JP2004350320A - Safe distribution system for digital contents - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a system for safely distributing digital contents. <P>SOLUTION: A user who requires the transmission of key information, a user key and digital contents, is permitted to encrypt and transmit digital contents, and the key information and user's authority information are utilized to decrypt and reproduce encrypted digital information. A unique key is provided for a registered user and key information is applied to a key generation algorithm to generate a user key. When the registered user is accessing a service server, a content encryption key to be generated is encrypted together with the user key. The content encryption key is then applied to an encryption algorithm to encrypt the digital information. A decryption algorithm permits key information which is corresponding to the identification of the registered user, to decrypt and reproduce the encrypted digital contents. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to an encryption method and an encryption device for a digital content secure distribution system, and more particularly, to generation of a key used for transmission and reproduction of digital information and use of the key. .

  People are living in an era of information that is supplied through various media such as broadcasting and publishing. Therefore, an information supplier who supplies the above-mentioned various media with integrated information appears, and among the information supplied from a specific information supplier (IP), useful information will be supplied as digital information. Some users have appeared. Accordingly, a digital content transmission system has been formed that includes an information provider that converts various types of information into a digital form and stores and supplies the digital information, and a user who receives digital information from the information supplier through a network.

  Such a digital information transmission system provides an application program for easily downloading digital content, so that a user can access the digital information transmission system via a network and use the application program. Get the information you want. Such digital information is provided to the user for free or for a fee. Here, if the digital information is charged, a service fee is determined by a server that supplies the digital information through a transmission system, and when the user downloads the digital information, the service is charged according to the amount of information used. A fee is charged.

  Among the above digital information, for example, the MPGE software protocol (Software Protocol) is widely used on Internet sites (Inerne-t sites), but music recorded without the consent of the copyright owner is usually used. Is used to transfer the digital version. Therefore, users are connected to a server that supplies digital information commercially through a network, and a small number of users can accidentally and illegally copy digital information without permission. This results in financial losses for copyright owners recording music and servers running digital information transfer systems.

  The above results were obtained by members of the European Association of Authors and Information Technolo-gy Professional as shown in Patent 57, Volume 57 of Trademark & Copyright Journal, No. 1416, p. 385 (11 March 1999). Recently attracted attention by the Interdeposit and the French Agency for the Protection of Programs, and along this path information providers and copyright owners control the transmission and reception of digital information without permission. To provide legal compensation.

  Therefore, such a need will lead to the development of techniques to protect the secure transmission of digital information, which will restrict unauthorized entities from accessing the information and will also require unauthorized access from information suppliers. This is done by limiting the use of any information obtained through the system by restricting unauthorized users from decrypting any information obtained through the system.

An object of the present invention is to provide a system for securely distributing digital content.
It is another object of the present invention to provide a digital information encryption method and apparatus for encrypting digital information received from a transmission system using a plurality of encryption keys.
It is another object of the present invention to provide a digital encryption method and an encryption apparatus for generating a plurality of encryption keys while transmitting digital information to a user.
It is another object of the present invention to provide an encryption method and an encryption apparatus for using user information in which a plurality of encryption keys generated while transmitting digital information to a user can be used.
Another object of the present invention is to provide an encryption method and an encryption apparatus for decrypting digital information obtained from a transfer system by using a large number of encryption keys at a user's terminal device and reproducing it. Is to do.
Another object of the present invention is to encrypt and transmit digital information obtained from a transmission system by using a user key, key information and a content encryption key, and to use the key information and user authentication information. Accordingly, an object of the present invention is to provide a digital information encryption method and an encryption device for decrypting digital information at a user terminal device and reproducing the digital information.
It is another object of the present invention to provide a protocol that allows decryption, transmission and encryption of digital information received from a transmission system.
It is another object of the present invention to use a number of keys for encrypting digital information to encrypt and transmit digital information received from a transmission system, and to decrypt the digital information at a user terminal. , To provide a protocol for reproduction.
Another object of the present invention is to encrypt and enable the transmission of digital information received from a transmission system by using key information, a user key, and a content encryption key, and to provide key information and user authentication information. An object of the present invention is to provide a protocol for decoding and reproducing digital information at a user's terminal device.
It is still another object of the present invention to provide a method for encrypting information more securely and transmitting it to a terminal of a user requesting the information.
It is still another object of the present invention to provide a method for restricting a registered user from simply and easily supplying information obtained from an information supplier to another entity.

The above object is achieved by providing an encryption method and apparatus capable of requesting transmission of digital information to a user terminal device. Before transmitting the requested information, the user must register the user member information including the user's identity information in a server that restricts the transmission of the digital information. The server generates encryption key information that matches the user identification information received from the terminal device. Next, the server supplies the received encryption key information to the terminal device in response to the user request for the digital information, and the terminal device receives the download of the encryption key information and stores it.
The server encrypts the digital information together with the encryption key information, and the terminal device uses a decryption algorithm associated with the encrypted information to decrypt the digital information received from the server and thus reproduce the decrypted information.

  More specifically, the present invention focuses on a protocol format for supporting copyright protection of digital information on header fields and encrypted digital information fields. The server uses a copyright protection protocol format for encrypting the content encryption key with user identification information and a key generation algorithm corresponding thereto, and a protocol format generator for generating a user key. The protocol format generator generates a copyright protection header format using a user key, and also generates a content encryption key. The protocol format generator additionally generates a header that is encrypted by using a content encryption key that forms a copyright protection protocol format. The terminal uses a decryption algorithm and a content encryption key to decrypt the key information and the user key, and decrypts the copyright protection protocol format with the content encryption key.

  The invention focuses on the use of keys to encrypt and decrypt digital information such as recorded music, audio and video. More specifically, the present invention uses three keys to encrypt and decrypt digital information.

