device operates using the CSI may be limited.
(20) In the present embodiment, the number of AD servers is one, but one AD may include a plurality of AD servers.

In this case, the client device can select which AD server to communicate with. As a selection method, the user may set, or the client device may select an AD server that is the shortest distance from the client in the AD. Further, among the AD servers, a server having a high processing capacity or an AD server having few other tasks may be selected.
Further, as described below, when the AD server requested to register from the client device cannot register the client device any more, it may search for another AD server that can be registered.

The client device sends a registration request to one AD server. The AD server that has received the registration request inquires of another AD server whether the client device can be registered when the registered number matches the maximum number. When the registration is possible, the other AD server registers the requesting client device, responds that the registration is possible to the AD server, and transmits the CSI to the client device.

If another AD server responds that it cannot be registered, the AD server inquires of another AD server.
Alternatively, a representative AD server may be determined among a plurality of AD servers, and the representative server may manage all the devices in the group. In this case, if the non-representative AD server receives a registration request from the client device, it inquires whether it can be registered on the representative server. If the registration is possible, the client device is registered on the representative server and accepts the request from the representative server. Receive CSI via server in AD.

Note that the AD server that has received the request may make an inquiry to another AD server when, for example, performing another process.
In addition, a list of registered devices may be shared between a plurality of AD servers in order to manage the number of registered devices, as shown in (a) and (b) below.
(A) When the AD server R and the AD server S in the same AD each register a client device, the ID of the registered device is stored as a device list. Each time the list is updated by writing the ID, the version number is stored in association with the device list.

The servers R and S in the AD exchange the device list regularly or irregularly. The AD server R compares the version number of the device list stored therein with the version number of the device list received from the AD server S, and stores the newer device number as the device list. The AD server S performs the same processing. As a result, the latest device list can always be shared.

The device list may be exchanged each time the device list of one AD server is updated. Further, not only the device list but also the registration information such as the registered number and the maximum number may be shared in the same manner as described above.
(B) The AD server T and the AD server U in the same AD hold a device list T and a device list U, respectively, and when registering a client device, associate the device ID with the registered time. Store. The AD server T and the AD server U exchange the device list regularly or irregularly.

If the number of registered devices stored in the AD as the registration information is smaller than the maximum number, the AD server T adds the newly registered client devices to the device list U received from the AD server U in the order in which they are registered. Writes in the device list T held by. Similarly, the AD server U also receives the device list T and updates the device list U in the newly registered order.
It is also possible to assign priorities to the client devices in advance, and to register devices with higher priorities with priority. In addition, if the total number of client devices newly registered in the AD servers T and U exceeds the maximum number, a device having a higher priority may be registered preferentially, or a user may select a device to be registered. good.

According to this method, even if one AD server is powered off, it can be registered in the other AD server, and when the other AD server is updated, the device list is exchanged to maintain consistency, The same device list can be shared between servers in AD.
(21) In order to avoid duplication of the CSI of each AD, information may be exchanged between AD servers that manage the respective ADs, and it may be confirmed whether or not the ADs are duplicated.

In order to improve security, the AD server may input each CSI to a hash function, calculate a hash value, exchange the hash values, and check whether the hash values are duplicated.
Instead of the server in the AD generating the CSI, a management institution may be provided, and the management institution may generate the CSIs of all the ADs so as not to be duplicated, and may safely transmit the CSIs to the respective AD servers.
(22) The client device may belong to a plurality of ADs.

Also, the client device may limit the number of ADs that can be registered by limiting the number of CSIs that can be stored. Further, the configuration may be such that each AD server exchanges list information of registered client devices to limit the number of ADs that can be registered by one client device. Also, by exchanging the list information, it is possible to confirm how many ADs the client device belongs to.

Separately, a management organization that manages the number of ADs registered by the client device may be provided.
In addition, one AD server may manage a plurality of ADs. In this case, the number of AD servers that can store different CSIs is limited, and ADs within this number can be managed. The AD server may store the number of client devices that can be registered for each CSI, or may store the CSI and the group ID in association with each other.
(23) An identifier is assigned to each of the ADs, and when the content is delivered, the content delivery source device may embed the AD identifier registered by the device as a digital watermark in the content.

Thus, when the client device illegally distributes the decrypted content to the outside of the AD, it is possible to specify from which AD the content has leaked. Further, when the server that distributes the content manages the ID of the client device registered in each AD, the ID of the client device that has leaked the content may be included in the CRL.
(24) In the present embodiment, the content is delivered after the device is authenticated, but the present invention is not limited to this.

