JP2005086457A - Decoding key request program, storage medium, terminal equipment and server device - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an inexpensive device for preventing an illegal use of a content by copying in a system where the content is distributed, and to provide the system. <P>SOLUTION: In the distribution system for distributing an enciphered content and enciphering a decoding key of the content by using a public key peculiar to a terminal of a user so as to send the content for preventing the copying of the content, a reproduction terminal of the user creates a secret key from information peculiar to the terminal, and derives the public key based on the key. The public key is signed by the secret key that a distributor previously creates so as to transmit it to a distributor side. The distributor verifies a signature when processing is concealed in the device until information peculiar to the terminal is taken out and it is signed and outputted. Thus, it can be verified that the public key of the user is justly created in the user terminal. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

The present invention relates to a content distribution system that sells a decryption key after distributing encrypted content, and is particularly suitable for use in increasing the confidentiality of a decryption key.

  In recent years, copyright infringement has become a major problem for digital data that is not degraded by copying. In particular, in a personal computer (PC), data existing on the PC can be easily copied and can be easily distributed to others.

  In such an environment, as a method of protecting a digital work, a method of physically restricting the copy itself or a method of restricting the use only to a specific terminal although the copy can be freely made has been devised.

  According to the former method, for example, the copyrighted work can be taken out only for reproduction purposes, or the digital copyrighted work is encrypted and distributed in a state where it cannot be used as it is, and then the IC card or secure memory card is used. The decryption key for decrypting the cipher is distributed to a storage device that the user cannot arbitrarily take out and copy. However, in this case, all users must prepare dedicated devices such as an IC card and an IC card reader / writer, which increases the cost in the current PC environment.

  In the latter method, the digital work is provided after being encrypted, and then a decryption key dedicated to the terminal to be used is provided. In realizing this method, the user transmits information unique to the terminal to be used to the distributor, and the distributor generates a decryption key using this information and provides this to the user. For example, in an environment where unique information is generated only by an application, if the user copies a digital work, this application, and a decryption key and uses it on another terminal, the application depends on the terminal that is running Since the unique information is generated, matching with the decryption key cannot be obtained, and the encrypted digital content cannot be decrypted.

Such a method of protecting only with software is generally low in security strength, but can be realized at low cost.

Note that Patent Document 1 and Patent Document 2 describe a copyright protection technique configured only by software.

  In any of the inventions, a user who purchases software transmits information unique to a device on which the software is installed, such as a CPU number and a hard disk number, to the software provider. The provider creates secret information that can be executed only by a device having the received unique information, and provides this to the user.

When the user who has received the secret information activates the software installed in his / her device, the software automatically reads out the secret information and determines whether to continue the process based on the secret information. Since this secret information is information depending on the terminal to be used, even if an attempt is made to use this software on another terminal, it cannot be executed.
Patent 032112078 Japanese Patent Publication No. 7-089345

  In the above method, some data must be exchanged between the software user and the provider when the secret information is exchanged. At this time, it is necessary to prove the validity of the data to be transferred and the validity of the communication partner.

  Various proposals have been made to prove that the data provided by the provider or the provider side is legitimate. However, there is not much to prove the validity of the data provided by the user or the user side. It was not a problem. However, since the unique information is used for generating the secret information, the legitimacy must be guaranteed at a high level. For example, when unique information that is known in advance is provided by the user, the acquired secret information may be analyzed based on this unique information. When the secret information generation method is acquired by this analysis, secret information is appropriately generated on the user side, and as a result, there may be a problem that unauthorized use of the distribution content prevails.

Therefore, an object of the present invention is to provide a content distribution system that can solve such problems and can appropriately and secretly transfer confidential information between a user and a provider.

  The invention of each claim has the following characteristics.

  The invention of claim 1 is a program for adding to a computer a function for requesting a decryption key of encrypted content from the server side in accordance with a public key cryptosystem, and obtaining a server private key, A user secret key generation step for generating a user terminal side secret key based on the user terminal unique information, a user public key generation step for generating a user terminal side public key from the user secret key, and at least a user identification Contract information generation step for generating contract information including the user information and the user public key, a digital signature generation step for generating a digital signature from the contract information using a secret key on the server side, and the contract information A contract information transmission step of transmitting the digital signature to the server side.

  A second aspect of the present invention is the program according to the first aspect, wherein the contract information includes information for specifying an encrypted content corresponding to a decryption key to be requested.

  The invention according to claim 3 is the program according to claim 1 or 2, further comprising a server public key acquisition step for acquiring a server-side public key, and a contract from the digital signature using the acquired server public key. A determination step of determining whether the restored contract information and the generated contract information match, and the contract information transmission step includes the step of determining that the contract information is valid by the determination step. When it is determined, the contract information and the digital signature are transmitted to the server side.

  The invention according to claim 4 is the program according to any one of claims 1 to 3, further comprising a change request information generating step for generating information relating to a change request of the user terminal, and a secret key on the server side. A digital signature generation step for generating a digital signature from the change request information, and a change request transmission step for transmitting the change request information and the digital signature to the server side.

  The invention of claim 5 is a server device that transmits a decryption key of encrypted content to the user terminal side in accordance with a public key cryptosystem, and identifies user information for identifying a user, a user public key, and content. Receiving means for receiving contract information including content identification information and a digital signature generated from the contract information using its own private key, and restoring the contract information from the digital signature using its own public key Determining means for determining whether or not the restored contract information matches the received contract information, and specifying the content included in the contract information when the determination means determines that the contract information is valid And a decryption key transmitting means for encrypting the decryption key of the content specified by the information with the user public key included in the contract information and transmitting it to the user terminal side. And it features.

  The invention of claim 6 is a server device that transmits the decryption key of the encrypted content to the user terminal side in accordance with the public key cryptosystem, and contract information including user information for identifying the user and the user public key, Receiving means for receiving the digital signature generated from the contract information using its own private key; restoring the contract information from the digital signature using its own public key; the restored contract information and the received contract Contract information determination means for determining whether or not the information matches, and when the contract information determination means determines that the contract information is valid, the user identification information and the user public key included in the contract information are User registration means for registering in association with each other.

  The invention according to claim 7 is the server apparatus according to claim 6, wherein when a decryption key transmission request is received from the user terminal side, it is determined whether or not the user is registered in the user registration means. If so, the public key of the user is extracted from the user registration means, and the decryption key to be transmitted is encrypted with the public key and transmitted to the user terminal.

  The invention according to claim 8 is the server apparatus according to claim 6 or 7, wherein the user terminal receives information related to the change request of the user terminal and a digital signature generated from the change request information using its own private key. The change request receiving means received from the terminal and the change request information are restored from the digital signature using its own public key, and it is determined whether or not the restored change request information matches the received change request information. A change request determining means, a change mark adding means for adding a change mark to the public key of the user registered in the user registration means when the change request is determined to be valid by this determination, and the change And a change approval notifying unit that transmits a change approval notification to the user terminal side when the request determination unit determines that the change request is valid.