  The user key information is key information generated by the host server upon request of the service server when the user requests digital information, and cannot be registered in the host server. If the digital content transmission system combines the host server and the service server, the user key information can be generated in the service server. The user key information is used to generate a content encryption key for the encryption / decryption method. Also, the user key information is used to determine whether or not the user's terminal device has a right to receive the encrypted digital information downloaded and play it.

  The user key information is generated by using an arbitrary number, and one-to-one communication with the user is performed. While the user key information is generated, the user key information is stored in a database of the host server together with the user's identity information, and the size of the user key information is 128 bytes.

  The user's key is then used to encrypt the header's content cipher and decrypt it. The user key is generated by applying user key information to a key generation algorithm, and the user key is used to generate and confirm user authority information. The authority information of the user includes a hash value generated by using the key information to use the user key. When the hash value of the user key is the same as the hash value of the user right information in the header, the user has the right to reproduce the encrypted digital information.

  In summary, the user key is generated by using the user key information. The user key is used to encrypt the output content included in the user's authority information in the header, to decrypt the encrypted input content, and to decrypt the encrypted digital information and reproduce it. Sometimes used. The hash value has the advantage of always providing the same output from the same input regardless of the output to the input.

  The content encryption key is used to encrypt the digital information and a part of the header. The key is generated by using an arbitrary number, and its size is a multiple of 8 bytes. In the present invention, the content encryption key is 8 bytes. The present invention is characterized by two content encryption keys that are not generated with the same content. For example, the content encryption key is generated according to the time when the user accesses the service server. Accordingly, the same user receives different content encryption keys, which are the respective content encryption keys corresponding to different access times.

  The content encryption key exists correctly while the user accesses the system, but after access, the existence becomes inaccurate.

  Further, the present invention uses a number of algorithms, such as an algorithm for encrypting digital information provided by an information supplier, and an algorithm that allows a user to decrypt information obtained from the information supplier. Many such algorithms include key generation algorithms, digital content encryption algorithms, digital content decryption algorithms, and hash algorithms.

  Among these algorithms, the key generation algorithm uses the key information to generate a user key at the host server. When the host server and the service server are separated in such a system, the key generation algorithm is included in the service server.

  Then, it is included in the digital content encryption algorithm or the service server, and is used to generate header information for encrypting the digital information.

  Alternatively, the hash algorithm is used to generate user authority information at the service server using the user key, and the authority to receive the digital information requested by the user from the information provider via the system is used. Used to determine if there is.

  The digital information requested by the user is a term having the same concept as the digital content, and the two terms are used in this specification in a mixed manner. Briefly, the digital information is data converted to digital single information as a single file, such as music or literature, and is an application program for network communication. The user will select and access the digital information stored in the file, read and listen to the digital information using a personal computer or a notebook computer to reproduce the digital information. The digital information is converted into digital data by an information provider. Such digital information includes all information stored in a file format such as a song as well as a magazine, book, dictionary, drawing or illustration. .

  1 and 2 are block diagrams showing the configuration of a digital content encryption / decryption device according to the present invention. The terminal device (10) transfers the identification of the user to the service server (12). Then, key information matching the identification transmitted from the user's terminal device (10) is received from the service server (12) and stored. The key information is received from the service server 12 together with the protocol and the encrypted digital information requested by the user. The terminal device decrypts and reproduces the digital content using the stored key information and the decryption algorithm.

  The service server (12) generates a header comprising the user authority information including the content encryption key encrypted together with the user key. The service server 12 includes the encrypted digital information in the header in order to generate a protocol for supporting copyright protection. The copyright support protocol is transmitted to the user's terminal device (10) via the network.

  As shown in FIG. 2, the terminal device (10) comprises a personal computer (11a) having a communication device and a peripheral device or an internal device (11b) for reproducing digital information. The computer (11a) and the playback device (11b) have a decoding algorithm. The terminal device (10) is a personal computer (PC) or a notebook computer (11a) connected to the Internet, and also has a communication program and a communication device connectable to the Internet. For example, the communication device is a digital television, a mobile phone, a web vedio phone, or the like, which is coupled to the computer (11a) of the terminal device (10). For example, the network access program is provided in the computer 11a, and the terminal device 10 is connected to a wired network or a wireless network.

  The personal computer (11a) receives the key information from the service server (12) and stores the key information in a memory. The personal computer 11a receives the protocol including the encrypted digital content and stores the digital content in a storage medium such as a hard disk (for example, an HDD). The computer (11a) also generates a user key using the stored key information, decrypts the content encryption key using the generated user key, and uses the decrypted content encryption key to perform encryption. Decrypts digitalized information.

  As a result, the decoded digital information is reproduced through a display device or an audio device provided in the computer (11b) independently of another internal device or the peripheral reproduction device (11b).

  Such a playback device (11b) receives the key information and the encrypted digital content through the PC (11a) and uses the decryption algorithm stored in the playback device (11b) to decrypt the encrypted digital content. Decrypt. The playback device 11b is classified into a portable type and a stationary type according to the type of the storage medium.

  The service server (12) generates key information corresponding to the user identification transmitted from the terminal device (10), stores the key information together with the identification, and when the user requests the key information, This is transmitted to the computer (11a) of the terminal device (10). The service server 12 generates the content encryption key according to a request from the user, and generates a user key using the key information of the user.

  Then, the content encryption key is encrypted by using the user key and the hash value of the user key, and the authority information of the user is generated by using the encrypted content encryption key. Alternatively, the service server (12) may generate additional digital information, and such digital information may be encrypted by using an encryption algorithm of a header including user right information to form a copyright protection protocol. It is. Then, the copyright protection protocol is transmitted to the terminal device (10).

  Also, the service settlement agent server (14) receives a single form of signal related to the digital information usage fee to download the digital content from the service server (12), and accumulates the usage fee to the registered users. Charge

  The identification that defines the user is the user's social security number (for example, a medical insurance number), a driver's license number, or the user's residence registration number. It is common to use.