When distributing content, authentication may not be performed as described below.
The device on the content transmission side generates an encryption key based on the CSI. The content key is encrypted using the generated encryption key, and the encrypted content and the encrypted content key are delivered.
Upon receiving the encrypted content and the encrypted content key, the receiving device generates the same decryption key as the encryption key based on the CSI. The content key is generated by decrypting the encrypted content key using the generated decryption key, and the content is generated by decrypting the encrypted content using the content key.

According to this, only the device that holds the CSI can generate the decryption key and decrypt the content.
In addition, only the encrypted content is delivered without authentication, and then the session key is shared by performing authentication in the same manner as in the embodiment. If the authentication is successful, the content key is encrypted and delivered using the session key. It is good.

Note that the encrypted content may be delivered by communication, or may be recorded on a portable recording medium and distributed.
Further, in addition to delivering the content in response to a request from the receiving device, the transmitting device may determine and deliver the content without request, or may deliver the content according to an external input.
(25) In the present embodiment, the CSI storage unit stores “0” as an initial value. When the CSI generated by the AD server 100 is acquired, the acquired CSI is overwritten. The CSI and the CSI may be stored in another area. When the obtained CSI is stored in an area different from the initial value, the use of the initial value may be suppressed.

Note that the initial value whose use has been suppressed is activated again when the CSI is deleted due to movement or withdrawal.
Although “0” is stored as a value indicating non-registration, the value may not be “0” and may be any value other than a value generated as CSI.
(26) In the present embodiment, the AD server 100 permits the IC card 400 to copy the CSI once, but may give the permission multiple times.

In addition, the IC card 400 authenticates the client device using the CSI, stores the ID of the client device that copied the CSI, and confirms the ID of the client device when copying, so that the same client device can be used. Copying the CSI multiple times may be prevented.
Further, the function of performing the registration processing of the client device may be mounted on the IC card, and the device to which the IC card is connected may operate as the AD server.

Further, the client device may register with the AD server as a representative of the plurality of client devices, and receive the right to copy the CSI to the other plurality of client devices. An example will be described below with reference to FIG.
An AD server 600 and a client device 601 are installed at the user's house, and the client device 601 has already been registered in the AD server 600. The AD server 600 stores the maximum and the remaining number as registration information. Here, it is assumed that the maximum is 4 and the remaining number is 3.

The in-vehicle devices 602, 603, and 604 that are not registered in the AD server 600 are mounted on the vehicle owned by the user. The in-vehicle devices 603 and 604 do not have a function of directly communicating with the AD server 600. The in-vehicle device 602 is portable and has a function of directly communicating with the AD server 600. Further, the in-vehicle devices 602 to 604 can be connected and communicate with each other.
When the in-vehicle device 602 is connected to the AD server 600 as a representative of the in-vehicle device, the in-vehicle device 602 transmits a registration request including the desired number 3, which is the number of client devices to be registered, to the AD server 600.

Upon receiving the registration request, the AD server 600 authenticates the in-vehicle device 602 and shares the session key as in the embodiment. If the authentication is successful, it is determined whether the desired number included in the registration request is equal to or less than the remaining number stored as the registration information. If it is determined that the remaining number is equal to or less than the remaining number, the stored CSI is read, and the read CSI and a permission right for permitting registration of three units are encrypted using a session key, and the encrypted CSI is mounted on the vehicle as encryption right information. The data is transmitted to the device 602.

(4) Upon receiving the encrypted right information, the in-vehicle device 602 decrypts the encrypted right information using the session key, and generates the CSI and the permission right. Also, by storing the generated CSI, the permission right indicating that one of the permission rights has been used and the remaining two can be registered is stored. In addition, authentication is performed with each of the in-vehicle devices 603 and 604, and if the authentication is successful, the CSI is transmitted, and the permission right for the number of transmitted devices is reduced.

Thus, the in-vehicle devices 602 to 604 can be registered as client devices.
If the remaining number is less than the desired number, a permission to permit registration is transmitted for the number indicated by the remaining number. For example, when the permission right for two devices is transmitted, the in-vehicle device 602 uses the permission right for one device by storing the CSI, and transmits the CSI to one of the in-vehicle devices 603 and 604. Use one vehicle's permission. The device to which the CSI is to be transmitted may be selected by the user, or each device may have a priority in advance and transmit to a device with a higher priority.

When registering the IDs of the in-vehicle devices in the AD server 600 when the in-vehicle devices 602 to 604 are registered in the AD server 600, the following processing is performed.
The in-vehicle device 602 acquires the IDs of the in-vehicle devices 603 and 604 before registration. When registering in the AD server 600, the acquired ID and the ID of the vehicle-mounted device 602 itself are transmitted to the AD server 600. The AD server 600 stores the received ID as a device ID. If the remaining number is less than the desired number, the AD server 600 stores the IDs of the received IDs corresponding to the number indicated by the remaining number. In this case, the ID to be registered may be selected by the user, or the IDs may be assigned priorities in advance, and the IDs of the number indicated by the remaining number may be stored in order from the ID having the highest priority.

