JP2004234648A - Group entry approval system, server apparatus, and client apparatus - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a group entry approval system for determining whether entry of a client apparatus into an exclusive group capable of using contents is approved or not. <P>SOLUTION: The client apparatus determines whether entry application to a new group is possible or not from the number of already joined groups at the present moment and the maximum number of joinable groups; and transmits a registration request and specific information of the client apparatus to a server apparatus in order to join the group if it is possible. The server apparatus for providing contents to the client apparatus having already joined the group determines whether entry of the client apparatus having newly applied to entry is accepted or not from the number of client apparatuses already registered in the server at the present moment and the maximum number of client apparatuses to be registered. When the entry is approved, the specific information received along with the registration request is registered, and group identification information is transmitted to the client apparatus. The client apparatus receives and stores the group identification information. <P>COPYRIGHT: (C)2004,JPO&NCIPI

Description

  The present invention relates to a group subscription approval system that determines whether a device can be subscribed to a group that can use content via a network while preventing the use of a copyrighted work by a third party who does not have a legitimate right. .

2. Description of the Related Art In recent years, digital works (hereinafter, contents) such as music, video, and games can be easily acquired by distribution through the Internet, digital broadcasting, and package media.
According to Patent Literature 1, a music data management system is disclosed for the purpose of making it possible to use contents with a desired information processing device while preventing the use of a third party who does not have a legitimate right. .

In the music data management system, a plurality of personal computers (hereinafter, PCs) transmit a credit card number and the like to the approval server together with the ID of the content management program of the PC.
The approval server receives the ID, the credit card number, and the like. If the credit card numbers are the same, the PCs are classified into the same group. PCs and users are registered by recording IDs, credit card numbers, etc. for each group. When the registration is completed, the approval server sends the group key to the PC together with the group ID and password.

The PC stores the received group key, group ID and password.
Thus, PCs having the same group key can transmit and receive content using the group key.
Non-Patent Document 1 discloses a standard called DTCP (Digital Transmission Content Protection).

DTCP is a protection standard for digital contents distributed via a bus defined by IEEE1394, which is one of the high-speed serial bus standards. A device that uses content has a secret key distributed based on a contract with an administrator called a DTLA (Digital Transmission Licensing Administrator). When viewing the content, the transmitting device and the receiving device perform mutual authentication using the secret key, and the receiving device that succeeds in authentication can view the content.
JP 2002-169726 A "5C Digital Transmission Content Protection White Paper" Revision1.0 July 14,1998

In the technique of Patent Document 1, it is necessary to transmit a credit card number to an external approval server via a network. However, if the credit card number is transmitted via a network, the credit card number may be stolen and misused.
Also, DTCP uses an IEEE1394 bus, and intends to limit contents to personal use according to the physical length of the bus. Therefore, if the DTCP mutual authentication mechanism is applied to the distribution of content via the Internet instead of the IEEE1394 bus, for example, an unspecified number of devices can use the content, and the content is used. The range cannot be limited.

  Therefore, the present invention has been made in view of such a problem, and a group joining that determines whether or not to allow a device to be joined to a group in which only a specific user can use contents without using personal information of the user. The purpose is to provide an authorization system.

  In order to achieve the above object, the present invention is a group subscription approval system for determining whether to permit a client device to subscribe to a closed group that can use content, provided in the client device, wherein the client device is provided. First limiting means for deciding whether or not to apply for a new group from the number of groups already subscribed and the maximum number of groups that can be subscribed so far, and a server device for providing contents to group-subscribing client devices. And second limiting means for determining whether to permit or reject a client device that has newly applied for subscription from the number of client devices registered to the server device up to the present and the maximum number of registrable devices. A group joining authorization system characterized by the following.

The present invention is a group joining authorization system having the above configuration.
In addition, when the client device whose subscription application is not restricted by the first restricting means makes a subscription application to a group, the client device transmits information unique to the client device to the server device together with a registration request, When permitting the subscription by the second restricting means, the server device receives and registers the unique information together with the registration request, transmits group identification information to the client device, and the client device transmits the group identification information to the client device. It may be received and stored.

  Also, a server device that belongs to a group that is in a range in which use of content is permitted, and registers a client device that requests to join the group. The server device includes, from the client device, unique information unique to the client device. Receiving means for receiving a registration request to the server device; and, if the client device is a legitimate device, the registered number of other client devices registered in the server device can be registered in the server device. Determining means for determining whether the number is less than the maximum limited number, a registering means for registering the received unique information when the determining means determines that the number is small, and the client when the unique information is registered. Communication means for transmitting identification information for identifying the group to which the server device belongs to the device. A server equipment to.

  Further, if the client device is a client device that registers with a server device belonging to a group within a range where use of content is permitted and joins the group, and the server device is a legitimate device, the client device joins the server device. A determination unit that determines whether the number of registrations of another group that is registered is smaller than the maximum number of groups that can be subscribed to by the client device. Communication means for transmitting unique identification information and a registration request indicating registration to the server device to the server device, and receiving, from the server device, identification information for identifying a group to which the server device belongs; And a registration unit for registering the identification information.

According to this configuration, the server device can limit the number of client devices to be registered in the group by limiting the number of registered client devices. This makes it possible to limit the devices that use the content.
Further, the number of groups to which the client device subscribes is limited, and it is possible to prevent the client device from subscribing to an unspecified number of groups. As a result, the use of the content can be restricted to only a specific number of devices that are registered properly.

Further, since there is no need to install a server device outside, there is no cost for installing and managing the server device.
Here, the determination unit of the server device determines whether or not the received unique information has already been registered by the registration unit. Registration of information may be suppressed.

According to this configuration, since it is determined whether or not registration has already been performed, double registration can be prevented.
Here, the accepting unit of the server device accepts a registration request including the first authentication value, and the determining unit further holds a second authentication value in advance, and the first authentication value is the second authentication value. (2) It is determined whether or not the client device matches the authentication value. If it is determined that the client device matches the authentication value, the client device may be determined to be a legitimate device.

Further, the first authentication value and the second authentication value may be passwords.
Further, the accepting unit accepts a registration request including first fingerprint data obtained by extracting a feature point of a user's fingerprint, and the determining unit further includes a second fingerprint obtained by extracting a feature point from a fingerprint of the user of the server device. It may hold data, and determine whether or not the first fingerprint data matches the second fingerprint data.

Further, the accepting unit accepts a registration request including first iris data obtained by extracting feature points of the user's iris, and the determining unit further includes a second iris extracting feature points from the iris of the user of the server device. It may hold data and determine whether the first iris data matches the second iris data.
Further, the client device may further include an input receiving unit that receives an input of an authentication value from outside, and the communication unit may transmit a registration request including the authentication value.

Further, the input receiving means may receive a password input as the authentication value.
The input receiving unit may receive a user's fingerprint as the authentication value, extract a feature point from the fingerprint, and the communication unit may transmit a registration request including the feature point.

The input receiving unit may receive an input of a user's iris as the authentication value, extract a feature point from the iris, and the communication unit may transmit a registration request including the feature point.
According to this configuration, by transmitting an authentication value such as a password known only to a legitimate user from the client device to the server device, it is possible to determine that the client device to be registered is a legitimate device. Also, by using the fingerprint or iris of the user as the authentication value, it is possible to prevent the authentication value from being used by an unauthorized third party.

Here, the determination unit of the server device determines whether or not the client device is connected to a local area network to which the server device is connected, and when determining that the client device is connected, May be determined to be an appropriate device.
According to this configuration, registration is performed only when the client device is connected to the same local area network as the server device, so that the possibility of registration by an unauthorized third party can be further reduced.

  Here, when another server device among the other server devices belonging to the group and the server device is determined as the representative server device of the group, the communication unit of the server device sets the reception unit to the communication unit. When receiving the registration request and the unique information, the representative server device notifies the representative server device of the registration request and the unique information, and the representative server device has the number of client devices registered in the representative server device, It is determined whether or not the number is smaller than the maximum number that can be registered in the representative server device. When it is determined that the number is smaller, the unique information is registered in the representative server device, and as a result of the determination, the group to which the representative server device belongs is determined. The representative identification information to be identified is output to the server device, and the determining unit determines whether or not the registered number is smaller than the limited number. Receiving the determination result from another server device, the communication unit may send the determination result to the client device.

Further, the communication unit may include a determination unit that determines which server device is to be the representative server device with the other server device.
Further, the determination unit may determine the representative server device based on a preset condition among the priorities, processing capabilities, and processing statuses of the other server device and the server device. good.

According to this configuration, the representative server device accepts registration of the client device and manages the number, so that the number of client devices in one group can be kept constant. In addition, since the representative server device is determined according to the priority order, the processing capacity, and the processing status, the server device that can process efficiently can be determined as the representative server device.
Here, the communication unit of the server device further transmits, to the other server devices belonging to the group, inquiry information including the received unique information and inquiring whether the client device can be registered. The other server device determines whether the number of other client devices registered in the other server device is smaller than the maximum number that can be registered in the other server device, and determines that the number is smaller. In the case, the unique information is registered, and other identification information for identifying a group to which the other server device belongs is transmitted to the server device as a result of the determination. Instead of determining whether or not the number is small, the determination result may be received from the other server device, and the communication unit may transmit the determination result to the client device.

Further, the communication unit of the server device may transmit the inquiry information to the other server device when the determination unit determines that the registered number and the limited number are the same.
Further, the communication unit of the server device further obtains, from the other server device, first identification information for identifying a group to which the other server device belongs, and the determining unit further includes the server device. Holds the second identification information for identifying the group to which it belongs, determines whether or not the obtained first identification information matches the second identification information, and the communication unit determines that it matches. , The inquiry information may be transmitted.

  According to this configuration, since a plurality of server devices manage the number of client devices to be registered respectively, when one server device is performing another process or when the power is off, In a situation where registration cannot be accepted, another server device can accept registration. In addition, by authenticating the same group, it is possible to prevent the client device from joining a group different from the group requesting to join.

Here, the communication unit of the server device obtains the maximum number of devices that can be registered in the server device from a management device outside the group, and pays a price in accordance with the obtained number. May be the limited number.
Further, the communication unit of the client device further obtains, from a management device outside the group, the maximum number of groups to which the client device can subscribe, pays a fee according to the obtained number, and the determination unit determines , The acquired number may be used as the subscribeable number.

According to this configuration, the management device can perform charging according to the number. In addition, the user side can flexibly set the limited number or the number that can be added by paying the price.
Here, the communication unit of the server device further obtains a newly registerable number from a management device outside the group, and pays a price according to the obtained number, and the determination unit determines that the limited number The number obtained by adding the number may be set as the new limited number.

Further, the communication unit of the client device further obtains a new number of groups to which the client device can subscribe from a management device outside the group, and pays a price according to the obtained number. The number obtained by adding the acquired number to the number that can be added may be set as a new number that can be added.
According to this configuration, the user can flexibly change the number of devices, and the copyright holder can perform charging according to the number of deliverable contents.

  Here, the server device further includes: a content storage unit that stores the encrypted content encrypted using the content key and the content key; and a key generation unit that generates a shared key between the client device and the client device. And encrypting means for encrypting the content key using the shared key to generate an encrypted content key. The receiving means receives a content delivery request and unique information from a client device, and The means determines whether or not the same unique information as the unique information is registered. If the communication means determines that the unique information is registered, the communication means transmits the encrypted content and the encrypted content key to the request source. It may be transmitted to the client device.

According to this configuration, since the content is delivered only to the client device registered in advance, the use of the content can be limited to a specific device, and the use of the device not registered can be prevented.
Here, the registration unit of the server device further generates expiration date information, which is a period for registering the unique information, registers the information in association with the unique information, and determines whether the period indicated by the expiration date has passed. When the period indicated by the expiration date information is over, the unique information is deleted, and when the registration unit registers the unique information, the determining unit increases the registered number and deletes the unique information. Then, the number of registrations may be reduced.

According to this configuration, the period during which the client device is registered is limited, so that the possibility of unauthorized use of the content can be reduced. When registering unique information, increase the number of registered devices. When the period indicated by the expiration date expires and delete the unique information, keep the number of client devices registered in the server device constant to reduce the number of registered devices. Can be done.
The communication unit of the server device may transmit the expiration date information to the client device when the registration unit registers the unique information.

  Further, after transmitting the registration request, the communication unit of the client device further receives expiration date information indicating a period during which the client device is registered in the server device, and the registration unit transmits the registration request, Monitoring the elapse of the period indicated by the expiration date information, and when the period indicated by the expiration date information expires, deletes the identification information; and when the registration unit registers the identification information, When the number is increased and the identification information is deleted, the number of registrations may be reduced.

