JP2004341657A - Server device, information processor, information processing method and computer program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a device and method for efficiently constructing and executing access restriction configurations based on a password. <P>SOLUTION: Objects being the configuring elements of a contents directory are respectively set with an element password, and the whole contents directory is set with a database password. A server executes password authentication processing based on the collation of a received password from a client and a storage password, and decides a processing permission area from the directory based on the establishing circumstances of the password authentication, and executes the requested processing of the client when the processing requested by the client is executable in the decided processing permission area. Thus, access authorities based on the directory configuration is set without need to set the access authority of each of the contents, and to the efficient construction of access restriction processing configurations and contents management are realized. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

[0001]
TECHNICAL FIELD OF THE INVENTION
The present invention relates to a server device, an information processing device, an information processing method, and a computer program. More specifically, the present invention relates to a server device, an information processing device, an information processing method, and a computer program for realizing access restriction based on a password for content stored in a content management server.
[0002]
[Prior art]
With the spread of data communication networks in recent years, so-called home networks, which allow home appliances, computers, and other peripheral devices to be connected to each other in a network to enable communication between the devices, are becoming popular. Home networks provide convenience and comfort to users, such as sharing data processing functions of each device by communicating between network-connected devices and transmitting and receiving content between devices. Is expected to become more and more popular.
[0003]
A universal plug and play (UPnP: Universal Plug and Play) is known as a protocol suitable for such a home network configuration. Universal Plug and Play (UPnP) enables a network to be easily constructed without complicated operations, and provides services provided by each connected device to devices connected to the network without complicated operations and settings. It should be receivable. UPnP also has the advantage that devices can be easily added without depending on the OS (operating system) on the device.
[0004]
UPnP exchanges definition files conforming to XML (extensible Markup Language) between connected devices, and performs mutual recognition between the devices. The outline of the UPnP process is as follows.
(1) Addressing processing for acquiring its own device ID such as an IP address.
(2) Discovery processing in which each device on the network is searched, a response is received from each device, and information such as a device type and a function included in the response is obtained.
(3) Service request processing for requesting a service from each device based on the information acquired in the discovery processing.
[0005]
By performing the above processing procedure, it becomes possible to provide and receive a service to which a device connected to the network is applied. A device newly connected to the network acquires a device ID by the above-described addressing process, acquires information of another device connected to the network by the discovery process, and requests a service to another device based on the acquired information. Becomes possible.
[0006]
For example, in a case where content such as music data and image data stored in a server is to be reproduced on a client-side device, the client acquires information on the content held by the server. The server stores the content in the storage unit and also stores attribute information for the stored content. The attribute information includes various information such as, for example, the title of a song or movie as a content, the name of an artist, the recording date and time, and information on the data compression mode. These pieces of attribute information are called metadata or meta information.
[0007]
For example, when content such as music data and image data stored in the server is to be played back on the client device, the content information stored in the server from the client side to the server, such as a song or movie title or artist A request for acquiring attribute information of various contents such as a name, data compression mode information (ATRAC: adaptive transform acoustic coding, MPEG: moving picture experts group), and, if necessary, copyright information is transmitted.
[0008]
The server transmits metadata (attribute information) relating to the content held by the server to the client in response to a request from the client. The client displays the content information on the display of the client device according to a predetermined display program based on the metadata acquired from the server. For example, a song list including an artist name and a title is displayed on the display. The user confirms or selects the content to be reproduced based on the display information, and transmits a content transmission request to the server. The server receives the content request from the client, the server transmits the content to the client in response to the request, and the client reproduces the received content.
[0009]
The content stored in the server as described above can be searched from another device (client) connected to the network, and specified content can be designated and reproduced.
[0010]
The content management server also needs to consider measures against unauthorized access. A device in a home network, for example, a server or the like, often stores contents requiring copyright management such as private contents and pay contents. In the network configuration as described above, it is easy for a user who does not have the right to use the content or the like to enter the network. For example, in the case of a network constituted by a wireless LAN, there is a situation in which a server in a house is illegally entered into the network by using a communication device from the outside or from a neighboring house, and the contents are exploited. Can occur. Such a configuration that allows unauthorized access also causes secret leakage, and is an important problem from the viewpoint of content copyright management.
[0011]
In order to eliminate the unauthorized access as described above, for example, the server holds a list of clients permitted to access, and when a client makes an access request to the server, the server executes a collation process with the list to eliminate the unauthorized access A configuration has been proposed.
[0012]
For example, MAC address filtering that sets a MAC (Media Access Control) address, which is a physical address unique to a network connection device, as an access-permitted device list is known. MAC address filtering means that a MAC address that permits access is registered in advance in a router or gateway that isolates an internal network (subnet) such as a home network from an external network, and the MAC address of a received packet is registered. The MAC address is collated with the MAC address, and access from a device having an unregistered MAC address is denied.
[0013]
As described above, the MAC list is set in the server, and the access from the device set in the MAC list makes it possible to eliminate the access from an unauthorized third party. However, even between family members who have an access right to the server, personal contents and the like may be stored in the server.
[0014]
In a server to which access is allowed by a plurality of users, it is desirable to set an access right for each user in units of individual contents stored in the server or a content folder storing a plurality of contents.
[0015]
For example, Patent Literature 1 discloses a configuration in which a plurality of users using content in a content distribution server are divided into levels, and the distribution mode of the content is changed according to the level. Specifically, it discloses a configuration in which, when a content use request is issued from a user who has not been set a content use right, a content use permission process is executed, and then the content is distributed.
[0016]
However, the configuration disclosed in Patent Literature 1 needs to individually set the use right of each user for each of the contents stored in the server, and has a problem that a complicated procedure is required.
[0017]
[Patent Document 1]
Patent Publication 2001-142495
[0018]
[Problems to be solved by the invention]
SUMMARY OF THE INVENTION The present invention has been made in view of the above-described problems, and by setting a password in accordance with the configuration of a content directory for a content of a content management server, a user's right to use for each component of the content directory is set. , An information processing apparatus, an information processing method, and a computer program, which are capable of efficiently setting the access authority of each user easily and reliably.
[0019]
[Means for Solving the Problems]
According to a first aspect of the present invention,
A server device that executes content management,
A data transmission / reception unit that executes data transmission / reception processing with a client as a processing request device for a server;
A content directory having a tree structure is stored as a content management configuration, and an element password set for each object as a component of the content directory and a database password set for the entire content directory are stored. Department and
A password authentication processing unit that performs a password authentication process based on a comparison between a received password from a client and a stored password stored in the storage unit,
A data processing unit that executes a process requested by the client, on condition that the password authentication in the password authentication processing unit is established;
The data processing unit includes:
A case where the password authentication processing unit determines a processing allowable area from the entire content directory based on one or more passwords for which the password authentication is established, and can execute a process requested by the client in the determined processing allowable area. And a server device configured to execute a request process of the client.
[0020]
Further, in one embodiment of the server device of the present invention, when the processing request of the client is a request to acquire or reproduce content corresponding to an object as a component of the content directory, An element password set in the object of the content directory corresponding to the requested content, and an upper level set in an upper object existing on the route from the object of the content directory corresponding to the client requested content to the root which is the highest object Performing an authentication process based on a password group including each of the element passwords corresponding to the object, and the data processing unit performs a request process of the client on condition that the authentication process based on the password group is established. Characterized in that it is configured to row.
[0021]
Further, in one embodiment of the server device of the present invention, the password authentication processing unit, if the processing request of the client is a browsing request of content information corresponding to an object as a component of the content directory, the browsing request Authenticating a group of element passwords set in an upper-level object existing on a route from the object in the content directory corresponding to the target content information to the root that is the highest-level object in the content directory, and the data processing unit performs The client request processing is executed on condition that the authentication of the group of element passwords set in the upper object is established.
[0022]
Further, in one embodiment of the server device of the present invention, the password authentication processing unit may be configured to determine that the processing request of the client is an acquisition request based on a search for content information corresponding to an object as a component of the content directory. Executing an authentication process based on one or more passwords received from the client, wherein the data processing unit searches the entire content directory with the one or more passwords for which password authentication has been established in the password authentication processing unit. It is characterized in that the area is determined and a search (search) process is performed on objects included in the determined search processing area.
[0023]
Further, in one embodiment of the server device of the present invention, when the processing request of the client is a request for updating content or content information managed based on the content directory, the password authentication processing unit may include: And the element password set in the content directory object corresponding to the client's update request content or update request content information, and the client update request content or update request content information corresponding to the client's update request content or update request content information. A password group including element passwords corresponding to the higher-level objects set in the higher-level objects existing on the route from the content directory object to the root that is the highest-level object; Based performs authentication processing, the data processing unit, subject to establishment of authentication processing based on the password set, characterized in that it is configured to perform the request process of the client.
[0024]
Further, in one embodiment of the server device of the present invention, the password authentication processing unit, when the processing request of the client involves a process of moving or copying content or content information managed based on the content directory, The source password and destination of the content directory corresponding to the update request content or the update request content information of the client, and the element password set in the copy source and copy destination objects, and the source and destination, or the copy source and And performing an authentication process based on a password group including each element password corresponding to a higher-order object set in a higher-order object existing on a route from the copy destination object to the root that is the highest-order object. , Subject to establishment of authentication processing based on the serial password group, characterized in that it is configured to perform the request process of the client.
[0025]
Further, in one embodiment of the server device of the present invention, when the processing request of the client is a request for updating an object as a component of the content directory, the password authentication processing unit sets the password for the entire content directory. Executes an authentication process based on a password group including a database password to be set and element passwords corresponding to a higher-order object set in a higher-order object existing on a route from a client update request object to a root that is a highest-order object. The data processing unit is configured to execute the client request process on condition that the authentication process based on the password group is established.
[0026]
Further, in one embodiment of the server device of the present invention, when the processing request of the client involves a moving process or a copying process of an object as a component of the content directory, the password authentication processing unit transmits the entire content directory. Corresponding to the upper-level object set on the path from the source and the destination of the content directory, or from the copy-source and the copy-destination object to the root which is the highest-level object. And an authentication process based on a password group including each of the element passwords, and the data processing unit is configured to execute a request process of the client on condition that the authentication process based on the password group is established. Features.
[0027]
Further, in one embodiment of the server device of the present invention, the storage unit stores metadata, which is attribute information corresponding to an object as a component of a content directory, in association with each object, and stores metadata of each object. Is characterized in that the element password of the object corresponding to the password is recorded.
[0028]
Further, in one embodiment of the server device of the present invention, the storage unit stores metadata, which is attribute information corresponding to an object as a component of a content directory, in association with each object, and stores metadata of each object. , And an element password corresponding to a higher-order object set in a higher-order object existing on the route from the object to the root, which is the highest-order object, is recorded.
[0029]
Further, in one embodiment of the server device of the present invention, the storage unit stores metadata, which is attribute information corresponding to an object as a component of a content directory, in association with each object, and stores metadata of each object. And the position information in the content directory of the upper-level object set with the element password among the upper-level objects existing on the route from the object to the root that is the highest-level object. It is characterized by the following.