  The invention of claim 9 is the server apparatus according to claim 8, wherein when the contract information and the digital signature are received from the user terminal and the contract information is determined to be valid, the contract information is included in the contract information. The user identification information included is compared with the registration information registered in the user registration means, and as a result, when the change mark is added to the public key of the user, the user's public key is used as the contract information. It is characterized by replacing with the public key contained in

  The invention of claim 10 is a storage medium, characterized in that the program of claims 1 to 4 is stored.

  The invention of claim 11 is a terminal device, characterized in that the program of claims 1 to 4 is held as a control program.

  The features of the present invention will become more apparent from the following description of embodiments.

However, the following embodiment is only one embodiment of the present invention, and the meaning of the term of the present invention or each constituent element is limited to that described in the following embodiment. is not.

  As described above, according to the present invention, a public key unique to its own terminal is created in the user side terminal, and a digital signature with a distributor private key is added to the created public key. It becomes difficult for the user to illegally generate a public key, and the distributor also verifies whether or not the user public key transmitted from the user is truly created on the user's terminal. It is possible to reject a request for a content key using a user public key intentionally created illegally.

Further, according to the present invention, information with a digital signature attached to the terminal change request is transmitted from the user side terminal to the distributor side, and the distributor side confirms the validity of the digital signature and acknowledges the change request. Therefore, the terminal used by the user can be changed smoothly and safely, and the convenience for the user can be improved.

  Embodiments of the present invention will be described below with reference to the drawings.

  FIG. 1 is a diagram showing an outline of a content distribution system in the present embodiment.

  The content distribution system in the present embodiment includes a server 1, a terminal 2, and a network 3. Between these, the content package 4, the digital work (content) 5, the encrypted digital work 6, the decryption key 7, and the contract 8 are delivered.

  The server 1 is a server that provides a decryption key 7 for decrypting the encrypted digital work 6 distributed by the distributor. Upon receiving the contract 8 from the user terminal 2, the server 1 generates the decryption key 7 in accordance with the contents. And transmitted to the terminal 2.

  The terminal 2 is a terminal device used by the user, generates a contract 8 according to the user's instruction, and sends it to the server 1. Also, the decryption key 7 is received from the server 1, and the encrypted digital work 6 is decrypted by using the decryption key 7 to reproduce the digital work 5.

  The network 3 is a network to which the server 1 and the terminal 2 are connected.

  The content package 4 is a data package of the encrypted digital work 6 distributed from the distributor to the user for free or for a fee. In this embodiment, the content package 4 is a medium storing the encrypted digital work 6 (for example, an optical disc or the like). A storage medium such as a memory card). In this case, the content package 4 is distributed to the user using a distribution means. The encrypted digital work 6 may be distributed to users via the network 3.

  The digital work 5 is a digitized work that is distribution content.

  The encrypted digital work 6 is obtained by encrypting the digital work 5 with an encryption key.

  The decryption key 7 is key data for decrypting the encrypted digital work 6.

  The contract DATcont8 is a contract generated when the user receives distribution of the decryption key 7 from the distributor. At the time of distribution, it is transmitted from the terminal 2 to the server 1 with the distributor's own signature attached. The contract also includes a user public key Kpub-user and other necessary information regarding the contract.

1. Security Parameters Security parameters such as encryption keys used in this embodiment are shown in FIG.
In this embodiment, a public key cryptosystem is used.
In public key cryptography, the encryption key and the decryption key are different, and it is difficult to find the decryption key from the encryption key even if the encryption key is disclosed to anyone. It has become. For this reason, an encryption key used in the public key cryptosystem is called a public key, and a decryption key is called a secret key. Moreover, the keys of the public key cryptosystem are collectively referred to as a key pair (key pair).

The distributor public key Kpub-dist is the distributor's public key according to the public key cryptosystem.
The distributor private key Kpri-dist is the distributor's private key according to the public key cryptosystem.
The user public key Kpub-user is the user's public key according to the public key cryptosystem.
The user secret key Kpri-user is a user secret key according to the public key cryptosystem.

Distributor public key Kpub-dist and distributor private key Kpri-dist, user public key Kpub-user and user private key Kpri-user each constitute a key pair.
The content key Kc is a secret key according to the secret key encryption method used when the content C is encrypted.
The terminal specific information INFuser is information (for example, CPU number, hard disk number, etc.) specific to the terminal 2 used by the user.
In the following description, data A encrypted using the key B is represented as E (A, B).

2. Configuration of Content Package 4 The configuration of the content package 4 provided to the user is shown in FIG.
The content package 4 includes encrypted content E (C, Kc), a contract generation program P3, and a reproduction program P4.
The encrypted content E (C, Kc) is the content C encrypted with the content key Kc.
The reproduction program P4 is a program that decrypts the encrypted content E (C, Kc) with the content key Kc and executes reproduction.

  The contract generation program P3 creates a contract DATcont8 from the identification information of the content that the user desires to reproduce and the public key Kpub-user unique to the terminal 2 to be used, and this is embedded in the contract generation program P3. Is a program that generates a digital signature E (DATcont, Kpri-dist) encrypted with the distributor private key Kpri-dist, adds the digital signature to the contract, and creates a signed contract DATcont8.

  Here, the digital signature is for guaranteeing the integrity of the signed text (contract) using a secret key of a public key cryptosystem. In other words, if you sign the signed text with a private key and attach this signature result (digital signature) to the signed text, the signed text is restored using the public key paired with the private key. The Then, by verifying the match between the restored signed sentence and the distributed signed sentence, the integrity of the distributed signed sentence (contract) is confirmed.

  Note that in a digital signature using a public key cryptosystem, a digest value is generated by passing a signed sentence through a hash function, and this is encrypted with a private key to form a digital signature. Therefore, the validity of the signed sentence can be verified by comparing the digest value of the signed sentence with the one obtained by decrypting the digital signature with the public key. The fact that the decrypted value of the digital signature public key matches the digest value of the signed text is called uniqueness.

3. Configuration of Terminal Device (Server) FIG. 4 is a block diagram showing the configuration of the server 1.
The server 1 includes a control unit 10, a display unit 11, an input unit 12, a communication unit 13, a media reader / writer 14, a storage unit 15, a contract authentication unit 16, a distribution key generation unit 17, and a bus 18 for connecting them.

  The control unit 10 reads out the program stored in the storage unit 15, interprets it, and controls each component unit.

  The display unit 11 is a display device such as a display, and provides visual information to the operator of the server 1.

  The input unit 12 is an input device such as a mouse or a keyboard, and inputs an instruction of an operator of the server 1.

  The communication unit 13 is connected to the network 3 and controls data transmission / reception via the network.

  The media reader / writer 14 has a function of creating a content package 4 that is a distribution form.

  The storage unit 15 is a storage unit such as a hard disk or an internal memory, and holds in advance a contract authentication program P1, a distribution key creation program P2, a regular user key list LIST, content C, and a content key Kc corresponding to the content.

  The contract authentication unit 16 determines whether the contract DATcont8 received from the terminal 2 is valid. Details will be described later.