According to this configuration, since each device monitors the expiration date, each device can delete the unique information or the identification information without performing communication between the server device and the client device.
Further, the communication unit of the server device may transmit, to the client device, an end notification indicating that the period indicated by the expiration date information has ended, when the period indicated by the expiration date information ends.

  Further, after receiving the identification information, the communication unit of the client device further receives a notification that a period in which the client device is registered with the server device has ended, and the registration unit includes: When receiving the notification, the identification information may be deleted, and the determination unit may increase the registration number when the registration unit registers the identification information, and may decrease the registration number when the identification information is deleted.

According to this configuration, since the server device manages the expiration date, the period can be managed without increasing the processing in the client device.
Here, the receiving unit of the server device receives a withdrawal request and the unique information from the client device, the registration unit deletes the same unique information as the unique information, and the determining unit When the registration unit registers the unique information, the registered number may be increased, and when the unique information is deleted, the registered number may be decreased.

  Further, the communication means of the client device transmits a withdrawal request indicating withdrawal from the group to the server device, and from the server device, receives a withdrawal completion notification indicating that withdrawal processing has been completed, The registration unit deletes the identification information upon receiving the withdrawal completion notification, and the determination unit increases the registration number when the registration unit registers the identification information, and deletes the registration when the identification information is deleted. The number may be reduced.

  According to this configuration, the user can withdraw from the client device once registered in the server device and register another client device. Further, when a client device is registered in a server device, the number of registered client devices is increased, and when the client device is withdrawn, the number of registered devices is decreased. Therefore, the number of client devices registered in the server device can be kept constant. Also, the withdrawn client device can be registered in another server device in order to delete the identification information and reduce the number of registrations.

  In addition, the registration unit of the server device further registers the deleted unique information in a withdrawal list, and the determination unit further includes the same unique information as the unique information received by the receiving unit, It is determined whether or not it is registered in the withdrawal list.If it is determined that the client device is registered, it is determined that the requesting client device cannot be registered.The registration unit determines that the determination unit cannot register. When determining, the registration of the unique information may be suppressed.

According to this configuration, the client device that has once withdrawn cannot be registered in the server device again, so that registration and withdrawal can be repeated to prevent the content from being transmitted to another device.
The registration unit of the client device registers the deleted identification information in a withdrawal group list, and the communication unit acquires the identification information from the server device before transmitting the registration request, The determination means determines whether the same identification information as the acquired identification information is not registered in the withdrawal group list, or is registered last or is registered other than the last, and the communication means, When it is determined that the registration has not been made or when it is finally determined that the registration has been made, the registration request may be transmitted to the server device.

  According to this configuration, it is possible to re-join the last group that left the network, so that it is possible to register from a specific server even if the server is withdrawn, and to prevent registration of a device registered in another server after the withdrawal. I can do it. If the user holds more than the client device limit, the number of client devices registered in the server device is limited to a certain number, and the client device is switched to another client device. The content can be used using the device.

  Here, the server device further includes, from another client device, a client device that continues to join the group from a client device that has joined the group, and a client device that withdraws from the group. Selecting means for selecting a client device to be joined to another group to which the server device belongs, wherein the registration means deletes the unique information of the selected client device when joined to the another group, and May be reduced by the number of units deleted from.

According to this configuration, a client device subscribing to one group can be divided into two groups and separate groups can be formed.
Further, the selection unit of the server device may further select a server device to be the another server device among a plurality of server devices belonging to the group.
According to this configuration, when a plurality of server devices belong to the same group, by changing the group to which each server device belongs to another group,
Further, the selecting means of the server device may select a client device to be the another server device from client devices subscribed to the group.

In addition, the selection unit of the server device, from among the client devices that have joined the group, priority, processing capability, or processing status of each client device, based on a preset condition, The client device serving as the another server device may be selected.
Further, when the client device is further selected to be a different server device belonging to a different group from the group, the client device is connected to the server device by a client device that has joined the group. A client device that continues to join the group; and a selecting device that selects a client device that leaves the group and newly joins the another group, the communication unit includes: The client transmits to the client device another identification information for identifying the different group, the registration unit further deletes the registered identification information, it has been selected to join the another group The unique information of the client device may be registered.

Further, the selecting unit of the client device selects a client device to join the another group with the server device, and the communication unit transmits unique information of the selected client device from the server device. Acquired, the registration means may register the acquired unique information.
According to this configuration, a server device belonging to another group is selected from the priority order, the processing capacity, the processing status, and the like of the client device, so that a device that can process efficiently can be selected as a new server device. Also, the client device selected as another server device can register another client device as a server device by acquiring unique information from the server device belonging to the original group.

Here, the receiving unit of the server device further receives a priority of each of the client devices, and the selecting unit, based on the priority, a client device that continues to join the group, And the client device to join the another group may be selected.
The registration unit of the server device may further include a clock unit that measures the current date and time, and when the determination unit determines that the limited number is smaller than the registered number, the registration unit further includes a date and time that the clock unit measures. And a registration date and time, the registration date and time, and a unique information writing unit that registers the unique information in a registration list in association with the unique information. You may choose.

According to this configuration, it is possible to select the client device to be registered according to the priority order or the registration date and time, and thus it is possible to reduce bias among groups.
Here, the determining unit of the server device determines whether the registered number of the unique information registered in the registered device list is smaller than the limited number, and the registering unit determines that the number is smaller. The received unique information may be registered in the registered device list.

According to this configuration, when the unique information is written into the registered device list and registered, the client device is considered to have joined the group.
Here, the server device further includes an input unit that receives an input of unique information from outside, and the determination unit registers the received unique information in a temporary registration list. When the unique information is received, it is determined whether or not unique information that matches the unique information is registered in the temporary registration list. If it is determined that the number is less than the number, the unique information may be registered in a registration list.

According to this configuration, only devices for which unique information has been manually input to the server device can be registered, so that registration from an unauthorized third party can be prevented. In addition, a device such as a notebook computer, which is not known to be taken outside, is temporarily registered, and only the device actually registered via the network can be counted as the number of registered devices.
Here, the communication unit of the server device transmits the registered device list to another server device belonging to the group, receives another registered device list from the other server device, and stores the registered device list. Exchange, the judging means extracts unique information not registered in the registered device list from the other registered device list, and determines the difference between the limited number and the registered number by the number of extracted unique information. The registration unit determines whether or not the extracted unique information is smaller than the remaining number, and registers the extracted unique information in the registered device list if the determination unit determines that the number is smaller. From the unique information registered in the device list and the extracted unique information, select the unique information for the number indicated by the limited number, and register the selected unique information in the registered device list. Good.

  According to this configuration, since a plurality of server devices belonging to the same group share a registered device list, when a client device is registered in any server device, the client device is registered in all server devices in the group. State. Further, when registration cannot be accepted, such as when the power of one server device is turned off, the other server device can accept registration.

  Further, the registration unit of the server device, a clock unit that clocks the current date and time, when the determination unit determines that the limited number is smaller than the registered number, acquires the date and time from the clock unit, With the acquired date and time as the registration date and time, the registration date and time and the unique information are associated with each other and registered in the registered device list, and the determining unit determines that the number of the extracted unique information is larger than the remaining number. In this case, a unique information writing unit for selecting the unique information and writing the unique information in the registered device list may be included.

Further, the receiving unit of the server device further obtains the priority of the client device, and when the determining unit determines that the number of the extracted unique information is larger than the remaining number, The writing unit may select the unique information for the number indicated by the limited number in the order of the client devices having the highest priority.
According to this configuration, when the number of client devices to be registered exceeds the limit number, the client device to be registered can be selected according to the registration date and time or the priority order.

  Further, the communication unit of the server device further obtains, from the other server device, first identification information for identifying a group to which the other server device belongs, and the determining unit further includes: Holds the second identification information for identifying the group to which it belongs, determines whether or not the obtained first identification information matches the second identification information. The registered device list may be exchanged.

According to this configuration, it is possible to transmit the registered device list after confirming that another server device belongs to the same group.
Here, when the server device further merges the group with another group to form a new group, if it is determined that the server device belongs to the new group, another server belonging to the another group is determined. Between the server device, including determining means for determining new identification information for identifying the new group, the communication means transmits the registered device list to the another server device, from the another server device, Upon receiving another registered device list held by the another server device, the determination unit extracts unique information not registered in the registered device list from the another registered device list, and extracts the unique information of the extracted unique information. It is determined whether the number is smaller than the remaining number, which is the difference between the limited number and the registered number, and if it is determined to be smaller, the registered number is increased by the number of the extracted unique information, and When determining, the registered number is made equal to the limited number, and when the registration unit determines that the number of the extracted unique information is smaller than the remaining number, the registration unit registers the extracted unique information in the registered device list. If it is determined that the number is large, the unique information corresponding to the number indicated by the limited number is selected from the unique information registered in the registered device list and the extracted unique information, registered in the registered device list, and the communication is performed. The means may transmit the new identification information to a client device indicated by the unique information registered in the registered device list.

  The registration unit of the server device may obtain a date and time from the clock unit when the determination unit determines that the limited number is smaller than the registered number. And registering the acquired date and time as the registration date and time in the registered device list in association with the registration date and the unique information and the determining unit determines that the number of the extracted unique information is larger than the remaining number. In this case, the extracted unique information may include a unique information writing unit that selects the unique information in order of the corresponding registration date and time.

Further, the receiving unit of the server device further receives the priority of each of the client devices, and the registration unit selects the specific information for the limited number of devices in order from the specific information of the client device having the higher priority. You may do it.
According to this configuration, one new group can be formed by combining a plurality of groups. Further, when the number of client devices that have joined a plurality of groups exceeds the limit number of the new group, the client devices to join the new group can be selected based on the registration date and time or the priority order.

  Here, the determination unit of the client device further includes a distance from the server device, a communication time with the server device, a processing capability of the server device, or a processing state of the server device, based on a preset condition. Alternatively, one server device may be selected from a plurality of server devices belonging to the same group, and the communication unit may transmit the registration request and the unique information to the selected server device.

According to this configuration, the client device can select and register a server device with good conditions from a plurality of server devices.
Here, the communication means of the client device further includes another server device belonging to another group different from the group, and a server device belonging to a subscription group to which the client device belongs among the server devices. , The registration information may be received, and the registration unit may delete the identification information and register the received identification information.

  According to this configuration, when a plurality of groups are combined to form one group, or when one group is divided to form a plurality of groups, the client device becomes a group to which the client device newly joins. By receiving the identification information from the server to which the server belongs, the group to join can be changed from the original group to the new group.

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.
1. 1. Configuration of Device Registration System 1 As shown in FIG. 1, the device registration system 1 includes server devices 100a to 100d and client devices 200e to 200g connected to the Internet 500, respectively.

The server devices 100a and 100b and the client device 200e are installed in the home of the user, and are connected to each other to form a home network. The server devices 100a and 100b belong to the in-house group 300, share registration information and a registered device list described later, and operate like one server device.
The server devices 100c and 100d and the client device 200g are installed in a separate home of the user, and are similarly connected to each other to form a network in the separate home. Further, the server device 100c and the server device 100d belong to a group 400 in another house, share registration information and a registered device list described later, and operate as one server device.

The client device 200f is a portable device that the user can carry and use outside.
When the client devices 200e to 200g register with the server device 100a or the server device 100b and join the group 300, the client devices 200e to 200g can use the contents stored in the server device 100a and the server device 100b. When the client devices 200e to 200g register with the server device 100c or 100d and join the group 400, they can use the contents stored in the server device 100c and the server device 100d.

Here, when it is not necessary to distinguish each of the server devices 100a to 100d, it is referred to as the server device 100, and the client devices 200e to 200g are similarly referred to as the client devices 200.
Hereinafter, each configuration will be described.
1.1 Configuration of Server Device 100 As shown in FIG. 2, the server device 100 includes a control unit 101, an input / output unit 102, an ID storage unit 103, a secret key storage unit 104, a public key certificate storage unit 105, a public key Encryption processing unit 106, registered device list storage unit 107, registration information storage unit 108, registration processing unit 109, content storage unit 110, content key storage unit 111, encryption unit 112, decryption unit 113, encryption unit 114, decryption unit 115, a display unit 116, an input unit 117, an inter-server communication unit 118, a clock unit 119, and a CRL storage unit 121.

  The server device 100 is, specifically, a computer system including a microprocessor, a ROM, a RAM, a hard disk unit, a display unit, a keyboard, a mouse, and the like. A computer program is stored in the RAM or the hard disk unit. The server device 100 achieves its functions by the microprocessor operating according to the computer program.