In addition, the in-vehicle device 602 can return the permission right to the AD server 600 when there is no permission right.
The in-vehicle device 602 acquires the permission right including the right of the in-vehicle device 602, but the in-vehicle device 602 is registered in the AD server 600 as in the embodiment, and the in-vehicle device 603 and May be obtained.
(27) One AD may be formed by combining a plurality of ADs.

As an example, a case where AD # G is formed by combining AD # E and AD # F will be described with reference to FIG.
AD # E and AD # F are each composed of one AD server and a plurality of client devices (not shown). Up to m client devices can be registered in the AD server E of AD # E, and each device in AD # E holds CSI # E. Also, the AD server F of AD # F can register a maximum of n client devices, and each device in AD # F holds CSI # F.

AD # G is formed from these two ADs. First, a device to be the AD server G that manages AD # G is determined between the AD server E and the AD server F. At this time, the determination may be made based on the processing performance, the priority of each AD server, or the user. The AD server that is not the AD server G is registered in AD # G as a client device.
The number k that can be registered in the AD server G is m, n, or the average of m and n. Further, the AD server G generates a new CSI # G, authenticates each client device, and transmits the CSI # G to the device that has been successfully authenticated.

If the total number of devices forming AD # E and AD # F exceeds the number k, the device to be registered is selected. In this case, the server G in AD may select a lower priority order set in advance, or the user may select it.
As described above, one AD may be newly formed from two ADs, or one AD may be added to the other AD. When AD # F is added to AD # E, the device in AD # F is registered in AD server E as a client device of AD # E, and holds CSI # E. At this time, if the number of client devices to be registered exceeds m at the maximum, the device to be registered is selected as described above.

Note that m, n, and k are positive integers.
(28) One AD may be divided into a plurality of ADs.
As an example, a case where AD # I and AD # J are formed from AD # H will be described with reference to FIG.
AD # H includes an AD server H that manages devices in AD # H, and a plurality of client devices (not shown).

The AD server H can register p (p is a positive integer) client devices, and each device in the AD # H stores CSI # H.
When forming the AD # I and the AD # J, the AD server H selects a new device to be the AD server I and the AD server J from the client devices in the AD # H. At this time, a device having a high processing capability may be used as the AD server, or may be selected based on the priorities assigned to the devices in advance. Further, the selection may be made by the user, or may be made based on the processing capability, priority, and the like among the client devices. The server H in AD may form a new AD as the server I in AD or the server J in AD.

After the division, the client devices belonging to each are selected. At this time, each AD server may select based on the priority order, or the user may select. Each of the AD servers I and J can register a maximum of p client devices. When the client device of each AD is selected, the AD server I generates a CSI # I and transmits the generated CSI # I to the selected client device. Similarly, the AD server J also generates CSI # J and transmits it to the client device.

Note that the AD servers I and J may authenticate each time a client device is selected or may authenticate when transmitting a newly generated CSI.
In addition, as described above, in addition to forming two new ADs from one AD, one new AD is formed from AD # H, and two ADs, the base AD # H and the new AD, are formed. It may be divided.
(29) When the power of the client device is turned off, the CSI may be temporarily deleted while the client device remains registered in the AD server.

In this case, when the client device is registered in the AD server, the AD server stores the ID of the client device and transmits the CSI.
When the client device stores the received CSI, the client device can use the content as an AD device. Upon receiving the power-off instruction, the client device deletes the CSI and turns off the power. At this time, the client device ID stored in the AD server is not deleted.

When the power of the client device is turned on again, the client device transmits the ID to the AD server. The AD server determines whether the stored ID has an ID that matches the received ID, and if there is a matching ID, retransmits the CSI to the client device without updating the registration information I do.
Note that, similarly, when the wired or wireless communication is interrupted, the CSI may be deleted once, and when the communication is re-established, the ID may be transmitted and the CSI may be acquired again.
(30) In the present embodiment, the authentication is performed using the CSI. However, the following authentications (a) to (c) may be added.

(A) It is authenticated that the client device is connected to the same home LAN as the server in the AD using the MAC address, the IP address, and the code unified in the system. This makes it difficult to register another person's client device.
When the AD server and the client device communicate wirelessly, the authentication may be performed within the range of radio waves.