  FIG. 3 is a block diagram showing another embodiment of the present invention, which relates to a terminal device (20), a playback device (21b), and a service settlement agency server (24). Therefore, since the configuration has already been described in FIGS. 1 and 2, description thereof will be omitted. The service server, the host server, and the terminal device include a computer, an auxiliary device, and a means such as a microprocessor based on a data memory.

  The service server 22 transmits a request signal for generating key information to the host server 23. The request signal for generating key information is transmitted by a user using the terminal device 20. . Then, in response to receiving the request signal, the host server (23) causes the service server (22) to transmit the key information, and the key information is transmitted to the terminal device (20). That is, the service server 22 transmits the key information to the terminal device 20 according to the user's request. Also, the service server (22) generates a content encryption key at the request of the user, generates a user key using the key information, and generates user authority information using the content encryption key. The encryption of the content encryption key uses a user key and a hash value of the user key. The service server (22) can add the digital information, and the addition of the digital information uses a cryptographic algorithm of a header including the authority information of the user to form a copyright protection protocol.

According to this, the copyright protection protocol is transmitted to the terminal device (20).
The host server (23) generates key information corresponding to the identification transmitted from the service server (22), stores the key information together with the identification, and receives a request signal received from the service server (22). The key information is transmitted to the service server (22) in response to the request.

  By using the service server (12, 22) as in the embodiment with reference to FIGS. 1, 2 and 3, the information provider can provide the user with a list or menu of useful digital information. it can. As described above, the digital information desired by the user can be easily selected. For example, if the digital information is music, the content list is the title of a song, or the name of a singer or a composer.

  FIG. 5 is a block diagram showing a detailed embodiment of the digital encryption shown in FIG. 1, and shows the relationship between the service server and the terminal device together with the functional configuration thereof. The terminal device (200) has a functional configuration related to an interface (201), a user authority authentication unit (202), a content encryption key decryption unit (203), and a digital content decryption unit (204). The interface (201) receives the key information generated by the service server (210). After reading the header of the copyright protection protocol received from the service server (210), the user authority authentication unit (202) obtains the user key, analyzes the user authority information together with the user key, and obtains digital information. It is determined whether or not the user has the right to receive the. The content encryption key decryption unit (203) decrypts the content encryption key using the user key provided from the user authority authentication unit (202). The digital content decryption unit (204) decrypts the content encryption key using the content encryption key decryption unit (203), and uses the decrypted content encryption key to receive the encrypted content encryption key together with the copyright protection protocol. Decrypt digital information.

  The service server (210) includes an interface (218), a key information generator (212), a user key generator (213), a content encryption key generator (214), a user authority information generator (215), and a header generator. (216) and a protocol format generation unit (217). The interface (218) receives the identification from the terminal device (200). Then, the key information generation unit (212) determines whether the identification received by the interface (218) is valid among the registered applicant's identifications stored in the database (211). , Key information corresponding to this is generated. The user key generation unit (213) generates a user key by applying key information to a key generation algorithm. When the user accesses the service server (210) via the interface (218), the content encryption key generation unit (214) generates the content encryption key. Request some types of items needed for information.

  The user authority information generation unit (215) encrypts the content encryption key associated with the use of the user key and generates user authority key information. The header generation unit 216 generates a header for a copyright protection protocol by using user authority information and additional information necessary for encryption. The protocol format generation unit (217) adds the encrypted digital information to the header generated by using the header generation unit (216) to generate the copyright protection protocol.

  The operation of the digital content encryption shown in FIG. 5 is performed when the user transmits an identification together with a request for receiving digital information from the service server 210, and when the identification is transmitted through the interface 218. It is noted when received by the service server (210) and when applied to the key information generation unit (212). The key information generation unit (212) determines whether or not the applicant's identity information registered in the memory of the database (211) exists. Based on the above determination result, the key information generation unit (212) generates new key information corresponding to the identity information and applied to the user key generator (212), or registers the key information read from the database (211). The generated key information is transmitted to the user key generation unit (213).

  The user key generation unit (213) generates the user key by applying the key information to the key generation algorithm, and supplies the user key to the user authority information generation unit (215). The content encryption key generation unit (214) generates a content encryption key corresponding to the user accessing the interface (218), and inputs the content encryption key to the user authority information generation unit (215). Then, the user authority information generation unit (215) encrypts the content encryption key using the user key, and calculates a hash value by applying a hash algorithm to the user key.

  Therefore, the user authority information generation unit (215) generates the user authority information using the hash value and the encrypted content encryption key. The user right information is supplied to the header generation unit (216). Then, after adding the user right information to the header, the header generation unit (216) supplies the header with the above-mentioned user right information added to the protocol format generation unit (217). The protocol format generation unit (217) forms a copyright protection protocol format by applying the encrypted digital information to the header, and causes the terminal device (200) of the user to transmit the copyright protection protocol.

  FIG. 6 is a block diagram showing a detailed embodiment of the digital encryption shown in FIG. 3, and shows a functional configuration of an interrelationship between the service server (110), the host server (120) and the terminal device (100). The key information generation unit (121) and the database (122) belong to the host server (120). The user key generation unit (111), the interface (115), the content encryption key generation unit (112), the user authority information generation unit (113), the header generation unit (114), and the protocol format generation unit (114) Belongs to the service server (110). The functional operation of the components as described above is specifically described with reference to FIG.

  The present invention as described above mainly uses a personal computer of a user, and the present invention described later is applied to an apparatus provided with a communication program and a decryption algorithm.

  FIG. 7 is a flowchart showing the operation of the service server 22 shown in FIG. 3, which shows that digital information is supplied to a user who is not registered in the database of the service server 22 beforehand. The service server (22) can access the terminal device (20) using a network access program. When the user transmits his / her ID to the service server (22), the service server (22) compares the transmitted ID with the ID stored in a database and registers the user. Check the availability.