Hereinafter, each configuration will be described.
(1) ID storage unit 103
The ID storage unit 103 stores a server ID unique to the server device 100. This ID is a code uniformly provided by the device registration system 1.
In the present specification, when distinguishing the IDs of the server devices 100a to 100d, they are described as ID # 31a, ID # 31b, ID # 41c, and ID # 41d, respectively, and the server devices belonging to the group 300 are described. The IDs of 100a and 100b are represented as ID # 31, and the IDs of server devices 100c and 100d belonging to group 400 are represented as ID # 41.

The group identification unit indicated by 3 or 4 of each ID is a group identifier of a group to which the server device belongs.
Note that each server ID may use, for example, a MAC address or an IP address, or may be a different code for each device uniformly provided in the system. In this case, the server ID and the group identifier of the group to which each server belongs are stored in association with each other.
(2) Clock section 119
The clock unit 119 counts the date and time, and outputs the counted date and time to the registration processing unit 109 and the inter-server communication unit 118.
(3) Registered device list storage unit 107, registration information storage unit 108, registration processing unit 109
The registration information storage unit 108 is a tamper-resistant area in which the inside cannot be seen from the outside, and stores the registration information shown in FIG. The registration information includes a maximum number, a registered number, a remaining number, and a password. The maximum number indicates the maximum number of client devices that can be registered in the server device 100. The registered number indicates the number of client devices currently registered in the server device 100. The remaining number indicates the number of client devices that can be registered in the server device 100. The password is set in the server device 100 in advance.

The registered device list storage unit 107 is a tamper-resistant area in which the inside cannot be seen from the outside, and stores the registered device list shown in FIG. The registered device list is configured to include the number of lines that correspond to the client ID, the registration date and the withdrawal date, and the number of client devices registered in the server device 100.
The client ID is an area for storing the ID of the client device registered in the server device 100. The registration date and time indicates the date and time when the client device indicated by the corresponding client ID was registered in the server device 100. In FIG. 4, as an example, the registered date and time are connected by a hyphen and represented. The withdrawal date and time indicates the date and time when the corresponding client device has withdrawn. If the client device indicated by the corresponding client ID is registered, the withdrawal date and time are recorded by connecting a 6-digit and 4-digit “0” with a hyphen. In the present specification, when a 6-digit and 4-digit “0” is recorded as a withdrawal date linked by a hyphen, it is simply expressed as “0”. When a registered client device withdraws, the registration processing unit 109 records the date and time of withdrawal. When the registered device list is exchanged and shared with another server device belonging to the same group, the line of the withdrawn client device is deleted.

The registration processing unit 109 performs processing of registration, withdrawal, and registration verification of the client device under the control of the control unit 101. The registration collation is a process of collating whether or not the requesting client device is registered in the server device 100 at the time of content delivery and withdrawal.
At the time of registration and registration verification, the password is authenticated. The password is received together with the registration request from the client device 200, and it is determined whether or not the received password matches the password of the registration information. If they do not match, the process ends. If they match, the subsequent processes are continued.

At the time of the registration process, if the client device has not been registered, the registration processing unit 109 acquires the registration date and time from the clock unit 119. The client ID is registered in the registered device list, and the acquired registration date and time and “0” are recorded as the withdrawal date in association with the client ID. Further, “1” is added to the registered number of the registration information, and “1” is subtracted from the remaining number.
At the time of the withdrawal processing, the registration processing unit 109 acquires the date and time from the clock unit 119. The date and time obtained as the withdrawal date and time is recorded in the registered device list, “1” is subtracted from the number of registered devices in the registration information, and “1” is added to the remaining number.

At the time of registration matching processing, the registration processing unit 109 checks whether or not the ID of the requesting client device is registered in the registered device list.
The detailed operation of each process will be described later.
(4) Private key storage unit 104, public key certificate storage unit 105, public key encryption processing unit 106, CRL storage unit 121
The public key certificate storage unit 105 stores the public key certificate Cert # 1.

  The public key certificate Cert # 1 certifies that the public key PK # 1 of the server device 100 is a correct public key. The public key certificate Cert # 1 includes signature data Sig # CA1, a public key PK # 1 and an ID # 1. The signature data Sig # CA1 is signature data generated by applying a signature algorithm S to the public key PK # 1 and ID # 1 of the AD server 100 by a certification authority (CA). Here, the CA is a trusted third-party organization that issues a public key certificate that certifies the validity of the public key of a device belonging to the device registration system 1. The signature algorithm S is, for example, an ElGamal signature on a finite field. Since the ElGamal signature is publicly known, the description is omitted.

The secret key storage unit 104 is a tamper-resistant area in which the inside cannot be seen from the outside, and stores a secret key SK # 1 corresponding to the public key PK # 1.
When communicating with another device, the public key encryption processing unit 106 performs authentication by a method described later, and establishes a SAC (Secure Authentication Channel). SAC means a secure communication path that enables encrypted communication. By establishing the SAC, it is possible to confirm that the device to be authenticated is the correct device recognized by the CA. In addition, the public key encryption processing unit 106 shares the session key SK by authentication.

SAC establishment can be realized by any known technique, and as another example, there is a method used in DTCP full authentication. In full authentication, authentication and key sharing are performed by a challenge response method by combining a signature method of elliptic curve encryption and a key sharing method of elliptic curve encryption.
The shared session key SK is output to the encryption unit 112 and the decryption unit 113.

The CRL storage unit 121 stores a CRL (Certification Revocation List). The CRL is a list in which IDs of invalidated devices, such as a device that has performed an illegal operation and a device to which a secret key has been exposed, are registered, and is issued by the CA. What is registered in the CRL is not limited to the device ID, and the serial number of the public key certificate of the revoked device may be registered. The CRL is recorded on a recording medium such as a broadcast, the Internet or a DVD and distributed to each device, and each device obtains the latest CRL. The CRL is disclosed in detail in "American National Standards Institute, American National Standard for financial Services, ANSX9.57: Public Key Cryptography for the Financial Industry: Certificate Management, 1997."
(5) Content storage unit 110, content key storage unit 111
The content storage unit 110 stores the encrypted content generated by performing the encryption algorithm E on the content using the content key. Here, the encryption algorithm E is DES as an example. Since DES is publicly known, its description is omitted.

The content acquisition method is not the subject of the present invention and will not be described. For example, there are a method of acquiring the content using the Internet, broadcasting, and the like, and a method of acquiring the content from a recording medium such as a DVD.
The content key storage unit 111 receives and stores the encrypted content key K1 from the encryption unit 114.
(6) Encryption unit 114, decryption unit 115
The encryption unit 114 reads the server ID from the ID storage unit 103, and generates an encryption key EK1 based on the server ID. Using the generated encryption key EK1, an encryption algorithm E is applied to the acquired content key to generate an encrypted content key K1. The generated encrypted content key K1 is stored in the content key storage unit 111.

The decryption unit 115 reads the server ID from the ID storage unit 103, and generates the same decryption key DK1 as the encryption key EK1 based on the server ID. The encrypted content key K1 is read from the content key storage unit 111, and a decryption algorithm D is applied to the read encrypted content key K1 using the generated decryption key DK1 to generate a content key. The generated content key is output to encryption section 112.
(7) Encryption unit 112, decryption unit 113
The encryption unit 112 receives the session key SK from the public key encryption processing unit 106 and receives the content key from the decryption unit 115. Using the session key SK, an encryption algorithm E is applied to the content key to generate an encrypted content key S. The generated encrypted content key S is output to the client device 200 via the input / output unit 102 under the control of the control unit 101.

The decryption unit 113 receives the session key SK from the public key encryption processing unit 106. Upon receiving the encrypted data from the registration processing unit 109, the data is decrypted using the session key SK, data is generated, and the data is output to the registration processing unit 109.
(8) Server-to-server communication unit 118
The server-to-server communication unit 118 periodically exchanges and updates the registered device list with another server device belonging to the same group.

The inter-server communication unit 118a of the server device 100a receives the registered device list b from the server device 100b.
The server-to-server communication unit 118a processes each line of the registered device list a and the registered device list b as follows.
(A) Line a registered in registered device list a (A1) If there is no line with the same client ID as line a in registered device list b, if the withdrawal date of line a is not “0”, the line a is deleted. If the withdrawal date and time of the row a is “0”, the registration is left as it is.

(A2) When the registered device list b includes a row b1 having the same client ID as the row a, the processing is performed as in (1) to (4).
(1) If the withdrawal date and time of row b1 is “0” and the withdrawal date and time of row a is “0”, the one with the later registration date and time is registered in the registered device list a.
(2) If the withdrawal date and time of row b1 is “0” and the withdrawal date and time of row a is not “0”, (2-1) if the withdrawal date and time of row a is later than the registration date and time of row b1, row a Is deleted, and (2-2) when the withdrawal date and time of the row a is earlier than the registration date and time of the row b1, the row b1 is registered in the registered device list a instead of the row a.

(3) If the withdrawal date and time of the row b1 is not “0” and the withdrawal date and time of the row a are not “0”, the row a is deleted from the registered device list a.
(4) When the withdrawal date and time of the row b1 is not “0” and the withdrawal date and time of the row a is “0”, (4-1) When the withdrawal date and time of the row b1 is later than the registration date and time of the row a, Line a is deleted from the registered device list a, and (4-2) when the withdrawal date and time of the line b1 is earlier than the registration date and time of the line a, the line a is left registered.
(B) Regarding the row b2 of the registered device list b that is not registered in the registered device list a (B1) If the withdrawal date and time of the line b2 is “0”, the line b2 is registered in the registered device list a.

(B2) If the withdrawal date and time of the row b2 is not “0”, the row b2 is not registered in the registered device list a.
In the processes (A) and (B), deleted lines are recorded as a temporary withdrawal list, and the number of deleted lines is counted as the number of deleted lines. Note that the number of deleted lines is not counted for lines that have already left before exchanging the registered device list. The line newly registered in the registered device list a is recorded as a temporary registration list, and the number of registered lines is counted as the number of newly registered devices.

When the above processing is completed in all the rows of the registered device lists a and b, the number indicated by the deleted number is subtracted from the registered number in the registration information and added to the remaining number. Next, when the newly registered number is equal to or less than the remaining number, the newly registered number is added to the registered number and subtracted from the remaining number.
If the number of new registrations is not less than the remaining number, the number indicated by the maximum number is selected from all the rows of the temporary registration list and the registered device list a in ascending order of the registration date and time. The selected line is registered in the registered device list a. In addition, the registered number is set to the same number as the maximum number, and the remaining number is set to “0”. Further, it notifies the client device in the line not selected that registration is not possible.

The inter-server communication unit 118b of the server device 100b performs the same processing, and as a result, the server devices 100a and 100b can store the same registered device list and registered information.
Similarly, the server devices 100c and 100d also exchange the registered device list and share the same list.
(9) Control unit 101, input / output unit 102, display unit 116, input unit 117
The input / output unit 102 inputs and outputs data to and from other devices.

The display unit 116 displays various information under the control of the control unit 101.
The input unit 117 receives an external input and outputs the received input to the control unit 101.
When receiving a registration request, a content delivery request, or a withdrawal request from the client device 200 via the input / output unit 102, the control unit 101 controls the public key encryption processing unit 106, and the client device 200 is a legitimate device. Or authenticate. If the authentication result is successful, the registration processing unit 109 is controlled to perform registration, collation, and withdrawal processing of the client device 200.

Further, when the content delivery request is received and the authentication is successful, the decryption unit 115 is controlled to decrypt the encrypted content key K1, and the encryption unit 112 is controlled to generate the encrypted content key S. Further, it reads the encrypted content from the content storage unit 110 and transmits the encrypted content key S and the encrypted content via the input / output unit 102.
Note that content delivery follows CCI (Copy Control Information). The CCI is attached to each content. For example, the CCI added to the broadcast content is 2-bit copy permission / non-permission information. Two bits are used to distinguish three types: (1) Copy Never, which never allows copying, (2) Copy Once, which allows copying only once, and (3) Copy-free, which allows copying freely without any limitation. .

Here, it is assumed that the delivery of the content to the client devices subscribing to the group is permitted.
The control unit 101 periodically controls the server-to-server communication unit 118 to exchange the registered device list and update the registered device list and the registered information.
1.2 Client Device 200
As shown in FIG. 5, the client device 200 includes a control unit 201, an input / output unit 202, an ID storage unit 203, a secret key storage unit 204, a public key certificate storage unit 205, a public key encryption processing unit 206, a registered group list Storage unit 207, withdrawal group list storage unit 208, registration processing unit 209, content storage unit 210, content key storage unit 211, encryption unit 212, decryption unit 213, encryption unit 214, decryption unit 215, input unit 216, decryption A unit 217, a reproducing unit 218, a monitor 219, a speaker 220, and a CRL storage unit 221.

