JP2005063068A - Data record control device and method, storage media and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an advanced data storage control device excellent in convenience that enables erasable copy-restricted contents to be not copied but safely moved to other media, while enabling the producer of the contents to prevent illicit copies, and enabling viewers to record and manage the contents in desired media. <P>SOLUTION: When data in one device 1.1 is transferred to the other device 1.2, the data is encrypted within the one device 1.1 using a characteristic encryption key. The encrypted data is sent to the other device 1.2. After the one device 1.1 recognizes that the sending is complete and the data in the one device 1.1 is erased, a decryption key for the encrypted data sent to the other device 1.2 is transferred from the one device 1.1 to the other device 1.2. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to a data recording control apparatus, and is particularly suitable for application to copy control of content (a general term for programs, image data, audio data, and other data) with copy restrictions.

  2. Description of the Related Art Conventionally, content copy restrictions and copy prevention systems have been introduced for content such as broadcasts and rental videos in order to protect the interests of content owners and prevent unauthorized copying.

JP 2001-333371 A

  Among these copy restrictions, there is content that has the restriction that “copying is possible once”, that is, the received and output content can be recorded only on one medium, and the recorded content is called “uncopyable” It is controlled so that it becomes restricted content and copying to another is impossible.

  On the other hand, there is a request that the viewer wants to move the recorded content to another medium instead of copying it, for example, to manage it as a library on a single tape. A system that can move restricted content is required.

  Conventionally, both the content and the recording device are analog, and in these analog recording devices, there is degradation of images, sound, etc. at the time of copying, the demand for movement is not so strong, and the system for moving these contents is Did not exist.

  However, digital broadcasting, DVD, Internet distribution, etc., digitization of content, digital video tape recording device (hereinafter abbreviated as VTR device), hard disk (hereinafter abbreviated as HDD) recording device, DVD recording device, etc. With the widespread use of digital recording devices, digital copying without deterioration becomes possible. With the advent of recording devices such as HDD recording devices that do not generally replace or add media, the above-mentioned transfer of copy-restricted content is prevented. The demand is getting stronger.

  As a conventional example relating to the movement of the content, there is Patent Document 1, which is an analog content that is digitized and erased while being transferred to the destination. The content is separated into the movement source and the movement destination, it is difficult to recover, and it cannot be moved reliably.

  The present invention has been made in view of the above problems, and an object of the present invention is to provide a data storage control device that allows erasable copy-restricted content to be safely transferred to another medium instead of being copied. To do.

  Further, the present invention provides a data storage control device that can prevent unauthorized copying for content creators, record and manage content on desired media for viewers, and has higher functionality and convenience. With the goal.

  The data storage control device according to the present invention includes a connection unit for connecting at least two devices to each other, an encryption unit for encrypting data with an encryption key, and the data from one device to the other device. Transmission / reception means for transmitting / receiving, recording means for recording the data to be transmitted / received, management means for managing the data recorded in the recording means, transfer means for transferring a decryption key, and the data of one of the devices A notification recognizing means for notifying one of the devices that the reception of the data has been completed in the other device and recognizing the notification in one of the devices when transmitted to the other device; When transferring the data in the device to the other device, the encryption means encrypts the data with a unique encryption key in the one device, and Transmitting the data encrypted by the other device, the one device recognizes that the transmission is completed by the notification recognition means, and after erasing the data in the one device, The decryption key for the encrypted data transmitted to the other device by the transfer means is transferred from one device to the other device.

  In one aspect of the data storage control device of the present invention, after the data in one device is transferred to the other device, the other device detects that the data has been deleted in one device. And detecting means.

  In one aspect of the data storage control device of the present invention, when the other device fails to detect completion of data deletion by the detection means within a predetermined time, the transferred data in the other device is discarded. To do.

  In one aspect of the data storage control device of the present invention, an authentication unit that mutually authenticates the connected devices, copy restriction information that restricts duplication of the data, and copy restriction information management unit that manages the copy restriction information; Is further included.

  In one aspect of the data storage control device of the present invention, the recording means is a hard disk.

  In one aspect of the data storage control device of the present invention, receiving tuner means for receiving a television broadcast, decoding means for decoding the received data received by the receiving tuner means, and decoding image data out of the received data. Display means for displaying and voice output means for outputting decoded voice data among the received data are further included.

  In the data storage control method of the present invention, when transferring data in one device to the other device, the data is encrypted with a unique encryption key in the one device, and the encrypted data is transferred to the other device. One of the devices recognizes that the transmission has been completed and the transmission is completed, erases the data in one of the devices, and then decrypts the encrypted data transmitted to the other device The key is transferred from one device to the other device.

  In one aspect of the data storage control method of the present invention, after the data in one of the devices is transferred to the other device, the other device detects that the data has been deleted in one of the devices. To do.

In one aspect of the data storage control method of the present invention, when the other device fails to detect completion of data deletion within a predetermined time, the transferred data in the other device is discarded.
The storage medium of the present invention is a computer readable medium characterized by storing a program for causing a computer to execute the procedure of the data recording control method.

  The program of the present invention is for causing a computer to execute the procedure of the data recording control method.

  According to the data storage control device of the present invention, erasable copy-restricted content can be safely moved to another medium instead of being copied.

  In addition, the present invention can prevent unauthorized copying for content creators, record and manage content on desired media for viewers, and realize a data storage control device with higher functionality and convenience. To do.

(First embodiment)
Hereinafter, a first embodiment of the present invention will be described with reference to the drawings.
FIG. 1 is a block diagram showing the entire data recording control apparatus according to the first embodiment.
1.1 is a television (hereinafter abbreviated as TV) device capable of receiving digital broadcasts with a built-in recording unit, which receives television, records and stores received programs, data, and devices connected to the s1.1 1394 bus. Data transmission / reception and data transmission / reception to / from the remote control device 1.2, and display and audio output of video, audio, operation data, and the like.