[0030]
Further, a second aspect of the present invention provides
An information processing device as a client that executes a processing request to a server that executes content management,
A storage unit that stores all passwords input by the user during the operation period of the server use application,
In response to a processing request to the server or a response to a password request from the server, a process of setting all passwords stored in the storage unit as transmission data is executed, and stored in the storage unit on condition that the server application is terminated. A data processing unit for executing a process of erasing all of the passwords obtained,
An information processing apparatus characterized by having:
[0031]
Further, a third aspect of the present invention provides
An information processing method in a server that executes content management processing,
Receiving a processing request and a password from a client as a processing request device for the server;
A password authentication processing step of performing a password authentication processing based on a comparison between a received password from the client and a stored password stored in a storage unit in a server,
A data processing step of executing a client request process on condition that password authentication is established in the password authentication process step;
The data processing step includes:
In the password authentication processing step, a step of determining a processing allowable area from a content directory as a content management configuration based on one or more passwords for which password authentication has been established;
Executing a process requested by the client when a process requested by the client is executable within the determination process allowable area;
An information processing method comprising:
[0032]
Further, in one embodiment of the information processing method of the present invention, the password authentication processing step includes a case where the processing request from the client is a request to acquire or reproduce content corresponding to an object as a component of the content directory. The element password set in the object of the content directory corresponding to the content requested by the client and the upper-level object existing on the route from the object of the content directory corresponding to the content requested by the client to the root which is the highest-level object. And performing an authentication process based on a password group including each of the element passwords corresponding to the set upper-level object, and the data processing step is performed on condition that the authentication process based on the password group is established. And executes the request processing client.
[0033]
Further, in one embodiment of the information processing method of the present invention, the password authentication processing step includes a step of: browsing when the processing request of the client is a browsing request of content information corresponding to an object as a component of the content directory. Executing an authentication process of an element password group set in an upper-level object existing on a route from an object of the content directory corresponding to the requested content information to a root which is a top-level object of the content directory; Executes a request process of the client on condition that authentication of a group of element passwords set in the upper object is established.
[0034]
Further, in one embodiment of the information processing method of the present invention, in the password authentication processing step, the processing request of the client is an acquisition request based on a search for content information corresponding to an object as a component of the content directory. In the case, an authentication process based on one or more passwords received from the client is executed, and the data processing step includes, in the password authentication processing step, a search (search) from the entire content directory by using one or more passwords for which password authentication has been established. A processing area is determined, and a search (search) process is performed on objects included in the determined search processing area.
[0035]
Further, in one embodiment of the information processing method of the present invention, the password authentication processing step includes a step of: when the processing request of the client is a request for updating content or content information managed based on the content directory, It corresponds to the database password set for the whole, the element password set in the object of the content directory corresponding to the update request content or the update request content information of the client, and the update request content or the update request content information of the client. And element passwords corresponding to higher-level objects set in higher-level objects existing on the route from the object of the content directory to the root that is the highest-level object. Perform authentication processing based on the over de group, wherein the data processing step, subject to establishment of authentication processing based on the password set, characterized in that it is configured to perform the request process of the client.
[0036]
Further, in one embodiment of the information processing method of the present invention, the password authentication processing step includes a case where the processing request of the client involves a movement processing or a copy processing of content or content information managed based on the content directory. An element password set in a source and a destination, or a copy source and a copy destination object of the content directory corresponding to the update request content or the update request content information of the client, and the source and the destination or the copy source And performing an authentication process based on a password group including element passwords corresponding to a higher-order object set in a higher-order object existing on the route from the copy destination object to the root as the highest-order object. Step, subject to establishment of authentication processing based on the password set, characterized in that it is configured to perform the request process of the client.
[0037]
Further, in one embodiment of the information processing method according to the present invention, the password authentication processing step includes, when the processing request of the client is a request for updating an object as a component of the content directory, Authentication processing based on a password group including a set database password and each element password corresponding to a high-order object set in a high-order object existing on a route from a client update request object to a root, which is a top-level object, is performed. Executing, the data processing step is configured to execute the client request processing on condition that the authentication processing based on the password group is established.
[0038]
Further, in one embodiment of the information processing method according to the present invention, the password authentication processing step includes a step of, when the processing request of the client involves a moving process or a copying process of an object as a component of the content directory, And a higher-level object set as a higher-level object existing on a route from a source and a destination of the content directory or a source and a destination of the content directory to a root that is a top-level object. The authentication processing is performed based on a password group including the corresponding element passwords, and the data processing step is configured to execute the client request processing on condition that the authentication processing based on the password group is established. And it features.
[0039]
Further, a fourth aspect of the present invention provides
An information processing method for executing a processing request to a server that executes content management,
A password storing step of storing in the storage unit all passwords input by the user during the operation period of the server use application,
Transmitting all passwords stored in the storage unit as transmission data as a response to a processing request to the server or a password request from the server;
A password erasing step of erasing all passwords stored in the storage unit on condition that the server use application is terminated;
An information processing method comprising:
[0040]
Further, a fifth aspect of the present invention provides
A computer program for executing information processing in the content management processing server,
Receiving a processing request and a password from a client as a processing request device for the server;
A password authentication processing step of performing a password authentication processing based on a comparison between a received password from the client and a stored password stored in a storage unit in a server,
A data processing step of executing a client request process on condition that password authentication is established in the password authentication process step;
The data processing step includes:
In the password authentication processing step, a step of determining a processing allowable area from a content directory as a content management configuration based on at least one password for which password authentication has been established;
Executing a process requested by the client when a process requested by the client is executable within the determination process allowable area;
A computer program characterized by having:
[0041]
Further, a sixth aspect of the present invention provides
A computer program for executing a processing request to the content management server,
A password storing step of storing in the storage unit all passwords input by the user during the operation period of the server use application,
Transmitting all passwords stored in the storage unit as transmission data as a response to a processing request to the server or a password request from the server;
A password erasing step of erasing all passwords stored in the storage unit on condition that the server use application is terminated;
A computer program characterized by having:
[0042]
[Action]
According to the configuration of the present invention, in the content management server, a content directory having a tree configuration is set as the content management configuration, and an element password set for each of the objects constituting the content directory, A database password set for the whole is stored in a storage unit, and a password authentication process is performed based on a comparison between a received password from a client and a stored password stored in the storage unit, and one or more passwords for which password authentication is established Is determined from the entire contents directory based on the content directory, and when the processing requested by the client can be executed within the determined processing allowable area, the client request processing is executed. Without configuring access privileges enables setting of access rights based on the directory structure, the construction of efficient access limitation processing configuration allows content management.
[0043]
Further, according to the configuration of the present invention, in the client executing the processing request to the server executing the content management, all the passwords input by the user during the operation period of the server use application are stored in the storage unit, and the processing for the server is performed. As a request or a response to a password request from the server, all passwords stored in the storage unit are transmitted as transmission data, and all passwords stored in the storage unit are deleted on condition that the server application is terminated. This eliminates the need for the user to repeatedly enter the same password during the operation period of the server use application, enables efficient use of server-stored content, and prevents password leakage by password erasure.
[0044]
The computer program of the present invention is provided, for example, in a computer-readable format for a general-purpose computer system capable of executing various program codes, in a storage medium or communication medium such as a CD, FD, or MO. And a computer program that can be provided by a communication medium such as a network. By providing such a program in a computer-readable format, processing according to the program is realized on a computer system.
[0045]
Further objects, features, and advantages of the present invention will become apparent from a more detailed description based on embodiments of the present invention described below and the accompanying drawings. In this specification, the term “system” refers to a logical set of a plurality of devices, and is not limited to a device having each component in the same housing.
[0046]
BEST MODE FOR CARRYING OUT THE INVENTION
Hereinafter, a server device, an information processing device, an information processing method, and a computer program of the present invention will be described in detail with reference to the drawings.
[0047]
[System Overview]
First, an example of a network configuration to which the present invention can be applied will be described with reference to FIG. FIG. 1 shows a server 101 that executes processing in response to processing requests from various client devices, and a PC 121, a monitor 122, a mobile phone 123, a playback device 124, and a PDA 125 as client devices that make processing requests to the server 101. Indicates a configuration connected via the network 100, for example, a home network configuration. Various other electronic devices and home electric appliances can be connected as the client device.
[0048]
The processing executed by the server 101 in response to a request from a client is, for example, provision of content stored in a storage unit such as a hard disk held by the server 101, or data processing service by executing an application program executable by the server. is there. In FIG. 1, the server 101 and the client device are separately illustrated, but a device that provides a service in response to a request from a client is illustrated as a server. When providing a data processing service to another client, a function as a server can be provided. Therefore, the client device connected to the network shown in FIG. 1 can also be a server.
[0049]
The network 100 is one of a wired network, a wireless network, and the like. Each connected device transmits and receives a communication packet such as an Ethernet (registered trademark) frame via the network 100. That is, the client executes the data processing request to the server 101 by transmitting the frame in which the processing request information is stored in the data portion of the Ethernet frame to the server 101. The server 101 executes data processing in response to the reception of the processing request frame, stores result data as a result of the data processing in the data portion of the communication packet as necessary, and transmits the data to each client.
[0050]
The network connection device is configured by, for example, a Universal Plug and Play (UPnP: Universal Plug and Play) compatible device. Therefore, it is a configuration in which connection devices can be easily added to or deleted from the network. Devices newly connected to the network
(1) Addressing processing for acquiring its own device ID such as an IP address.
(2) Discovery processing in which each device on the network is searched, a response is received from each device, and information such as a device type and a function included in the response is obtained.
(3) Service request processing for requesting a service from each device based on the information acquired in the discovery processing.
By performing the above-described processing procedure, it becomes possible to receive a service to which a device connected to the network is applied.
[0051]
An example of a hardware configuration of a PC will be described with reference to FIG. 2 as an example of an information processing apparatus constituting the server and the client apparatus shown in FIG.
[0052]
A CPU (Central Processing Unit) 201 executes various processes in accordance with a program stored in a ROM (Read Only Memory) 202 or an HDD 204 or the like, and functions as a data processing unit or a communication control processing unit. The RAM 203 stores programs and data executed by the CPU 201 as appropriate. The CPU 201, the ROM 202, the RAM 203, and the HDD 204 are mutually connected via a bus 205.
[0053]
An input / output interface 206 is connected to the bus 205. The input / output interface 206 includes, for example, an input unit 207 including a keyboard, a switch, a button, a mouse, or the like operated by a user. An output unit 208 including an LCD, a CRT, a speaker, and the like for presenting the information is connected. Further, a communication unit 209 functioning as a data transmission / reception unit, and a removable recording medium 211 such as a magnetic disk, an optical disk, a magneto-optical disk, or a semiconductor memory can be mounted, and data reading or writing processing from the removable recording medium 211 can be performed. Is connected.
[0054]
The configuration shown in FIG. 2 is an example of a server and a personal computer (PC) as an example of the network connection device shown in FIG. 1. However, the network connection device is not limited to a PC, and as shown in FIG. It can be configured by a portable communication terminal such as, a variety of electronic devices such as a playback device and a display, and an information processing device. Therefore, it is possible to have a hardware configuration unique to each device, and execute processing according to the hardware.
[0055]
Object management and metadata
Next, an object management configuration including content of a server that manages content provided to a client and metadata will be described. The server holds information on content such as image data such as still images and moving images and audio data such as music stored in its storage unit as attribute information (metadata) corresponding to each content.
[0056]
Note that contents such as image data such as still images and moving images and audio data such as music held by the server are collectively referred to as AV contents. In the server, AV content is managed in a CDS (content directory service) in the server by a content management directory having a hierarchical structure.