  The client device 200 is, specifically, a computer system including a microprocessor, a ROM, a RAM, a hard disk unit, a display unit, a keyboard, a mouse, and the like. A computer program is stored in the RAM or the hard disk unit. The client device 200 achieves its functions by the microprocessor operating according to the computer program.

The client devices 200c and 200d installed in the house are specifically content reproducing devices and the like, and the client device 200e is assumed to be a portable device having a content reproducing function such as a notebook PC. However, here, functions required as the client device of the present invention will be described.
Hereinafter, each configuration will be described.
(1) ID storage unit 203
The ID storage unit 203 stores ID # 02 which is a client ID unique to the client device 200. ID # 02 is a code uniformly given by the device registration system 1.

In the present specification, when distinguishing the client devices 200e, 200f, and 200g, the client IDs are represented by ID # 02e, ID # 02f, and ID # 02g.
Each client ID may use, for example, a MAC address or an IP address, similarly to the server ID.
(2) Registered group list storage unit 207, withdrawal group list storage unit 208, registration processing unit 209
The registered group list storage unit 207 is a tamper-resistant area in which the inside cannot be seen from the outside, and stores a registered group list shown in FIG. The registration group list includes a maximum number, a registration number, a remaining number, and a group identifier. The maximum number indicates the number of groups that the client device 200 can register. The number of registrations indicates the number of groups currently registered by the client device 200. The remaining number indicates the number of groups that can be registered in the future. The group identifier is an area for storing a group identifier for identifying a registered group.

The withdrawal group list storage unit 208 stores the withdrawal group list shown in FIG. The withdrawal group list stores group identifiers for identifying groups withdrawal in the order of withdrawal.
The registration processing unit 209 performs processing of registration with the server device 100, registration verification, and withdrawal under the control of the control unit 201.

When the registration process is performed and the device is registered in the server device belonging to the group 300, a registration completion notification is received. Upon receiving the registration completion notification, the registration processing unit 209 adds “1” to the number of registrations in the registration group list, and subtracts “1” from the remaining number. Further, a group identification unit is extracted from the server ID of the registered server device and registered as a group identifier.
Also, when withdrawal processing is performed and the server device 100 is withdrawn, a withdrawal completion notification is received from the server device 100. The registration processing unit 209 deletes the same group identifier as the server identification group identification unit included in the withdrawal completion notification from the registered group list, and registers the same in the withdrawal group list. Also, “1” is subtracted from the registered number, and “1” is added to the remaining number. When the group identification unit of the server ID included in the withdrawal completion notification is the same as the group identification unit registered at the end of the withdrawal group list, it is not necessary to duplicately write the group identification unit.

The operations of registration, registration collation, and withdrawal processing will be described later.
(3) Private key storage unit 204, public key certificate storage unit 205, public key encryption processing unit 206, CRL storage unit 221
The CRL storage unit 221 stores the latest CRL.
The public key certificate storage unit 205 stores a public key certificate Cert # 2 issued from a CA. The public key certificate Cert # 2 includes the public key PK # 2 of the client device 200, the ID # 02 of the client device 200, and CA signature data Sig # CA2 for them.

The secret key storage unit 204 is a tamper-resistant area in which the inside cannot be seen from the outside, and stores a secret key SK # 2 corresponding to the public key PK # 2.
Under the control of the control unit 201, the public key encryption processing unit 206 performs authentication and establishes SAC when communicating with the server device 100. Further, the public key encryption unit 206 shares the session key SK by authentication.

The shared session key SK is output to the encryption unit 212 and the decryption unit 213.
(4) Content storage section 210, content key storage section 211
The content storage unit 210 stores the encrypted content encrypted using the content key.
The content key storage unit 211 receives the encrypted content key K2 from the encryption unit 214 and stores it.

Note that the client device 200 does not transmit the content obtained from the server device 100 to another device or record the content on a portable recording medium.
(5) Encryption unit 212, decryption unit 213
The decryption unit 213 receives the session key SK from the public key encryption processing unit 206 under the control of the control unit 201. Further, it receives the encrypted data from the registration processing unit 209, applies the decryption algorithm D using the session key SK, and decrypts the data. The decrypted data is output to the registration processing unit 209.

Further, upon receiving the encrypted content key S from the server device 100 via the input / output unit 202, the decryption unit 213 performs a decryption algorithm D to generate a content key. When reproducing the content, the content key is output to the decryption unit 217. When the content is stored once, the generated content key is output to the encryption unit 214.
The encryption unit 212 receives the session key SK from the public key encryption unit 206 under the control of the control unit 201. Further, upon receiving the data from the registration processing unit 209, the data processing unit 209 performs an encryption algorithm E on the data using the session key SK, and outputs the encrypted data to the server device 100 via the input / output unit 202.
(6) Encryption unit 214, decryption unit 215
The encryption unit 214 reads out ID # 02 from the ID storage unit 203 under the control of the control unit 201, and generates an encryption key EK2 based on ID # 02. When the content key is received from the decryption unit 213, the content key is subjected to an encryption algorithm E using the generated encryption key EK2 to generate an encrypted content key K2. The generated encrypted content key K2 is stored in the content key storage unit 211.

The decryption unit 215 reads out ID # 02 from the ID storage unit 203 under the control of the control unit 201, and generates a decryption key DK2 based on ID # 02. The encrypted content key K2 is read from the content key storage unit 211, and a decryption algorithm D is applied to the read encrypted content key K2 using the decryption key DK2 to generate a content key. Further, it outputs the generated content key to decryption section 217.
(7) Decoding section 217
The decryption unit 217 receives the content key from the decryption unit 213 or 215 under the control of the control unit 201, and reads out the encrypted content from the content storage unit 210. A decryption algorithm D is performed on the read encrypted content using the content key to generate the content. The content is output to the reproducing unit 218.
(8) Playback unit 218, monitor 219, speaker 220
The reproduction unit 218 generates a video signal from the content received from the decoding unit 217 under the control of the control unit 201, and outputs the generated video signal to the monitor 219. Further, it generates an audio signal from the received content, and outputs the generated audio signal to the speaker 220.
(9) Control unit 201, input unit 216
The input unit 216 receives an external input and outputs the received input to the control unit 201.

Upon receiving an input from the input unit 216 to perform registration, content acquisition, or withdrawal processing, the control unit 201 controls the public key encryption processing unit 206 to mutually perform device authentication with the server device 100. Do. If the authentication fails, the subsequent processing ends. If the authentication is successful, the control unit 209 controls the registration processing unit 209 to perform registration or withdrawal processing.
When receiving an input indicating that the content is to be acquired and reproduced, the control unit 209 controls the registration processing unit 209 to perform registration verification. Upon receiving the encrypted content key S and the encrypted content from the server device 100 via the input / output unit 202, the decryption unit 213 decrypts the encrypted content key S, and the decryption unit 217 uses the decrypted content key. The encrypted content is decrypted to generate the content, and the reproducing unit 218 is controlled to reproduce the content.

  When receiving an input to acquire and store the content from the input unit 216 and receiving the encrypted content key S and the encrypted content from the server device 100 as described above, the encrypted content is stored in the content storage unit 210. Store. Further, it controls the decryption unit 213 to decrypt the encrypted content key S. The encrypting unit 214 encrypts the content key using the encryption key EK2, and stores the encrypted content key K2 in the content key storage unit 211.

  When an input indicating that the stored content is to be reproduced is received via the input unit 216, the encrypted content key K2 is read from the content key storage unit 211 and decrypted by the decryption unit 215 using the decryption key DK2. The encrypted content is read from the content storage unit 210, and the decryption unit 217 is controlled to decrypt the encrypted content using the decrypted content key to generate the content. The decrypted content is reproduced by the reproducing unit 218.

Note that the acquisition, reproduction, and accumulation of the content follow the CCI. If the CCI of the acquired content permits only reproduction of the content and does not permit copying, the content is not accumulated.
Here, the client device 200 holds an IP address or a URL or the like in order to communicate with the server devices 100a to 100d, or accesses an external server and registers the IP address or the URL of the server device 100 to be registered. Shall receive it. Since these are not the subject of the present invention, they are omitted.
2. 2. Operation of Device Registration System 1 2.1 SAC Establishment The operation when SAC is established between devices will be described with reference to FIGS.

This SAC establishment method is an example, and another authentication method or key sharing method may be used. In addition, since the SAC establishment method is used for authentication between any devices, the devices that perform the authentication are devices A and B here.
Here, Gen () is a key generation function, and Y is a system-specific parameter. Also, the key generation function Gen () satisfies the relationship of Gen (x, Gen (z, Y)) = Gen (z, Gen (x, Y)). Note that the key generation function can be realized by any known technique, and thus details thereof will not be described here. As an example, reference (1) Shinichi Ikeno and Kenji Koyama, “Modern Cryptography Theory”, and the Diffie-Hellman (DH) public key distribution method are disclosed to the Institute of Telecommunications of Japan.

The device A reads out the public key certificate Cert # A (step S201) and transmits it to the device B (step S202).
The device B that has received the public key certificate Cert # A performs a signature verification algorithm V on the signature data Sig # CA included in the public key certificate Cert # A using the public key PK # CA of the CA. To verify the signature (step S203). If the verification result is unsuccessful (N in step S204), the process ends. If the verification result is successful (Y in step S204), the CRL is read (step S205), and it is determined whether the received ID # A included in the public key certificate Cert # A is registered in the CRL (step S205). Step S206). If it is determined that it has been registered (Y in step S206), the process ends. If it is determined that it has not been registered (N in step S206), the public key certificate Cert # B of the device B is read (step S207), and transmitted to the device A (step S208).

  Upon receiving the public key certificate Cert # B, the device A applies the signature verification algorithm V to the signature data Sig # CA included in the public key certificate Cert # B using the public key PK # CA and signs the signature. Verification is performed (step S209). If the verification result is unsuccessful (N in step S210), the process ends. If the verification result is successful (Y in step S210), the CRL is read (step S211), and it is determined whether or not the ID # B included in the public key certificate Cert # B and received is registered in the CRL (step S211). Step S212). If it is determined that it has been registered (Y in step S212), the process ends. If it is determined that it has not been registered (N in step S212), the process is continued.

The device B generates a random number Cha # B (step S213) and transmits it to the device A (step S214).
Upon receiving the random number Cha # B, the device A performs a signature generation algorithm S on the received Cha # B using the secret key SK # A of the device A to generate signature data Sig # A (step S215). The generated signature data Sig # A is transmitted to the device B (step S216).

Upon receiving the signature data Sig # A, the device B performs signature verification by applying the signature verification algorithm V to the received signature data Sig # A using the PK # A included in the Cert # A in step S202 (step S202). In S217), if the verification result is unsuccessful (N in step S218), the process ends. If the verification result is successful (Y in step S218), the process is continued.
The device A generates a random number Cha # A (step S219) and transmits it to the device B (step S220).

The device B performs a signature generation algorithm S on the received Cha # A using the secret key SK # B of the device B to generate signature data Sig # B (step S221), and generates the signature data Sig # B. The data is transmitted to the device A (step S222).
Upon receiving the signature data Sig # B, the device A performs the signature verification algorithm V on the signature data Sig # B using the PK # B included in the Cert # B in step S208 and verifies the signature (step S223). If the verification result is unsuccessful (N in step S224), the process ends. In the case of success (Y in step S224), a random number “a” is generated (step S225), and Key # A = Gen (a, Y) is generated using the generated “a” (step S226). Key # A is transmitted to device B (step S227).

  Upon receiving the Key # A, the device B generates a random number “b” (Step S228), and generates Key # B = Gen (b, Y) using the generated random number “b” (Step S229). The generated Key # B is transmitted to the device A (step S230). Further, using the generated random number "b" and the received Key # A, Key # AB = Gen (b, Key # A) = Gen (b, Gen (a, Y)) is generated (step S231). ) And the session key SK.

Upon receiving Key # B, the device A obtains Key # AB = Gen (a, Key # B) = Gen (a, Gen (b, y)) from the generated random number “a” and the received Key # B. It is generated (step S232) and used as a session key SK.
In this way, the communicating devices mutually authenticate and share the session key SK.
2.2 Registration The operation when registering the client device 200 in the server device 100a or 100b will be described with reference to FIGS.