  If the user is determined to be a registered user, no additional key information is generated. However, if the identification does not exist in the database, the service server 22 recognizes the user as a new member applicant and proceeds with the user's membership registration. When the membership registration for the user is completed, the service server 22 receives the key information from the host server 23.

  In step S510, the key information is transmitted to the terminal device 20 according to the user's request. Such key information will continue to be effective if the user does not cancel his / her membership registration.

  Next, after performing step S510, the service server 22 performs step S520 of determining whether the received signal is a user request signal for downloading digital content. Here, if it is determined that the request signal is for receiving the download, the service server (22) generates a user key using the key information, encrypts the content encryption key, and performs the use. A step S530 of generating a header using the user key and the encrypted content encryption key is performed.

  Also, in step S530, the service server (22) generates a copyright protection protocol by adding the encrypted digital content to the header, and transmits the copyright protection protocol to the user terminal device (20). Let it. Then, after transmitting the digital content to the user, the service server (22) causes the user to transmit the information usage fee obtained by acquiring the digital information, and the service settlement agent server (24) also transmits the information usage fee. The transmitting step S540 is performed. The service settlement acting server (24) allows the user to add a digital content usage fee by using the digital information.

  FIG. 8 is a flowchart showing the operation of the host server shown in FIG. First, the host server 23 performs step S610 of determining whether an identification is received from the terminal device 20. When it is determined that the above-mentioned identification has been received, the host server (23) determines whether or not the same identification as the received identification exists in the database. Step S620 of comparing the identification with the identification stored in the database is performed.

  Here, if the identification is determined based on the identification stored in the database in the step S620, the step S630 of transmitting the stored key information corresponding to the identification to the service server 22 is performed. I do. If it is determined that the identification information is different from the identification information stored in the database, a step S640 of generating key information for a new user is performed, and a step S650 of storing the identification information of the new user. Perform

  As shown in FIGS. 3 and 4, when the copyright is formed on the service server 22 and the host server 23, the service server 22 performs step S510, and performs the step S510. ) Performs steps S610 to S650. When a signal is supplied to the service server 12 as shown in FIGS. 1 and 2, the service server 12 performs the above-described steps to generate key information corresponding to the user identification. Then, the key information is transmitted to the user's terminal device (20).

The performance of the above steps can be easily understood from FIGS.
When the key information is supplied together with the digital information requested by the user, the terminal device (10, 20) decrypts the key information and the digital information through the stored decryption algorithm, and at the same time, external or internal audio. It outputs the decoded digital information to an output device (eg, a speaker or earphone) so that the user can easily hear it. Even if the digital information is illegally copied from the terminal device (10, 20) to another terminal device, the encrypted digital information cannot be reproduced nor heard by the other terminal device due to the absence of the key information. I can't do that either. If the registered user wishes to supply digital information from the service server (10, 20) to another person, the above other person's ID should be stored together with the above registered user's ID It is. The fee for the exchange of digital information as described above is charged to registered users who use the service server (22).

  FIG. 9 is a block diagram showing a functional configuration of a digital encryption device according to the present invention. The digital encryption device of the present invention comprises a protocol format encoder (30) connected to a protocol format decoder (31). The protocol format encoder 30 generates a header including information necessary for encrypting and decrypting the digital information and a copyright protection protocol format including the encrypted digital information. The protocol format decoder (31) decodes and reproduces the encrypted digital information received from the protocol format encoder (30).

  Specifically, the protocol format encoder 30 generates a user key using the key information generated by applying a user identification and a key generation algorithm. Then, the protocol format encoder 30 uses the user key and the hash value of the user key to generate a header added to the encrypted content encryption key and the user authority information. The protocol format encoder (30) also generates a copyright protection protocol format by adding digital information obtained by encrypting the content encryption key to the header.

  Then, the protocol format decoder (31) receives the copyright protocol format transmitted from the protocol format (30), generates a user key by using the key information, and sends the user to the protocol format encoder (30). When it is confirmed that the user has the authority, the user decrypts the content encryption key using the user key, and then decrypts the encrypted digital content using the content encryption key.

  The operation of the protocol format processing system will be specifically described with reference to FIGS. When a user desires to acquire digital information, the digital encryption of the present invention is arranged as digital information in a protocol format described below, and causes the user's terminal device to transmit the protocol format.

  FIG. 10 is a diagram showing a protocol format applied to the present invention. To prevent the digital information transmitted by the service server from being duplicated, the protocol format arranges both the information for encrypting the digital information and the header including the digital information and an element describing the encrypted digital content field. Let it. Referring to FIG. 10, the structure of the header is such that the user key is used to prevent the digital information from being reproduced due to the absence of the key information so that another entity obtains the encrypted digital content. And partially encrypting digital information using a content encryption key.

  FIG. 11 shows another embodiment of the copyright protection protocol in which a protocol format function is further added from FIG. The portion indicating the size of the encrypted digital information is inserted between the header and the encrypted digital content field. The size of the encrypted digital content is the same as the size of the decrypted digital content. In addition, the additional information field is added at a position following the encrypted digital content field so that the user can easily understand it.

  For example, if the digital information is musical, explain various information such as the singer's name, song title, playing time, album title, album publisher, song release time, etc. If so, explain that the additional information is relevant to the movie.

  The additional information field will cause the header and data to be arranged sequentially, and the protocol format is extended independently of the additional items of digital information included in the copyright protection protocol. .

  FIG. 12 shows a copyright support information field, an unencrypted header field, and an encrypted header field as representing the header fields suitable for FIGS.