When the server in the AD and the client device can communicate with each other, authentication data is transmitted from the server in the AD to the client device. When the client device receives the data for authentication, the client device transmits response data to the server in the AD. . The server in AD measures the time from transmitting the authentication data to receiving the response data, and if the measured time is within the preset threshold, it is assumed that the server is installed in the same house You may authenticate.

Further, a TTL (Time To Live) value may be set within the number of routers in the house so that communication with a device outside the house cannot be performed.
Alternatively, it may be determined whether or not they are installed in the same house by determining whether or not they are connected to the same power supply.
(B) A password is set in the AD server in advance, and when registering the client device, the user manually inputs the password into the client device. The client device transmits a registration request including the input password to the AD server, and the AD server determines whether the password received in the registration request matches a preset password.

A plurality of passwords may be set, for example, each family may set their own password. Further, an ID for identifying each user and a password may be combined.
(C) Instead of the password in (b), biometrics information such as a fingerprint and an iris may be used. As a result, only a preset person can register a client device.
(31) The initial values held by the client device may be the following (a) to (c).

(A) The client device holds one initial value indicating that it has not been registered in the AD server. When registered in the AD server, use of the initial value is suppressed.
(B) The client device holds a plurality of initial values corresponding to each of the plurality of AD servers. When registering with any of the plurality of AD servers, authentication is performed using an initial value corresponding to the AD server, and when registered, the use of the corresponding initial value is suppressed. Further, when registered in another AD server, use of the initial value corresponding to the other AD server is suppressed.

The respective initial values may be identified in association with the group identifier.
(C) The client device holds an initial value indicating that it is not registered in any of the plurality of AD servers. By registering with any AD server, use of the initial value is suppressed.
(32) The present invention may be the method described above. Further, these methods may be a computer program that is realized by a computer, or may be a digital signal formed by the computer program.

Further, the present invention provides a computer-readable recording medium for reading the computer program or the digital signal, for example, a flexible disk, a hard disk, a CD-ROM, an MO, a DVD, a DVD-ROM, a DVD-RAM, a BD (Blu-ray Disc). ), A semiconductor memory or the like. Further, the present invention may be the computer program or the digital signal recorded on these recording media.

Further, according to the present invention, the computer program or the digital signal may be transmitted via an electric communication line, a wireless or wired communication line, a network represented by the Internet, or the like.
The present invention may be a computer system including a microprocessor and a memory, wherein the memory stores the computer program, and the microprocessor operates according to the computer program.

Further, the program or the digital signal is recorded on the recording medium and transferred, or the program or the digital signal is transferred via the network or the like, so that it is executed by another independent computer system. It may be.
(33) The above embodiments and the above modifications may be combined.

不正 Prevents illegal use of digital works, and allows users to freely form digital contents in groups.

FIG. 1 is a block diagram illustrating an overall configuration of a group formation management system 1. FIG. 2 is a block diagram showing a configuration of an AD server 100. FIG. 3 is a diagram illustrating a configuration of registration information. FIG. 2 is a block diagram illustrating a configuration of a playback device 200. FIG. 3 is a block diagram showing a configuration of the on-vehicle device 300. FIG. 2 is a block diagram showing a configuration of an IC card 400. 9 is a flowchart illustrating a process of establishing a SAC. FIG. 8 is continued. 9 is a flowchart illustrating a process of establishing a SAC. The continuation of FIG. 5 is a flowchart showing an operation when the playback device 200 is registered in the AD server 100. 5 is a flowchart showing an operation when registering the in-vehicle device 300. 5 is a flowchart showing an operation when registering the in-vehicle device 300. It is a flowchart which shows the operation | movement at the time of delivering a content. It is a flowchart which shows a part of operation | movement at the time of delivering a content. 6 is a flowchart showing an operation when recording content on a DVD. 9 is a flowchart showing an operation when withdrawing from the AD server 100. FIG. 4 is a block diagram showing a configuration in a case where a representative device registers a plurality of client devices in an AD server. It is a figure showing the concept in case one group is formed from a plurality of groups. It is a figure showing the concept in case one group is divided and a plurality of groups are formed.