  When the contract DATcont8 is valid, the distribution key generation unit 17 encrypts the content key Kc using the user public key Kpub-user included in the contract and generates a key to be distributed to the user. Details will be described later.

  FIG. 5 is a detailed block diagram of the contract authentication unit 16.

  The contract authentication unit 16 includes a contract analysis unit 160, a distributor public key holding unit 161, a user public key decryption unit 162, and a determination processing unit 163.

  The contract analysis unit 160 analyzes the signed contract DATcont8 and extracts the contract DATcont8 and the digital signature E (DATcont, Kpri-dist).

  The distributor public key holding unit 161 holds a distributor public key Kpub-dist.

  The user public key decryption processing unit 162 uses the distributor public key Kpub-dist paired with the distributor private key Kpri-dist for the digital signature E (DATcont, Kpri-dist) obtained from the contract analysis unit 160. To decrypt.

  The determination processing unit 163 compares the contract document DATcont decrypted by the user public key decryption processing unit 162 with the contract document DATcont extracted by the contract document analysis unit 160 and determines whether they match. As a result of the comparison, if they match, it is understood that the signature is correct and the data has not been tampered with.

  FIG. 6 is a detailed block diagram of the distribution key generation unit 17.

  The distribution key generation unit 17 includes a session key generation unit 170, a content key encryption unit 171, a session key encryption unit 172, and a distribution key configuration unit 173.

  The session key generation unit 170 generates a different random number for each session and uses this as a session key Ks.

  The content key encryption unit 171 encrypts the content key Kc using the session key Ks, and generates an encrypted content key E (Kc, Ks).

  The session key encryption unit 172 encrypts the session key Ks using the user public key Kpub-user, and generates an encrypted session key E (Ks, Kpub-user).

  The distribution key generation unit 173 includes the encrypted content key E (Kc, Ks) obtained by the content key encryption unit 171 and the encrypted session key E (Ks, Kpub-user) obtained by the session key encryption unit 172. Are stored in a packet according to a predetermined format to generate a distribution key EKc.

4). Configuration of Terminal 2 The configuration of the terminal 2 is shown in FIG.
The terminal 2 includes a control unit 20, a display unit 21, an input unit 22, a communication unit 23, a media reader 24, a storage unit 25, a user key generation unit 26, a contract document generation unit 27, a content decryption unit 28, and a digital signature confirmation unit 29. A reproduction unit 30 and a bus 31 for connecting them.

  The control unit 20 reads the program stored in the storage unit 25, interprets it, and controls each component unit.

  The display unit 21 is a display device such as a display, and gives visual information to a user who operates the terminal 2.

  The input unit 22 is an input device such as a mouse or a keyboard, and inputs an instruction of a user who operates the terminal 2.

  The communication unit 23 is connected to the network 3 and controls data transmission / reception via the network.

  The media reader 24 reads data from the connected media. In this embodiment, the encrypted content E (C, Kc), the contract document generation program P3, and the reproduction program P4 are read from the delivered content package 4.

  The storage unit 25 is a storage unit such as a hard disk or an internal memory, and holds the encrypted content E (C, Kc), the contract creation program P3, and the reproduction program P4 read by the media reader 24.

  The user key generation unit 26 generates a user secret key Kpri-user and a user public key Kpub-user unique to the terminal 2. Details will be described later.

  The contract generation unit 27 generates a contract including contract information to be sent to the distributor. Details will be described later.

  The content decrypting unit 28 finally decrypts the encrypted content using the encrypted content received from the distributor. Details will be described later.

  The digital signature confirmation unit 29 confirms the validity of the generated contract.

  The playback unit 30 plays back the decrypted content.

  FIG. 8 is a detailed block diagram of the user key generation unit 26.

  The user key generation unit 26 includes a terminal specific information reading unit 260 and a user secret key generation unit 261.

  The terminal specific information reading unit 260 reads information INFuser specific to the terminal 2.

  The user secret key generation unit 261 generates a user secret key Kpri-user from the read terminal unique information INFuser.

  FIG. 9 is a detailed block diagram of the contract document generator 27.

  The contract document generation unit 27 includes a user public key generation unit 270, a contract document generation unit 271, a distributor private key holding unit 272, and a digital signature generation unit 273.

  The user public key generation unit 270 derives a user public key Kpub-user from the user secret key Kpri-user.

  The contract document generation unit 271 generates a contract document DATcont8 including the generated user public key Kpub-user and information related to the contract.

  The distributor private key storage unit 272 stores the distributor private key Kpri-dist of the distributor embedded in the contract creation program P3.

  The digital signature generation unit 273 encrypts the contract document DATcont8 with the distributor private key Kpri-dist and generates a digital signature E (DATcont, Kpri-dist).

  FIG. 10 is a detailed block diagram of the content key decrypting unit 28.

  The content key decryption unit 28 includes a distribution key analysis unit 280, a session key decryption unit 281, a content key decryption unit 282, and a decryption unit 283.

  The distribution key analysis unit 280 analyzes the distribution key EKc received from the distributor, and extracts the encrypted session key E (Ks, Kpub-user) and the encrypted content key E (Kc, Ks).

  The session key decryption unit 281 decrypts the encrypted session key E (Ks, Kpub-user) obtained from the distribution key analysis unit 280 using the user secret key Kpri-user generated by the user key generation unit 26. To do.

  The content key decryption unit 282 decrypts the content key E (Kc, Ks) encrypted with the session key Ks using the session key Ks obtained by the decryption in the session key decryption unit 281.

  The decryption unit 283 decrypts the encrypted content E (C, Kc) using the content key Kc obtained by the decryption in the content key decryption unit 282.

5. Digital signature confirmation unit 29
FIG. 11 is a detailed block diagram of the digital signature confirmation unit 29.
The digital signature confirmation unit 29 includes a digital signature decryption unit 291 and a decrypted value comparison unit 292.
The digital signature decryption unit 291 decrypts the digital signature with the decryption distributor public key Kpri-dist and obtains a signed sentence.
The decrypted value comparison unit 292 inputs the decrypted value and the signed sentence, and the decrypted value verifies the uniqueness of the signed sentence and outputs a verification result.

6). Flow from Content Sales to Use Next, the flow from content provision to reproduction performed between a distributor and a user will be described with reference to FIG. The server 1 on the distributor side includes content, a content key Kc for each content, a reproduction program P4 for reproducing the content, and a contract creation program P3 for creating a contract used when the user acquires the content key. Is stored in the storage unit 15 in advance.

  First, the content package 4 is created in the server 1 on the distributor side (step S100).

  The created content package 4 is provided to the user via the distribution means (step S101). Thereby, the user acquires the content package 4 (step S102).

  Next, a process for reproducing the acquired encrypted content E (C, Kc) in the user terminal 2, that is, a process for acquiring a content key for decrypting the encrypted content E (C, Kc) is performed. Executed. First, the user causes the contract creation program P3 included in the content package 4 to be executed. Thereby, the contract DATcont8 and the user public key Kpub-user are generated.