  The copyright support information field includes a copyright support code indicating whether the digital information is copyright-supported. If the copyright support code is present in the copyright support information field, the encrypted digital information provided to the user will be recognized as legitimate and the user will decrypt it for playback. On the other hand, if the copyright support code does not exist in the copyright support information field, the digital information is confirmed as an unencrypted and illegal one (for example, when the recipient of the digital information is not registered). ), Transmitted so that the decryption method can simply reproduce the digital information without decrypting the digital information (for example, reproducing the information encrypted as noise).

  FIG. 13 is a diagram specifically showing the head fields that can be selected in FIG. An offset field indicating the size of the decrypted header field is inserted between the copyright support information field and the unencrypted header field. The offset field provides information on the position of the additional information field. The above is made possible by an additional information field accessed without analyzing the header. Further, a field indicating the size of the encrypted header is supplied to a previously encrypted header field.

  FIG. 14 illustrates a decrypted header field format suitable for the header fields illustrated in FIGS. 12 and 13. The decrypted header field includes a copyright library version field, a digital content conversion format type for indicating the type of digital content conversion format, a key generation algorithm field for indicating information on a key generation algorithm, and information on a digital content encryption algorithm. A digital content encryption algorithm field, a field for representing the user's authority information on the computer of the user terminal device, and a field for representing the user authority information on the playback device are arranged. The Digital Content Conversion Format field indicates that the conversion technique will be converted to digital content within the digital signal.

  And the converted examples are MP3 and ACC. The decrypted algorithm field contains information on the hash algorithm code, the key encryption algorithm code, the size (IV) of the internal vector, and the internal vector used for digital content encryption. The fields representing the user authority information on the computer, which is the user's terminal device, and the field representing the user authority information on the playback device are important components of the header, and are used to convey the user's authority to use the digital information. Provide confirmation.

  FIG. 15 shows an embodiment in which an unencrypted header field is included in FIG. Header fields that are not encrypted as described above functionally include additional fields which are added to the same as identifying the information supplier and the number of people sharing digital information. A field for representing the information provider code is inserted between the digital content conversion format and the key generation algorithm field.

  A field indicating the number of users sharing the terminal computer and a field indicating the number of users sharing the playback device are added to the position following the digital content encryption algorithm field.

  FIG. 16 shows a detailed structure of the user authority information field shown in FIGS. 14 and 15. The user authority information field of the computer which is a terminal device as well as the playback device is a first field indicating a size of a hash value generated by a hash algorithm, a second field indicating a hash value for a user key, and a user. A third field indicating the result value size of the encrypted digital content encryption key generated by applying the encryption algorithm and a fourth field indicating the result value of the encrypted digital content encryption key are arranged.

  FIG. 17 is a diagram showing the arrangement of the encryption headers shown in FIGS. 12 and 13 in detail. The encrypted header field is a first field indicating a basic processing unit of digital content, which is information supplied to a user, a second field indicating the number of encrypted bytes, and the encrypted digital content. A third field representing the repetition interval is arranged.

  FIG. 18 is a flowchart illustrating an embodiment for generating a protection protocol according to an embodiment of the present invention. When the digital content request signal is received by the service server, the service server performs step S110 of generating a digital content encryption key. Then, step S120 of determining whether the header generation algorithm is defined by the digital content provider is performed. If the header generation algorithm is determined to be useful to the service server, the header performs step S130 of generating a header generation algorithm defined by the digital content provider, and is determined to be not useful to the service server. Then, the header performs a step S190 of generating a predetermined value, that is, a basic value.

  After performing step S130 or step S190, perform step S140 to encrypt the digital content requested by the user, and perform step S130 or step S190 to add the encrypted digital content to the generated header. Step S150 is performed. When the additional information is supplied to the user, step 160 of determining whether the additional information exists in the digital content added to the header is performed. If it is determined that the additional information is present, steps S170 and S180 are performed in which the additional information is added to a position subsequent to the encrypted digital content so that a copyright protection protocol can be formed in the additional information field.

  The digital protection protocol transmits the digital content to a user who requests it early. The additional information is added to the digital content by the information provider. The additional information is selectively added to the digital content when the information provider requests the user for additional explanation for the digital content.

  FIG. 19 is a diagram illustrating an embodiment of a header generation method applied to FIG. The copyright support information field and a field indicating the size of the unencrypted header are generated and added to the header to explain whether the digital content supports the copyright (S210). By adding to the unencrypted header field or header (S220), the header field can be used to provide version information, music form, service provider code supporting copyright, hash algorithm, key generation algorithm, and digital content encryption. Including algorithms.

  After performing step S220 of adding a part of the header, user authority information is generated using the key information, and the generated user authority information is added to the header (S240). After performing step S240, the encrypted header information is generated (S250).

  The header information includes information necessary for digital content encryption, such as a size of a block to be encrypted, an encryption section, and a frame unit to be encrypted. The header information is generated to include a hash value, which is done by applying the entire header to the hash algorithm.

  The header information generated by performing step S250 is encrypted (S260), and the encrypted header information and the size of the encrypted header are added to the header (S270).

As a result, a header is generated which is added to the subsequent position of the encrypted digital content transmitted to the user.
As described above, the encryption algorithm is supplied by the digital content provider (S260), and the header information is encrypted using the encryption algorithm and the digital content encryption key.

FIG. 20 is a flowchart illustrating a method of generating the user right information applied to FIG.
It is determined whether key information or a digital content encryption key exists (S310). The user key is generated by applying the key information to a key information algorithm (S320).

  Then, a hash value is calculated by applying the user key generated in operation S320 to a hash algorithm (S330). Next, the digital content encryption key is encrypted using the key encryption algorithm and the user key (S340). In the determination performed in step S310, an output of an error message may be transmitted as a processing result, which is a case where it is determined that key information or a content encryption key does not exist.

FIGS. 21 and 22 are flowcharts illustrating a method for decrypting or reproducing encrypted digital information according to the present invention.
First, it is determined whether there is key information or digital content received from a digital content provider (S410). When it is determined that the digital content or the key information exists, the header is read from the digital content (S415). When it is determined that the digital content and the key information do not exist, an error is processed and the result is transmitted. (S480).