[0057]
FIG. 3 shows a configuration example of a content directory managed in a CDS (content directory service) of the server. The hierarchical structure can be shown as a branch tree diagram as shown in FIG. Each of the circles shown in FIG. 3 is an individual object. This hierarchical configuration shows a logical management configuration corresponding to contents stored and managed by the server in the storage unit and live streaming contents.
[0058]
Each element of the content directory, that is, a folder storing individual AV contents or a plurality of AV contents, and a metadata storage folder are called objects. The object is a general term for a data unit processed by the server, and there are various objects other than folders storing individual AV contents or a plurality of AV contents and metadata storage folders.
[0059]
The minimum unit of the AV content, that is, one piece of music data, one piece of moving image data, one piece of still image data, and the like are called an item. Items are also one of the objects.
[0060]
A higher-level object of an item defined as a set of items is called a container. The unit of the set is, for example, a set based on a physical storage location of each object, a set based on a logical relationship of each object, and a category. Can be set variously, such as a set based on.
[0061]
Objects are classified into classes according to their types, for example, music (Audio), video (Video), and photos (Photo), and are subjected to class labeling. For example, the client can specify and specify a specific class and request and execute a “search” for only objects belonging to a specific classification. Further, it is possible to specify an object such as a specific folder, request "browsing" for requesting only information on the folder, and perform information acquisition processing on the specific folder. In the server, classes are also managed in a hierarchical structure, and subclasses can be set under one class.
[0062]
Metadata is various management information including attribute information corresponding to the content of the server, class definition information, information on a hierarchical configuration forming a content management directory, and the like. The metadata as content attribute information defined in association with each object includes, for example, a content identifier (ID) such as a content URL, data size, resource information, title, artist name, copyright information, channel information, and the like. And various information. Individual information included in the metadata is called a property or property information. It should be noted that what class of metadata such as music (Audio), video (Video), photograph (Photo), live streaming data, etc., has properties for each class described above is defined in advance.
[0063]
In FIG. 3, the top level of the content directory is called a root container 301. Below the root container, for example, a music (music) container 302, a moving image container 303, a still image container 304, and the like are set. Under the music (music) container 302, an object such as a genre 305 is set, and under the genre, an object such as an artist 306 is set.
[0064]
Below the moving image container 303, a video capsule 307 storing, for example, moving image content as an item corresponding to the content is set. For example, the video capsule 307 corresponds to video content stored in a storage unit such as a hard disk in the server. Content entities and content information are managed based on such a tree-structured content directory.
[0065]
For example, the content information (metadata) corresponding to the video capsule 307 includes a content identifier for the client to acquire the content, that is, a URL (Uniform Resource Locators) of the content as address information indicating the location of the content. The client obtains the URL of the video capsule 307, that is, the video capsule URL by the content information obtaining procedure, and transmits a content request specifying the video capsule URL to the server, thereby receiving the video content corresponding to the video capsule from the server. Can be played.
[0066]
A client who wishes to execute a content search sends a “search” specifying a class corresponding to a hierarchy of a content management directory or a set of objects, or a “browse” specifying a specific object to a server. By making a request, it is possible to obtain information on the content. The client displays the content information on the display based on the XML data describing the content information received from the server.
[0067]
FIG. 4 shows an example of the display processing of the content information list. In the example shown in FIG. 4, an example is shown in which a content information list 321 having a data structure listing content No., title, artist name, channel, and content URL is displayed on the display 320.
[0068]
These pieces of content information are generated based on property information as a component of metadata corresponding to content managed by the server. The server acquires property information in the metadata of the content that matches the condition based on the “search” or “browse” request received from the client, and generates XML data based on the acquired property information. And send it to the client.
[0069]
The client receives the XML data based on the property information corresponding to the content extracted by the server, generates display data as shown in FIG. 4 based on the received XML data, and displays the display data on the display of the client.
[0070]
The user on the client side selects the content to be reproduced from these lists and transmits the selected content designation information, for example, the content URL to the server, so that various contents such as music, movies, or photographs are transmitted from the server. Then, playback and output are executed on the client side.
[0071]
As described above, the content information transmitted to the client includes the URL (Uniform Resource Locators) of the content as address information indicating the location of the content. On condition that the user designates (clicks on) the content URL or link data displayed on the client display, the client device generates an HTTP (Hyper Text Transfer Protocol) GET method as a content acquisition request and sends it to the server. , The server transmits the content corresponding to the content URL to the client.
[0072]
[Content playback processing by client]
A client who wants to reproduce content can make a content request to the server, receive the requested content from the server, and reproduce the content. A general procedure of content reproduction will be described with reference to FIG. First, in step S11, the client makes an acquisition request for content information held by the server. In step S12, the server stores content information such as a URL (Uniform Resource Locators) list of the content as address information indicating the location of the content, a title of the content, and an artist name based on the metadata corresponding to the content in accordance with the request of the client. It is generated by XML (extended Markup Language) data and transmitted to the client.
[0073]
In step S13, the client displays the content information on the display according to the received XML information. For example, music content is displayed as a list including song titles, artist names, playback times, and the like corresponding to a plurality of music items held by the server.
[0074]
Next, in step S14, the client uses the client device to select a song to be received and reproduced from the server, designates a content URL as content designation information, and transmits the content to the server. In step S15, the server acquires and transmits the content from the storage unit based on the received content designation information. In step S16, the client plays back the content received from the server. If the content has been subjected to compression processing such as ATRAC or MPEG, transmission or reproduction processing is performed after decoding processing is performed on the server or client side.
[0075]
The normal content playback procedure is as described above. The client obtains various content attribute information, that is, property information included in metadata corresponding to the content held by the server, displays a UI such as a content list on the client based on the property information, selects a content, and selects a server. Can be requested.
[0076]
[Access restrictions based on content password]
As described above, the client makes a browse (search) or search (search) request to the server, and the server obtains content information corresponding to the content, such as the content name, artist name, and recording date of the content. (Metadata), select a reproduction content based on the obtained content information, transmit a content request to the server, obtain the entity of the content, ie, actual data such as music and images, from the server, and Playback and output are possible.
[0077]
However, many contents are stored in a server accessible by a plurality of users. In such a server accessible by a plurality of users, it is preferable to have a content management configuration in which access rights for each user are assigned to individual contents or a content folder of a set of contents. Hereinafter, the access restriction based on the content password will be described.
[0078]
As described above with reference to FIG. 3, the content management server that provides content to the client manages a large number of content based on a tree-shaped content directory.
[0079]
In the access restriction configuration of the present invention, a password corresponding to each element (object) set in the content directory, that is, an item or container in the directory is set. This is called an element password. Also, a password is set for the entire contents directory (CDS database). This is called a database password.
[0080]
An example of setting a password associated with a content directory will be described with reference to FIG. Content and metadata as attribute information corresponding to the content are managed in a content directory service (CDS) in the server based on a content directory having a tree structure as shown in FIG. This directory configuration is stored in a storage unit in the server, and the data processing unit in the server, based on the directory configuration, obtains and updates content entities (resources) and content information (metadata) from the client. Perform processing based on the request.
[0081]
The server includes a password authentication processing unit, and determines whether or not to execute a process based on a request from the client by performing the above-described authentication process using each password. As described above, the password applied to the authentication is an element password set corresponding to an object (container, item) as an individual element in the content directory and a database password set in the entire content directory.
[0082]
The password (database password) 361 for the entire content directory (CDS database) is set as metadata of the root container 351 which is the highest object of the content directory set in the database.
[0083]
The database password is used to add, delete, move, and copy objects (containers and items) to the directory, and to store, delete, copy, and move content entities (resources) to objects (containers and items) in the directory. This is applied to authority confirmation when updating metadata such as storing, deleting, copying, or moving metadata (content information) corresponding to an item.
[0084]
When executing these processes, the client presents the database password to the server, executes authentication based on the database password in the server, and checks the processing authority. When the client executes each of the above-described processes, the condition is that authentication based on the database password is established. If there is an object in which an element password is set as an object in the processing target area in the content directory, authentication based on the element password of those objects is required. Details of the processing will be described later.
[0085]
The element password is a password set corresponding to each object (container, item) constituting the directory, and is stored in the metadata corresponding to the container or item. The element password is a password that is set corresponding to an object for each container and item, such as the element password 362 for the container A352 and the element password 364 for the item Aa354, and corresponds to the object for which the element password is set. It is applied to the determination of the processing authority and the processing authority for the lower object of the object for which the element password is set. Details of the processing restriction will be described later.
[0086]
Note that setting and non-setting of a password are optional. For example, the container C353 is a container in which a password is not set. Item Ac355 is an item for which a password is not set. For a password-set object, a password is set in the metadata corresponding to the object, and password authentication is required in various processes only when the password is set.
[0087]
The details of the processing restrictions corresponding to each password will be described with reference to FIG. As described above, the type of password is set corresponding to each container and item, and the element password stored as metadata of each container and item and the metadata of the root container are set. There is a database password for processing restriction.
[0088]
The element password is used to confirm the authority of reading (read) the content entity of the object to which the element password is set, and, if the object to which the element password is set has a child container or a child item as a child object, the element password. Is applied to the confirmation of the authority to read (read) the content information (metadata) corresponding to the child object of the object for which is set.
[0089]
Further, the database password is applied to the confirmation of the processing authority for the entire database, and the write authority confirmation set corresponding to the authority of addition, deletion, move, copy, and update processing of the object, the content entity, and the content information is performed. It is a password.
[0090]
The description starts from the uppermost category in FIG. The element password set for the item (item) is set according to the authority for the reproduction process and the acquisition process of the item, that is, the content. When the client makes a request to play or obtain the item-compatible content to the server, the client presents the element-compatible element password to the server, authenticates the element password at the server, and the server sets the password. The client is allowed to play or acquire the content corresponding to the item on condition that the authentication is successful, and the client is executed.
[0091]
Although details will be described later, when a request for reproducing or acquiring content corresponding to an item is made to the server, an element password is set in a higher-order object (container) on a route from the parent container of the item to the root. In this case, the presentation and authentication of the element password of the upper object (container) on the route from the parent container to the root are also required regardless of the presence or absence of the element password corresponding to the item.
[0092]
An element password corresponding to a container has two categories as restriction processing. One is a restriction process on child objects (child containers and child items) of the container, and the other is a restriction process on corresponding contents of the container itself.
[0093]
First, as restrictions on the children of the container, there are restrictions on the execution of browsing (searching) and searching (searching) of the child objects of the container. The client presents the element password corresponding to the container to the server, and browses content information (metadata) such as a child container or a child item of the container in which the element password is set on condition that the password authentication is established in the server. (Browse) and search (search). If the authentication of the element password corresponding to the container is not established, the content information such as the child container or the child item of the container in which the element password is set cannot be obtained by browsing or browsing.
[0094]
For example, the child objects for the container 352 in FIG. 6 are the items Aa to Ac. When the client executes browsing (browsing) or search (search), when the element password 362 for the container 352 is not presented to the server, the container 352 is displayed. Cannot acquire the information of the items Aa to Ac, which are the child objects for, that is, various types of content information included in the metadata.
[0095]
Although the directory example shown in FIG. 6 shows an example in which the root container, the container, and the item are each configured in one level, the container may be set in a plurality of levels. A grandchild container... And a plurality of hierarchies can be set.