  In generating the user public key Kpub-user, the terminal 2 first generates a user secret key Kpri-user from information unique to the terminal, for example, information identifying hardware such as a disk number and a CPU number. This generation process step of the user secret key Kpri-user is implemented in a form concealed inside the contract document creating program P3, and the result generated during the generation process is also processed inside the contract document creating program P3. Details will be described later.

  Next, in the terminal 2, the user inputs various pieces of contract information such as information for identifying a content key desired to be distributed and a contract creation date. These contract information and user public key Kpub-user constitute a contract DATcont8.

  The contract DATcont8 is signed by the distributor private key Kpri-dist held in the contract creation program P3 (step S103). The signed contract E (Datcont, Kpri-dist) is verified for validity using the distributor public key Kpub-dist (step S104). Details will be described later. As a result of the confirmation of the contract, if the generated contract is valid, the control unit 20 continues the processing from step S105. On the other hand, if the generated contract is not valid, this process is terminated.

  In the terminal 2, the verified signed contract document DATcont8 is transmitted to the server 1 via the network 3 (step S105).

  When the server 1 receives the signed contract DATcont8 via the network 3 (step S106), the server 1 decrypts the digital signature using the distributor public key Kpub-dist and authenticates the received digitally signed contract DATcont8. Based on this result, it is determined whether or not a content key is provided to the user (step S107). Details will be described later.

  In this way, by authenticating that the contract DATcont8 is information generated by the execution of the contract creation program P3 in the user terminal 2, a user public key or user secret key intentionally generated for illegal purposes is obtained. In addition, it is possible to detect tampering during the communication of the contract information included in the contract.

  In step S107, if the contract document DATcont8 is not authenticated as valid, the contract is not established at that time. If the contract is authenticated as valid, the server 1 encrypts the content key Kc that the user desires to distribute based on the received contract DATcont8 and generates the distribution key EKc (step S108). Details will be described later.

  Here, the correspondence between the generation of the content key and the user is stored in the regular user list LIST of the storage unit 15. Further, although charging for the content fee (not shown) occurs, it does not relate to the essence of the present invention, so a description of a specific method or the like is omitted.

  Next, the distribution key EKc is transmitted from the server 1 (step S109), and the transmitted distribution key EKc is received by the terminal 2 (step S110). The received distribution key EKc is stored in the storage unit 25.

  After that, when content specification and playback instructions are input by the user, the playback program P4 is started, the distribution key EKc is decrypted using the user secret key Kpri-user, and the content key Kc obtained as a result of the decryption is used. The encrypted content E (C, Kc) is decrypted.

  Subsequently, reproduction processing is performed by the reproduction program (step S111). Details will be described later.

  Since the acquired distribution key EKc is held in the terminal 2, it is not necessary to create a contract and send it to the server 1 after the next reproduction.

7). Details of the contract generation process, the contract confirmation process, the content reproduction process, the contract authentication process, and the distribution key generation process in the detailed terminal 2 of each process will be described below.

A. Contract generation process The contract generation process is a process corresponding to S103 in FIG. 12, and is executed in the terminal 2 by the contract generation program P3.
Prior to this process, in the terminal 2, the contract document creation program P 4 stored in the content package 4 is installed in the storage unit 25 via the media reader 24.

  The flow of this processing is shown in FIG.

  When the user gives an instruction to execute the installed contract creation program P3 via the input unit 22, the contract creation program P3 is loaded to the control unit 20 via the bus 31, and the contract creation process is executed. Be started. The following steps are processed based on instructions from the control unit 20.

  First, the device specific information reading unit 260 of the user key generation unit 26 reads the terminal specific information INFuser of the terminal 2 (step S200).

  The read terminal unique information INFuser is input to the user secret key generation unit 261. The user secret key generation unit 261 performs appropriate numerical conversion based on the terminal unique information INFuser, and generates a user secret key Kpri-user (step S201). Here, appropriate numerical conversion is a conversion in which it is difficult to guess the user secret key Kpri-user from the terminal unique information INFuser and the same user secret key is not generated from a plurality of terminal unique information. It is.

  Subsequently, the generated user secret key Kpri-user is input to the user public key generation unit 270, and a user public key Kpub-user that is a public key pair corresponding to the user secret key Kpri-user is obtained by calculation. (Step S202).

  Next, the contract document generation unit 271 generates a contract document DATcont8 from the generated user public key Kpub-user and the contract information (step S203). Here, the contract information is input from the input unit 22 by the user through the display unit 21 of the terminal 2 while referring to a display that prompts the user to input information included in the contract DATcont8, such as the content type and user name. Information.

  The generated contract DATcont8 is input to the digital signature generation unit 273, encrypted using the distributor private key Kpri-dist held in the distributor private key holding unit 272, and the digital signature E (DATcont, Kpri -dist) (step S204).

B. Contract Confirmation Process The contract confirmation process is a process corresponding to step S104 in FIG. 12, and is executed in the terminal 2 by the contract creation program P3.
FIG. 14 is a flowchart of processing in the terminal 2 for determining whether or not the digital signature added to the generated contract is encrypted with the distributor private key Kpri-dist.

  Note that the contract DATcont8 and its digital signature E (DATcont, Kpri-dist) created in the contract creation process described above are stored in the storage unit 25. The distributor public key Kpub-dist is also stored in the storage unit 25. This distributor public key Kpub-dist is received in advance from the server 1, or is implemented in a form hidden in the contract creation program P3, and is acquired by executing the program P3.

  The digital signature is read from the storage unit 25 to the digital signature decryption unit 291 via the bus 31. Similarly, the distributor public key Kpub-dist is read from the storage unit 25 to the digital signature decryption unit 291 via the bus 31.

  The digital signature decrypting unit 291 decrypts the digital signature using the distributor public key Kpub-dist and inputs the decrypted value to the decrypted value comparing unit 292 (step S600).

  Subsequently, the contract 8 is read from the storage unit 25 to the decrypted value comparing unit 292 via the bus 31, and the decrypted value comparing unit 292 determines the uniqueness of the contract 8 and the decrypted digital signature ( Step S601). The result in step S601 is output to the display unit 21 via the bus 31 and also output to the control unit 20 (step S602).

C. Contract authentication process The contract authentication process is the process of step S107 in FIG. 12, and the validity of the contract 8 received from the terminal 2 is determined using the contract authentication program P1.
Prior to this processing, the signed contract 8 received from the terminal 2 via the communication unit 13 is stored in the storage unit 15 via the bus 18 in the server 1.

  FIG. 15 shows a flow of the contract authentication process in the server 1.

  When the server 1 instructs the execution of the contract authentication program P1 via the input unit 12, the contract authentication program P1 is loaded from the storage unit 15 to the control unit 10 via the bus 18 and processing is started. The following steps are processed according to instructions from the control unit 10.

  The signed contract 8 stored in the storage unit 15 is input to the contract analysis unit 160 via the bus 18.