A remote control device 1.2 is used to control and operate the TV device 1.1 and other devices.
1.3 is an HDD recording device that records and reproduces data such as video and audio. These devices perform data transmission / reception and operation control through the s1.1 1394 bus, which will be described later, and can output video and audio to the TV device 1.1.
1.4 is a VTR device that records and plays back video and audio data on tape media. Similar to the HDD recording device 1.3, these devices perform data transmission / reception and operation control through the s1.1 1394 bus described later, and can output video and audio to the TV device 1.1.
1.5 is a personal computer device, a so-called PC device.

  S1.1 is an IEEE1394 bus (hereinafter abbreviated as 1394 bus) and is a network standard standardized by IEEE. The 1394 bus connects the TV device 1.1, 1.3 HDD device, 1.4 VTR device, etc., and transmits / receives content such as images and sounds, and controls each device.

FIG. 2 is a block diagram illustrating details of the TV apparatus 1.1.
1.101 is a tuner unit that amplifies a high-frequency TV signal of TV broadcasting, selects a desired station, demodulates a digital video / audio signal, and other data signals, and later-described decoder unit 1.102, first encryption The data is output to the encryption unit 1.151 and the second encryption unit 1.153 through the signal line s1.11.

  1.102 denotes a decoder unit which decodes the separated video / audio signal and outputs the decoded video / audio signal to the audio control unit 1.105 and the image control unit 1.107. Other data signals are output to the bus s1.101 as necessary.

  1.105 is an image control unit that switches or synthesizes image data selected through the signal line s1.11 and the internal bus s1.19 under the control of the system control unit 1.190 described later, and outputs it to the display 1.108 described later To do.

Reference numeral 1.108 denotes a display which displays image data from the image control unit 1.107.
1.105 is an audio control unit that switches or synthesizes audio data from the 1.101 tuner unit and the internal bus s1.19 to control volume, sound quality, presence, etc., and an audio output unit 1.106 described later. Output to.
An audio output unit 1.106 amplifies the audio signal input from the audio control unit 1.105 and outputs audio from the speaker.

  1.151 is a first encryption unit that performs encryption processing of data recorded in a 1.152 data recording unit, which will be described later, and decryption processing of encrypted data recorded in a 1.152 data recording unit. This is performed by a block encryption method using a common key encryption. The encryption key for the encryption is generated and managed by the control unit 1.190, and is effective only in this apparatus.

  1.152 is a data recording unit, which is an HDD recording device, and has a capacity of 100 GB. The control unit 1.190 encrypts and records the received TV broadcast data and the data received from the 1394 interface (hereinafter abbreviated as i / F) unit 1.160 by the first encryption unit 1.151. The encryption is encrypted with a unique encryption key for each content, and the encryption key is managed in a content management table of FIG. 6 to be described later.

  Also, the data recorded in the data recording unit 1.152 is decrypted by the first encryption unit 1.151 according to the request of the control unit 1.190, and is output to the decoder unit 1.102 and the second encryption unit 1.153.

1.153 is a second encryption unit that performs encryption processing when data input from s1.11 is output to the 1394i / F unit 1.160 through the signal line s1.12.
Also, decryption processing of the encrypted data input from the 1394i / F unit 1.160 through the signal line s1.12 or input from s1.11 is performed and output to s1.11.
Also, the second encryption unit 1.153, when there is no content encryption key of the encrypted data input from the 1394i / F unit 1.160 through the signal line s1.12, does not perform the decryption process and returns to s1.11 It can also be output.
The processing is performed by the same block encryption method as in 1.151, but the encryption parameters and encryption keys are different, and generation and management are performed by the 1.154 authentication management unit.
The encryption / decryption process is performed in 1394 packet units described later.

1.154 is an authentication management unit that stores and stores a device ID, a set of a private key and a public key used for authentication with a connection device, and a signature of the certificate authority given by the certificate authority. It also stores algorithms, operations, and encryption parameters necessary for authentication, generates authentication encryption keys and performs encryption operations in response to requests from the control unit 1.190, and authenticates devices connected to the 1394 bus s1.1. Do.
In addition, when outputting data from the 1394i / F unit 1.160, a content encryption key is generated and passed to the second encryption unit.

In general, a copy protection system creates a certification organization for a method determined to be used by a content right holder, a device manufacturer, etc., and manages usage permission there.
When a device is certified as conforming by an accreditation body, ID information, secret information such as encryption algorithms, encryption parameters, and encryption keys are supplied to the device for authentication and data exchange between conforming devices. Is done.
The compatible device performs mutual authentication based on the above information when connected to another device, and rejects connection with a device that cannot be authenticated. A device that performs illegal copying is not authorized and cannot be authenticated with the authorized device.

Further, at the time of data transfer, encryption based on the secret information is performed and data is transmitted.
The copy protection system according to the present invention is a similar system. In this embodiment, the TV device 1.1, the HDD recording device 1.3, the VTR device 1.4, and the CS set-top box (hereinafter abbreviated as STB) 1.5 are certified devices. Yes, PC1.6 is a non-certified device.

1.155 is a content management table that can be used to understand the contents and attributes of content such as video / audio recorded in the recording unit 1.152. It is used by the 1.190 control unit and displayed by viewer operation. Is done.
The management table 1.155 is such that the stored contents are not lost even when the power is turned off.

FIG. 6 shows details of the content management table. The content title, genre, resolution (mode), time, used capacity, copy restriction information (copy mode), and encryption key (KCi) at the time of recording are stored and change depending on the recording operation.
In FIG. 6, one content (genre: movie) of “copy not possible” is recorded.

  1.160 is a 1394 i / F unit, which is an interface based on the above-mentioned IEEE1394 standard. Data is transmitted to and from the HDD recording device 1.3, VTR device 1.4, etc. connected to the TV1.1 device through the 1394 bus S1.1. Send and receive.

  The remote control control unit 1.180 is a remote control transmission / reception control unit using infrared rays, and transmits / receives data to / from a remote control device 1.2 (to be described later) operated and transmitted by a TV viewer, and transfers the data to the control unit 1.190.

1.190 is a system control unit that controls each unit in the TV apparatus 1.1 in an integrated manner.
It consists of a CPU, main memory, bus control unit, program storage unit, parameter storage unit, etc. The parameter storage unit, like the content management unit, does not erase its contents even when the power is turned off.