Explanation of reference numerals

1 Group formation management system 100 AD server 200 Playback device 300 In-vehicle device 400 IC card 500 DVD
600 AD server 601 Client device 602, 603, 604 In-vehicle device

Claims (68)

A group formation management system,
One or more registered member devices that hold common secret information unique to the group;
A new member device that sends a request for registration to the group and obtains and retains common secret information;
A registration request is received from a new member device, and if the number of the registered member devices registered in the group is less than the maximum number that can be registered in the group, the new member device is registered. A group management device that outputs the common secret information to the member device. A group formation management system,
A member device that sends a request for registration to the group and acquires and holds common secret information unique to the group;
A request for registration is received from the member device, and when the number of member devices registered in the group is less than the maximum number that can be registered in the group, the member device is registered and the member device is registered. A group management device that outputs common secret information,
In an initial state, no member devices are registered in the group management device. A group management device for managing registration of member devices to a group,
Receiving means for receiving a registration request from the member device to register to a group,
When the registration request is accepted, if the member device is a legitimate device, it is determined whether or not the number of registered member devices registered in the group is less than the limit number which is the maximum number that can be registered in the group. , When it is determined that there is less, determining means for registering the member device,
Communication means for outputting common secret information unique to the group to the member device when it is determined that the number is smaller than the limited number. The member device holds a first initial value,
The determining means holds a second initial value, an authentication means for authenticating the validity of the member device using the second initial value and the first initial value,
If the authentication result is successful, the number of registrations includes a number determination means for determining whether or not the number is less than the limited number,
The communication means outputs, as the common secret information, common secret information indicating that the communication device is registered in a group managed by the group management device,
The group management device according to claim 3, wherein the member device acquires and holds the common secret information, and suppresses use of the first initial value. The member device holds the first initial value indicating that it is not registered in the group management device,
The group management device according to claim 4, wherein the authentication unit performs authentication using the second initial value indicating that the device is not registered in the group management device and the first initial value. The member device holds the first initial value indicating that the member device is not registered in any group management device,
The authentication device according to claim 4, wherein the authentication unit authenticates using the second initial value indicating that the member device is not registered in any group management device and the first initial value. Group management equipment. The group management device further includes:
A generating unit for generating the common secret information,
The group management device according to claim 3, wherein the communication unit outputs the generated common secret information. The common secret information is generated by a management device outside the group,
The determining unit acquires the common secret information from the management device outside the group,
The group management device according to claim 3, wherein the communication unit outputs the acquired common secret information to the member device. Upon receiving the registration request, the receiving unit notifies the management device outside the group that the registration request has been received,
The management device outside the group, determines whether the registered number is less than the limited number that is the maximum number that can be registered in the group,
The determining unit receives a determination result from the management device instead of determining whether the registered number is smaller than the limited number,
4. The group management device according to claim 3, wherein the communication unit outputs the common secret information when the determination result indicates that the limited number is smaller than the limited number. 5. The limited number comprises a first limited number and a second limited number,
The group management device according to claim 2, wherein the determining unit determines whether the number of registered member devices is smaller than the first limited number or the second limited number. The first limited number is the maximum number of member devices that can be connected to the group management device among the limited number, and the second limited number cannot be connected to the group management device among the limited number. The maximum number of member devices,
When the requesting member device is a member device connectable to the group management device, the determination unit determines whether the number of registered connectable member devices is smaller than the first limited number. And
When the requesting member device is a member device that cannot be connected to the group management device, it is determined whether the number of registered member devices that cannot be connected is smaller than the second limit number. Item 11. The group management device according to Item 10. The communication unit further outputs an inquiry request for inquiring whether or not the member device can be registered to another group management device,
The other group management device receives the inquiry request, and determines whether the registered number of member devices registered in the other group management device is less than the limit number of the other group management device, If it is determined to be less, register the member device, output the common secret information to the group management device,
4. The group management device according to claim 3, wherein, when receiving the common secret information from the another group management device, the communication unit outputs the common secret information to the member device. 5. The said determination means is provided with the function against external unauthorized access, and the said limited number and the said common secret information are memorize | stored in the area | region which cannot be read and written from the outside. 3. Group management equipment. 14. The group management device according to claim 13, wherein the determination unit includes a portable module that is detachable from the group management device. The determination unit stores the remaining number obtained by subtracting the registered number from the limited number, and when the receiving unit receives the registration request, determines whether the remaining number is “0”,
When judging that it is not “0”, the communication means outputs the common secret information to the member device,
The group management device according to claim 3, wherein when determining that the number is not "0", the determination unit subtracts "1" from the remaining number. After the common secret information is output to the member device,
The receiving unit further receives, from the member device, a withdrawal request indicating that registration with the group is canceled,
The communication means, further, when the withdrawal request is received, outputs a deletion notification instructing to delete the common secret information to the member device,