  When the input unit 216 receives an input indicating that registration processing is to be performed (step S1), under the control of the control unit 201, the registration processing unit 209 reads a registration group list (step S2), and the remaining number is “0”. It is determined whether or not there is (step S3). If it is "0" (Y in step S3), registration cannot be performed any more, so that the fact that registration is not possible is displayed on the monitor 219 (step S19), and the process ends.

If it is not “0” (N in step S3), an ID transmission request is transmitted to server device 100 (step S4).
When receiving the ID transmission request, the control unit 101 reads out the ID # 31 from the ID storage unit 103 (Step S5) and transmits it to the client device 200 (Step S6).
Upon receiving the ID # 31, the registration processing unit 209 of the client device 200 extracts a group identification unit from the received ID # 31 (Step S7). The withdrawal group list is read from the withdrawal group list storage unit 208 (step S8), and it is determined whether or not the group identifier of the last row matches the extracted group identification unit (step S9). If they do not match (N in step S9) ), It is determined whether or not it is registered in the withdrawal group list (step S10). If it has been registered (Y in step S10), it cannot be registered again, so that it is displayed on the monitor 219 that registration is not possible (step S19), and the process ends.

If they match (Y in step S9) and if they are not registered in the withdrawal group list (N in step S10), a SAC is established between the public key cryptographic processing unit 106 and the public key cryptographic processing unit 206, and the session key The SK is shared (step S11). If the establishment of the SAC fails, the process ends.
When the server device 100 transmits data after the establishment of the SAC, the encryption unit 112 encrypts the data using the session key SK and outputs the data. Further, when receiving data encrypted using the session key SK from the client device 200, the decryption unit 113 decrypts the data using the session key SK and outputs the decrypted data to the registration processing unit 109. Similarly, in the client device 200, the encryption unit 212 and the decryption unit 213 use the session key to encrypt and decrypt data.

When the SAC is established, input of a password is accepted from the input unit 216 (step S12), and a registration request including the password is transmitted to the server device 100 (step S13).
The registration processing unit 109 determines whether the received password matches the password in the registration information (Step S14). If they do not match (N in step S14), a registration disable notification is transmitted (step S17), and the process ends. If they match (Y in step S14), the registration processing unit 109 reads the registration information from the registration information storage unit 108 (step S15), and determines whether the remaining number is “0” (step S16). If it is "0" (Y in step S16), a registration refusal notice is transmitted to the client device 200 (step S17), and the process ends. If it is not "0" (N in step S16), an ID transmission request is transmitted to the client device 200 (step S18).

When the registration processing unit 209 of the client device 200 receives the registration impossible notification, the registration processing unit 209 displays on the monitor 219 that registration is not possible (step S19), and ends the processing. If an ID transmission request is received, ID # 02 is read from the ID storage unit 203 (step S20), and the read ID # 02 is transmitted to the server device 100 (step S21).
Upon receiving the ID # 02, the registration processing unit 109 of the server device 100 reads the registered device list from the registered device list storage unit 107 (Step S22), and determines whether the received ID # 02 is registered as a client ID. A determination is made (step S23). If it is registered (Y in step S23), it is determined whether the withdrawal date and time of the registered line is "0" (step S24). If the withdrawal date is "0" (Y in step S24), a registered notification is transmitted (step S25), and the process ends. If the withdrawal date and time is not “0” (N in step S24) and if the withdrawal date and time is not registered in the registered device list (N in step S23), the date and time are acquired from the clock unit 119 (step S26), and The received ID # 02 and the acquired registration date and withdrawal date “0” are written and registered (step S27). Further, “1” is added to the registered number, and “1” is subtracted from the remaining number to update the registered information (step S28). When the process is completed, a registration completion notification is transmitted to the client device 200 (step S29), and the process ends.

  When the registration processing unit 209 receives the registration notification, the registration processing unit 209 displays that the registration has already been performed on the monitor 219 (step S30), and ends the processing. When the registration completion notification is received, the group identification unit extracted in step S7 is registered in the group identifier of the registration group list, “1” is added to the number of registrations, and “1” is subtracted from the remaining number to register the group. Is updated (step S31), and the process ends.

Note that the same processing is performed when registering with the server device 100c or 100d.
2.3 Verification A process for verifying whether a client device is registered in the server device 100 at the time of delivery of content or withdrawal of the client device will be described with reference to FIG.
When the input of acquisition or withdrawal of the content is received from the input unit 216 of the client device 200 (Step S41), the public key encryption units 106 and 206 establish the SAC (Step S42). If the establishment fails, the subsequent processing is stopped. When the establishment of the SAC is successful, all subsequent communications are encrypted.

When the establishment of the SAC is successful, the input of the password is received from the input unit 216 (step S43), and the registration processing unit 209 transmits a delivery request or a withdrawal request including the password to the server device 100 (step S44).
Upon receiving the delivery request or the withdrawal request, the registration processing unit 109 of the server device 100 determines whether or not the password included in the request matches the password in the registered device list (Step S45). (N in S45), a mismatch notification is transmitted to the client device 200 (step S46), and the process ends.

If the passwords match (Y in step S45), an ID transmission request is transmitted to the client device 200 (step S47).
When receiving the mismatch notification, the registration processing unit 209 displays the password mismatch on the monitor 219 (step S48), and ends the process.
When receiving the ID transmission request, the registration processing unit 209 reads out ID # 02 from the ID storage unit 203 (Step S49) and transmits it to the server device 100 (Step S50).

  Upon receiving the ID # 02, the registration processing unit 109 reads the registered device list from the registered device list storage unit 107 (step S51), and determines whether the received ID # 02 is registered in the registered device list (step S51). Step S52). If not registered (N in step S52), a non-registration notification is transmitted (step S53). If registered (Y in step S52), it is determined whether the withdrawal date is "0" (step S54). If not "0" (N in step S54), a non-registration notification is transmitted (step S53). If it is "0" (Y in step S54), the subsequent processing is continued.

When the client device 200 receives the non-registration notification, the client device 200 displays that it is not registered on the monitor 219 (step S55), and ends the process.
As a result, it is possible to check whether or not the client device 200 is registered in the server device 100, and thereafter, the content is delivered or withdrawn.
2.4 Content Delivery (1) The operation of acquiring and viewing content from the server device 100 will be described with reference to FIG.

When the client device 200 receives the input of the content acquisition instruction from the input unit 216, the client device 200 performs the above-described registration matching process and checks the registration (step S61).
If registered, the decryption unit 115 of the server device 100 reads the encrypted content key K1 from the content key storage unit 111 (Step S62), and decrypts the encrypted content key K1 using the decryption key DK1 (Step S63). , And outputs the generated content key to the encryption unit 112. The encryption unit 112 encrypts the content key using the session key SK received from the public key encryption processing unit 106 to generate an encrypted content key S (Step S64). The control unit 101 reads the encrypted content from the content storage unit 110 (step S65), and transmits the encrypted content key S and the encrypted content to the client device 200 (step S66).

  The decrypted unit 213 of the encrypted content and the client device 200 decrypts the encrypted content key S using the session key SK received from the public key encryption unit 206 (Step S67), and outputs the content key to the decryption unit 217. . The decryption unit 217 receives the encrypted content and receives the content key from the decryption unit 213. The encrypted content is decrypted using the received content key to generate the content (step S68), and the content is output to the reproducing unit 218. The reproduction unit 218 reproduces the content and outputs the content to the monitor 219 and the speaker 220 (Step S69).

(2) Content Stored and Played Back The operation of temporarily storing the content and playing it back later will be described with reference to FIG.
When an input indicating that the content is acquired and stored from the input unit 216 is received, the processes of steps S61 to S66 are performed to acquire the content.
Upon receiving the encrypted content key S and the encrypted content, the control unit 201 stores the encrypted content in the content storage unit 210 (Step S71). The decryption unit 213 decrypts the encrypted content key S using the session key SK received from the public key encryption processing unit 206 (Step S72), and outputs the content key to the encryption unit 214. The encryption unit 214 encrypts using the encryption key EK2 to generate an encrypted content key K2 (step S73), and stores it in the content key storage unit 211 (step S74).

Thereafter, when the input unit 216 receives an input to reproduce the content (step S75), the decryption unit 215 reads the encrypted content key K2 from the content key storage unit 211 (step S76), and uses the decryption key DK2. The content key is decrypted to generate a content key (step S77), and the generated content key is output to the decryption unit 217. The decryption unit 217 reads the encrypted content from the content storage unit 210, decrypts the read encrypted content using the content key, and outputs the decrypted encrypted content to the playback unit 218 (Step S78). The reproducing unit 218 reproduces the content and outputs the content to the monitor 219 and the speaker 220 (Step S79).
2.5 Withdrawal The operation when withdrawing the client device 200 from the server device 100a or 100b will be described with reference to FIG.

When receiving an input indicating that the withdrawal process is to be performed from the input unit 216, the control unit 201 controls the registration processing unit 209 to transmit a withdrawal request to the server device 100, and performs the above-described registration collation processing (step S81). ).
If registered, the registration processing unit 109 of the server device 100 acquires the date and time from the clock unit 119 (Step S82), and writes the acquired date and time in the withdrawal date and time of the row indicated by ID # 02 (Step S83). “1” is subtracted from the registered number, and “1” is added to the remaining number to update the registered information (step S84). In addition, ID # 31 is read from ID storage section 103 (step S85), a withdrawal completion notification including ID # 31 is transmitted to client device 200 (step S86), and the process ends.

  Upon receiving the withdrawal completion notification including ID # 31, the registration processing unit 209 of the client device 200 extracts a group identification unit from ID # 31 (step S87), and matches the extracted group identification unit from the registered group list. The group identifier is deleted (step S88). Further, "1" is subtracted from the number of registrations, "1" is added to the remaining number (step S89), and the extracted group identification unit is registered as a group identifier at the end of the withdrawal group list (step S90). finish.

Note that the same processing is performed when withdrawing from the server device 100b or 100c.
2.6 Sharing of Registered Device List The operation when the server device 100a exchanges the registered device list with the server device 100b and updates the registered device list a will be described with reference to FIGS.
The server device 100a controls the public key encryption unit 106a and establishes a SAC with the server device 100b (Step S101). If the establishment of the SAC fails, the subsequent processing ends.

After the establishment of the SAC, when communication is performed between the server devices 100a and 100b, the encryption unit 112a or 112b encrypts the data using the session key SK, transmits the encrypted data to the server device of the other party, and Upon receiving the data, the decryption unit 113a or 113b decrypts the data using the session key SK.
The inter-server communication unit 118a reads the ID # 31a from the ID storage unit 103a (Step S102) and transmits the ID # 31a to the server device 100b (Step S103). When receiving the ID # 31b from the server-to-server communication unit 118b (step S104), a group identification unit is extracted from each ID (step S105), and it is determined whether they match (step S106). If they do not match (N in step S106), the process ends without exchanging the registered device list. If it is determined that they match (Y in step S106), the server device 100b determines that it belongs to the same group 300 as the server device 100a, reads and transmits the registered device list a, and receives the registered device list b. (Step S107).

Upon receiving the registered device list b, the inter-server communication unit 118a determines whether or not there is a registered line in the registered device list a (step S108). If there is not (N in step S108), the processing after step S127 is performed.
If there is a registered line (Y in step S108), the registered device list a is read from the top one line (step S109). The read row is referred to as row a. It is determined whether the registered device list b has a line with the same client ID as the line a (step S110). If there is no identical row (N in step S110), it is determined whether the withdrawal date of row a is “0” (step S111). If it is “0” (Y in step S111), the process returns to step S108, and it is determined whether the next row is registered.

If the withdrawal date and time is not “0” (N in step S111), the line a is deleted from the registered device list a (step S112). Returning to step S108, it is determined whether the next line is registered.
If there is a line with the same client ID as line a in the registered device list b (Y in step S110), the same line is read (step S113). The read row is referred to as row b1.

  It is determined whether or not the withdrawal date and time of the row b1 is “0” (step S114). If it is determined that the withdrawal date and time of the row a is not “0” (N in step S114), it is determined whether or not the withdrawal date and time of the row a is “0”. Is determined (step S115). If it is not “0” (N in step S115), row a and row b1 are deleted (step S116), and the process returns to step S108. If the withdrawal date and time of row a is “0” (Y in step S115), it is determined whether or not the registration date and time of row a is later than the withdrawal date and time of row b1 (step S117). If the registration date and time of the row a is later than the withdrawal date and time of the row b1 (Y in step S117), the process returns to step S108.