In TV reception, the tuner unit 1.101 described above is controlled, and channel switching, charging control, control from EPG data, and the like are performed.
It also controls the image control unit 1.107 to perform composition and display control of video / audio signals, icons, various information displays, etc. from the tuner unit 1.101, VTR device 1.3, HDD device 1.4 and the like.
Similarly, the voice control unit 1.105 is controlled, voice synthesis and output control are performed, and output control to the voice output unit 1.106 is performed.

  In addition, control is performed to encrypt and record received data from the tuner unit 1.101 and data from the 1394i / F unit 1.160 by the first encryption unit 1.151, and at the same time manage the content management table.

It also controls the i / F unit 1.160 1394, recognizes the connected device through the 1394 bus s1.1,
Control the connected HDD recorder 1.3, VTR1.4, etc., and send and receive data.
At the time of these transmissions / receptions, the progress status is grasped by setting / clearing a recording flag or the like which will be described later, and appropriate processing is performed.

Also, the i / F unit 1.160 1394 and the authentication management unit 1.154 are controlled to authenticate the connection device.
It also controls the first encryption unit 1.151, the HDD recording device 1.152, the second encryption unit 1.153, the 1394i / F unit 1.160, etc., and is connected to the HDD recording device 1.152 and the 1394 bus s1.1 and authenticated by the control. Control of data encryption / decryption, transmission / reception of encrypted data, data recording / deletion to / from the HDD recording device 1.152.

These controls in the control unit 1.190 are performed in a timely manner by determining a signal from the remote control state receiving unit 1.142 from a signal from the remote control unit 1.140.
In addition, during the remote control operation, a menu screen, a function selection screen, an operation panel screen of the apparatus, various message screens, or the like are displayed according to the remote control operation of the viewer.
In addition to this, the control is also performed based on the situation inside the TV apparatus 1.1 and information from the 1394i / F1.160.

  S1.19 is an internal bus, which is a data and control bus, and as described above, is a bus in the TV apparatus 1.1 that is used for transferring image and audio data and transferring information of each part.

FIG. 3 is a detailed block diagram of the HDD recording device 1.2.
This HDD recording device 1.2 is equivalent to the TV device 1.1 with the tuner unit, decoder unit, audio, image control unit, audio output unit, display unit, and remote control unit deleted, but the capacity of the HDD is 500 GB And it is bigger than the TV device 1.1.

  The first encryption unit 1.351 is the first encryption unit 1.151, the data recording unit 1.352 is the data recording unit 1.152, the second encryption unit 1.353 is the second encryption unit 1.153, and the authentication management unit 1.354 is the authentication management unit 1.154. The content management table 1.355 has almost the same function as the content management table 1.155, and the 1394i / F unit 1.360 has almost the same function as the 1394i / F 1.160.

FIG. 8 shows the contents of the content management table.
The control unit 1.390 has substantially the same function as that obtained by deleting the control functions of the tuner unit, decoder unit, audio, image control unit, audio output unit, display unit, and remote control unit from the control unit 1.190.

FIG. 4 is a block diagram of remote control device 1.2.
1. 201 is a remote control unit that transmits remote control key data output from the remote control key unit 1.202 to the remote control unit 1.180 in the TV apparatus 1.1.
1. 202 is a remote control key unit, which is a key button for the TV viewer to operate the TV device, the HDD device 1.3 connected to the TV device, and the like as shown in FIG.

FIG. 5 is an external view of the remote control device 1.2 used in the present invention.
mn1.202 is a group of device operation keys, consisting of menu keys, left / right up / down cursor keys, enter key, return key, etc., display the operation list from the menu keys, select the desired operation with the cursor keys, and decide A desired device operation and control are executed by an operation such as determining with a key.

ch1.202 is a TV channel switching key group.
hd1.202 is a key group for operating the HDD device 1.152 in the TV device 1.1. This is operated to record, play back, fast forward, etc. the content.

Next, the operation of the present embodiment will be described.
As an operation, a case will be described in which the viewer of the TV device 1.1 moves a movie that cannot be copied to the HDD recording device 1.3 in the content of FIG. 6 recorded in the content recording unit 1.152.

First, a schematic operation flow in this case will be described with reference to FIG. 10, and then necessary steps will be described in detail.
First, the power of each device in FIG. 1 is turned on, and each device is connected via the 1394 bus s1.1.
When the power is turned on or when each device is connected to the 1394 bus s1.1, a bus reset occurs, and each device connected to the 1394 bus s1.1 investigates the connected device, and the connected device A list is created, and the TV device 1.1 is stored in the control unit 1.190, and the HDD recording device 1.3 is stored in the control unit 1.390.

When the power is turned on, a recording flag in the control unit 1.190 is detected, and processing corresponding to the state of the flag as described later is performed (st2101).
Next, based on the connection list, an authentication operation is performed between devices whose connection is confirmed (st2102, details will be described later).
Thereafter, a content selection and movement request is generated by the operation of the viewer of the TV apparatus 1.1. Here, it is assumed that processing for moving non-copyable contents (wonder stream, movie) in FIG. 6 is performed (st2103, details will be described later).
Then, the TV apparatus 1.1 performs a re-authentication operation on the HDD recording apparatus 1.3 that is the target of content movement. If the authentication is not performed, the moving operation ends here (st2104).
A connection for content transfer is established with the HDD recording device 1.3 (st2105).
Then, movement processing is executed according to the viewer's execution decision (st2106, details will be described later).

Next, the authentication operation of st2102 and st2104 will be described.
Authentication uses a combination of the digital signature method (hereinafter referred to as EC-DSA method) using public key cryptography using elliptical encryption and the Challenge-Response method, which have been widely used.
In addition, after authentication, a key sharing method based on the Diffie-Hellman method (hereinafter abbreviated as DH method) is used to generate a shared key for transmitting and receiving secret data such as a content encryption key between apparatuses.