[0096]
When acquiring the content information corresponding to the container and the item in the content directory, the authentication based on all the element passwords of the upper containers on the route from the object (container, item) from which the content information is to be acquired to the root is established. There is a need to.
[0097]
For example, in the directory configuration shown in FIG. 8, in order for the client to acquire the content information of the items Aaa 373 and Aab 374 based on browsing or searching, the client needs to obtain the element password 381 of the container A 371. , And the element password 382 of the container Aa 372 must be presented to the server to be authenticated.
[0098]
When acquiring the content entity (resource) instead of the content information (metadata) of the item Aaaa 373, that is, when reproducing and acquiring the content corresponding to the item Aaaa 373, the client is not limited to the element password of the item. Then, it is necessary to execute the presentation of the element password of the upper container to the server, and the server to authenticate all the passwords.
[0099]
That is, in order to acquire and reproduce the content entity (resource) corresponding to the item, the presentation and authentication of [element password corresponding to the item + all element passwords set in upper objects on the route from the item to the root] are performed. In order to acquire the content information (metadata) corresponding to the item, the presentation of the element password corresponding to the item and the authentication are not necessary, and the setting of the upper object on the route from the item to the route is not necessary. And authentication required.
[0100]
Further, as the restriction processing of the second category of the element password of the container, there is restriction processing for the corresponding content of the container itself. As shown in FIG. 7, when a content entity (resource) is included in the container, the element password of the container is applied when judging the authority to reproduce and acquire the stored content. If the authentication of the element password corresponding to the container is not established, the reproduction and acquisition of the content entity (resource) corresponding to the container for which the password is set are not allowed.
[0101]
This relationship is similar to the relationship between the item and the element password corresponding to the item. Therefore, when there is an element password corresponding to a higher-level object on the route from the container including the content entity to the root, when acquiring and reproducing the content corresponding to the container, not only the element password corresponding to the container, but also Presentation and authentication of the element password corresponding to the object are also required.
[0102]
As described above, the element password corresponding to an item is
It is applied to the acquisition of content corresponding to the item and the determination of the playback authority,
The element password corresponding to the container is
Judgment of browsing authority of content information (metadata) of container and its subordinate objects (container and item),
Acquisition of content entities (resources) of lower-level objects (containers and items), determination of playback authority,
Further, when the container itself includes the content entity (resource), the acquisition of the content entity (resource) included in the container itself, the authority determination of the reproduction,
Applied to
[0103]
The element password set corresponding to the item and the container needs to be presented and authenticated not only in the above-described process but also in a process to which a database password described below is applied.
[0104]
Next, the database password will be described. The database password is a password for restricting data update in the database, and is set to perform processing restriction corresponding to the entire contents directory.
[0105]
There are three limiting modes of processing. First, the first restriction mode is a content entity update processing limitation such as addition, deletion, movement, and copying of a content entity (resource). When adding, deleting, moving, or copying a content entity (resource) to a container or item in a content directory in which a database password is set, the client presents the database password to the server and executes the process. Requires that authentication based on the database password be established.
[0106]
If an element password has been set for an object such as a container or an item to be added, deleted, moved, or copied, the content database needs to be presented and authenticated [database password + corresponding element password for the object]. It is.
[0107]
Further, if an element password is set for a higher-level object on the route from an object such as a container or an item to be added, deleted, moved, or copied to a content entity, the database password + the corresponding element corresponding element password It is necessary to establish authentication based on + (all element passwords of a higher-order object on the route from the object to the root)].
[0108]
Further, the second processing restriction mode of the database password is processing for generating, deleting, moving, and copying objects such as containers and items in the content directory, that is, processing restriction for object update processing. When a client creates, deletes, moves, or copies an object such as a container or an item to a directory in which a database password is set, it presents the database password to the server. It is necessary to establish password authentication.
[0109]
When a container or an item is created, deleted, moved, or copied in the content directory, even if an element password is set for an object such as a container or an item to be processed, presentation of these element passwords, No authentication is required. However, if an element password is set for a higher-level object on the route from the parent object (parent container) directly connected to the processing target object to the root, [database password + (from the parent object directly connected to the processing target object to the root) It is necessary to establish the authentication based on all the element passwords of the upper-level object on the route to reach).
[0110]
Further, a third processing restriction mode of the database password is a processing restriction of updating content information (metadata) corresponding to a container or an item in the content directory. When a client executes updating processing of metadata corresponding to a container or an item in a directory in which a database password is set, it is necessary to present the database password to the server and establish password authentication.
[0111]
If an element password is set for an object such as a container or an item for which metadata is to be updated, such as addition, deletion, movement, or copying of content information (metadata), [database password + corresponding object Element password] and authentication are required.
[0112]
Further, when an element password is set in an upper object on a route from an object such as a container or an item to be updated, such as addition, deletion, movement, and copying of content information (metadata), to a root, It is necessary to establish the authentication based on [database password + the corresponding element password of the object + (all element passwords of the upper object on the route from the object to the root)].
[0113]
In this way, the server authenticates the password group provided by the client or the password provided by the client in response to the request from the client, and determines whether or not the request processing of the client is permitted.
[0114]
The server according to the present invention stores a content entity (resource), content information (metadata), and a content directory as a content management configuration in a storage unit, and sets each object which is a component of the content directory. Element passwords and database passwords set for the entire content directory are stored in the storage unit as metadata corresponding to the objects, and passwords received from the client when various processing requests from the client are stored in the storage unit. The configuration is such that a password authentication processing unit executes a comparison with a password, and a client request process is executed in a data processing unit on condition that password authentication is established.
[0115]
The data processing unit of the server, in the password authentication processing unit, determines a processing allowable area from the entire content directory based on the password for which the password authentication has been established, and when the client request processing can be executed within the determined processing allowable area, Perform client request processing.
[0116]
The client request process is a content acquisition, playback request, or a browse (search), search (search) request, a content entity update, a content information update, or an object (container, item) update request. .
[0117]
Reproduction and acquisition of content managed by a content directory in a CDS (content directory service) in a server, and content information acquisition based on browsing, search (search), object generation, and a password application process in other processes This will be described with reference to FIG. FIG. 9A shows an example of a database configuration in the server, and FIG. 9B shows a process requested by the client, a type of password presented by the client and executed by the server for authentication, and a description of the process. The following shows the correspondence table.
[0118]
9A and 9B, the processes a to h are the corresponding processes. In FIG. 9A, a folder A 412 and a folder B 413 are provided as lower containers of the root container 411, and a folder C 414 is set as a lower container of the folder B 413. An item W415 and an item X416 are set below the folder A412, an item Y417 is set below the folder B413, and an item Z418 is set below the folder C414.
[0119]
Also, pwd-R is set as the database password, and the element password pwd-A for the folder A412, the element password pwd-C for the folder C414, the element password pwd-W for the item W415, and the element password pwd-Y for the item Y416 are set as the element password. Have been. It is assumed that no element password has been set for other containers and items.
[0120]
The processing a to h of the table shown in FIG. Process a is a process in which the client makes a request to the server to reproduce or acquire the corresponding content of the item Y416. In this case, the client presents the element password pwd-Y for the item Y416 to the server, and sends the element password It is necessary to perform authentication based on the pwd-Y password. Since the element password is not set in the upper container of the item Y416, the folder B413, the client presents only the element password pwd-Y for the item Y416 to the server, and executes the authentication based on the element password pwd-Y. Thus, the content corresponding to the item Y416 can be reproduced or obtained.
[0121]
However, for example, when the client makes a request to the server for reproducing or acquiring the content corresponding to the item W415, the client not only performs the element password pwd-W for the item W415, but also executes the request on the path from the item W415 to the route 411. It is necessary to also present the upper-level object, that is, the element password pwd-A set in the folder A412 to the server, and execute authentication based on the element password pwd-Y + the element password pwd-A.
[0122]
That is, when the client presents only the element password pwd-Y for the item Y416 to the server, the folder A area 401 set as an area below the folder A412 in which the element password pwd-A is set is excluded from the processing allowable area. Similarly, the folder C area 402 set as an area below the folder C414 in which the element password pwd-C is set is also excluded from the processing permission area.
[0123]
When the client presents the element password pwd-W for the item W415 and the element password pwd-A set in the folder A412 to the server, the server sets the area below the folder A412 in which the element password pwd-A is set. The folder A area 401 set as “.” Is determined to be a processing allowable area, and a process is executed in response to a request to reproduce or acquire the content corresponding to the item W415 of the client.
[0124]
As described above, the password authentication processing unit of the server performs the password authentication processing based on the comparison between the received password from the client and the stored password stored in the storage unit in the server, and the data processing unit of the server performs the password authentication processing. The unit determines a processing allowable area from the entire content directory based on one or more passwords for which the password authentication has been established, and, when the processing requested by the client can be executed in the determined processing allowable area, the client request processing Execute
[0125]
The process b is a browsing (browsing) process of the root container 411. The browse (browsing) process is a process of acquiring content information of a container and an item of a directory in a database, that is, a process of acquiring metadata of content corresponding to the container or the item, for example, a process of acquiring content information such as a content name and an artist name. . The client outputs a browse (browsing) request designating an object to be browsed (browsing) to the server, presents an element password as needed, and receives the metadata provided on condition of server authentication.
[0126]
The server that has received the browse (browsing) request designating a specific container or item from the client performs necessary password authentication, and performs a process of providing content information (metadata) to the client on condition that the authentication is established.
[0127]
The process b is a process for requesting browsing (viewing) of the root container. In the metadata of the root container, a database password pwd-R is set for restricting processing such as writing data in the database. However, since no element password is set, the client is required to present the password and perform authentication processing. , The metadata (content information) corresponding to the root container 411 can be obtained from the server. The metadata corresponding to the root is information including directory configuration information, setting information of lower containers, and the like.
[0128]
Process c is an example in which the client executes a browse (browse) request for the folder A 412 to the server. In this case, the client needs to execute a browse (browsing) request that presents the element password pwd-A to the server. In response to a browse (browsing) request that presents the element password pwd-A, the client receives a folder A412, an item W415, and a folder A412 included in the folder A area 401 in which the browsing authority is set by the element password pwd-A corresponding to the folder A412. The content information of the item X416 can be obtained.
[0129]
Although the password pwd-W of the item W415 is also set, the password pwd-W of the item W415 is required to be presented when reading and acquiring the content entity of the item W415. The presentation of the element password corresponding to the item and the authentication are not required to acquire the information (metadata).
[0130]
Obtaining the content information (metadata) corresponding to the object does not require the presentation and authentication of the element password of the object, but the presentation and authentication of the element password of the upper object of the route from the parent object of the object to the root. It becomes. The element password of the object on the route from the parent object of the item W415 to the root is the element password pwd-A of the folder A412, and when acquiring the content information of the item W415, the presentation of the element password pwd-A of the upper container is performed. , Authentication is required.
[0131]
In the case where the element password pwd-A is not presented from the client or the authentication based on the element password pwd-A is not established at the time of the content information acquisition request based on the browse (search) or search (search) from the client, the server performs It is determined that the client does not have the authority to acquire the content information of the folder A 412, the item W 415, and the item X 416 included in the folder A area 401, and the client is provided with the content information of the object included in the folder A area 401. Do not execute processing.