Then, it is determined whether the header read from step S415 includes the copyright support code (S420).
As a result, if it is determined that the copyright support code exists, the digital content is recognized that the copyright is supported, and the read unencrypted header information is stored in the memory with the determined variable ( S425).

If it is determined that the copyright support code does not exist, that is, the copyright is not supported by the digital content, it is recognized as an error in the decryption process, and the decryption process does not proceed any further.
Next, when it is determined that the digital content is supported by the copyright, a user key is generated using the key information, and a hash value of the user key is calculated (S430).
Next, it is determined whether the calculated hash value of the user key is the same as the hash value of the user key in the header (S435).

  Here, when it is determined that the calculated hash value of the user key is the same as the hash value of the user key in the header, the user is recognized as having authority, and the user key is used. Then, the digital content encryption key is decrypted (S440). The encrypted header is decrypted using the decrypted digital content encryption key (S445). The hash value of the entire header can be calculated by applying the entire header to the hash algorithm (S450).

  Then, in the execution of the determination in step S450, a message that "there is no right" is output, and the entire digital decryption process may be transmitted. This is because the calculated hash value of the user key is It is time to judge that they are not the same as the hash value.

  The change of the header is determined by the hash value of the entire header (S455). If it is determined that the header has not been changed, the encrypted digital content is decrypted (S460).

  Then, it is determined whether the additional information exists (S465). If it is determined that no additional information exists, the digital content is reproduced (S470). When it is determined that the additional information exists, the additional information is processed and reproduced (S475).

  If it is determined that the header has been changed in step S455, it is determined that the user does not have the authority, and the user is notified that the digital content cannot be reproduced (S490).

FIG. 23 is a diagram showing the configuration of the playback device shown in FIGS.
The memory (300) contains a moving algorithm of the whole system and a number of algorithms for decrypting the encrypted digital content. The memory 300 stores the received key information and the digital content data responsive to the write signal, and can output the stored key information and the digital content data responsive to the read signal.

  Then, the microcomputer (320) receives the key information and the digital content data stored in the memory (300), decrypts the encrypted digital content using the algorithm stored in the memory (300), and An output is performed according to a key signal input from a user key input unit (330). When outputting, the microcomputer controls a display unit (340) capable of displaying a current state.

  Accordingly, the microcomputer 320 generates a user key based on the user right information in the header using the key information stored in the memory 300 according to the algorithm, and stores the generated user key in the memory 300. Then, at this time, the input data content is encrypted. Also, the microcomputer 320 uses the user key to decrypt the digital encryption key including the user right information in the header. The encrypted digital content is decrypted using the decrypted content encryption key.

  Then, when the unencrypted digital content is received, the microcomputer 320 reproduces and outputs the digital content without decryption. The decoder (350) receives digital content input from the microcomputer (320) to output an audio signal and decodes the digital content. The decoder (350) of the present invention is preferably an MPEG decoder.

  FIGS. 24 and 25 are flowcharts showing a method for decrypting encrypted digital content, such as when the encrypted digital content is input from a personal computer to the playback device shown in FIG. The microcomputer 320 determines whether the key information is input from the personal computer (S510). If it is determined that the key information is input, the microcomputer 320 stores the input key information in the memory 300 (S510). S515).

  After storing the key information in the memory 300, the microcomputer 320 determines whether the encrypted digital content is input from the personal computer 320 (S520). Here, when it is determined that the encrypted digital content has been input in step S520, the microcomputer 320 stores the digital content in the memory 300, and after ending the transmission process, The header is read from the digital content by the decryption algorithm stored in the memory (300) (S525). When it is determined that the encrypted digital content is not input, the digital content is recognized as an error (S580), and the associated decryption process is transmitted.

  Further, the microcomputer 320 determines whether the copyright support code exists in the header of the read digital content (S530). If the copyright support code exists, it is determined that the digital content is supported by copyright, and the read unencrypted header information is stored in the memory (300) as a decision variable (S535). . Then, the microcomputer 320 generates the user key using the key information and the key information algorithm, and calculates the hash value of the user key using the hash algorithm stored in the memory 300 (S540).

  Next, the microcomputer 320 determines whether the calculated hash value of the user key is the same as the hash value of the user key in the user right information of the header (S545). At this time, if it is determined that the calculated hash value of the user key is the same as the hash value of the user key in the header, the user is recognized as having authority and the user key is used. Then, the digital content encryption key is decrypted (S550). The encrypted header is decrypted using the decrypted digital content encryption key (S555). If it is determined that the calculated hash value of the user key is not the same as the user key hash value of the header at the time of performing the determination in step S545, a message indicating “not authorized” is issued, and this is accompanied. The decryption process is transmitted.

  Such a decision is determined by the hash value of the entire header, which depends on whether the above hash value has been changed and whether the user has the right to decrypt and play the digital content. Performed (S445). Then, the hash value is calculated by applying the entire header of the hash algorithm (S560).

  The change of the entire header is determined according to whether the hash value of the entire header calculated in the step S560 is the same as the hash value of the entire header stored in the header (S565).

  If it is determined that the header has not been changed accordingly, that is, if it is determined that the hash value of the entire header calculated in the execution of step S560 is the same as the hash value of the entire header stored in the header, The encrypted digital content is decrypted (S570), and the digital content is reproduced (S575).

  When performing step S565, if it is determined that the header is changed, that is, if the calculated hash value of the entire header is different from the hash value of the entire header stored in the header, the user has no authority. Therefore, a decryption process for a user who cannot reproduce digital content is transmitted (S585).

  As described above, the present invention has been described in detail only with respect to the specific examples described, but it will be apparent to those skilled in the art that various changes and modifications can be made within the technical idea of the present invention. Naturally, such variations and modifications fall within the scope of the attached Patent Office.