If the withdrawal date and time of row b1 is later than the registration date and time of row a (N in step S117), row a is recorded in the temporary withdrawal list (step S118), and row a and row b1 are deleted (step S119). Further, the number of deleted devices is counted (step S120), and the process returns to step S108.
When the withdrawal date and time of the row b1 is “0” (Y in step S114), it is determined whether or not the withdrawal date and time of the row a is “0” (step S121). If the withdrawal date and time of the row a is “0” (Y in step S121), the one with the later registration date and time of the row a and the row b1 is registered in the registered device list a (step S122), and the row b1 is deleted (step S122). S123), and return to step S108.

  If the withdrawal date and time of the row a is not “0” (N in step S121), it is determined whether or not the registration date and time of the row b1 is later than the withdrawal date and time of the row a (step S124). If the registration of the row b1 is not later than the withdrawal date of the row a (N in step S124), the rows a and b1 are deleted (step S116), and the process returns to step S108. If the registration of the row b1 is later than the withdrawal date of the row a (Y in step S124), the row b1 is registered in the temporary registration list (step S125), and the number of newly registered rows is counted (step S126). , Deletes the row b1 (step S123), and returns to step S108.

When the processing of steps S108 to S126 is completed for all the rows registered in the registered device list a (N in step S108), the number counted as the number of deleted devices is reduced from the number registered in the registration information to the remaining number. It is added (step S127).
Next, it is determined whether or not the remaining number of the registration information is “0” (step S128). If it is “0” (Y in step S128), it is determined whether or not there is a next line registered in the registered device list b (step S129). Is extracted (step S130). From the lines registered in the registered device list a and the extracted lines, lines corresponding to the number of registered devices are extracted in ascending order of registration date and time (step S131), and the extracted lines are registered in the registered device list a (step S132). The fact that the client device in the unregistered row is unregisterable is displayed on the display unit 116a (step S133), and the ID # 31a is included in the unregisterable client device and the client device recorded in the temporary withdrawal list. Then, a withdrawal notification for notifying the withdrawal is transmitted from the server device 100a (step S134), the registered number is set to the maximum number, and the remaining number is set to "0" (step S135). Also, the registered device list a is stored in the registered device list storage unit 107a (step S136), and the process ends.

  If the remaining number is not “0” (N in step S128), it is determined whether or not there is a line registered in the registered device list b (step S137). If there is a line (Y in step S137), one line is read (step S137). Step S138). The read row is referred to as row b2. It is determined whether or not the withdrawal date and time of the row b2 is “0” (step S139). If it is not “0” (N in step S139), the row b2 is deleted (step S142), and the process returns to step S137. It is determined whether or not there is a row.

If the withdrawal date and time in the row b2 is “0” (Y in step S139), it is registered in the temporary registration list (step S140), and counted as a newly registered number (step S141). Row b2 is deleted (step S142), and the process returns to step S137 to determine whether there is a next row.
When there is no next line in the registered device list b (N in step S137), it is determined whether the number of newly registered devices is equal to or less than the remaining number (step S143). If the number is less than the remaining number (Y in step S143), the line registered in the temporary registration list is registered in the registered device list a (step S144), and the number indicated by the newly registered number is reduced from the remaining number and added to the registered number (step S144). Step S135). Also, the registered device list a is stored in the registered device list storage unit 107a (step S136), and the process ends.

  If the number is not less than the remaining number (N in step S143), rows corresponding to the number indicated by the remaining number are extracted from the lines registered in the registered device list a and the temporary registration list in order of earlier registration date and time (step S131). The extracted line is registered in the registered device list a (step S132). The fact that the client device of the unregistered line cannot be registered is displayed on the display unit 116a (step S133), and a withdrawal notification is transmitted to the client device of the unregistered line (step S134). Further, the registered number is set to the number indicated by the maximum number, and the remaining number is set to “0” (step S135). Also, the registered device list a is stored in the registered device list storage unit 107a (step S136), and the process ends.

In this way, the servers 100a and 100b share the same list.
Also, the server device 100c and the server device 100d perform the same processing and share the registered device list.
3. Conclusion As described above, the present invention is a device registration system for registering a client device in a server device belonging to the group in order for the client device to join the group, the system including a client device and a server device. You.

If the number of other groups to which the client device has already subscribed is less than the maximum number of groups to which the client device can subscribe, the client device sends, to the server device, unique information unique to the client device. A registration request indicating registration with the server device is transmitted.
The server device belongs to the group and receives the registration request. If the number of registered client devices already registered in the server device is less than the maximum number of devices that can be registered in the server device, the received unique information is registered and the identification information is transmitted to the client device. I do.

The client device receives identification information for identifying the group from the server device, and stores the received identification information.
The client device does not store the identification information in an initial state in which the client device has not joined any group. In the initial state where no client device is registered, the server device does not register unique information.
4. Other Modifications Although the present invention has been described based on the above embodiment, it is needless to say that the present invention is not limited to the above embodiment. The following cases are also included in the present invention.
(1) In the present embodiment, the number of server devices is described as two in each group. However, three or more server devices may be used, or one server device may be used.

Further, the server device may be provided with a reproducing function to reproduce the content.
(2) Upon receiving the server device ID, the client device 200 may check the registered group list to determine whether or not the client device 200 has already been registered in the group to which the server device with the received ID belongs.
(3) Although the registration server device list according to the present embodiment is stored in association with the withdrawal date and time, the list may not be the withdrawal date and time. It may be associated with a flag indicating whether or not the user has withdrawn.

In this case, when the registered device list is exchanged, the server device stores the registered device list stored in the server device and the registered device list received from another server device in one of the matching client ID lines. If a flag indicating withdrawal is associated, the server device deletes the registered device from the registered device list held by the server device and updates the registration information.
(4) In the present embodiment, a plurality of server devices hold the same registered device list and manage the same client device. However, it is assumed that a plurality of server devices in the same group manage different client devices. Is also good.

(A) As an example, a case where a registration request is made from the client device 200 to the server device 100a and an inquiry is made from the server device 100a to the server device 100b will be described with reference to FIG.
Steps S1 to S15 are performed in the same manner (step S150). As in step S17, the server device 100a determines whether the remaining number is “0” (step S151). If the remaining number is not “0” (N in step S151), the server device 100a performs the processes from step S18 The client device 200 is registered in the server device 100a.

If the remaining number is “0” (Y in step S151), the server device 100a and the server device 100b establish a SAC and share the session key SK (step S152). As a result, all subsequent processing is performed by encrypting and decrypting using the session key SK.
The server device 100a inquires of the server device 100b whether the client device can be registered (Step S153).

  The server device 100b similarly determines whether or not the remaining number of the registered device list b is “0” (Step S154). If it is “0” (Y in step S154), a registration disable notification is transmitted to the client device 200 via the server device 100a (step S155), and the process ends. If it is not “0” (N in step S154), an ID transmission request is transmitted to the client device 200 via the server device 100a (step S156).

If the client device 200 receives the registration-impossible notification, the client device 200 displays on the monitor 219 that the registration is not possible (step S157), and ends the process. If an ID transmission request has been received, ID # 02 is read from the ID storage unit 203 (step S158), and transmitted to the server device 100b via the server device 100a (step S159).
Upon receiving ID # 02, server device 100b determines whether or not it is registered in registered device list b (step S160). If registered (Y in step S160), it is determined whether or not the withdrawal date is “0” (step S161). If it is “0” (Y in step S161), a registered notification is transmitted to the client device 200 via the server device 100a (step S162), and the process ends. If not registered (N in step S160) and if the withdrawal date is not “0” (N in step S161), the date and time is acquired from the clock unit 119 (step S163), and the ID # 02 is associated with the date and time. The device is registered in the registered device list b (step S164). Further, the number of registrations and the remaining number of the registration information b are updated (step S165), and a registration completion notification is transmitted to the client device 200 via the server device 100a (step S166).

Upon receiving the registration notification, the client device 200 displays the notification on the monitor 219 (step S167), and ends the process. When the registration completion notification is received, the group identification unit of the server ID is registered as a group identifier in the registration group list (step S168), and the process ends.
Even if the remaining number is not “0”, an inquiry to another device may be made when another process is being executed.

When the remaining numbers of the server devices 100a and 100b are “0”, if there are three or more server devices belonging to the same group, another server device 100 may be inquired about registration.
(B) Further, registration verification will be described below with reference to FIG.
The same processing is performed from step S41 to step S52 (step S170). The server device 100a determines whether or not the withdrawal date and time is “0” as in step S54 (step S171). If it is “0”, the client device 200 is registered in the server device 100a, Thereafter, processing such as content delivery and withdrawal is performed.

If it is not “0” (N in step S171), the server device 100a and the server device 100b establish a SAC and share the session key SK (step S172). Thereafter, encrypted communication is performed using the shared session key SK.
The server device 100a inquires of the server device 100b about registration of the client device 200 using ID # 02 (Step S173).

  The server device 100b determines whether or not the ID # 02 is registered in the registered device list b (Step S174). If the ID # 02 is registered (Y in Step S174), whether or not the withdrawal date is "0" Is determined (step S175). If it is “0” (Y in step S175), the subsequent processing is performed. If not registered in the registered device list b (N in step S174) and if the withdrawal date is not “0” (N in step S175), a non-registration notification is transmitted to the client device 200 via the server device 100a (step S174). S176).

When the client device 200 receives the non-registration notification, the client device 200 displays that it is not registered on the monitor 219 (step S177), and ends the process.
(5) In the present embodiment, the server devices 100a and 100b operate as one server device by exchanging registered device lists and sharing the same list, but among the plurality of server devices, Either one may manage the client device as a representative server device.

  In this case, one of the plurality of server devices is determined as the representative device. The determination method may be selected by the user or may be determined between devices. When determining between devices, each device is assigned a priority in advance, and a device with a higher priority may be determined as a representative device, or a device with less processing and a device with a higher processing capability may be determined as a representative device. The device may be determined.

When the server device that is not the representative device receives the registration request from the client device, the server device makes an inquiry to the representative device.
Upon receiving the inquiry, the representative device determines whether or not registration is possible, as in the embodiment. If registration is possible, the representative device registers in the registered device list and updates the registered number and the remaining number. Further, a registration completion notification is transmitted to the client device via the server device that has received the request.
(6) A plurality of passwords may be set within a predetermined number. Also, a plurality of users may set each password, such as setting a password for each family member.

Further, instead of the password, biometric authentication such as a fingerprint or an iris may be used.
Upon input of the fingerprint, the server device 100 extracts a feature point from the shape of the fingerprint, and stores the extracted feature point instead of the password.
When registering the client device 200, the client device 200 that has received the input of the fingerprint extracts a feature point from the shape of the received fingerprint and transmits the extracted feature point to the server device 100 instead of the password.

When receiving the feature point, the server device 100 compares the feature point with the stored feature point. If the stored feature point matches the received feature point at a ratio equal to or greater than a predetermined ratio, it is determined that the fingerprint matches, and the subsequent processing is performed.
Similarly, in the case of an iris, feature points are extracted and compared, and when the feature points match at a predetermined ratio or more, it is considered that the irises match.

As described above, using a password, a fingerprint, an iris, or the like makes it difficult to register another client device.
Further, a MAC address or an IP address may be used instead of the ID.
When using a MAC address or an IP address (hereinafter, an address), each device associates each address with identification information for identifying a group to which a server device to which the address is assigned belongs. Holding. When determining whether or not the partner device belongs to the same group, the address of the partner device is acquired, and by determining which identification information the acquired address is associated with in the correspondence information, It is possible to confirm whether the other device belongs to the same group.

Further, when the server device and the client device communicate wirelessly, the range within which radio waves can be reached may be one of the conditions for authenticating whether or not the device is valid.
When the server device and the client device can communicate with each other, the server device transmits authentication data from the server device to the client device. When the client device receives the authentication data, the client device transmits response data to the server device. The server equipment measures the time from transmitting the authentication data to receiving the response data, and if the measured time is within a preset threshold, it is determined that the server is installed in the same house. You may do it.

Further, a TTL (Time To Live) value may be set within the number of routers in the house so that communication with a device outside the house cannot be performed.
Alternatively, it may be determined whether or not they are installed in the same house by determining whether or not they are connected to the same power supply.
(7) Before registering the client device with the server device, the client device may be provisionally registered, and may be newly registered when using the client device via the network.

An example is shown below. The user manually inputs the client ID ID # 02 into the server device 100 before registering the client device 200 in the server device 100. The server device 100 stores the input ID # 02 as a temporary registration device. At this time, the registration number and the remaining number are not updated.
When the user takes the client device 200 out of the house and views the contents of the server device 100 via the Internet 500, the client device 200 performs the same processing as in steps S1 to S21 of the embodiment.