The receiving unit further receives from the member device a completion notification indicating that the deletion of the common secret information has been completed,
The group management device according to claim 3, wherein the determination unit further reduces the number of registered devices when a completion notification is received. When the determining unit determines that the registered number is smaller than the limited number, the member unit further issues validity period information indicating a period during which use of the common secret information is permitted,
The communication means outputs the expiration date information to the member device,
The judging means, when judging that the registered number is smaller than the limited number, increases the registered number and further monitors the elapse of a period indicated by the expiration date information, and the expiration date information is 4. The group management device according to claim 3, wherein when the period shown ends, the number of registered devices is reduced. The determination means obtains the number of client devices that can be registered in a group from a management device outside the group, pays a price according to the obtained number, and sets the obtained number as the limited number. Item 3. The group management device according to Item 3. The judging means further acquires a newly registerable number of the member devices from a management device outside the group, pays a fee in accordance with the acquired number, and adds the number obtained by adding the acquired number to the limited number. The group management device according to claim 3, wherein a new limit number is set. After the common secret information is output to the member device,
The receiving means further receives a communication request from the member device,
The determining means further authenticates using the common secret information and the common secret information held by the requesting member device,
4. The group management device according to claim 3, wherein if the authentication result is successful, the communication unit further performs communication with the member device. The group management device further includes:
Content storage means for storing encrypted content encrypted using a content key and the content key,
Using a key generated based on the common secret information, comprising an encryption unit that encrypts the content key to generate an encrypted content key,
The group management device according to claim 3, wherein the communication unit further outputs the encrypted content and the encrypted content key to the member device. The determining means further authenticates the member device using the common secret information and the common secret information held by the member device, shares a session key with the member device using the common secret information,
22. The group management device according to claim 21, wherein, if the authentication is successful, the encryption unit encrypts the content key using the session key generated based on the common secret information. The communication means stores the common secret information, further acquires another common secret information, overwrites and stores the another common secret information on the common secret information, and periodically or irregularly. The group management device according to claim 3, wherein the another common secret information acquired in step (c) is output to the member device. The group management device further includes:
Content storage means for storing encrypted content encrypted using a content key and the content key,
Using a key generated based on the common secret information, encrypting the content key to generate an encrypted content key,
4. The group management device according to claim 3, further comprising: a writing unit that writes the generated encrypted content key and the encrypted content to a portable recording medium. The receiving means receives the registration request including an identifier for identifying the member device,
The encrypting means encrypts the content key using a key generated from the identifier included in the registration request and the common secret information to generate an encrypted content key. 24 group management devices. 25. The group management device according to claim 24, wherein the encrypting unit encrypts the content key using a key generated based on the common secret information and an identifier unique to the recording medium. The group management device further includes:
Holding means for holding an identifier for identifying a plurality of groups in association with a common secret information unique to each of the groups and a limited number which is a maximum number of units that can be registered in each of the groups,
When the receiving unit receives a registration request including any one of the identifiers, the determining unit determines that the number of registered member devices registered in the group identified by the received identifier corresponds to the identifier. Determine whether or not less than the limit number, if it is determined to be less, register the member device in the group identified by the identifier, select the common secret information corresponding to the identifier,
The group management device according to claim 3, wherein the communication unit outputs the selected common secret information. The receiving unit further receives, from the new member device, a registration request to register another predetermined number of member devices,
The determining means determines whether or not the number obtained by adding the predetermined number to the registered number exceeds the limited number.If it is determined that the number does not exceed the limited number, the determination of the common secret information to the predetermined number of member devices is performed. Generate permission rights to grant the grant,
The group management device according to claim 3, wherein the communication unit outputs the common secret information to which the generated permission right is added to the new member device. The receiving means receives the registration request including a first identifier unique to the member device,
The determining means further stores the received first identifier,
After the communication unit outputs the common secret information, the receiving unit further receives a second identifier unique to the member device,
The determining means further determines whether or not the received second identifier matches the stored first identifier.
The group management device according to claim 3, wherein the communication unit outputs the common secret information to the member device again when the determination unit determines that they match. If the group management device is determined to be a new group management device that manages a new group that is newly formed by combining the groups managed by the plurality of group management devices, the communication unit sets a new common device unique to the new group. Output confidential information to each member device,
When another group management device is determined to be the new group management device, the group management device further includes:
Acquisition means for acquiring new common secret information unique to the new group from the other group management device,
4. The group management device according to claim 3, further comprising: holding means for holding the acquired new common secret information. 31. The communication unit according to claim 30, wherein the communication unit further determines which group management device becomes the new group management device with another group management device that manages another group. Group management equipment. The holding unit further stores a priority assigned to the group management device,