FIG. 11 shows an authentication procedure of the TV apparatus 1.1 and the HDD recording apparatus 1.3 in the present embodiment.
First, the TV device 1.1 issues an authentication request command to the HDD device 1.3 and waits for authentication confirmation data to be transmitted from the HDD recording device 1.3 (st2201). Authentication confirmation data for authentication based on EC-DSA method stored in the authentication management unit 1.354 (the device ID and the message digest value of the signature of the certification authority are stored in the same way (HDD recording device 1.3) ) And a random number B for DH key exchange, and these are sent to the TV device 1.1, and authentication confirmation data is sent from the TV device 1.1. Wait for it to come (st2252).

  When the TV apparatus 1.1 receives the authentication confirmation data from the HDD recording apparatus 1.3, the TV apparatus 1.1 inspects the data, and if the HDD recording apparatus 1.3 can confirm that the apparatus is authenticated by the certification authority, the process proceeds to st2203. If not, the authentication is terminated abnormally and the process ends abnormally (st2202).

If the authentication device can be confirmed, the authentication confirmation data of the TV device 1.1 and the random number A necessary for the DH method are calculated and transmitted to the HDD recording device 1.3 (st2203, st2261).
Then, the data obtained by hashing the certification authority's signature with the random number B is transmitted to the HDD recording apparatus 1.3, and the process waits for the hash data for the confirmation data transmitted by itself to be transmitted from the HDD recording apparatus 1.3 (st2204).

When the authentication confirmation data is transmitted from the TV device 1.1, the HDD recording device 1.3 performs the authentication processing of the TV device 1.1 based on the EC-DSA method as in the case of the TV device 1.1, and proceeds to st2253 when the authentication can be confirmed. Otherwise, authentication is impossible and abnormal termination processing is performed (st2252,
) (st2261).

  Then, the data obtained by hashing the signature data of the certification authority with the random number A of the TV apparatus 1.1 is transmitted to the TV apparatus 1.1 (st2253).

  Next, the hash data transmitted in st2204 is compared with the data obtained by hashing own signature data with the random number B. If they match, the authentication data and the random number B are surely transmitted to the TV apparatus 1.1, and the user is authenticated. Confirm that this has been done (st2254).

On the other hand, the TV device 1.1 also compares the hash data transmitted in st2253 with the data obtained by hashing its signature data with the random number A, and if they match, the authentication data and the random number A are certainly transmitted to the HDD recording device 1.3. Confirm that you are authenticated (st2205).
In this way, both the TV apparatus 1.1 and the HDD recording apparatus 1.3 authenticate the other party (st2206, st2255).

Next, the TV device 1.1 and the HDD recording device 1.3 use the random number A and the random number B to calculate the shared key KUAT based on the DH method (st2207, st2256).
Subsequent data exchange between the TV device 1.1 and the HDD recording device 1.3 is performed using the calculated shared key KAUT.

If the device that has received the authentication request command does not understand these commands and does not respond, the command issuing side ends the authentication operation due to a timeout. If these commands can be understood but are not supported, the command receiving device returns a rejection response to the device that issued the command, thereby disabling authentication, and the authentication operation is terminated.
Similar authentication operations are performed between other devices.

Next, the operation for moving content by the TV viewer in st2103 will be described with reference to FIG.
The operation is performed by the TV viewer operating the mn unit 1.202 of the remote control 1.2.
When the TV viewer presses the menu key on the remote control, a menu screen like dp2301 is displayed on the TV device 1.1. Select “Copy” with the up and down cursor keys and press the Enter key to move the content. Started (st2301).

When the enter key is pressed, a copy source selection screen such as dp2302 is displayed instead of dp2301, and “Internal HDD” is selected and the enter key is pressed (st2302).
Then, the content management table of FIG. 6 is displayed (the encryption key is not displayed). From this, “Wonder stream, movie, copy impossible” is selected, and the enter key is pressed (st2303).
Then, the dp2303 copy / move selection screen is displayed, but the selected content cannot be copied, indicating that the copy button cannot be selected (here, gray display and dp2304 copy not possible message are displayed at the same time, The viewer is guided to select “move.” The TV viewer “selects move” and presses the enter key (st2304).

Next, the copy destination selection screen is displayed. Here, select “External Device” and press the Enter key. Next, the dp2308 list of external devices is displayed. From here, select “HDD Device” and press the Enter key. Is pressed (st2305).
As described above, when the destination is determined, the authentication operation in FIG. 11 is performed again on the apparatus.

Finally, a dp2307 movement start button is displayed. When this button is pressed, the st2105 connection operation is performed, and then the st2106 movement process is started.
Further, since the content cannot be copied, a confirmation message (dp2308) that the content in the TV device 1.1 is automatically deleted is displayed after the movement (st2307).

Next, an operation for establishing a connection for transferring the content of st2105 will be described with reference to FIG.
For content transfer, the isochronous mode of 1394 bus s1.1 is used.
For this purpose, first, the TV apparatus 1.1 that is a content copy source and a transmission request source obtains a communication band and a channel. This is done by writing to the isochronous resource register common to all devices.

  First, the bandwidth to be used is determined according to the transfer speed of the content to be transferred (st2401), and it is checked whether there is a bandwidth available (st2402). Process.

In the present embodiment, it is assumed that other devices have a free bandwidth, and the used bandwidth is written in the resource register (st2403).
The same applies to the channels. The unused channels are checked from 1 to 63 (st2404), and if they are checked, an arbitrary channel is registered in the resource register (st2405).

  Next, the information of the acquired channel and transfer rate is written to the plug register and plug control register of the HDD recording device 1.3 which is the copy destination, thereby notifying the HDD recording device 1.3 (st2406).

Next, the flow of the content moving operation in st2106 will be described with reference to FIG.
When the TV device 1.1 and the HDD recording device 1.3 are mutually authenticated, bandwidth and channel resources are secured, and a connection is established, the TV device 1.1 first issues a recording command to the HDD device 1.3. At this time, recording time and recording capacity are added as options.