  Upon receiving the ID # 02, the server device 100 determines whether or not the device is registered as a temporarily registered device. If it is determined that the device is registered, the server device 100 performs steps S26 to S29 to formally register the registered device list. Register and update the number registered and the number remaining. If it has not been registered in the temporary registration list, it is determined whether or not it has been registered in the registered device list as in steps S23 and S24. If it has been registered, a registered notification is transmitted to the client device 200. If not registered, the client device 200 is not registered in the registered device list, but is notified to the client device 200 that the device is not temporarily registered. When the client device 200 receives the registration completion notification, the client device 200 updates the registration group list as in step S31, and ends the process. When the notification that the temporary registration has not been performed is received, the fact that the temporary registration has not been performed is displayed on the monitor 219, and the process ends.

This makes it possible to temporarily register a device, such as a notebook computer, which is not known to be taken outside, and to count only devices actually registered via the network.
(8) The client device 200 may have a configuration that cannot be re-registered with a server device that has withdrawn once.

In this case, the server device 100 holds the withdrawn device list, and when the registered client device withdraws, records the ID of the withdrawn client device in the withdrawn device list.
When a registration request including an ID is received from the client device, it is determined whether or not the ID is recorded in the withdrawal list. If the ID is registered, a registration disable notification is transmitted. If it is not registered, it performs registration processing.
(9) The server devices 100a and 100b may exchange the registered device list a and the registered device list b, respectively, and manage the number of server devices registered by each client device.
(10) The client device 200 may select a server device to be registered from a plurality of server devices.

As a selection method, the user may select, or the client device 200 may be a server device having a short distance from the client device 200, a server device having a high communication speed, or a server device having a high processing capability among a plurality of server devices. Alternatively, a server device having few other tasks may be selected.
(11) An expiration date may be set for the period during which the client device 200 is registered.

When registering the client device 200, the server device 100 generates expiration date information indicating a period during which the server device 100 is permitted to register, and notifies the client device 200 of the validity period information.
The server device 100 and the client device 200 each monitor the passage of time. When the expiration date indicated by the expiration date information is reached, the server device 100 deletes the ID of the client device 200 from the registered device list, reduces “1” from the registered number, and adds “1” to the remaining number. Further, the client device 200 deletes the server ID from the registered group list, subtracts “1” from the registered number, and adds “1” to the remaining number. Also, the ID of the withdrawn server device 100 is registered in the withdrawal group list.

In this way, the client device is registered only during the period indicated by the expiration date, and the registration is automatically canceled after the period has expired.
According to the present invention, a portable device that can be taken out of the home can also be registered as a client device, and even with such a device, registration is canceled after the expiration date, so that an unauthorized third-party can transfer content. Can be reduced.

Note that only the server device 100 monitors the passage of time without transmitting the expiration date information, and when the period indicated by the expiration date information ends, the server device 100 notifies the client device 200 that the expiration date has expired. It is good. The client device that has received the notification performs the same processing as described above.
In addition, the expiration date information may specify the start and end of the period to be registered in the server device, or may specify only the end. Further, the start of the registration and the time after the start may be designated.
(12) One group may be formed by combining groups of client devices managed by a plurality of server devices.

An example in which a group r to which a group p to which a server device 100p (not shown) belongs and a group q to which a server device 100q (not shown) belongs is formed as one group r will be described.
The server devices 100p and 100q exchange the registered device list p and the registered device list q, and share the registered device list r in the same manner as in the embodiment.

  At this time, the maximum number that can be registered in the group r is the maximum number of the group p, the maximum number of the group q, or the average number of each. In addition, when the registered number of the group p and the registered number of the group q are combined, when the number exceeds the maximum number of the group r, the devices may be registered in order from the device whose registration date is earlier as in the embodiment. Alternatively, the user may select a device to be registered. Alternatively, priorities may be assigned to the respective client devices in advance, and the devices may be registered in descending order of priority.

  One of the server devices 100p and 100q may manage the client device of the group r as a representative server, and the other server device may join the group r as a client device. Further, one server device may manage the client devices of the group r, and the other server device may inquire of one server device for registration as described in (5) above.

Further, when a plurality of server devices belong to the groups p and q, all the server devices may share the registered device list to manage the client devices of the group r, or one or more devices may be managed. May be selected, and the selected device may be managed as a server device. The method of selecting the server device may be selected by the user or may be selected between devices. When selecting between devices, the device may be selected based on the priorities assigned in advance, or a device having a high processing capacity or a device having few other tasks may be selected as the server device.
(13) One group may be divided into a plurality of groups.

A case where the group s is divided to form a group t and a group u will be described as an example.
The server device 100s (not shown) belonging to the group s selects one from a plurality of registered client devices and determines that the server device 100u belongs to the group u. The server device 100s determines that it belongs to the group t as the server device 100t.

The server devices 100t and 100u may determine the server device 100s based on the priority of each device, or may determine a device having a high processing capability or a device having few other tasks as the server device 100u. Is also good. Further, in a similar manner, the determination may be made between the client devices, or the selection may be made by the user.
The server devices 100t and 100u select a client device that joins each group from the client devices registered in the registered device list s, and newly generate the registered device lists t and u. The method of selecting the client devices may be selected by the user, or may be assigned to each group in the order of registration date and time or priority. Further, the first half client ID and the second half client ID may be divided in the order registered in the registered device list s, in the order of priority, or in the order of registration date and time.

If there are a plurality of server devices belonging to the group s, the server device 100t and the server device 100u are determined from the plurality of server devices, and the client device is selected by the above method.
(14) The maximum number of registration information of the server device 100 or the client device 200 is set in advance, but may be set later.
The management apparatus of the management organization outside the group is requested for the number of units to be registered, and charging is performed according to the number. When the management device can confirm that the charge has been made, the management device permits the number of devices to the request source device. The requesting device sets the permitted number to the maximum number.

Further, after the maximum number is set, the management apparatus is requested for the number, and charging is performed according to the number in the same manner as described above, and when the number is permitted, the requesting device sets the permitted number to the maximum number. , And a new maximum number may be set.
(15) When transmitting content from the server device 100 to the client device 200, only the encrypted content may be transmitted before performing the authentication, and the content key may be transmitted after the authentication.

Further, the server device 100 may receive an external input and distribute the content to the client device 200 according to the input without transmitting the content delivery request from the client device 200 to the server device 100. When the content is acquired, the content may be authenticated and distributed to the client device 200.
(16) The present invention may be the method described above. Further, these methods may be a computer program that is realized by a computer, or may be a digital signal formed by the computer program.

  Further, the present invention provides a computer-readable recording medium for reading the computer program or the digital signal, for example, a flexible disk, a hard disk, a CD-ROM, an MO, a DVD, a DVD-ROM, a DVD-RAM, a BD (Blu-ray Disc). ), A semiconductor memory or the like. Further, the present invention may be the computer program or the digital signal recorded on these recording media.

Further, according to the present invention, the computer program or the digital signal may be transmitted via an electric communication line, a wireless or wired communication line, a network represented by the Internet, or the like.
The present invention may also be a computer system including a microprocessor and a memory, wherein the memory stores the computer program, and the microprocessor operates according to the computer program.

Further, the program or the digital signal is recorded on the recording medium and transferred, or the program or the digital signal is transferred via the network or the like, so that it is executed by another independent computer system. It may be.
(17) The above embodiment and the above modifications may be combined.

  A legitimate user can use the content to form a group that can use the content via a network while preventing the use of the content by an unauthorized third party.

1 is a block diagram illustrating a configuration of a device registration system 1. FIG. 2 is a block diagram illustrating a configuration of a server device 100. 4 shows a configuration of registration information. 4 shows a configuration of a registered device list. FIG. 2 is a block diagram illustrating a configuration of a client device 200. 3 shows the structure of a registered group list. 3 shows the structure of a withdrawal group list. 9 is a flowchart illustrating a method for establishing a SAC. Continued to FIG. 9 is a flowchart illustrating a method for establishing a SAC. Continuation of FIG. 6 is a flowchart illustrating an operation when registering a client device in a server device. It continues to FIG. 6 is a flowchart illustrating an operation when registering a client device in a server device. Continuation of FIG. 9 is a flowchart showing an operation at the time of registration and collation. 5 is a flowchart illustrating an operation when delivering content from a server device to a client device. 6 is a flowchart showing an operation when the client device stores the acquired content. 9 is a flowchart illustrating an operation when a client device withdraws from a server device. It is a flowchart which shows the operation | movement at the time of exchanging a registered apparatus list | wrist between server apparatuses 100a and 100b. It continues to FIG. It is a flowchart which shows the operation | movement at the time of exchanging a registered apparatus list | wrist between server apparatuses 100a and 100b. Continuation of FIG. It continues to FIG. It is a flowchart which shows the operation | movement at the time of exchanging a registered apparatus list | wrist between server apparatuses 100a and 100b. Continuation of FIG. It is a flowchart which shows the operation | movement which inquires from the server apparatus 100a to the server apparatus 100b whether registration is possible. It is a flowchart which shows the operation | movement which collates the registration of the client apparatus 200 from the server apparatus 100a to the server apparatus 100b.

Explanation of reference numerals

1 device registration system 100 server device 103 ID storage unit 106 public key encryption processing unit 107 registered device list storage unit 108 registration information storage unit 109 registration processing unit 110 content storage unit 111 content key storage unit 118 server-to-server communication unit 200 client device 206 Public key encryption unit 207 Registered group list storage unit 208 Withdrawal group list storage unit 209 Registration processing unit 218 Playback unit 219 Monitor 220 Speaker 500 Internet

Claims (53)