  The contract analysis unit 160 extracts the user public key Kpub-user and the digital signature E (DATcont, Kpri-dist) from the signed contract 8 and inputs them to the determination processing unit 163 and the user public key decryption processing unit 162, respectively. Also, the distributor public key Kpub-dist is read from the distributor public key holding unit 161 and input to the user public key decryption processing unit 162 (step S300).

  The user public key decryption processing unit 162 decrypts the digital signature E (DATcont, Kpri-dist) using the distributor public key Kpub-dist. The decrypted result is input to the determination processing unit 163 (step S301).

  The determination processing unit 163 compares the user public key Kpub-user acquired in step S300 with the user public key Kpub-user in the contract, which is the decryption result of the digital signature in S302, and determines whether or not it is valid. Judgment is made (step S302). If the contract is not valid, this process is interrupted. On the other hand, when the contract is valid, the user public key Kpub-user is used as the key of the authorized user, and stored in the authorized user list LIST of the storage unit 15 in association with the user (step S303).

D. Distribution key generation process The distribution key generation process is a process corresponding to step S108 in FIG. 12, and can be decrypted only by the terminal 2 when the server 1 determines that the contract DATcont8 received from the user is valid. Generate a content key.

  FIG. 16 shows a flow of distribution key generation processing in the server 1.

  When the server 1 is instructed to execute the distribution key creation program P2 via the input unit 12, the distribution key creation program P2 is loaded from the storage unit 15 to the control unit 10 via the bus 18 and starts executing. Is done.

  First, the session key generation unit 170 generates a session key Ks that is a random value (step S400). The generated session key Ks is input to the content key encryption unit 171 and the session key encryption unit 172.

  On the other hand, the content key Kc is extracted from the storage unit 15 via the bus 18 and input to the content key encryption unit 171. The content key encryption unit 171 encrypts the content key Kc using the input session key Ks and outputs it to the distribution key configuration unit 173 (step S401).

  The public key Kpub-user of the user who is the distribution destination is input from the authorized user key list LIST in the storage unit 15 to the session key encryption unit 172 via the bus 18. The session key encryption unit 172 encrypts the input session key using the user public key Kpub-user, and outputs this to the distribution key configuration unit 173 (step S402).

  Subsequently, in the distribution key configuration unit 173, the encrypted content key E (Kc, Ks) and the encrypted session key E (Ks, Kpub-user) are stored in accordance with a predetermined distribution key format, and are distributed as the distribution key EKc (step). S403), and output to the storage unit 15 via the bus 18.

E. Content Reproduction Processing FIG. 17 is a flowchart of content reproduction processing in the terminal 2.
The content reproduction process is a process corresponding to step S111 in FIG.
Prior to this processing, when the terminal 2 receives the distribution key EKc from the server 1 via the communication unit 23 in advance, the terminal 2 stores it in the storage unit 25 via the bus 31. Further, the terminal 2 installs the reproduction program P4 stored in the provided content package 4 into the storage unit 25 via the media reader 24.

  First, when an instruction to execute the reproduction program P4 is input via the input unit 22, the reproduction program P4 installed in the storage unit 25 is loaded to the control unit 20 via the bus 31, and execution is started. .

  When the distribution key EKc is input from the storage unit 25 to the distribution key analysis unit 280 via the bus 31, the distribution key analysis unit 280 extracts the encrypted session key E (Ks, Kpub-user) from the distribution key EKc. This is input to the session key decryption unit 281 (step S500).

  Subsequently, a user secret key Kpri-user is generated in the user key generation unit 26. (Step S501). The generated user secret key Kpri-user is input to the session key decryption unit 281. The session key decryption unit 28 decrypts the encrypted session key E (Ks, Kpub-user) using this key, and inputs this to the content key decryption unit 282 (step S502).

  Further, the distribution key analysis unit 280 extracts the encrypted content key E (Kc, Ks) from the distribution key EKc and inputs it to the content key decryption unit 282.

  The content key decryption unit 282 decrypts the encrypted content key E (Kc, Ks) using the session key Ks input in S502, and obtains the content key Kc (step S503).

  Further, the content key Kc is input to the decryption unit 283. At the same time, the encrypted content E (C, Kc) read from the content package 4 connected to the media reader 24 via the bus 31 is decrypted by the decryption unit 283 using the content key Kc, and the content C is Is obtained (step S504).

  The obtained content C is input to the playback unit 30 via the bus 31 and playback processing is performed (step S505).

  The server 1 and the terminal 2 of the above-described embodiment are examples configured for easy understanding of the present embodiment, and are not limited thereto. For example, the key generation unit may be constructed in another device capable of transmitting / receiving data to / from the terminal, and the key information holding unit may be constructed in a storage area in the device or an external storage device. Furthermore, the program may be configured in a form divided for each function, or may be integrated.

  In the above embodiment, the content key is set to be different for each content. For example, the same key may be set for the same type of content. According to this, it is possible to develop such as selling contents collectively by type.

  In addition to the above embodiment, the content key purchased by the user from the distributor is once decrypted once with the user private key, and then again using the private key of the private key encryption method unique to the terminal generated separately. It may be encrypted and stored. According to this, when the content is reproduced by the reproduction program, only the decryption process by the secret key encryption method is required, so that the decryption time can be reduced.

  In addition to the above-described embodiment, a different number is assigned to each content package so as to specify the content package, which is stored in advance in the content package, and this is included in the contract when the user makes a contract. You may make it present including. According to this, it is possible to prevent the content package itself from being illegally copied and used. This is to prevent duplicate sales of media in the distribution process when a system is built in which the media itself is sold by including plaintext content and other monetary value data from the beginning. it can.

  In the above embodiment, the terminal 2 used by the user performs the process of confirming the validity of the contract before the generated contract is sent to the distributor. The confirmation may be performed only on the server 1 side.

In the above embodiment, the content package 4 is configured to include the reproduction program P4, the contract creation program P3, and the encrypted content E (C, Kc). However, the reproduction program and the encrypted content are combined together. One program may be executed, and execution and interruption of the program may be controlled by the presence or absence of the content key in the above embodiment.

  In the above embodiment, the distributor side verifies the contract generated by the contract generation program on the user terminal, and only when the contract is determined to be valid, the encrypted decryption key is sent to the user terminal. The user terminal is provided and stored in a storage unit, and when the content is used, the encrypted decryption key is dynamically decrypted to reproduce the content.

  On the other hand, in this embodiment, when the user uses the content, a contract is generated and sent to the distributor terminal, and the distributor terminal verifies the validity of the contract. As a result of the verification, if the contract is valid, the user is registered as a regular user. When the user reproduces the content, the server requests the server to send a decryption key for decrypting the content, and after confirming that the user is an authorized user, the server sends the decryption key. The user terminal reproduces the content using the sent decryption key, but this decryption key is not held and is erased for each reproduction.

1. Server Configuration The distributor server 1A of the present embodiment has the same configuration as the server 1 in the first embodiment of FIG. However, the configuration of the distribution key generation unit 17 shown in FIG. The configuration of the distribution key generation unit 17A in this embodiment is shown in FIG.