The communication unit determines that a group management device with a higher priority among the priorities and the priorities assigned to the other group management devices is to be the new group management device. The group management device according to claim 31. The member devices of the group managed by the group management device and the other group management devices are each assigned a priority,
After being determined by the new group management device, the receiving unit further obtains the priority of each member device,
The group management device further includes:
In order from the device with the highest priority acquired by the receiving unit, the selecting unit that selects a new member device to be registered in the new group within the limited number,
31. The group management device according to claim 30, wherein the communication unit outputs the new common secret information to a selected new member device. The group management device further includes:
After the communication means outputs the common secret information,
Selecting means for selecting, from member devices registered in the group management device, a member device to be a group management device for managing another group,
Distributing means for dividing the member devices registered in the group into member devices of a group managed by the group management device and member devices of another group managed by the another group management device,
The group management device according to claim 3, wherein the communication unit outputs common secret information different from the common secret information to member devices divided into groups managed by the group management device. A member device that registers with the group management device and uses the content,
Request means for requesting the group management device to register with a group,
Acquiring means for receiving authentication from the group management device and acquiring common secret information unique to the group,
Holding means for holding the acquired common secret information. The holding unit further holds a first initial value,
The obtaining means receives authentication from the group management device using the first initial value, and obtains the common secret information when the authentication result is successful,
The member device according to claim 35, wherein the holding unit holds the acquired common secret information and suppresses use of the first initial value. 37. The member device according to claim 36, wherein the holding unit holds the first initial value indicating that the device is not registered in the group management device. 37. The member device according to claim 36, wherein the holding unit holds the first initial value indicating that the member device is not registered in any group management device. 37. The member device according to claim 36, wherein the holding unit overwrites the held first secret value with the acquired common secret information. After acquiring the common secret information and holding it by the holding means,
Communication means for outputting the common secret information to the another member device;
When the communication unit outputs the common secret information, the communication unit includes a deletion unit that deletes the common secret information held by the holding unit,
37. The member device according to claim 36, wherein said holding unit activates said first initial value again when said common secret information is deleted. The requesting unit further requests the group management device to withdraw from the group,
The obtaining means further obtains a notification to delete the common secret information from the group management device,
The member device according to claim 36, wherein the holding unit deletes the held common secret information and activates the first initial value again. After acquiring the common secret information and holding it by the holding means,
The acquiring means further acquires another common secret information different from the common secret information from the group management device,
The member device according to claim 35, wherein the holding unit overwrites the common secret information with the another common secret information. The requesting unit further requests the group management device to deliver a content,
The acquisition unit may further generate, from the group management device, an encrypted content generated by encrypting the content using a content key, and an encrypted content generated using the encryption key generated based on the common secret information. Obtain the encrypted content key and
The member device further includes:
A decryption key identical to the encryption key is generated based on the common secret information, a content key is generated by decrypting the encrypted content key using the generated decryption key, and the content key is generated using the generated content key. The member device according to claim 35, further comprising: decryption means for decrypting the encrypted content to generate the content. The holding unit includes a storage unit in which reading and writing are externally prohibited,
The member device according to claim 35, wherein the storage unit stores and holds common secret information obtained from the group management device. The member device according to claim 44, wherein the storage unit is a recording medium detachable from the member device. The member device acquires the common secret information, and after holding by the holding unit, further,
The communication device according to claim 35, further comprising an authentication unit configured to authenticate the another member device using the common secret information and the common secret information held by the another member device when communicating with the another member device. Member equipment. The member device acquires the common secret information, and after holding by the holding unit, further,
Communication means for outputting the common secret information to the another member device;
36. The member device according to claim 35, further comprising: a deletion unit that deletes the common secret information held by the holding unit when the communication unit outputs the common secret information. The requesting unit further requests the group management device to withdraw from the group,
The obtaining means further obtains a notification to delete the common secret information from the group management device,
The member device according to claim 35, wherein the holding unit deletes the held common secret information. The obtaining means obtains common secret information including expiration date information indicating a period during which use of the common secret information is permitted,
The member device according to claim 35, wherein the holding unit monitors the elapse of a period indicated by the expiration date information, and deletes the common secret information when the period ends. The request unit, the acquisition unit and the holding unit are portable modules that can be attached to and detached from the member device,
The member device according to claim 35, wherein the portable module acquires the common secret information when connected to the group management device. The obtaining means further includes an encrypted content encrypted using a content key, and an encrypted content generated by encrypting the content key using an encryption key generated using the common secret information. Get the key and
The member device further reads the common secret information from the connected portable module, generates a decryption key identical to the encryption key from the read common secret information, and uses the generated decryption key to generate the encryption key. The member device according to claim 50, further comprising: decryption means for decrypting the encrypted content key to generate a content key, and decrypting the encrypted content using the content key. The portable module further comprises:
Notifying means for notifying the common secret information held by the holding means to the member device,
After notifying the common secret information to the member device, comprising a management unit that prohibits the notification unit from further notifying the common secret information to the member device,