[0132]
In the example of FIG. 9A, an element password pwd-A is set in the folder A412, and information on lower containers and items under the folder A412 is not provided to the client unless the element password pwd-A is presented and authenticated. . Since an element password is not set in the folder B413, even when the client makes a browse (browse) request for the folder B without a password, the content information of the lower item Y417 of the folder B413 is provided to the client. You. An element password pwd-C is set in the folder C414, and information on containers and items below the folder C414 is not provided to the client unless the element password pwd-C is presented and authenticated.
[0133]
The password pwd-Y is set in the item Y417. The password pwd-Y of the item Y417 is required to be presented at the time of reading and acquiring the content entity of the item Y417, but it is not the content entity, and the acquisition of the content information requires the presentation of the element password corresponding to the item. Not done. Similarly, the metadata corresponding to the folder C414 is also provided to the client without setting a password because no element password is set in the folder B413, which is a higher-level object.
[0134]
Obtaining the contents of the object in the folder A area 401 shown in FIG. 9A, that is, the lower container and lower item of the folder A 412, requires presentation and authentication of the element password of the folder A 412. Obtaining the objects included in the folder C area 402 shown in FIG. 9B, that is, the content information of the lower containers and items of the folder C414, requires the presentation and authentication of the element password of the folder C414.
[0135]
Process d is an example in which the client executes a browse (browse) request for the folder B 413 to the server. Since the element password is not set for the folder B413 and the higher-level object on the route from the folder B413 to the route 411, the metadata (content information) of the folder B413 is determined based on the browse request without the password. Provided to Creaton.
[0136]
Processing e. In the search (search), the client specifies various information such as an artist name and a recording date included as content information in metadata corresponding to a container or an item, and corresponds to an object (container, item) including the client specification information. This is a process of acquiring content information to be performed from a server.
[0137]
In this search (search) process, a search range is determined based on a password presented by the client and authenticated in the server. The data processing unit of the server determines a search processing area from the entire content directory based on the password for which password authentication has been established in the password authentication processing unit of the server, and executes a search process requested by the client in the determination processing area. Become.
[0138]
Process e1 is a process performed when the client transmits a search (search) request to the server without presenting a password. Since the search can be executed without specifying a specific container or item, e1 to e3 are not shown in FIG. 9A.
[0139]
If the client sends a search request to the server without presenting a password, the server sends only objects for which an element password is not set to an upper container in the shared area 400 defining the entire content directory area of the database to the client. Is set as a content information provision permitting object for. That is, the folder A 412, the folder B 413, the folder C 414, and the item Y 417 are objects for which the element password is not set in the upper container, and these are set as the content information provision permitted objects for the client.
[0140]
When the server receives the search request without the password from the client, the server sets objects having no element password set in the upper container in the shared area 400, that is, the folder A412, the folder B413, the folder C414, and the item Y417 as the search target. Then, a search process is performed in which the selected content is set as a search range, and the content information obtained as a search result is provided to the client.
[0141]
Process e2 is a process performed when the client transmits a search request presenting the password pwd-A corresponding to the folder A412 to the server. When the client transmits a search request presenting the password pwd-A to the server, and the authentication of the password pwd-A is established, the server stores the object having no element password set in the upper container and the folder A area 401 in the folder A area 401. The included object is set as an object that allows content information to be provided to the client. That is, the folder A 412, the folder B 413, the folder C 414, and the item Y 417, and the item W 415 and the item X 416 included in the folder A area 401 are set as the content information providing permitted objects for the client.
[0142]
The server receives the search request presenting the password pwd-A from the client, and if the password authentication is established, the server is included in the folder A 412, the folder B 413, the folder C 414, the item Y 417, and the folder A area 401 as a search target. The item W415 and the item X416 are selected, a search process in which these items are set as a search range is executed, and the content information obtained as a search result is provided to the client.
[0143]
The process e3 is a process performed when the client transmits a search request that presents the password pwd-A corresponding to the folder A412 and the password pwd-C corresponding to the folder C414 to the server. The client sends a search request presenting the passwords pwd-A and pwd-C to the server, and when authentication of the passwords pwd-A and pwd-C is established in the server, the server sets an element password in the upper container. An object that has not been performed, an object included in the folder A area 401, and an object included in the folder C area 402 are set as objects that allow content information to be provided to the client. That is, the folder A 412, the folder B 413, the folder C 414, and the item Y 417, the item W 415 and the item X 416 included in the folder A area 401, and the item Z 418 included in the folder C area 402 are set as the content information providing permitted objects for the client. .
[0144]
The server receives the search request presenting the passwords pwd-A and pwd-C from the client, and when the password authentication is established, the folder A412, the folder B413, the folder C414, the item Y417, and the folder A area are searched. Item W 415 and item X 416 included in 401 and item Z 418 included in folder C area 402 are selected, a search process in which these are set as a search range is performed, and content information obtained as a search result is provided to the client. Will be.
[0145]
The processing of f to h in FIG. 9B is an example of processing using a database password. Object update processing such as creation, deletion, movement, and copy of an object; content entity (resource) update processing such as addition, deletion, movement, and copy of a content entity to an object; or content information (metadata) corresponding to an object In the case of executing any one of content information (metadata) updating processes such as addition, deletion, movement, and copying, the database password and the route from the object to be processed and the parent object of the object to be processed to the root are required. It is necessary to present and authenticate the element password of the above foreign object.
[0146]
The process f is an example of a process that involves data writing to the shared space 400, that is, an example of generating an object in the shared space 400. The shared space 400 does not include the folder A space 401 and the folder C space 482.
[0147]
To generate an object in the shared space 400 that does not include the folder A space 401 and the folder C space 482, only the presentation and authentication of the database password pwd-R are required.
[0148]
Processing g is an example of writing data to the folder A space 401, that is, generating an object in the folder A space 401. In the case of generating an object in the folder A space 401, presentation and authentication of the database password pwd-R and the element password pwd-A of the folder A372 are required.
[0149]
Process h is a process of setting the content entity corresponding to the item W375 in the folder A space 401 as the content of the folder C374 or as a lower object (lower item) of the folder C374. In this case, presentation and authentication of the database password pwd-R, the element password pwd-A of the folder A372, and the element password pwd-C of the folder C374 are required.
[0150]
The processing for the item in which the element password is set, the container in which the element password is set, and the database in which the database password is set will be collectively described below.
[0151]
(1) Items with element password set
1a. When a client acquires a content entity (resource) from a server, the server requests the client to present an element password, and the server executes authentication. In the case of no password presentation and an authentication error, a content acquisition and playback (get / play) request is not accepted. Further, it is necessary to present and authenticate the element password set in the upper-level object on the route from the item to the root in the content directory.
[0152]
1b. It is not necessary to present and authenticate the element password for the item to acquire the content information (metadata) corresponding to the item. An element password corresponding to an item is not required for browsing and searching (browse / search) when acquiring metadata of an item. In order to acquire content information (metadata) corresponding to an item, it is necessary to present and authenticate an element password set in an upper object of a route from the item to the root in the content directory.
[0153]
1c. Updating and deleting a content entity (resource) corresponding to an item requires presentation and authentication of both an element password and a database password corresponding to the item. Further, it is necessary to present and authenticate the element password of the higher-level object set in the container of the route from the item to the root in the content directory.
[0154]
1d. Deletion of the item itself does not require presentation and authentication of an element password corresponding to the item, but requires presentation and authentication of a database password and an element password set in a higher-level object on a route from the item to the root.
[0155]
(2) Container with element password set
2a. The client acquires the metadata (content information) of the lower object (container, item) of the container in which the element password is set, for example, acquires the metadata of the lower object of the container by browsing (browsing), searching (searching), or the like. In such a case, presentation and authentication of the element password corresponding to the container are required. In other words, the requirement for acquiring the corresponding metadata of a certain object (container, item) is that the presentation of all element passwords of the upper-level object on the route from the parent object directly connected to the object whose metadata is to be acquired to the root and the establishment of authentication are performed. is there.
[0156]
2b. When acquiring the content entity (resource) corresponding to the container itself, the server requests the client to present the element password corresponding to the container, and the server executes the authentication. In the case of no password presentation and an authentication error, a content acquisition and playback (get / play) request is not accepted. This is a function similar to the above-mentioned 1a, the element password corresponding to the item. If element passwords are set in the parent object on the route from the container from which the content entity (resource) is to be obtained to the root, presentation and authentication of these element passwords are also required.
[0157]
2c. Acquisition of content information (metadata) corresponding to a container includes presentation of an element password set in a higher-level object of a route from a parent object of the container whose content information (metadata) is to be acquired in a content directory to a root; Authentication is required.
[0158]
2d. Updating (adding, deleting, moving, copying) a content entity (resource) corresponding to a container requires presentation and authentication of both the element password corresponding to the container and the database password. Further, it is necessary to present and authenticate the element password set in the upper object of the route from the parent object to the route.
[0159]
2e. Deletion of the container itself does not require the presentation and authentication of the element password corresponding to the container, but the presentation and authentication of the database password and the element password set in the upper object of the route from the parent object of the container to be deleted to the root are required. It becomes. The container must be empty, that is, there must be no child objects. Deletion cannot be performed if child objects exist. Therefore, when there is a child object, it is necessary to delete the container sequentially from the lowest object.
[0160]
(3) Database with database password set
3a. Update processing including addition, deletion, movement, and copying of content information (metadata) of objects (containers, items) requires presentation of a database password and establishment of authentication. It is necessary to present and authenticate all element passwords and the database password of the upper object from the parent container of the object corresponding to the metadata to be updated to the root.
[0161]
3b. Update processing including addition, deletion, movement, and copying of content entities (resources) corresponding to objects in the database requires presentation of a database password and establishment of authentication. It is necessary to present and authenticate the element password of the object corresponding to the content entity (resource) to be updated, all the element passwords of the upper object from the parent container of the object to the root, and the database password.
[0162]
3c. When creating a child object or deleting a child object from an existing object in the database, it is necessary to provide a database password and establish authentication. It is necessary to present and authenticate all element passwords and database passwords of the upper-level object from the parent object to the root of the processing unit that generates and deletes child objects.
[0163]
If a child object exists in the container, deletion cannot be performed. Therefore, when there is a child object, it is necessary to delete the container sequentially from the lowest object. This is a process similar to 2e described above.
[0164]
3d. When moving or copying existing objects in the database, it is necessary to provide a database password and establish authentication. Presenting and authenticating all element passwords and database passwords of parent objects from the parent object to the root of the processing unit that performs the movement and copying of existing objects, or the parent object of both processing units of the copy source and copy destination Is required.
[0165]
FIG. 10 is a diagram summarizing combinations of passwords required in the processing of the content entity (resource) of the object, the processing of the content information (metadata), and the processing of the child object.
[0166]
The processing object may be a container or an item. Acquisition and playback of container- or item-compatible content entities (resources) require the presentation and authentication of element passwords for the object (container or item) and the upper-level objects on the route from the parent object of the object to the root. The presentation and authentication of the element password to be performed are required, and the presentation and authentication of the database password are not required.
[0167]
Updating, that is, adding, deleting, moving, or copying a container-compatible or item-compatible content entity (resource) does not require the presentation and authentication of the element password of the object (container or item); It is necessary to present and authenticate the element password set in the upper object on the route from the parent object (parent container) of the item) to the root and the database password.
[0168]
In the case of moving or copying the content entity (resource), the process moves from the source and the destination, or the two objects of the copy source and the copy destination, and the parent object (parent container) of the two objects to the root. It is necessary to present and authenticate the element password set for the higher-level object on the route.