  The distribution key generation unit 17A includes a session key generation unit 170, a content key encryption unit 171, a session key encryption unit 172, a distribution key configuration unit 173, and a key permission determination unit 174.

  The session key generation unit 170 generates a different random number for each session and uses this as a session key Ks.

  The content key encryption unit 171 encrypts the content key Kc using the session key Ks, and generates an encrypted content key E (Kc, Ks).

  The session key encryption unit 172 encrypts the session key Ks using the user public key Kpub-user when the key authorization determination unit 174 determines that the user is a legitimate user, and the encrypted session key E (Ks, Kpub− user).

  The distribution key generation unit 173 includes the encrypted content key E (Kc, Ks) obtained by the content key encryption unit 171 and the encrypted session key E (Ks, Kpub-user) obtained by the session key encryption unit 172. Are packetized according to a predetermined format to generate a distribution key EKc.

  The key permission determination unit 174 determines whether the user is registered as a regular user based on the regular user list managed by the server 1A, the user information for identifying the user, and the content identifier.

2. The user terminal device user terminal 2A has the same configuration as the terminal 2 in the first embodiment of FIG. However, the configuration of the contract document generation unit 27 shown in FIG. The configuration of the contract document generation unit 27A in the present embodiment is shown in FIG.

  The contract document generation unit 27A includes a random number generation unit 274 in addition to the user public key generation unit 270, the contract document generation unit 271, the distributor private key holding unit 272, and the digital signature generation unit 273.

  The user public key generation unit 270 generates a user public key Kpub-user from the user secret key Kpri-user.

  The contract generation unit 271 generates a contract DATcont8 including the generated user public key Kpub-user, information about the contract, user information to be described later, and the like.

  The distributor private key holding unit 272 holds the distributor private key Kpri-dist of the distributor embedded in the program.

  The digital signature generation unit 273 encrypts the contract document DATcont8 with the distributor private key Kpri-dist and generates a digital signature E (DATcont, Kpri-dist).

  The random number generation unit 274 generates a random numerical value of about 10 digits, for example, using arbitrary data such as a clock in the apparatus. The generated random number is used as user information.

3. Flow from Content Distribution to Use The flow from content distribution to use will be described with reference to FIG.

  First, in the distribution-side server 1A, the contract generation program P3, the reproduction program P4, and the encrypted content E (C, Kc) obtained by encrypting the content with the content key Kc are prepared. Distribute (step S700).

  Next, in the user terminal 2A, the content package 4 is obtained, and if thumbnail content or the like is stored in the content package 4, it is determined whether or not to purchase the content by playing it (step). S701). When purchasing content, that is, when reproducing encrypted content recorded on the medium 20, the user public key Kpub-user is generated using the contract generation program P3 (step S702).

  The user public key Kpub-user is information unique to the user's terminal. The contract generation program P3 generates a contract DATcont8 composed of the user public key Kpub-user, content information, and user information, and generates a digital signature based on the distributor private key Kpri-dist (step S703). The signed contract E (Datcont, Kpri-dist) is verified for validity using the distributor public key Kpub-dist (step S704). As a result of the confirmation of the contract, if the generated contract is valid, the control unit 20 continues the processing from step S705. On the other hand, if the generated contract is not valid, this process is terminated.

  In the terminal 2A, the verified signed contract DATcont8 is transmitted to the server 1A via the network 3 (step S705).

  When the server 1A receives the signed contract DATcont8 transmitted from the terminal 2A in step S705 (step S706), the server 1A decrypts the digital signature using the distributor public key Kpub-dist and receives the received digital signed contract. DATcont8 is authenticated, and based on this result, it is determined whether or not to register the user as a regular user (step S707). In the authentication, when it is determined that the contract document DATcont8 is not valid, information indicating the contract cancellation is transmitted to the user, and the process is terminated.

  On the other hand, when the contract document DATcont8 is authenticated as valid, the content identification information described in the contract document DATcont8 and the user public key Kpub-user are registered in the regular user list LIST in association with the user information, and then the user is notified Information indicating that the registration is completed is transmitted (step S708).

  When the terminal 2A receives the registration completion information (step S709), the terminal 2A activates the reproduction program P4 to reproduce the encrypted content. Then, when the content to be reproduced is selected, the user information and the information for identifying the content to be distributed are transmitted to the server 1A to request transmission of the content key (step S710).

  Specifically, the list information of the encrypted content stored in the content package 4 is displayed on the display unit 21, and when the user selects the content desired to be reproduced via the input unit 22, the selected content is identified. The information and the user information generated in the contract document generation process (step S703) and stored in the storage unit 25 are transmitted to the server 1A via the bus 31 and the communication unit 23. At the same time, the generated content identification information is stored in the storage unit 25.

  The server 1A searches the user information and content identification information registered in the regular user list LIST from the user information received from the terminal 2A and the content identification information. When user information and content identification information are registered in the regular user list LIST, the user public key Kpub-user corresponding to the user information is acquired from the regular user list LIST, and the content key Kc corresponding to the content identification information is acquired by the user. Encrypt using public key Kpub-user. Here, the generated encrypted content key EKc is transmitted to the user as a distribution key (step S711). Details will be described later.

  On the other hand, when the user information and the content identification information are not registered in the regular user list LIST, the user is notified of information indicating that it is not registered, and the process is terminated.

  When the terminal 2A receives the distribution key EKc transmitted from the server 1A (step S712), the terminal 2A generates a user secret key Kpri-user unique to the terminal 2A, and decrypts the distribution key EKc using this secret key. Further, the encrypted content E (C, Kc) is decrypted using the decrypted content key Kc and reproduced. In this embodiment, the content key and content decrypted during the playback process are deleted from the user terminal immediately after playback (step S713).

4). Details of the contract generation process, the contract confirmation process, the content reproduction process, the contract authentication process, and the distribution key generation process in the detailed terminal 2A of each process will be described below.

A. Contract generation process The contract generation process is a process corresponding to step S703 in FIG. 20, and is executed by the contract generation program P3 in the terminal 2A.

  Prior to this processing, the contract creation program P4 stored in the content package 4 is installed in the storage unit 25 via the media reader 24 in the terminal 2A.

  The details of this process are the same as the contract generation process in the first embodiment, except that the contract includes user information. That is, in step S203 of creating a contract in the contract generation process flow shown in FIG. 13, first, a random number is generated, and this is used as user information, and contract information such as a user public key Kpub-user and content identification information. And create a contract. The flow of this process is shown in FIG.

  When the user gives an instruction to execute the installed contract creation program P3 via the input unit 22, the contract creation program P3 is loaded to the control unit 20 via the bus 31 and the execution is started. The following steps are processed based on instructions from the control unit 20.

  First, the device specific information reading unit 260 reads the terminal specific information INFuser of the terminal 2A (step S900).

  The read terminal unique information INFuser is input to the user secret key generation unit 261. The user secret key generation unit 261 performs an appropriate numerical value conversion based on the terminal unique information INFuser to generate a user secret key Kpri-user (step S901). Here, appropriate numerical conversion is a conversion in which it is difficult to guess the user secret key Kpri-user from the hardware information INFuser, and the same user secret key is not generated from multiple pieces of hardware information. It is.