A group subscription approval system for deciding whether to allow a client device to subscribe to a closed group that can use content,
First limiting means provided in the client device for determining whether or not to apply for a new group from the number of groups that the client device has already subscribed to and the maximum number of groups that can be subscribed up to now;
Based on the number of client devices registered to the server device up to the present and the maximum number that can be registered, the client device that has newly applied for subscription is provided in the server device that provides content to the client device. And a second restricting means for deciding whether or not to subscribe. The client device, which has not been restricted from applying for subscription by the first restricting unit, transmits information unique to the client device to the server device together with a registration request when applying for subscription to a group,
When allowing the subscription by the second restricting means, the server device receives and registers the unique information together with the registration request, transmits the group identification information to the client device,
The client device receives and stores the group identification information.
2. The group joining approval system according to claim 1, wherein: A server device that belongs to a group that is in a range in which use of content is permitted, and that registers a client device that requests to join the group,
From the client device, unique information unique to the client device, a receiving unit for receiving a registration request to the server device,
If the client device is a legitimate device, determining means for determining whether or not the registered number of other client devices registered in the server device is smaller than the maximum limit number of devices that can be registered in the server device. When,
Registering means for registering the received unique information, when determining that the determining means is small,
A communication unit for transmitting, to the client device, identification information for identifying a group to which the server device belongs when the unique information is registered. The determining means determines whether the received unique information has already been registered by the registration means,
The server device according to claim 3, wherein the registration unit suppresses registration of the unique information when determining that the registration is performed. The receiving means receives a registration request including the first authentication value,
The determining unit further holds a second authentication value in advance, determines whether the first authentication value matches the second authentication value, and if it determines that the first authentication value matches the second authentication value, corrects the client device. The server device according to claim 3, wherein the server device is determined to be a simple device. The server device according to claim 5, wherein the first authentication value and the second authentication value are passwords. The receiving means receives a registration request including first fingerprint data obtained by extracting characteristic points of a user's fingerprint,
The determination unit further holds second fingerprint data obtained by extracting a feature point from a fingerprint of a user of the server device, and determines whether the first fingerprint data matches the second fingerprint data. The server device according to claim 5, wherein: The receiving means receives a registration request including first iris data obtained by extracting feature points of the user's iris,
The determining unit further holds second iris data obtained by extracting feature points from the iris of the user of the server device, and determines whether the first iris data matches the second iris data. The server device according to claim 5, wherein: The determination unit determines whether the client device is connected to a local area network to which the server device is connected, and determines that the client device is a legitimate device when determining that the client device is connected. 4. The server device according to claim 3, wherein: When another server device among the other server devices belonging to the group and the server device is determined as the representative server device of the group,
When the receiving unit receives the registration request and the unique information, the communication unit notifies the representative server device of the registration request and the unique information,
The representative server device determines whether the number of client devices registered in the representative server device is smaller than the maximum number that can be registered in the representative server device. Is registered in the representative server device, and as a result of the determination, representative identification information for identifying a group to which the representative server device belongs is output to the server device,
The determining means, instead of determining whether the registered number is less than the limited number, receives the determination result from the other server device,
The server device according to claim 3, wherein the communication unit transmits the determination result to the client device. The server device according to claim 10, wherein the communication unit includes a determination unit that determines which server device is to be the representative server device with the other server device. The determining unit determines the representative server device based on a preset condition among the priorities, processing capabilities, and processing statuses of the other server device and the server device. The server device according to claim 11, wherein: The communication unit further includes the received unique information, and transmits inquiry information for inquiring whether the client device can be registered to another server device belonging to the group,
The other server device determines whether the number of other client devices registered in the other server device is smaller than the maximum number that can be registered in the other server device, and determines that the number is smaller. Registering the unique information, transmitting to the server device, other identification information for identifying a group to which the other server device belongs as a determination result,
The determining means, instead of determining whether the registered number is less than the limited number, receives a determination result from the other server device,
The server device according to claim 3, wherein the communication unit transmits the determination result to the client device. The communication means, when the determination means determines that the registered number and the limited number are the same, transmits the inquiry information to the other server device. Server equipment. The communication means further acquires, from the other server device, first identification information for identifying a group to which the other server device belongs,
The determining unit further holds second identification information for identifying a group to which the server device belongs, and determines whether the obtained first identification information matches the second identification information,
14. The server device according to claim 13, wherein the communication unit transmits the inquiry information when determining that they match. The communication means obtains the maximum number of devices that can be registered in the server device from a management device outside the group, and pays a fee in accordance with the obtained number,
The server device according to claim 3, wherein the determination unit sets the number as the limited number. The communication means further acquires a newly registerable number from a management device outside the group, and pays a price according to the acquired number,
4. The server device according to claim 3, wherein the determining unit sets a number obtained by adding the number to the limited number as a new limited number. 5. The server device further includes:
Content storage means for storing encrypted content encrypted using a content key and the content key,
Key generation means for generating a shared key with the client device;
Encryption means for encrypting the content key using the shared key to generate an encrypted content key,
The receiving means receives a content delivery request and unique information from a client device,
The determining means determines whether the same unique information as the unique information is registered,
The server device according to claim 3, wherein the communication unit transmits the encrypted content and the encrypted content key to a requesting client device when determining that the communication content is registered. The registration unit further generates expiration date information that is a period for registering the unique information, registers the information in association with the unique information, monitors the elapse of the period indicated by the expiration date, When the period indicated by the term information ends, the unique information is deleted,
4. The server device according to claim 3, wherein the determination unit increases the registered number when the registration unit registers the unique information, and decreases the registered number when the unique information is deleted. 5. 20. The server device according to claim 19, wherein the communication unit transmits the expiration date information to the client device when the registration unit registers the unique information. 20. The server according to claim 19, wherein when the period indicated by the expiration date information ends, the communication unit transmits an end notification indicating that the period indicated by the expiration date information has ended to the client device. machine. The receiving unit receives a withdrawal request and the unique information from the client device,
The registration means deletes the same unique information as the unique information,
4. The server device according to claim 3, wherein the determination unit increases the registered number when the registration unit registers the unique information, and decreases the registered number when the unique information is deleted. 5. The registration unit further registers the deleted unique information in a withdrawal list,
The determining means further determines whether or not the same unique information as the unique information received by the receiving means is registered in the withdrawal list. If it is determined that the unique information is registered, the requesting client Determines that the device cannot be registered,
23. The server device according to claim 22, wherein the registration unit suppresses registration of the unique information when the determination unit determines that registration is not possible. The server device further includes:
Between another server device, a client device that has joined the group, and a client device that continues to join the group, and withdraws from the group to another group to which the another server device belongs. Including selecting means for selecting a client device to be subscribed,
4. The server device according to claim 3, wherein the registration unit deletes the unique information of the client device selected to join the another group, and reduces the registered device by the number of deleted devices. 5. 25. The server device according to claim 24, wherein the selection unit further selects a server device to be the another server device among a plurality of server devices belonging to the group. 25. The server device according to claim 24, wherein the selection unit selects a client device serving as the another server device from client devices subscribed to the group. The selecting means, from among the client devices subscribed to the group, priority of each client device, processing capability or processing status, based on a preset condition, the another server device, The server device according to claim 26, wherein a client device is selected. The receiving unit further receives a priority of each of the client devices,
The selection means selects, based on the priority, a client device that continues to join the group and a client device that withdraws from the group and joins the another group. 25. The server device according to 24. The registration means,
A clock section for measuring the current date and time,
When the determination unit determines that the limited number is smaller than the registered number, the date and time measured by the clock unit is further obtained as a registration date and time, and the registration date and time and the unique information are associated with each other. A unique information writing unit to be registered in the registration list,
25. The server device according to claim 24, wherein the selection unit selects a client device based on the registration date and time. The determining means determines whether the registered number of unique information registered in the registered device list is less than the limited number,
The server device according to claim 3, wherein the registration unit registers the received unique information in the registered device list when determining that the number is small. The server device further includes:
Equipped with input means for receiving input of unique information from outside,
The determining unit registers the received unique information in a temporary registration list, and when the receiving unit receives the unique information, whether the unique information matching the unique information is registered in the temporary registration list. Judge whether or not
31. The server device according to claim 30, wherein the registration unit registers the unique information in a registration list when the registration unit determines that the registered number is smaller than the limited number. The communication means transmits the registered device list to another server device belonging to the group, receives another registered device list from the other server device, and exchanges the registered device list,
The judging means extracts unique information that is not registered in the registered device list from the other registered device list, and the number of extracted unique information is a difference between the limited number and the registered number. Judge whether it is smaller than the number,
The registration unit registers the extracted unique information in the registered device list when the determination unit determines that the unique information is small, and the unique information registered in the registered device list when the determination unit determines that the unique information is large. 31. The server device according to claim 30, wherein from the obtained unique information, unique information corresponding to the number indicated by the limited number is selected, and the selected unique information is registered in the registered device list. The registration means,
A clock section for measuring the current date and time,
When the determination unit determines that the limited number is smaller than the registered number, obtains a date and time from the clock unit, sets the obtained date and time as a registration date and time, and associates the registration date and the unique information with the unique date and time. When registering in the registered device list and the determining means determines that the number of the extracted unique information is larger than the remaining number, a unique information writing unit that selects the unique information and writes the unique information in the registered device list. 33. The server device according to claim 32, comprising: The receiving unit further obtains a priority of the client device,
When the determining unit determines that the number of the extracted unique information is larger than the remaining number, the unique information writing unit determines the number of unique devices corresponding to the number of devices indicated by the limited number in order of the client devices having the higher priority. The server device according to claim 32, wherein information is selected. The communication means further acquires, from the other server device, first identification information for identifying a group to which the other server device belongs,
The determination unit further holds second identification information for identifying a group to which the server device belongs, and determines whether the obtained first identification information matches the second identification information,
33. The server device according to claim 32, wherein the communication unit exchanges the registered device list when determining that they match. The server device further includes:
When the group is merged with another group to form a new group, if it is determined that the group belongs to the new group, the new group is exchanged with another server device belonging to the another group. Determining means for determining new identification information for identifying
The communication means transmits the registered device list to the another server device, from the another server device, receives another registered device list held by the another server device,
The determination unit extracts unique information not registered in the registered device list from the another registered device list, and the number of the extracted unique information is a remaining number that is a difference between the limited number and the registered number. Determine whether or not smaller than, if it is determined to be small, the registered number is increased by the number of the extracted unique information, if it is determined to be large, the registered number is the same as the limited number,
The registration unit registers the extracted unique information in the registered device list when determining that the number of the extracted unique information is smaller than the remaining number, and registers the extracted unique information in the registered device list when determining that the number is larger. From the unique information and the extracted unique information, select the unique information for the number indicated by the limited number, register in the registered device list,
The server device according to claim 30, wherein the communication unit transmits the new identification information to a client device indicated by the unique information registered in the registered device list. The registration means,
A clock section for measuring the current date and time,
When the determination unit determines that the limited number is smaller than the registered number, it obtains a date and time from the timing unit, and associates the acquired date and time with the registration date and the unique information as a registration date and time. When registering in the registered device list and the determination unit determines that the number of the extracted unique information is larger than the remaining number, the extracted unique information is stored in the order of the corresponding registration date and time in the order of earlier. 37. The server device according to claim 36, further comprising a unique information writing unit to be selected. The receiving unit further receives a priority of each of the client devices,
The server device according to claim 37, wherein the registration unit selects the unique information for the limited number in order from the unique information of the client device having the higher priority. A client device that registers with a server device belonging to a group that is in a range where use of content is permitted and subscribes to the group,
If the server device is a legitimate device, a determination is made to determine whether the number of registrations of another group to which the client device has subscribed is less than the maximum number of groups to which the client device can subscribe. Means,
If the determination unit determines that the number is small, the client transmits unique information unique to the client device and a registration request indicating registration to the server device to the server device, and the server device belongs to the server device. Communication means for receiving identification information identifying the group;
Registering means for registering the received identification information. The client device further comprises:
An input receiving means for receiving an authentication value input from outside is provided,
The client device according to claim 39, wherein the communication unit transmits a registration request including the authentication value. 41. The client device according to claim 40, wherein the input receiving unit receives an input of a password as the authentication value. The input receiving means receives an input of a user's fingerprint as the authentication value, and extracts a feature point from the fingerprint,
The client device according to claim 40, wherein the communication unit transmits a registration request including the feature point. The input receiving unit receives an input of a user's iris as the authentication value, and extracts a feature point from the iris,
The client device according to claim 40, wherein the communication unit transmits a registration request including the feature point. The judging means further includes a plurality of groups belonging to the same group based on a preset condition among a distance from the server device, a communication time with the server device, a processing capability of the server device, and a processing state of the server device. One server device is selected from the server devices of
The client device according to claim 39, wherein the communication unit transmits the registration request and the unique information to the selected server device. The communication means further acquires, from a management device outside the group, the maximum number of groups to which the client device can subscribe, and pays for the acquired number,
The client device according to claim 39, wherein the determining unit sets the acquired number as the subscribeable number. The communication unit further obtains a new number of groups to which the client device can subscribe from a management device outside the group, and pays a price according to the obtained number,
40. The client device according to claim 39, wherein the determining unit sets a number obtained by adding the acquired number to the joinable number as a new joinable number. The communication means, after transmitting the registration request, further receives validity period information indicating a period during which the client device is registered in the server device,
The registration unit monitors the elapse of a period indicated by the expiration date information, and when the period indicated by the expiration date ends, deletes the identification information,
40. The client device according to claim 39, wherein the determination unit increases the registration number when the registration unit registers the identification information, and decreases the registration number when the identification information is deleted. The communication means, after receiving the identification information, further receives a notification that the period during which the client device is registered with the server device has ended,
The registration unit, upon receiving the notification, deletes the identification information,
40. The client device according to claim 39, wherein the determination unit increases the registration number when the registration unit registers the identification information, and decreases the registration number when the identification information is deleted. The communication means transmits a withdrawal request indicating withdrawal from the group to the server device, from the server device, receives a withdrawal completion notification indicating that withdrawal processing has been completed,
The registration means, upon receiving the withdrawal completion notification, deletes the identification information,
40. The client device according to claim 39, wherein the determination unit increases the registration number when the registration unit registers the identification information, and decreases the registration number when the identification information is deleted. The registration unit registers the deleted identification information in a withdrawal group list,
The communication unit, before transmitting the registration request, obtains the identification information from the server device,
The determination means determines whether the same identification information as the acquired identification information is not registered in the withdrawal group list, or registered at the end and registered at other than the last,
50. The client device according to claim 49, wherein the communication unit transmits the registration request to the server device when determining that the registration has not been performed or when determining that registration has been performed last. The communication unit further identifies the subscription group from another server device belonging to another group different from the group and a server device belonging to a subscription group to which the client device belongs, among the server devices. Receiving identifying information,
The client device according to claim 39, wherein the registration unit deletes the identification information and registers the received identification information. The client device further comprises:
When the group is selected to be another server device belonging to another group, the client device that joins the group from the client device that joins the group with the server device. A client device to be continued, and a selecting means for selecting a client device to withdraw from the group and newly join the another group,
The communication means transmits another identification information for identifying the different group to the client device subscribing to the different group,
The client device according to claim 39, wherein the registration unit further deletes the registered identification information and registers unique information of the client device selected to join the another group. The selecting means, between the server device, to select a client device to join the another group,
The communication means acquires the unique information of the selected client device from the server device,
The client device according to claim 52, wherein the registration unit registers the acquired unique information.

Images