[0169]
For obtaining metadata (content information) corresponding to a container or an item, for example, browsing metadata by browsing (searching) or searching (searching), presentation and authentication of an element password of the object (container or item) are not required. Yes, it requires presentation and authentication of an element password set for a higher-level object from the parent object (parent container) to the root of the object (container or item), and presentation and authentication of a database password are unnecessary.
[0170]
For updating processing of metadata (content information) corresponding to a container or an item, that is, adding, deleting, moving, or copying metadata (content information), the element password of the object (container or item), the object (container) Or the element password set in the container from the parent object to the root of the item) and the database password must be presented and authenticated.
[0171]
In the case of moving or copying the content information (metadata), the transfer is performed from the source and the destination, or the two objects of the copy source and the copy destination, and the parent object (parent container) of the two objects to the root. It is necessary to present and authenticate the element password set for the higher-level object on the route to the destination.
[0172]
If the processing target is the object itself, that is, object update processing such as addition (generation), deletion, movement, or copying of a child container or a child item, it is set as a higher-order object on the route from the parent object to the root in the processing execution area. Presentation of the element password and authentication are required.
[0173]
In the case of an object move or copy process, an element set as a higher-order object on a route from the parent object (parent container) of the corresponding object of the move source and the copy destination or the two corresponding objects of the copy source and the copy destination to the root Presentation of password and authentication are required.
[0174]
[Password information storage configuration in object metadata]
The database password and the element password described above are stored in the metadata of the object, respectively, and in the password authentication processing executed in the server, the password is compared with the password presented by the client.
[0175]
The database password is stored in metadata set corresponding to the root container of the content directory. The element password is stored in the metadata of each corresponding object (container, item).
[0176]
As described above, when acquiring the content entity (resource) or the content information (metadata), the elements of the higher-level objects other than the object corresponding to the content entity (resource) or the content information (metadata) Check with password is required. The server has the configuration information of the content directory, and based on the configuration information of the content directory, it is possible to obtain the necessary password information from the metadata of each object and collate the password information. , The password information set for the upper-level object may be stored in the metadata, and all the information of the password necessary for the verification may be obtained from the metadata of one object without following the directory.
[0177]
An example of storing password information in metadata will be described with reference to FIGS. FIG. 11A shows an example in which only element passwords corresponding to objects are stored as metadata. In this configuration, when authentication (matching processing) using an element password corresponding to a higher-level object is necessary, the server specifies a higher-level object based on the content directory configuration information, and determines each element from the metadata of the higher-level object. Obtain the password and check it against the password received from the client.
[0178]
FIG. 11B shows a configuration in which the element password corresponding to an object, the identifier of a higher-level object on the route from the object to the root, and the correspondence information of the element password are stored. This is an example in which all sets of element passwords (abc00123) corresponding to objects, identifiers of upper objects (containers-c01, c02), and corresponding element passwords (cda12356, dea78533) are stored in metadata. In this configuration, the server acquires the element password of the higher-level object from the metadata of one object, and obtains the password received from the client even when authentication (matching processing) using the element password corresponding to the higher-level object is required. Can be executed.
[0179]
FIG. 12C shows a configuration in which an element password corresponding to an object and an element password of an upper object of a route from the object to the root are stored in metadata. In this example, the element password (abc00123) corresponding to the object and the element passwords (cda12356, dea78533) of the upper-level object are all stored in the metadata. Also in this configuration, the server acquires the element password of the higher-level object from the metadata of one object and receives it from the client even when authentication (matching processing) using the element password corresponding to the higher-level object is necessary. It is possible to execute collation with the password.
[0180]
FIG. 12D shows a configuration in which the element password corresponding to the object and the position information of the object having the element password on the path from the root to the object are stored in the metadata. The element password (abc00123) corresponding to the object and the position information (01011) of the object having the element password on the route from the root to the object are stored in the metadata.
[0181]
01011 is element password setting identification information set to 1 when an object on the route from the root 501 to the item 506 has an element password in the directory structure shown in FIG. The metadata in FIG. 12D is metadata corresponding to the item 506, the element password of the item is (abc00123), and 01011 indicates a root 501 = 0 (no element password is set) and a container 502 = 1 (element This indicates that the password is set, the container 503 is 0 (no element password is set), the container 504 is 1 (element password is set), and the container 505 is 1 (element password is set).
[0182]
In this configuration, when authentication (collation processing) using an element password corresponding to a higher-level object is necessary, the server obtains the position information (01011) of the object for which the element password is set from the metadata having the configuration shown in FIG. Obtained, it is possible to specify the object having the element password based on the position information, and it is possible to obtain the corresponding element password from the metadata of the specified object. According to this configuration, the server does not need to check the metadata of all higher-level objects, and can perform efficient processing.
[0183]
[Processing sequence between server and client with password authentication]
Next, a processing sequence involving password authentication between a server and a client will be described. FIG. 13 shows a sequence diagram. The server is, for example, a content management server that executes content management by a content directory service (CDS), and provides a content entity (resource) and content information (metadata) based on a request from a client. . The provision of content information (metadata) is executed based on a browse (search) and search (search) request from a client, and the provision of a content entity (resource) is performed, for example, by a content request specifying a content URL as a content identifier. (For example, HTTP-GET). Further, the client makes a processing request to the server for updating the content entity, the content information, and the object (container, item), that is, adding, deleting, moving, copying, and the like. The management data is updated by the service (CDS). Each of these processes is performed on condition of password authentication as necessary.
[0184]
In step S101, the client sends a processing request to the server. This processing request is any of a content acquisition, reproduction request, a browse (search), search (search) request, a content entity update, a content information update, or an object (container, item) update request. It is.
[0185]
In response to the processing request from the client, the server determines whether the authentication of the password, that is, the above-described database password or the element password is required as the processing execution condition, and determines that the processing requires password input. In step S102, a password input request is transmitted to the client.
[0186]
In step S103, the client transmits one or more passwords to the server based on the password input request from the server. As described above, in the acquisition of the content entity or the content information and other processing, it may be necessary to present the element password of the upper object of the object corresponding to the content entity or the content information, In such a case, it is necessary to present the database password to the server and be authenticated, so that the client transmits a plurality of passwords to the server as necessary.
[0187]
The password is transmitted by setting the object identifier and the corresponding element password as a set, such as [Folder A, pwd-A; Folder B, pwd-B; Folder C, pwd-C. Is transmitted as sequential information. Note that the transmission information may be binary data or may be converted into an ASCII code and transmitted.
[0188]
In step S104, the server sequentially obtains element passwords corresponding to each object identifier from the sequential information, and obtains the element password corresponding to the password read from the metadata corresponding to the object described earlier with reference to FIGS. Collation processing will be performed. If even one of the necessary passwords is missing or the verification is not established, it is determined that the password authentication is not established, the processing request from the client is not executed, and a notification of the authentication error is given as the authentication result notification in step S105. I do.
[0189]
If all the passwords have been successfully verified, a notification of the establishment of the authentication is executed in step S105, and a process for the processing request from the client is executed in step S106, and the processing result is transmitted to the client.
[0190]
For example, if the request from the client is to acquire content information by browsing or searching, and if password authentication is established, the content information is transmitted to the client.
[0191]
FIG. 14 shows an example of content information transmitted to the client. The content information illustrated in FIG. 14 indicates content information corresponding to a plurality of contents, and is information obtained by, for example, browsing (browsing) a container having a plurality of items.
[0192]
Content information 521 is displayed on the display 520 of the client. In the content information, a password necessity information field 522 is set, and a key mark is displayed when a password is required to obtain the content, and a key mark is not displayed when the content does not require a password to obtain the content. An example is shown below. Content No. For 0001, a key mark is shown in the password necessity field 523, and it is specified that a password input is necessary to acquire the content. Content No. No. 0002 does not have a key mark in the password necessity field 523, which clearly indicates that a password input is not required to acquire the content.
[0193]
The client receives XML data generated by the server based on the metadata corresponding to the object, and the UI generation program on the client side generates the display information based on the received XML data. The example shown in FIG. 14 is one display example, and various other display modes can be set.
[0194]
The client, for example, receives the content No. When acquiring the content of the content No. 0001, the content No. It is necessary to transmit an element password or an element password set required for reproducing and acquiring 0001 to the server.
[0195]
Regarding the processing to which the password is applied, the processing executed on the server side and the client side will be described with reference to the respective flows.
[0196]
First, processing on the server side will be described with reference to FIG. In step S201, a processing request from a client is received. This processing request is any of a content acquisition, reproduction request, a browse (search), search (search) request, a content entity update, a content information update, or an object (container, item) update request. It is.
[0197]
In step S202, the server determines whether the above-described database password or element password needs to be authenticated as an execution condition of the process from the client. If password authentication is unnecessary, the process proceeds to step S207, and a request process from the client is executed.
[0198]
If it is determined that password input is required, a password input request is transmitted to the client in step S203.
[0199]
If no password is received in step S204, an error notification is sent to the client in step S208, and the process ends.
[0200]
If a password is received in step S204, the server performs a password authentication process in step S205. The password is composed of an object identifier and sequential information of the set data of the corresponding element password, for example, [folder A, pwd-A; folder B, pwd-B; folder C, pwd-C ...]. The server sequentially obtains the element passwords corresponding to the respective object identifiers from the sequential information, and performs the collation processing with the password read from the metadata corresponding to the objects described earlier with reference to FIGS. Do.
[0201]
As a result of the collation processing on the received password, if all the collations of the passwords that are the execution conditions of the client request processing are established, the authentication is established (step S206: Yes), and the client request processing is executed in step S207.
[0202]
As a result of the collation process on the received password, if all collations of the passwords that are the execution conditions of the client request process are not established, it is determined that the authentication is not established (step S206: No). An error is notified and the process ends.
[0203]
Next, the processing on the client side will be described with reference to FIG. A client device that executes various processing requests to the content management server has a storage unit that stores all passwords input by the user during the operation period of the server use application.
[0204]
When transmitting a processing request to the server or a response to a password request from the server, the data processing unit of the client performs a process of setting all passwords stored in the storage unit as transmission data. Further, a process of deleting all passwords stored in the storage unit is performed on condition that the server application is terminated. According to this configuration, the user does not need to repeatedly input the same password during the operation period of the server use application, and the server can be used efficiently. The processing flow of FIG. 16 will be described.
[0205]
In step S301, the client starts up an application that executes processing for using the content management server. In step S302, a processing request to the server, that is, a content acquisition / reproduction request, or a browse (browsing) / search (search) request, Alternatively, a request for updating the content entity, updating the content information, or updating the object (container, item) is transmitted.
[0206]
In step S303, the client determines whether or not a password input request has been received from the server. If the request has not been received (step S303: No), it is unnecessary to input a password. Receive the processing result.
[0207]
If a password input request has been received from the server (step S303: Yes), in step S305, a password is input and transmitted to the server. In step S305, the input password is stored in the memory. This is because while the application started in step S301 is running, there is a possibility that the same object will be repeatedly executed. Therefore, the input password is stored in the memory, and when the client transmits a new processing request to the server, Even if there is no password input by the user, the password stored in the memory is transmitted, thereby reducing the user's trouble of inputting the password.