Also, a recording flag is set in the parameter storage unit in the control unit 1.190 (st2501).
Receiving this, the HDD recording device 1.3 understands the recording command, checks the free space of the HDD, confirms that the content from the TV device 1.1 can be recorded, and returns an acceptance response.

If there is no free space, a “capacity shortage” option is added as a response to the recording command and a reject is returned. (st2551)
The TV apparatus 1.1 that has received this accept response generates a content encryption key KCX and waits for a request from the HDD recording apparatus 1.3 if the response is accept. In the case of “Insufficient capacity” response, a message “Recording is not possible due to insufficient space at the destination” is displayed on the display unit 1.108, and the movement process is stopped (st2502, st2503, st2531).

  On the other hand, the HDD recording device 1.3 that has returned the response generates the encryption key KC4 ′ for encryption when recording the received content when recording is possible (st2552), and stores it in the control unit 1.390 (st2553). )

  Thereafter, a request command for the content encryption key KCX is issued to the TV apparatus 1.1, a recording flag in the control unit 1.390 is set, and a response is awaited. If the capacity is insufficient, the recording process is terminated (st2554).

  Receiving this, the TV apparatus 1.1 returns a “move” response to the HDD recording apparatus 1.3 without returning the encryption key KCX (st5204).

Receiving this response, the HDD recording device 1.3 understands the movement response, not the encryption key KCX, and starts the movement processing operation (st2555).
First, a status command for confirming the content recording status (contents content, HDD free capacity) of the HDD of the TV device 1.1 that is the content transfer source is issued to the TV device 1.1 (st2556).

Receiving this command, the TV apparatus 1.1 returns the content management table and the HDD free space to the HDD recording apparatus 1.3 (st2505).
The HDD recording device 1.3 that has received the response to this status command recognizes the HDD status of the TV device 1.1, temporarily stores it in the control unit 1.390, and waits for content to be transmitted from the TV device 1.1 ( st2557).

The TV device 1.1 that returned the HDD free space in st2505 decrypts the content “Wonder Stream, Movie” data to be moved with the encryption key KC4 corresponding to the content in the first encryption unit 1.151, and then packetizes it for transfer. It is encrypted with the content encryption key KCX and transmitted to the HDD recording device 1.3 (st2506).
Receiving this, the HDD recording device 1.3 stores the encrypted data as it is in the content recording unit 1.352 (st2558).

When the content transfer ends, the TV device 1.1 transmits a stop command to the HDD recording device 1.3. (st2507)
The TV apparatus 1.1 that has received the recording stop response issues a status command as to whether or not the recording has been normally completed on the 1.3 HDD (st2508).
Upon receiving this, the HDD recording device 1.3 checks whether the content is recorded normally (st2560) .If it is normal, it returns a normal response (st2561) .If it is abnormal, it returns an abnormal response. To finish (st2571).

Upon receiving this response, the TV device 1.1 deletes the transmitted content “Wonder stream, movie, copy impossible” from the content recording unit 1.152 in the case of a normal reception response (st2509, st2510). In the case of an abnormal reception response, a message “Recording failed” is displayed, an abnormal termination process such as discarding the transfer encryption key KCX is performed, and the transfer process is terminated (st2509, st2531).
On the other hand, the HDD recording device 1.3 that returned a normal response issues a request command for the content encryption key KCX of the recorded content (st2562).

  The TV device 1.1 that has received this request confirms that the content has been erased, encrypts the content encryption key KCX with the shared key KAUT generated in FIG. 11, and returns it to the HDD recording device 1.3 as a response. Thereafter, a status command for confirming whether or not the encryption key has been received is issued (st2511).

  The HDD recording device 1.3 receives the content encryption key, decrypts it with the shared key KAUT, stores it in the authentication management unit 1.354, and returns a reception response to the received status command (st2563, st2564).

  Receiving the response of the encryption key KCX reception, the TV apparatus 1.1 discards the KCX and deletes the item “moved content“ wonder stream, movie, copy impossible ”” from the content management table. As a result, the content management table is as shown in FIG. 7 (st2512).

After that, the HDD recording device 1.3 issues a status command for HDD status investigation to the TV device 1.1, similarly to st2556, and waits for a response (st2565).
The TV apparatus 1.1 that has received this status command returns the updated content management and HDD free space as a response, and the movement process on the TV apparatus 1.1 side ends (st2513).

  The HDD recording device 1.3 that has received this response compares the content management table received in st2556 with the HDD free capacity, and the content received and recorded in the HDD recording device 1.3 in the TV device 1.1 has been deleted due to the difference. Is confirmed (st2566).

If it cannot be confirmed, it waits for a certain time, issues a status command again, and waits for a response (st2581, st2582, st2565).
If the deletion cannot be confirmed, the content transmitted to the HDD recording device 1.3 is deleted at st255, and the process ends (st2566, st2581).

  On the other hand, if deletion can be confirmed, first, the content recorded in the content recording unit 1.352 in st2558 is decrypted by the first encryption unit using KCX, generated in the st2553, and stored in the control unit 1.390 Using the recorded KC4 ′, it is encrypted by the second encryption unit and re-recorded in the content recording 1.352 unit. At the same time, the content recorded in st5228 is deleted.

  In this way, when re-encryption and re-recording of all content is completed, the transfer encryption key KCX used for transfer is discarded, and the newly recorded content “Wonder Stream, Movie, Copy” is stored in the content management table. The “impossible” section is newly added and the movement process is terminated. As a result, the content management table of the HDD recording device 1.3 is as shown in FIG. 9 (st2567).

  When the viewer performs the movement interruption process during the movement operation process, the 1.190 control unit issues a recording command (cancellation option) and ends the movement process when receiving a response from the HDD recording device 1.3.

  Also, if any abnormality occurs in the TV device 1.1, it issues a recording command (stop option) and receives a response from the HDD recording device 1.3, clears the recording command, discards the content encryption key KCX, and moves Terminates abnormally.

  Also, even if there is no response from the HDD recording device 1.3, including the above response, wait for timeout, clear the recording command set above, discard the content encryption key KCX, and terminate the transfer process abnormally .