〔The invention's effect〕
Therefore, as described above, the present invention cannot reproduce the encrypted digital information without using the decoding algorithm and the key information. And, even when the digital information is copied illegally, the reproduction is not performed. Thus, illegal copy distribution, issuance and unauthorized distribution are also prevented, and the problems caused by illegal copy and unauthorized distribution are minimized. In addition, the above system has an effect of collecting users who request digital information through a legal channel.

FIG. 2 is a block diagram showing one embodiment of a digital encryption configuration according to the present invention. FIG. 2 is a block diagram specifically illustrating the terminal device illustrated in FIG. 1. FIG. 3 is a block diagram illustrating another embodiment of the digital encryption configuration shown in FIG. 1. FIG. 5 is a block diagram illustrating another embodiment of the terminal device illustrated in FIG. 1. FIG. 2 is a block diagram illustrating an example of a digital encryption configuration illustrated in FIG. 1 in detail. FIG. 4 is a block diagram illustrating an embodiment of the digital encryption configuration illustrated in FIG. 3 in detail. 4 is a detailed flowchart illustrating an operation of the service server illustrated in FIG. 3. 4 is a specific flowchart according to an operation of a host server applied to FIG. 3. FIG. 4 is a block diagram showing an operation relation between a protocol format encoder and a protocol format decoder according to the present invention. 4 is a diagram illustrating a protocol format of the present invention. 7 is a diagram showing another embodiment of the protocol format of the present invention. FIG. 12 is a diagram illustrating a header field of a protocol format illustrated in FIGS. 10 and 11. FIG. 12 is a diagram illustrating another embodiment of the header field of the protocol format illustrated in FIGS. 10 and 11. FIG. FIG. 14 is a diagram illustrating an unencrypted header field suitable for the header fields illustrated in FIGS. 12 and 13; FIG. 14 is a diagram illustrating an appropriate unencrypted header field for the header fields of FIGS. 12 and 13. FIG. FIG. 16 is a diagram illustrating a format of user authority information suitable for an unencrypted header field illustrated in FIGS. 14 and 15; FIG. 14 is a diagram showing a header field shown in FIGS. 12 and 13 in detail. 5 is a flowchart illustrating a protocol generation method according to the present invention. 19 is a flowchart illustrating a header generation method illustrated in FIG. 20 is a flowchart illustrating a method of generating usage right information illustrated in FIG. 19. 4 is a flowchart illustrating a decoding method and a digital information reproducing method according to the present invention. 4 is a flowchart illustrating a decoding method and a digital information reproducing method according to the present invention. FIG. 4 is a block diagram illustrating an embodiment of a reproducer specifically adapted to digital information broadcasting illustrated in FIGS. 1 and 3. 5 is a flowchart illustrating another method for decrypting digital information according to the present invention. 5 is a flowchart illustrating another method for decrypting digital information according to the present invention.

Explanation of reference numerals

10, 20 terminal device 11b, 21b playback device 12, 22 service server 14, 24 service settlement agency server 23 host server

Claims (27)