  Subsequently, the generated user secret key Kpri-user is input to the user public key generation unit 270, and a user public key Kpub-user that is a public key pair corresponding to the user secret key Kpri-user is obtained by calculation. (Step S902) The obtained user public key Kpub-user is output to the contract document generation unit 271.

  On the other hand, the random number generation unit 274 generates a random number (step S903) and inputs it to the contract document generation unit 271. Further, the contract information is input to the contract document generation unit 271, and the contract document generation unit 271 generates a contract document including the user public key Kpub-user, the input contract information, and a random number (step S904). Here, the contract information is input from the input unit 22 by the user through the display unit 21 of the terminal 2A while referring to a display that prompts the user to input information included in the contract DATcont8, such as a content type and a user name. Information.

  The random number is information for identifying a user. Here, the random number is generated as user information for each user and stored in the storage unit 25.

  The generated contract DATcont8 is input to the digital signature generation unit 273, encrypted using the distributor private key Kpri-dist held in the distributor private key holding unit 272, and the digital signature E (DATcont, Kpri -dist) (step S905).

B. Contract Confirmation Process The contract confirmation process is a process corresponding to step S204 in FIG. 20, and is executed in the terminal 2A by the contract creation program P3.

  Since the procedure of this process is the same as the contract confirmation process (step S104) in the first embodiment, the description thereof is omitted.

C. Contract authentication process The contract authentication process is a process corresponding to step S707 in FIG. 20, and the validity of the contract 8 received from the terminal 2A is determined using the contract authentication program P1.

  Since the procedure of this process is the same as the contract authentication process (step S107) in the first embodiment, the description thereof is omitted.

D. Distribution Key Generation Processing The distribution key generation processing is processing corresponding to step S711 in FIG. 20, and when the user terminal 2A instructs content reproduction (step S710), the reproduction distribution key generation program P2 stores the storage unit 15. To the control unit 10 via the bus 18 and execution is started. The following steps are processed according to instructions from the control unit 10. FIG. 22 shows a flow of distribution key generation processing in the present embodiment.

  First, the server 1A receives the user information and content identification information received from the terminal 2A via the communication unit 1106 (step S1001), and these are received via the bus 18 and the key provision permission determination unit 174 of the distribution key generation unit 17. Is input.

  The authorized user list LIST held in the storage unit 25 is also read out via the bus 18 and input to the key provision permission determination unit 174.

  The key provision permission determination unit 174 determines whether or not a user corresponding to the input user information is registered in the authorized user list LIST (step S1002).

  If the user is registered in the regular user list LIST, it is further determined whether or not the input content identification information is registered in the regular user list LIST (step S1003).

  In step S1002 and step S1003, when the target data is not registered in the regular user list LIST, both of these processes are stopped.

  If the content identification information is registered in the regular user list LIST in step S1003, the content key Kc for the content identification information is acquired from the storage unit 15 and input to the content key encryption unit 171. The user public key Kpub-user is acquired from the authorized user list List and input to the session key encryption unit 172.

  The session key generation unit 170 generates a session key Ks, and the generated session key Ks is input to the session key encryption unit 172 and the content key encryption unit 171 (step S1004).

  The session key encryption unit 172 encrypts the input session key Ks using the input user public key Kpub-user, and outputs it to the distribution key configuration unit 173 (step S1005). Further, the content key encryption unit 171 encrypts the input content key Kc using the input session key Ks, and outputs it to the distribution key configuration unit 173 (step S1006).

  The distribution key configuration unit 173 collects the input encrypted session key and the encrypted content key as a distribution key, and transmits this to the user terminal 2A from the communication unit 13 via the bus 18 (step S1007).

E. Content playback processing The content playback processing is processing corresponding to step S713 in FIG. 20, and is executed by the playback program P4. Note that the reproduction program P4 is installed in the terminal 2A from the content package 4 via the media reader 24 and the bus 31 in advance and stored in the storage unit 25.

  This process is executed following the reception of the distribution key distributed from the server 1A based on the content selection by the user (step S710 in FIG. 20).

  The details of this process are the same as the content reproduction process (step S111) in the first embodiment, and thus the description thereof is omitted.

F. Terminal Change Notification Process Next, a process when the user changes a terminal will be described. First, a process for notifying the server 1A that a different terminal is used in place of the terminal using the currently used terminal 2A will be described. The flow of this process is shown in FIG.

  In the user terminal 2A, information (terminal change information) indicating that a different terminal 2B is used instead of the currently used terminal 2A is created (step S1100). Furthermore, a user public key Kpub-user is generated based on information unique to the terminal 2A (step S1101).

  The generated user public key Kpub-user is integrated with the generated terminal change information, and the integrated terminal change information is encrypted with the distributor private key Kpri-user and a digital signature is added (step S1102). ).

  The validity of the signed terminal change information is verified using the distributor public key Kpub-dist (step S1103). As a result of this confirmation, if the generated terminal change information is valid, the control unit 20 continues the processing from step S1104. On the other hand, if the generated terminal change information is not valid, this process is terminated.

  In the terminal 2A, the verified terminal change information with the signature is transmitted to the server 1A via the network 3 (step S1104).

  When server 1A receives signed terminal change information via Internet 10 (step S1105), server 1A decrypts the digital signature using distributor public key Kpub-dist and authenticates the received digital signature-added terminal change information. Based on this result, the validity of the user public key Kpub-user and the terminal change information is determined (step S1106). Here, if the terminal change information is not authenticated as valid, this processing is stopped, and information indicating that the change registration is incomplete is transmitted to the terminal 2A. On the other hand, if the terminal change information is authenticated as valid, the user public key Kpub-user corresponding to the terminal 2A before the change is searched from the authorized user list LIST, and a mark indicating the change is added to this to complete the change registration. Information indicating that it has been sent is transmitted to terminal 2A (step S1107).

  Upon receiving information indicating change registration completion or change registration incompletion, the terminal 2A notifies the user by outputting the information to the display unit 21 and ends the process (step S1108).

G. Terminal Registration Process When the terminal change notification process described above is completed, the user installs various programs of the content package 4 in the newly used terminal 2B. And the terminal registration process demonstrated below using the new terminal 2B is performed. The flow of this processing is shown in FIG.

  Prior to this processing, the user information held in the terminal 2A before the change is copied to the new terminal 2.

  First, the terminal 2B acquires user information (step S1200), and generates a user public key Kpub-user based on the unique information of the terminal 2B. (Step S1201) The generated user public key Kpub-user is integrated with the user information, and the integrated user information is encrypted with the distributor private key Kpri-user, and a digital signature is added (Step S1202).

  The validity of the signed user information is verified using the distributor public key Kpub-dist (step S1203). As a result of this verification, if the generated user information is valid, the control unit 20 continues the processing from step S1204. On the other hand, if the created user information is not valid, this process is terminated.

  In the terminal 2B, the verified signed user information is transmitted to the server 1A via the network 3 (step S1204).