In addition, when the power of the TV device 1.1 is cut off during the recording process, the recording flag remains set in the parameter storage unit of the control unit 1.190, and when the power is turned on again, the control unit 1.190 When the parameter storage unit is investigated and it is detected that the recording flag is set, the recording flag is cleared, the remaining content encryption key KCX is discarded, and it is handled that the previous movement process has not been performed.
On the other hand, the HDD recording apparatus 1.3 side also performs similar stop / end processing.

  As described above, according to the data recording control apparatus of the present embodiment, it is possible to safely move erasable copy-restricted content to another medium instead of copying.

  In addition, unauthorized copying can be prevented for the content creator, and the content can be recorded / managed on a desired medium for the viewer, thereby realizing a data storage control device with higher functionality and convenience.

(Second Embodiment)
In the second embodiment, an example in which audio contents are moved between a PC and a portable player will be described.
FIG. 15 is a block diagram showing the entirety of the data recording control apparatus according to the second embodiment.
A personal computer (PC) 2.1 is used for transmission / reception, recording, management, encryption, and the like of audio contents in this embodiment.

Reference numeral 2.102 denotes an HDD unit, which is divided into a 2.102a content management unit, a 2.102b data recording unit, and a 2.102c system use unit.
2.102a is the same as the content management table 1.155 of the first embodiment, for managing audio content, and the content management table in the present embodiment is used as a server, The contents are as shown in FIG.

 The n-th song in gray is moved to the portable player B, indicating that it is not currently in the PC device 2.1. As described above, content that does not currently exist in the PC device 2.1 is not deleted from the management table, and the re-move operation to the PC device 2.1 is facilitated.

2.102b is a recording unit that encrypts and stores the substance of the audio content.
2.102c is a program unit that stores application software (hereinafter abbreviated as “app”) for use in the second embodiment, such as downloading, copying, and moving of audio content, which will be described later. Controlled and executed by the motherboard unit.

2.102d is a general-purpose area used for the operation of the system area, applications, etc. used by the PC 2.1 for control, display, etc. of the entire PC including the present embodiment.
Reference numeral 2.103 denotes an input / output device such as a CD drive or an FDD drive, which can also input audio data.
Reference numeral 2.104 denotes a keyboard and mouse unit (hereinafter referred to as KB unit), which are used for downloading audio data, operating a portable player 2.2 using USBi / F2.160 described later, and transmitting / receiving data.

  Reference numeral 2.105 denotes a display device unit, which is used to display a menu screen, an operation content management table, and other various information at the time of downloading audio data, operating the portable player 2.2, and transmitting / receiving content, like the KB unit. 2.106 is an Internet connection unit that is connected to a telephone line, connects to the Internet through this, and downloads audio contents.

  2.160 is a USBi / F unit, which is a standard interface of a PC, and is a serial bus that transfers data of about 10 Mbps. In the present embodiment, the portable player 2.2 is connected through the USB bus s2.1 to transmit / receive audio data and control the audio player.

  2.190 is a motherboard unit (hereinafter abbreviated as MB unit), which includes a CPU, a control unit, a memory, and the like. In the second embodiment, audio data download, operation of portable player 2.2, content transmission / reception operation For the control, the above-mentioned application is executed, and overall control is performed. Unlike the first embodiment, the content encryption / decryption processing is performed by the motherboard unit 2.190 and the HDD unit 2.102 by the application.

  Needless to say, these units are also used during general operation of the PC, operation and control of the connection device, and use of various software.

2.2 is a portable player for listening to audio content.
This is a device for recording in flash ROM 2.202, outputting from output unit 2.203, and listening to audio content.

2.202 is a flash ROM (rewritable data holding memory) on which audio content is recorded through the USB i / F unit 2.260.
An audio output unit 2.203 amplifies the audio content decoded by the control unit 2.290 and outputs it from the headphones.
An operation unit 2.204 includes switches and buttons for operations such as reproduction and volume adjustment of the portable player.
2.260 is a USB i / F. This USB i / F unit is a target specification i / F, and is unilaterally controlled by the host specification USBi / F2.160.
2.290 is the control unit, as follows
Control USBi / F2.260, input audio contents, write to flashROM2.202, send / receive control data.

At this time, authentication processing with the host device is performed. Cryptographic processing necessary for the authentication is performed. The device ID, the signature of the certification authority, and the encryption key necessary for authentication are managed and stored here.
Also, copy control of restricted content and encryption / decryption processing are performed.
The recorded audio content is managed by a content management table, similar to the PC device 2.1, and this content management table is stored here.
Also, audio content is input from the flash ROM unit 2.202, decoded as an audio stream, and output to the audio output unit 2.203. It also controls music selection, playback, stop, fast forward, volume, sound quality, and so on. These controls are performed by input from USBi / F2.260 and operation unit 2.204.

Next, an audio content moving operation in the second embodiment will be described.
FIG. 18 is a diagram for explaining the overall flow of this operation.
First, when the application software for moving in the program unit 2.102c is activated, the USB device 2.160 is recognized in the PC, the device usable for the movement is recognized, and the portable device is recognized. Player 2.202 is recognized. At the same time, target devices of other mobile applications inside and outside the PC are also recognized (st5101, st5102).

  Next, the user operates the KB section 2.104 to display and operate the menu screen and the selection screen content table, decide to move the content of the third song in FIG. 16 to the portable player 2.2, and start the operation (st5103) .

  Then, an authentication operation is first performed on the portable player (st5104). If authenticated, the content movement operation is performed, otherwise the movement process is stopped (st5105).

Next, an authentication operation in the second embodiment will be described with reference to FIG.
Since the USB i / F is a system in which a PC that is a host device and a target device are connected only one-to-one, a simple authentication method called a challenge-response method is used.
First, when content transfer is started, the 2.190 MB unit uses the USB control transmission mode, generates a random number A to the portable player 2.2, and issues an authentication request command as a parameter (st5201).