[0208]
In step S306, a processing result is received from the server. For example, in the case of browsing (browsing) processing, content information as shown in FIG. 14 is acquired. In step S307, the presence or absence of a new processing request is determined. If there is a new processing, a memory storage password is added to the server and transmitted to the server in step S310. If the processing execution condition is satisfied only with the password stored in the memory, the password input request is not made from the server, and the processing result can be received in step S306.
[0209]
For example, when the content information as shown in FIG. 14 is acquired by browsing (browsing) a parent container (with an element password) having a plurality of content items as child objects, when acquiring the content information, the client transmits the element password of the parent container. The content is stored in the memory. In the content acquisition process, the content acquisition / playback request is transmitted from the client to the server with the password stored in the memory added thereto.
[0210]
Therefore, the client-side user can acquire the content entity (resource) without inputting the same password.
[0211]
If there is no new process in step S307, the application used by the content management server ends in step S308. In step S309, the user input password stored in the memory in step S305 is deleted. This password erasure prevents use of the password by another user or leakage of the password to the other user.
[0212]
[Functional configuration of server and client]
The hardware configurations of the server and the client device are as described above with reference to FIG. 2, and the various processes described above are performed by a control unit (CPU or the like) in accordance with a program stored in a storage unit of each server and client. Run under the control of
[0213]
In the processing executed by the CPU, for example, on the server side, a container or an item as an object is extracted based on the content directory in accordance with a search (search) or browsing (browsing) request from a client, and metadata corresponding to the object is acquired. The processing includes transmitting to the client, transmitting the content entity according to the request from the client, updating the object, content entity, and content information according to the request from the client. The processing on the client side includes transmitting a processing request to the server, setting password set information including one or more passwords, transmitting the same, and generating display information to be presented on the display based on content information received from the server. Processing, content reception processing, received content reproduction processing, and the like.
[0214]
Basically, these processes are executed under the control of the CPU serving as a control unit of the server and the client device. The functional configuration of the server and the functional configuration of the client required to execute the above-described processes are shown in FIG. 17 and FIG.
[0215]
FIG. 17 is a block diagram illustrating a main functional configuration of the server. The packet transmitting / receiving unit 601 receives a packet for a client and a packet from the client. The packet generation and analysis unit 602 performs transmission packet generation processing and received packet analysis processing. The processing includes packet address setting, address recognition, data storage in the data section, and data acquisition processing from the data section.
[0216]
The storage unit 603 is a storage unit that stores contents held by the server and metadata (property information) as attribute information corresponding to the contents. For example, a password is stored in the metadata in the manner described with reference to FIGS. The content storage unit 603 stores a content directory having a tree structure as a content management configuration, and stores an element password set for each object as a component of the content directory and a content password set for the entire content directory. The stored database password is stored as metadata corresponding to each object.
[0219]
The metadata acquisition unit 604 executes a process of extracting metadata corresponding to a specified folder from the metadata storage unit 604 based on a content information acquisition request received from a client, for example, a browse (search) or search (search) request. I do.
[0218]
The data processing unit 605 is a processing request from the client, that is, an acquisition of a content entity, a reproduction request, an acquisition of content information, that is, a browsing (search) request, a search (search) request, a content entity, content information, a container, an object such as an item. Update (addition, deletion, movement, copy) processing. However, when password authentication is set as the execution condition, the condition is that password authentication is established.
[0219]
The password request / authentication processing unit 606 determines whether or not the processing request from the client requires password authentication, and executes a process of generating a password request to be output to the client when password authentication is required. Then, a password authentication process based on a process of matching a password received from the client with a password stored in the metadata storage unit 604 is executed.
[0220]
The data processing unit 605 executes the data processing requested by the client based on the password request and the status of the password authentication performed by the authentication processing unit 606. For example, if the processing request from the client is a search (search) request, the search (search) processing allowable area in the content directory is determined based on the password authentication, and the search (search) is executed within the determined processing allowable area. I do.
[0221]
It should be noted that the client's request processing includes acquiring the content entity, requesting reproduction, and acquiring content information, that is, browsing (searching), searching (searching) requests, updating (adding, adding, Regardless of whether the request is processing acquisition, playback, or content processing, the password request based on the presented password from the client and the authentication processing unit 606 determine the allowable processing area, and the processing request from the client is received. In the case of processing on an object that is not included in the processing permission area determined by password authentication, the data processing unit 605 does not execute a processing request from the client. When the processing request from the client is a processing for an object included in the processing permission area determined by the password authentication, the data processing unit 605 executes the processing request from the client.
[0222]
The content information generation unit 607 generates XML data as content information based on the metadata acquired by the metadata acquisition unit 604. The data conversion unit 608 performs a decoding process such as an encoding process of transmission content data. For example, data conversion based on ATRAC3 and MPEG4 is executed.
[0223]
Next, a functional configuration of the client device will be described with reference to FIG. The packet transmitting / receiving unit 701 executes a process of transmitting a packet to the server and a process of receiving a packet from the server. The packet generation / analysis unit 702 performs transmission packet generation processing and received packet analysis processing. This includes not only analysis of data stored in the packet, but also address setting of the packet, address recognition, data storage in the data portion, and data acquisition processing from the data portion.
[0224]
The data processing unit 703 transmits various request data to be transmitted to the server, that is, a search (search), a browse (browsing) request, a content entity, and content information as content entity acquisition, reproduction request, content information acquisition request. Then, a process of generating object update request data is executed. In addition, as a response to a password request from the server, a process of setting all passwords stored in the storage unit 704 as transmission data is executed.
[0225]
The storage unit 704 stores a content entity included in a packet received from the server, content information, and the like. It also functions as a storage unit for storing a user input password.
[0226]
When transmitting a processing request to the server or a response to a password request from the server, the data processing unit 703 performs a process of setting all passwords stored in the storage unit 704 as transmission data. Further, a process of deleting all passwords stored in the storage unit is performed on condition that the server application is terminated. According to this configuration, the user does not need to repeatedly input the same password during the operation period of the server use application, and the server can be used efficiently.
[0227]
The output unit 705 includes a speaker and a display applied to the content reproduction processing. Note that the display is also used for outputting the content information described above with reference to FIG. The input unit 706 is, for example, a keyboard for selecting reproduction content, inputting a password, inputting content information, object update information, and the like, and other data input means.
[0228]
The content information analysis unit 707 analyzes the XML data including the property information received from the server, generates the content information described above with reference to FIG. 14 based on the analysis data, and outputs the content information to a display as an output unit. Execute the output process. The content reproduction control unit 708 executes a process of reproducing the content received from the server.
[0229]
The data conversion unit 709 performs various data conversion processes such as a process of decoding content data received from the server. For example, data conversion based on ATRAC3 and MPEG4 is executed.
[0230]
The server and the client functionally have the functions shown in FIGS. 17 and 18 and execute the above-described processing. However, the block diagrams shown in FIGS. 17 and 18 are block diagrams for explaining the functions. Actually, various processing programs are executed under the control of the CPU in the hardware configuration such as the PC shown in FIG. You.
[0231]
The present invention has been described in detail with reference to the specific embodiments. However, it is obvious that those skilled in the art can modify or substitute the embodiment without departing from the spirit of the present invention. That is, the present invention has been disclosed by way of example, and should not be construed as limiting. In order to determine the gist of the present invention, the claims described at the beginning should be considered.
[0232]
Note that the series of processes described in the specification can be executed by hardware, software, or a combined configuration of both. When executing the processing by software, the program recording the processing sequence is installed in a memory in a computer embedded in dedicated hardware and executed, or the program is stored in a general-purpose computer capable of executing various processing. It can be installed and run.
[0233]
For example, the program can be recorded in a hard disk or a ROM (Read Only Memory) as a recording medium in advance. Alternatively, the program is temporarily or permanently stored on a removable recording medium such as a flexible disk, a CD-ROM (Compact Disc Only Memory), an MO (Magneto optical) disk, a DVD (Digital Versatile Disc), a magnetic disk, or a semiconductor memory. It can be stored (recorded). Such a removable recording medium can be provided as so-called package software.
[0234]
The program may be installed on the computer from the above-described removable recording medium, or may be wirelessly transferred from a download site to the computer, or may be wirelessly transferred to the computer via a network such as a LAN (Local Area Network) or the Internet. The computer can receive the program transferred in this manner and install it on a recording medium such as a built-in hard disk.
[0235]
The various processes described in the specification may be executed not only in chronological order according to the description but also in parallel or individually according to the processing capability of the device that executes the processes or as necessary. Further, in this specification, a system is a logical set configuration of a plurality of devices, and is not limited to a device having each configuration in the same housing.
[0236]
【The invention's effect】
As described above, according to the configuration of the present invention, in the content management server, the content directory having the tree configuration is set as the content management configuration, and the content directory is set for each of the objects that are the components of the content directory. Element password and a database password set for the entire contents directory are stored in the storage unit, and a password authentication process is performed based on a comparison between the received password from the client and the stored password stored in the storage unit, and password authentication is performed. Is determined from the entire content directory based on at least one of the passwords for which the above is satisfied, and when the process requested by the client is executable in the determined allowable process area, the client request processing is executed. Because, without performing setting content individual access rights, it becomes possible to set the access rights based on the directory structure, the construction of efficient access limitation processing configuration allows content management.
[0237]
Further, according to the configuration of the present invention, in the client executing the processing request to the server executing the content management, all the passwords input by the user during the operation period of the server use application are stored in the storage unit, and the processing for the server is performed. As a request or a response to a password request from the server, all passwords stored in the storage unit are transmitted as transmission data, and all passwords stored in the storage unit are deleted on condition that the server application is terminated. This eliminates the need for the user to repeatedly enter the same password during the operation period of the server use application, enables efficient use of server-stored content, and prevents password leakage by password erasure.
[Brief description of the drawings]
FIG. 1 is a diagram showing an example of a network configuration to which the present invention can be applied.
FIG. 2 is a diagram illustrating a configuration example of a network connection device.
FIG. 3 is a diagram illustrating a configuration of a content management directory in a server.
FIG. 4 is a diagram illustrating an example of a content information list displayed on a display based on XML data including property information transmitted from a server to a client.
FIG. 5 is a diagram illustrating a processing sequence between a server and a client in content data reproduction processing.
FIG. 6 is a diagram illustrating a content directory configuration and a password setting configuration in a server.
FIG. 7 is a diagram showing types of passwords applied in the present invention and explanations thereof.
FIG. 8 is a diagram illustrating a content directory configuration and a password setting configuration in a server.
FIG. 9 is a diagram illustrating a process using a password according to the present invention.
FIG. 10 is a diagram for explaining a mode of processing using a password according to the present invention.
FIG. 11 is a diagram illustrating an example of storing metadata of a password in a server.
FIG. 12 illustrates an example of storing metadata of a password in a server.
FIG. 13 is a diagram illustrating a processing sequence in which a password between a server and a client is applied.
FIG. 14 is a diagram illustrating an example of content information transmitted from a server to a client and displayed on a display.
FIG. 15 is a flowchart illustrating a procedure of a password application process executed in the server.
FIG. 16 is a flowchart illustrating a processing procedure of a password application process executed in the client.
FIG. 17 is a block diagram illustrating processing functions of a server.
FIG. 18 is a block diagram illustrating a processing function of a client.