  An apparatus for providing digital information while maintaining security transmission in a transmission system having a terminal that conditionally accesses digital information using key information, including a service server having an encryption algorithm. The service server generates key information corresponding to a user-specific character string (identity characters of a user), encrypts digital information using the key information and an encryption algorithm, and encrypts the digital information by a terminal. An apparatus for providing digital information for maintaining security transmission, which outputs digitalized information and key information.   The service server further includes a key generation algorithm corresponding to the key information to generate the user key, wherein the user key is used to encrypt the temporary valid key, and the temporary valid key is a digital information. 2. The device according to claim 1, wherein the device is used for encrypting.   The service server outputs a protocol including a header including user authority information including encrypted digital information and a temporary valid key, and the user authority information is generated using the user key. 3. The device according to claim 2, wherein   The apparatus of claim 3, wherein the protocol is a copyright protection protocol. The service server,
An interface unit for receiving a unique character string output from the terminal;
A key information generator for generating key information corresponding to the unique character string;
A user key generating unit that responds to the key information to generate a user key for encrypting the temporary valid key;
A temporary valid key generator for generating a temporary valid key in response to a digital content request signal input through the interface;
A user right information generator corresponding to a user key to generate user right information;
A header generator responsive to user rights information to generate a header; and
4. The apparatus of claim 3, further comprising a protocol format generator that adds encrypted digital information to the header to generate a protocol.   The service server further includes a database storing a number of unique character strings corresponding to registered users, wherein the database is used to determine whether the user is a registered user. 6. The apparatus according to claim 5, wherein the apparatus is used by a key information generator for comparing with a unique character string of a user. In a device for providing digital information while maintaining security transmission in a transmission system having a terminal that conditionally accesses digital information using key information,
A host server that responds to the user-specific character string to generate key information corresponding to the user-specific character string; and a service server that has an encryption algorithm, wherein the service server uses the key information and the encryption algorithm. A device for encrypting digital information and outputting encrypted digital information and key information receivable by a terminal. The host server includes a database storing a plurality of user-specific character strings and corresponding key information; and a key information generator for determining whether the user-specific character strings are stored in the database. The information generator generates key information according to a database that does not include the user-specific character string, and / or generates key information from the database according to a database that includes the user-specific character string. The apparatus according to claim 7, wherein: The digital information is encrypted using the key information corresponding to the user-specific character string, and the digital information is maintained in a transmission system having a service server for outputting the key information and the encrypted digital information while maintaining security transmission. In the device that receives
A terminal having a decryption algorithm, wherein the terminal outputs a user-specific character string receivable by the service server, and receives encrypted digital information and key information corresponding to the user-specific character string. , Decrypting encrypted digital information using a decryption algorithm and key information.   The terminal further includes a key generation algorithm corresponding to key information to generate a user key, wherein the user key is used to decrypt a temporary valid key, and the temporary valid key is encrypted. Apparatus according to claim 9, wherein the apparatus is used for decrypting encrypted digital information. The terminal,
An interface unit for receiving key information and encrypted digital information;
The apparatus further includes a user right identification unit for reading a header of the protocol, the header includes user right information including a temporary valid key and encrypted digital information, and the user right identification unit stores the user key. Utilizing the key information to obtain and analyzing the user authority information by the user key to determine whether the user has permission to receive the digital information;
A temporary valid key decryption unit for decrypting the temporary valid key using the user key; and a decryption unit for decrypting the encrypted digital information using the temporary valid key decrypted by the temporary valid key decryption unit. The apparatus of claim 10, further comprising a digital content decryption unit.   The apparatus of claim 11, wherein the protocol is a copyright protection protocol.   The apparatus of claim 9, wherein the terminal includes a network access program and is connected to a network, a public telephone network, or a wireless network.   In a system for encrypting a protocol for a service server used to transmit digital information while maintaining security transmission in a transmission system having a terminal that conditionally accesses digital information, a user-specific character is used. A protocol generation unit that generates a copyright protection protocol using the key information corresponding to the column, wherein the copyright protection protocol includes an encrypted digital information and an encrypted digital information for decrypting the encrypted digital information. A device comprising a header with information. The protocol format generation unit generates a user key by applying the key information to a key generation algorithm, calculates a hash value by applying the user key to a hash algorithm, and uses a temporary validity used to encrypt digital information. Use the user key to encrypt the key,
The apparatus of claim 14, wherein the header further comprises user authority information and an encrypted temporary key together with a hash value.   Use an arbitrary number in a device that encrypts a protocol for a service server used to transmit digital information while maintaining security transmission in a transmission system that has terminals that access digital information conditionally. And a protocol format generator for generating a copyright protection protocol by applying the key information to a key generation algorithm to generate a user key, wherein the key information is a user-specific character. According to the column, the user key is used to generate a temporary valid key for encrypting digital information, and the copyright protection protocol includes a header including the encrypted digital information and user authority information. The temporary valid key may be encrypted to generate user right information.   Utilizing key information corresponding to a user-specific character string, a transmission system having a service server including a protocol format generation unit for generating a copyright protection protocol is used to receive digital information while maintaining security transmission. In an apparatus for decrypting a protocol for a terminal, the copyright protection protocol includes encrypted digital information and a header having information for decrypting the encrypted digital information, the apparatus comprising: An apparatus, further comprising a protocol format decryption unit for decrypting key information corresponding to a user-specific character string.   The protocol format decryption unit generates a user key by applying the key information to a key generation algorithm, decrypts the temporary valid key transmitted in the copyright protection protocol by using the user key, and The apparatus of claim 17, decrypting digital information encrypted with a key.   Utilizing key information corresponding to a user-specific character string, a transmission system having a service server including a protocol format generation unit for generating a copyright protection protocol is used to receive digital information while maintaining security transmission. In a device for decrypting a protocol for a terminal, the copyright protection protocol includes a header having user information including encrypted digital information and a temporary valid key for decrypting the encrypted digital information. The device includes a protocol format decryption unit for receiving the key information and the copyright protection protocol, generates a user key using the key information, and allows the user to receive the encrypted digital information. Analyze the user authority information related to the user key to determine whether the Mochiiri the user key to decrypt the temporary valid key when obtaining the variable, and, and wherein the decrypting the digital information encrypted by using the decrypted temporary valid key.   Used in a transmission system with a service server that encrypts digital information using key information corresponding to a user-specific character string and outputs the encrypted digital information and key information for conditional access by a terminal. A service authorization proxy server communicating with a service server to receive a content fee related signal corresponding to the transmission of digital information requested and / or authorized by the user. The information is encrypted using key information corresponding to a user-specific character string.   21. The apparatus of claim 20, wherein the service licensing proxy server accumulates a content fee corresponding to a signal in a memory for a registered user. Using the key information, the digital information is encrypted, and the transmission system having the service server that outputs the encrypted digital information and the key information for conditional access by the terminal is used to convert the user's unique character string. In the device that provides the corresponding key information,
A database for storing a number of user-specific character strings and corresponding key information;
A key information generator for determining whether the user-specific character string is stored in the database, wherein the key information generator generates key information according to a database that does not include the user-specific character string; And / or generating key information from a database according to a database including a user-specific character string.   The apparatus of claim 22, wherein the key information generator stores the corresponding user-specific character string and the generated key information in a database.   Apparatus for encrypting digital information to maintain security transmission in a transmission system having a service server for providing encrypted digital information and a terminal for conditionally accessing the encrypted digital information A key information corresponding to a user-specific character string and a processing unit for encrypting digital information using an encryption algorithm, wherein the key information is a terminal for decrypting the encrypted digital information. Apparatus characterized in that it can be applied to.   The processing unit generates a user key and a temporary valid key using the key information, decrypts the digital information using the temporary valid key, and encrypts the temporary valid key using the user key. 25. The apparatus of claim 24, wherein   In a device that decrypts encrypted digital information in a service server that provides encrypted digital information and a transmission system that has a terminal that conditionally accesses the encrypted digital information, a user-specific character is used. And a processing unit for decrypting the encrypted digital information using the key information and the decryption algorithm corresponding to the column, wherein the encrypted digital information is encrypted using the key information and requested by the user. And / or authorized digital information. The digital information is encrypted using a temporary key generated using the key information, and is included in a protocol for the terminal;
The temporary valid key is encrypted using the user key generated using the key information;
The processing unit generates a user key using the key information, decrypts the encrypted temporary valid key using the user key, and decrypts the encrypted digital information using the decrypted temporary valid key. 27. The device of claim 26, wherein:

Images