Receiving this, the portable player 2.2 hashes the signature and the random number A obtained from the certification authority stored in the control unit 2.290, and returns the data as a response (st5251).
Upon receiving this, the PC 2.1 compares the signature of the certification authority stored in 2.102c and the hash of the random number A (st5202). If it is authenticated, it waits for a response from the portable player 2.2. If it is not authenticated, the message “Cannot move or copy to this device” is displayed, and the authentication operation is terminated without waiting for a response. (st5203, st5211).

  The portable player 2.2 that has received the status command generates a random number B in the case of the authentication status and returns it as a response, and terminates the processing in the case of non-authentication (st5252, st5253).

The PC device 2.1 that has received the response and the random number B issues an authentication request command using the own signature stored in 2.102c and the hashed data of the random number B as parameters (st5204).
The portable player 2.2 that received this compares the random number B with the hashed data of the certification authority's signature stored in 2.290. If they match, it returns an authentication response if it does not match, and the authentication process ends. (St5254, st5255, st5261).

Next, the moving operation of the audio content will be described with reference to FIG.
When the authentication ends normally, a content transfer process is performed.
First, the 2.1PC device issues a recording command with time and capacity information options to the portable player 2.2 (st5301).

The portable player 2.2 that has received the recording command confirms the capacity of the flashROM 2.102 and returns a response indicating whether it is possible or not (st5351).
If the recording is possible, the next command is waited. If the recording is impossible, the moving process is terminated. (st5352)
The PC device 2.1 that has received the response generates a transfer content encryption key KCY if recording is possible (st5303), and issues a command requesting its public key to the portable player 2.2 (st5304).

  When a response indicating that recording is impossible is received, a message “cannot move due to insufficient capacity” is displayed as termination processing, and the migration processing is terminated (st5302, st5320).

The portable player 2.2 that has received the public key request command returns the public key as a response, and prepares for content transfer (st5302).
The PC device 2.1 that has received the public key of the portable player 2.2 stores the public key in the MB unit 2.190 (st5305), sets the USB transfer mode to the bulk transfer mode, and sets the third song content to be moved to the content encryption key KCY And encrypted and transmitted to the portable player 2.2 (st5307).
Receiving this, portable player 2.2 stores the encrypted content in flash ROM 2.202 (st5354).

When the content transmission ends, the PC device 2.1 sets the USB transfer mode to the control mode, and issues a content end command to the portable player 2.2 (st5308).
Receiving this, the portable player 2.2 stops the recording process (st5355), and checks whether the recording is normally completed (st5356).

Then, a normal or abnormal response is returned (st5357, st53571).
If it is normal, it waits for the next command, and if it is abnormal, erases the received content and ends the movement process (st5372).
Upon receiving the abnormal termination response, the PC device 2.1 that issued the termination command displays the message “Failed to transfer normally”, discards the content encryption key KCY, and terminates the move process (st5309, st5321) .

  If a normal end response is received, the transmitted content is deleted from the content recording unit 2.102b (st5310), the transfer content encryption key KCY is encrypted with the public key of the portable player 2.2, and the encrypted key is stored in the portable player 2.2. Issued as a key transfer command (st5312).

  The portable player 2.2 that has received the encrypted content encryption key KCY decrypts the content encryption key KCY with the secret key managed in the control unit 2.290, and returns a reception response to the PC device 2.1 (st5358). The content recorded in flashROM2.202 with content encryption key KCY is decrypted and re-recorded (st5359) .After completion, the content encryption key is discarded, and the received content item is added to the content management table (st5360) The moving process is terminated.

On the other hand, the PC device 2.1 that has received the reception response of the content encryption key KCY discards the content encryption key KCY, updates the content management table (st5313), and ends the movement process.
This updated content management table is shown in FIG. The content list of the third song is gray, indicating that it does not exist on the PC device 2.1, indicating that the storage location has changed from the PC HDD to the portable player A (connected), and the content has been moved. ing.
In this way, the audio content is moved.

  As described above, according to the data recording control apparatus of the present embodiment, it is possible to safely move erasable copy-restricted content to another medium instead of copying.

  In addition, unauthorized copying can be prevented for the content creator, and the content can be recorded / managed on a desired medium for the viewer, thereby realizing a data storage control device with higher functionality and convenience.

(Other embodiments)
In the first embodiment described above, there is a recording apparatus that uses an HDD device, but this may be a VTR device that uses a tape.
A simple example in this case is shown in FIG. The VTR device 3.3 has a buffer memory 3.351. First, the encrypted content is recorded in the tape recording unit 3.352, and when the encryption key is received, the tape is rewound and the encrypted content is stored in the capacity of the buffer memory 3.353. The content is read out, decrypted by the encryption unit 3.353, and rewritten on the tape repeatedly, so that all the content is decrypted, and finally the content movement ends.

  In the first embodiment, the processing after power-on again after the power is turned off during the moving operation is a recovery processing in which there was no previous moving processing. When a recording command (recovery option) is transmitted to and a restart packet number is returned as a response, it is possible to continue the content transmission from the packet number.

  1 to 3, 15, and 21, and each step constituting the data recording control method according to the present invention shown in FIGS. 10 to 12 and 18 to 20. (St) and the like can be realized by operating a program stored in a RAM or ROM of a computer. This program and a computer-readable storage medium storing the program are included in the embodiment of the present invention.

  Specifically, the program is recorded on a recording medium such as a CD-ROM or provided to a computer via various transmission media. As a recording medium for recording the program, besides a CD-ROM, a flexible disk, a hard disk, a magnetic tape, a magneto-optical disk, a nonvolatile memory card, or the like can be used. On the other hand, as the transmission medium of the program, a communication medium (wired line such as an optical fiber, etc.) in a computer network (LAN, WAN such as the Internet, wireless communication network, etc.) system for propagating and supplying program information as a carrier wave A wireless line or the like.

  In addition, the functions of the above-described embodiments are realized by executing a program supplied by a computer, and the program is used in cooperation with an OS (operating system) or other application software running on the computer. When the functions of the above-described embodiment are realized, or when all or part of the processing of the supplied program is performed by a function expansion board or a function expansion unit of the computer, the function of the above-described embodiment is realized. Such a program is included in the embodiment of the present invention.