  When the server 1A receives the signed user information via the network 10 (step S1205), the server 1A decrypts the digital signature using the distributor public key Kpub-dist, authenticates the received digital signed user information, Based on the result, the validity of the user information including the user public key Kpub-user is determined (step S1206). Here, if it is not authenticated that the user information is not valid, information indicating that the change registration is incomplete is transmitted to the terminal 2B, and this process is stopped. On the other hand, if the user information is authenticated as valid, the user public key corresponding to this user information, which is marked as being changed in the above-described terminal change process, is searched from the regular user list LIST. Then, the user public key obtained by the search is overwritten with the user public key Kpub-user determined to be valid in step S1206, and thereafter, information indicating that the registration of the terminal 2B is completed is transmitted to the terminal 2B (step S1206). S1207).

  In step S1207, when the user information is not in the regular user list LIST, or when the user information exists in the regular user list LIST and the user public key for the user information is not marked as being changed, Information indicating that the change registration is incomplete is transmitted to the terminal 2B, and this processing is stopped.

  When the terminal 2B receives the terminal registration completion information, the terminal 2B notifies the user of this by displaying it on the display unit 21, etc., and ends this process (step S1208).

  Needless to say, the present invention is not limited to the above-described embodiment, and various other modifications are possible.

In addition to the above-described embodiment, the contract creation program can also send the decryption keys for a plurality of contents desired by the user to the server as content identification information.

It is a figure which shows the outline | summary of the content delivery system of this invention. It is a figure explaining the security parameter of this invention. It is a figure which shows the structure of the content package in Example 1 of this invention. It is a figure which shows the structure of the server 1 in Example 1 of this invention. It is a figure explaining the structure of the contract authentication part of the server 1 in Example 1 of this invention. It is a figure explaining the structure of the distribution key production | generation part of the server 1 in Example 1 of this invention. It is a figure which shows the structure of the terminal 2 in Example 1 of this invention. It is a figure explaining the structure of the user key production | generation part of the terminal 2 in Example 1 of this invention. It is a figure explaining the structure of the contract production | generation part of the terminal 2 in Example 1 of this invention. It is a figure explaining the structure of the content decoding part of the terminal 2 in Example 1 of this invention. It is a figure explaining the structure of the digital signature confirmation part of the terminal 2 in Example 1 of this invention. It is a flowchart which shows the process until the content reproduction | regeneration in Example 1 of this invention. It is a flowchart which shows the contract document production | generation process in Example 1 of this invention. It is a flowchart which shows the contract authentication process in Example 1 of this invention. It is a flowchart which shows the distribution key production | generation process in Example 1 of this invention. It is a flowchart which shows the content reproduction process in Example 1 of this invention. It is a flowchart which shows the digital signature text authentication process process in Example 1 of this invention. It is a figure which shows the structure of the content package in Example 2 of this invention. It is a figure explaining the structure of the content decoding part of the terminal 2A in Example 2 of this invention. It is a flowchart which shows the software reproduction | regeneration processing in Example 2 of this invention. It is a flowchart which shows the contract document production | generation process in Example 2 of this invention. It is a flowchart which shows the distribution key production | generation process in Example 2 of this invention. It is a flowchart which shows the terminal change notification process in Example 2 of this invention. It is a flowchart which shows the terminal registration process in Example 2 of this invention.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Distribution server 2 User terminal 3 Network 4 Content package 5 Digital work 6 Encrypted digital work 7 Decryption key 8 Contract

Claims (11)

A program for adding to a computer a function for requesting a decryption key of encrypted content from a server according to a public key cryptosystem,
A server private key acquisition step of acquiring a server side private key;
A user secret key generation step for generating a secret key on the user terminal side based on the unique information of the user terminal;
A user public key generation step of generating a public key on the user terminal side from the user private key;
A contract information generating step for generating contract information including at least user information for specifying a user and the user public key;
A digital signature generation step of generating a digital signature from the contract information using a secret key on the server side;
A contract information transmission step of transmitting the contract information and the digital signature to the server side;
The program characterized by including. In claim 1,
The contract information includes information for specifying the encrypted content corresponding to the decryption key to be requested.
A program characterized by that. In claim 1 or 2,
Furthermore, a server public key acquisition step for acquiring a server-side public key;
Determining the contract information from the digital signature using the acquired server public key, and determining whether the restored contract information matches the generated contract information,
The contract information transmission step transmits the contract information and the digital signature to the server side when the contract information is determined to be valid by the determination step.
A program characterized by that. In any one of Claims 1 thru | or 3,
Furthermore, a change request information generation step for generating information related to the change request of the user terminal;
A digital signature generation step of generating a digital signature from the change request information using a secret key on the server side;
A change request transmission step of transmitting the change request information and the digital signature to a server side;
The program characterized by including. A server device that transmits a decryption key of encrypted content to a user terminal according to a public key cryptosystem,
Reception of receiving contract information including user information for specifying a user, user public key, content specifying information for specifying content, and a digital signature generated from the contract information using its own private key Means,
Determining means for restoring contract information from the digital signature using its own public key, and determining whether the restored contract information matches the received contract information;
When the determination unit determines that the contract information is valid, the content decryption key specified by the content specifying information included in the contract information is encrypted with the user public key included in the contract information. Decryption key transmitting means for transmitting to the terminal side;
The server apparatus characterized by having. A server device that transmits a decryption key of encrypted content to a user terminal according to a public key cryptosystem,
Receiving means for receiving contract information including user information for identifying a user and a user public key, and a digital signature generated from the contract information using its own private key;
Contract information determination means for recovering contract information from the digital signature using its own public key, and determining whether the restored contract information matches the received contract information;
A user registration unit for registering the user identification information and the user public key included in the contract information in association with each other when the contract information determination unit determines that the contract information is valid;
The server apparatus characterized by having. In claim 6,
When there is a decryption key transmission request from the user terminal side, it is determined whether or not the user is registered in the user registration means, and if registered, the public key of the user is extracted from the user registration means. , The decryption key to be transmitted is encrypted with the public key and transmitted to the user terminal.
The server apparatus characterized by the above-mentioned. In claim 6 or 7,
Change request receiving means for receiving from the user terminal information related to the change request of the user terminal and a digital signature generated from the change request information using its own private key;
Change request determination means for recovering change request information from the digital signature using its own public key, and determining whether the restored change request information matches the received change request information;
A change mark adding means for adding a change mark to the public key of the user registered in the user registration means when it is determined that the change request is valid by this determination;
A change approval notification means for transmitting a change approval notification to the user terminal side when the change request is determined to be valid by the change request determination means;
The server apparatus characterized by having. In claim 8,
When the contract information and the digital signature are received from the user terminal and the contract information is determined to be valid, the user specifying information included in the contract information is compared with the registration information registered in the user registration unit. As a result, when the change mark is added to the public key of the user, the public key of the user is replaced with the public key included in the contract information.
The server apparatus characterized by the above-mentioned. A storage medium storing the program according to claim 1. A terminal device holding the program according to claim 1 as a control program.

Images