The member device further includes:
The member device according to claim 50, further comprising: storage means for acquiring and storing the common secret information from the portable module. The holding unit further holds a maximum number that can hold the common secret information,
The member device according to claim 35, wherein the request unit requests the group management device to register with the group when the number of the common secret information held by the holding unit is less than the maximum number. . The holding means further holds an identifier for identifying a plurality of groups,
The requesting means requests registration by adding any one of the identifiers,
54. The member device according to claim 53, wherein the holding unit stores the common secret information in association with an identifier transmitted in the registration request. The request means further requests registration of a predetermined number of other member devices,
The acquiring means, from the group management device, further acquires the common secret information to which a permission right for permitting the common secret information to be given to the predetermined number of member devices is added,
The holding means acquires and holds the common secret information to which the permission right has been added,
The member device further includes:
Communication means for outputting the common secret information to other member devices,
36. The member device according to claim 35, wherein, when the common secret information is output, the holding unit reduces the right to grant the common secret information to the other member device by one time from the permission right. The holding unit further holds an identifier unique to the member device,
The communication means further acquires an identifier unique to the other member device from the other member device,
The member device according to claim 55, wherein the request unit further transmits an identifier of the member device and another member device to the group management device. The member device further includes:
The holding unit further holds an identifier unique to the member device,
The request unit further transmits the identifier to the group management device,
Upon receiving the power-off instruction after holding the common secret information, the holding unit deletes the held common secret information, turns off the power,
When the power is turned on, the request unit transmits the identifier to the group management device again,
36. The member device according to claim 35, wherein when the identifier acquired by the group management device again matches the stored identifier, the acquisition unit reacquires the common secret information. The member device further includes:
The holding unit further holds an identifier unique to the member device,
The request unit further transmits the identifier to the group management device,
The holding means, after holding the common secret information, when communication with the group management device is cut off, deletes the held common secret information,
When communication with the group management device is re-established, the requesting unit transmits the identifier to the group management device again,
36. The member device according to claim 35, wherein when the identifier reacquired by the group management device matches the stored identifier, the acquiring unit reacquires the common secret information. After holding the common secret information,
The acquisition means, from the same or another group management device as the group management device, to obtain another common secret information different from the common secret information,
The member device according to claim 35, wherein the holding unit holds the another common secret information and suppresses use of the common secret information. After holding the common secret information, when the member device is selected as a new group management device different from the group management device by the group management device,
Further, between the new group management device and the group management device, the original member device registered in the group management device is registered in the group management device, and the member device is registered in the new group management device. Selection means to divide the member device into
36. The member device according to claim 35, further comprising: communication means for outputting new common secret information unique to the new group managed by the new group management device to the member device selected as the new group management device. . Each member device registered in the group management device is assigned a priority,
The obtaining means obtains the priority of other member devices,
The member device according to claim 60, wherein the selection unit divides the member device based on the acquired priority. A registered device for registering a member device to a group management device,
Holding means for acquiring common secret information unique to a group from the group management device, and holding the same;
Notification means for notifying the member device of the common secret information when connected to the member device. The registration device further includes:
63. The registration apparatus according to claim 62, further comprising: a management unit that prohibits the notifying unit from further notifying the member device of the common secret information after notifying the member device of the common secret information. . The registration device further includes:
A receiving unit that receives a request for obtaining the common secret information from the member device;
63. The registration device according to claim 62, wherein the notifying unit notifies the common secret information when the request is received. A member device that registers with the group management device and uses the content,
A plurality of group management devices based on a preset condition among a distance from the group management device, a communication time with the group management device, a processing capacity of the group management device, or a processing state of the group management device. Selecting means for selecting one group management device from:
Request means for requesting registration from the selected group management device;
Acquisition means for acquiring common secret information common within a group from the group management device,
Holding means for holding the acquired common secret information. An authentication method used by a group management device for managing a group,
A receiving step of receiving a request from a member device;
An authentication step of authenticating whether the member device is a legitimate device using the common secret information unique to the group managed by the group management device and the common secret information held by the requesting member device; When,
Determining that the member device is registered in the group if the authentication result is successful. A program used in a group management device for managing a group,
A receiving step of receiving a request from a member device;
An authentication step of authenticating whether the member device is a legitimate device using the common secret information unique to the group managed by the group management device and the common secret information held by the requesting member device; When,
Determining that the member device is registered in the group if the authentication result is successful. A recording medium that records a program used in a group management device that manages a group, wherein the program includes:
A receiving step of receiving a request from a member device;
An authentication step of authenticating whether the member device is a legitimate device using the common secret information unique to the group managed by the group management device and the common secret information held by the requesting member device; When,
Determining that the member device is registered in the group if the authentication result is successful.

Images