[Explanation of symbols]
100 networks
101 server
121 PC
122 monitors
123 mobile phone
124 regenerator
125 PDAs
201 CPU
202 ROM
203 RAM
204 HDD
205 bus
206 I / O interface
207 Input unit
208 Output unit
209 Communication unit
210 drives
211 Removable recording medium
301 root container
302-306 container
307 Video Capsule
320 display
321 Content information list
351 root container
352,353 container
354,355 items
361 Database password
362-364 element password
371,372 container
373,374 items
381,382 element password
400 shared area
401 Folder A area
402 Folder C area
411 route
412 Folder A
413 Folder B
414 Folder C
415 Item W
416 Item X
417 Item Y
418 Item Z
501 route
502-505 container
506 items
520 display
521 Content Information
522-524 Password Required Information Field
601 packet transmitting / receiving unit
602 Packet generation and analysis unit
603 storage unit
604 Metadata acquisition unit
605 Data processing unit
606 Password request and authentication processing unit
607 Content information generation unit
608 Data conversion unit
701 Packet transceiver
702 Packet generation and analysis unit
703 Data processing unit
704 storage unit
705 output unit
706 Input unit
707 Content Information Analysis Unit
708 Content playback control processing unit
709 Data conversion unit

Claims (23)

A server device that executes content management,
A data transmission / reception unit that executes data transmission / reception processing with a client as a processing request device for a server;
A content directory having a tree structure is stored as a content management configuration, and an element password set for each object as a component of the content directory and a database password set for the entire content directory are stored. Department and
A password authentication processing unit that performs a password authentication process based on a comparison between a received password from a client and a stored password stored in the storage unit,
A data processing unit that executes a process requested by the client, on condition that the password authentication in the password authentication processing unit is established;
The data processing unit includes:
A case where the password authentication processing unit determines a processing allowable area from the entire content directory based on one or more passwords for which the password authentication is established, and is capable of executing a process requested by the client within the determined processing allowable area. A server device configured to execute a request process of the client. The password authentication processing unit,
When the processing request of the client is a request to acquire or reproduce content corresponding to an object as a component of the content directory,
An element password set in the content directory object corresponding to the client request content;
Each element password corresponding to a higher-order object set in a higher-order object existing on a route from the object of the content directory corresponding to the client request content to the root that is the highest-order object,
Executes authentication processing based on passwords including
2. The server device according to claim 1, wherein the data processing unit is configured to execute a request process of the client on condition that authentication processing based on the password group is established. The password authentication processing unit,
When the processing request of the client is a browsing request of content information corresponding to an object as a component of the content directory,
Executing an authentication process of an element password group set in an upper-level object existing on a route from an object in the content directory corresponding to the content information to be requested for browsing to a route that is the highest-level object in the content directory;
2. The server device according to claim 1, wherein the data processing unit is configured to execute a request process of the client on condition that authentication of a group of element passwords set in the upper object is established. 3. The password authentication processing unit,
When the processing request of the client is an acquisition request based on a search for content information corresponding to an object as a component of the content directory,
Perform authentication processing based on one or more passwords received from the client,
The data processing unit determines a search (search) processing area from the entire content directory by one or more passwords for which password authentication has been established in the password authentication processing unit, and targets an object included in the determined search processing area. 2. The server device according to claim 1, wherein the server device performs a search process. The password authentication processing unit,
When the processing request of the client is a request for updating content or content information managed based on the content directory,
A database password set for the entire content directory,
An element password set in the object of the content directory corresponding to the update request content or the update request content information of the client,
Each element password corresponding to a higher-order object set in a higher-order object existing on a route from the object of the content directory corresponding to the client's update request content or the update request content information to the root that is the highest-order object,
Executes authentication processing based on passwords including
2. The server device according to claim 1, wherein the data processing unit is configured to execute a request process of the client on condition that authentication processing based on the password group is established. The password authentication processing unit,
When the processing request of the client involves a movement process or a copy process of content or content information managed based on the content directory,
A source password and a destination of the content directory corresponding to the update request content or the update request content information of the client, or an element password set in a copy source and a copy destination object,
Each element password corresponding to a higher-order object set in a higher-order object existing on a route from the object of the transfer source and the transfer destination or the copy source and the copy destination to the root that is the highest-order object,
Executes authentication processing based on passwords including
2. The server device according to claim 1, wherein the data processing unit is configured to execute a request process of the client on condition that authentication processing based on the password group is established. The password authentication processing unit,
When the processing request of the client is a request for updating an object as a component of the content directory,
A database password set for the entire content directory,
Each element password corresponding to a higher-level object set in a higher-level object existing on a route from a client update request object to a root that is a highest-level object,
Executes authentication processing based on passwords including
2. The server device according to claim 1, wherein the data processing unit is configured to execute a request process of the client on condition that authentication processing based on the password group is established. The password authentication processing unit,
When the processing request of the client involves a moving process or a copying process of an object as a component of the content directory,
A database password set for the entire content directory,
Each element password corresponding to a higher-order object set in a higher-order object existing on a route from a source and a transfer destination of the content directory or a copy source and a copy destination object to a root that is a top-level object,
Executes authentication processing based on passwords including
2. The server device according to claim 1, wherein the data processing unit is configured to execute a request process of the client on condition that authentication processing based on the password group is established. The storage unit,
Metadata that is attribute information corresponding to an object as a component of the content directory is stored for each object,
2. The server device according to claim 1, wherein the server device is configured to record an element password of an object corresponding to metadata of each object. The storage unit,
Metadata that is attribute information corresponding to an object as a component of the content directory is stored for each object,
A configuration in which an element password of an object corresponding to the metadata of each object and an element password corresponding to a higher-level object set in a higher-level object existing on a route from the object to a root that is the highest-level object are recorded. The server device according to claim 1, wherein: The storage unit,
Metadata that is attribute information corresponding to an object as a component of the content directory is stored for each object,
The element password of the object corresponding to the metadata of each object, and the position information in the content directory of the higher-level object set with the element password among the higher-level objects existing on the route from the object to the root that is the highest-level object. The server device according to claim 1, wherein the server device has a recorded configuration. An information processing device as a client that executes a processing request to a server that executes content management,
A storage unit that stores all passwords input by the user during the operation period of the server use application,
In response to a processing request to the server or a response to a password request from the server, a process of setting all passwords stored in the storage unit as transmission data is executed, and stored in the storage unit on condition that the server application is terminated. A data processing unit for executing a process of erasing all of the passwords obtained,
An information processing apparatus comprising: An information processing method in a server that executes content management processing,
Receiving a processing request and a password from a client as a processing request device for the server;
A password authentication processing step of performing a password authentication processing based on a comparison between a received password from the client and a stored password stored in a storage unit in a server,
A data processing step of executing a client request process on condition that password authentication is established in the password authentication process step;
The data processing step includes:
In the password authentication processing step, a step of determining a processing allowable area from a content directory as a content management configuration based on at least one password for which password authentication has been established;
Executing a process requested by the client when a process requested by the client is executable within the determination process allowable area;
An information processing method comprising: The password authentication processing step,
When the processing request from the client is a request to acquire or reproduce content corresponding to an object as a component of the content directory,
An element password set in the object of the content directory corresponding to the processing request content of the client,
Each element password corresponding to a higher-order object set in a higher-order object existing on a route from the object of the content directory corresponding to the client request content to the root that is the highest-order object,
Executes authentication processing based on passwords including
The data processing step includes:
14. The information processing method according to claim 13, wherein the client request processing is executed on condition that the authentication processing based on the password group is established. The password authentication processing step,
When the processing request of the client is a browsing request of content information corresponding to an object as a component of the content directory,
Executing an authentication process of an element password group set in an upper-level object existing on a route from an object in the content directory corresponding to the content information to be requested for browsing to a route that is the highest-level object in the content directory;
The data processing step includes:
14. The information processing method according to claim 13, wherein the request processing of the client is executed on condition that the authentication of the group of element passwords set in the upper object is established. The password authentication processing step,
When the processing request of the client is an acquisition request based on a search for content information corresponding to an object as a component of the content directory,
Perform authentication processing based on one or more passwords received from the client,
The data processing step includes:
In the password authentication processing step, a search (search) processing area is determined from the entire content directory by one or more passwords for which password authentication has been established, and a search (search) is performed on objects included in the determined search processing area. 14. The information processing method according to claim 13, wherein the information processing method is configured to execute processing. The password authentication processing step,
When the processing request of the client is a request for updating content or content information managed based on the content directory,
A database password set for the entire content directory,
An element password set in the object of the content directory corresponding to the update request content or the update request content information of the client,
Each element password corresponding to a higher-order object set in a higher-order object existing on a route from the object of the content directory corresponding to the client's update request content or the update request content information to the root that is the highest-order object,
Executes authentication processing based on passwords including
The data processing step includes:
14. The information processing method according to claim 13, wherein the client request processing is executed on condition that the authentication processing based on the password group is established. The password authentication processing step,
When the processing request of the client involves a movement process or a copy process of content or content information managed based on the content directory,
A source password and a destination of the content directory corresponding to the update request content or the update request content information of the client, or an element password set in a copy source and a copy destination object,
Each element password corresponding to a higher-order object set in a higher-order object existing on a route from the object of the transfer source and the transfer destination or the copy source and the copy destination to the root that is the highest-order object,
Executes authentication processing based on passwords including
The data processing step includes:
14. The information processing method according to claim 13, wherein the client request processing is executed on condition that the authentication processing based on the password group is established. The password authentication processing step,
When the processing request of the client is a request for updating an object as a component of the content directory,
A database password set for the entire content directory,
Each element password corresponding to a higher-level object set in a higher-level object existing on a route from a client update request object to a root that is a highest-level object,
Executes authentication processing based on passwords including
The data processing step includes:
14. The information processing method according to claim 13, wherein the client request processing is executed on condition that the authentication processing based on the password group is established. The password authentication processing step,
When the processing request of the client involves a moving process or a copying process of an object as a component of the content directory,
A database password set for the entire content directory,
Each element password corresponding to a higher-order object set in a higher-order object existing on a route from a source and a transfer destination of the content directory or a copy source and a copy destination object to a root that is a top-level object,
Executes authentication processing based on passwords including
The data processing step includes:
14. The information processing method according to claim 13, wherein the client request processing is executed on condition that the authentication processing based on the password group is established. An information processing method for executing a processing request to a server that executes content management,
A password storing step of storing in the storage unit all passwords input by the user during the operation period of the server use application,
Transmitting all passwords stored in the storage unit as transmission data as a response to a processing request to the server or a password request from the server;
A password erasing step of erasing all passwords stored in the storage unit on condition that the server use application is terminated;
An information processing method comprising: A computer program for executing information processing in the content management processing server,
Receiving a processing request and a password from a client as a processing request device for the server;
A password authentication processing step of performing a password authentication processing based on a comparison between a received password from the client and a stored password stored in a storage unit in a server,
A data processing step of executing a client request process on condition that password authentication is established in the password authentication process step;
The data processing step includes:
In the password authentication processing step, a step of determining a processing allowable area from a content directory as a content management configuration based on at least one password for which password authentication has been established;
Executing a process requested by the client when a process requested by the client is executable within the determination process allowable area;
A computer program comprising: A computer program for executing a processing request to the content management server,
A password storing step of storing in the storage unit all passwords input by the user during the operation period of the server use application,
Transmitting all passwords stored in the storage unit as transmission data as a response to a processing request to the server or a password request from the server;
A password erasing step of erasing all passwords stored in the storage unit on condition that the server use application is terminated;
A computer program comprising:

Images