  For example, FIG. 22 is a schematic diagram illustrating an internal configuration of a general personal user terminal device. In FIG. 22, reference numeral 1200 denotes a computer PC. The PC 1200 includes a CPU 1201, executes device control software stored in the ROM 1202 or the hard disk (HD) 1211, or supplied from the flexible disk drive (FD) 1212, and collects all devices connected to the system bus 1204. To control.

  The functions stored in the CPU 1201 of the PC 1200, the ROM 1202, or the hard disk (HD) 1211 realize the functions of the respective means such as the means 1 to 5 in the present embodiment and the procedures such as steps 1 to 5.

  A RAM 1203 functions as a main memory, work area, and the like for the CPU 1201. A keyboard controller (KBC) 1205 controls instruction input from a keyboard (KB) 1209, a device not shown, or the like.

  Reference numeral 1206 denotes a CRT controller (CRTC) which controls display on a CRT display (CRT) 1210. A disk controller (DKC) 1207 is a hard disk (boot program (start program: a program that starts execution (operation) of personal computer hardware and software)), a plurality of applications, editing files, user files, a network management program, and the like. HD) 1211 and flexible disk (FD) 1212 are controlled.

  Reference numeral 1208 denotes a network interface card (NIC) that exchanges data bidirectionally with a network printer, another network device, or another PC via the LAN 1220.

It is a block diagram showing the 1st Embodiment of this invention. It is a block diagram explaining the detail of the TV apparatus by the 1st Embodiment of this invention. It is a block diagram explaining the detail of the HDD recording device by the 1st Embodiment of this invention. It is a schematic diagram explaining the detail of the remote control device by the 1st Embodiment of this invention. It is an external view of the remote control by the 1st Embodiment of this invention. It is a figure which shows the content management table of the TV apparatus before the movement by the 1st Embodiment of this invention. It is a figure which shows the content management table of the TV apparatus after the movement by the 1st Embodiment of this invention. It is a figure which shows the content management table of the HDD apparatus before the movement by the 1st Embodiment of this invention. It is a figure which shows the content management table of the HDD apparatus after the movement by the 1st Embodiment of this invention. It is a flowchart explaining the flow of the whole operation | movement by the 1st Embodiment of this invention. It is a flowchart explaining the flow of the authentication operation | movement by the 1st Embodiment of this invention. It is a schematic diagram explaining the flow of the viewer operation by the 1st Embodiment of this invention. It is a flowchart explaining the flow of the connection operation | movement by the 1st Embodiment of this invention. It is a flowchart explaining the flow of the content movement operation | movement by the 1st Embodiment of this invention. It is a block diagram of the 2nd Embodiment of this invention. It is a figure which shows the content management table before the movement by the 2nd Embodiment of this invention. It is a figure which shows the content management table after the movement by the 2nd Embodiment of this invention. It is a flowchart explaining the flow of the whole operation | movement by the 2nd Embodiment of this invention. It is a flowchart explaining the flow of the authentication operation | movement by the 2nd Embodiment of this invention. It is a flowchart explaining the flow of the content movement operation | movement by the 2nd Embodiment of this invention. It is a block diagram of the VTR apparatus by other embodiment. It is a schematic diagram which shows the internal structure of a personal user terminal device.

Explanation of symbols

1.1 TV equipment
1.2 Remote control device
1.3 HDD recorder
1.4 VTR device
1.5 CS STB equipment
1.6, 2.1 PC device
1.101 Tuner
1.102 Decoder part
1.105 Image controller
1.106 Audio output
1.107 Image controller
1.108 Display
2.2 Portable player
2.202 flashROM
2.203 Audio output section
2.204 Operation unit
3.3 VTR device

Claims (11)

Connection means for connecting at least two devices to each other;
An encryption means for encrypting data with an encryption key;
Transmitting / receiving means for transmitting / receiving the data from one device to the other device;
Recording means for recording the data to be transmitted and received;
Management means for managing the data recorded in the recording means;
A transfer means for transferring the decryption key;
When the data of one of the devices is transmitted to the other device, the other device notifies the one device that the data has been received, and the one device recognizes the notification Recognition means and
When transferring the data in one device to the other device, the data is encrypted by the encryption means with a unique encryption key in the one device, and the data encrypted by the transmission / reception device is One of the devices recognizes that the transmission is completed by the notification recognizing means, erases the data in the one device, and then transfers the data to the other device by the transfer means. A data recording control device, wherein the transmitted decryption key of the encrypted data is transferred from one device to the other device.   The apparatus further comprises detection means for detecting that the data is deleted in one of the devices after the data in the one device is transferred to the other device. Item 4. The data recording control device according to Item 1.   3. The data transfer in the other device is discarded when the other device does not detect completion of data deletion by the detection means within a predetermined time. Data recording control device. Authentication means for mutually authenticating the devices to be connected;
Copy restriction information for restricting duplication of the data;
The data recording control apparatus according to claim 1, further comprising: copy restriction information management means for managing the copy restriction information.   The data recording control apparatus according to claim 1, wherein the recording unit is a hard disk. A receiving tuner means for receiving a television broadcast;
Decoding means for decoding received data received by the receiving tuner means;
Display means for displaying decoded image data out of the received data;
The data recording control device according to claim 1, further comprising: audio output means for outputting decoded audio data among the received data. When transferring data in one device to the other device,
The data is encrypted with a unique encryption key in one of the devices, the encrypted data is transmitted to the other device, one device recognizes that the transmission is complete, and the one device A data recording control method, comprising: after erasing the data in a device, transferring a decryption key of the encrypted data transmitted to the other device from one device to the other device.   8. The device according to claim 7, wherein after the data in one device is transferred to the other device, the other device detects that the data has been deleted in the one device. Data recording control method.   9. The data recording control method according to claim 8, wherein when the other device fails to detect completion of data deletion within a predetermined time, the transferred data in the other device is discarded. .   A computer-readable storage medium storing a program for causing a computer to execute the procedure of the data recording control method according to claim 8 or 9.   A program for causing a computer to execute the procedure of the data recording control method according to claim 8 or 9.

Images