JP2005327185A - Copyright management system, content processing device, server, program, content processing method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a copyright management system which can execute revoke processing on content by content basis. <P>SOLUTION: The copyright management system revokes the content, previously provided to a content processing device 10 from a server 20. In this copyright management system, the server 20 is equipped with a list creation part for creating a revoke list including the content attribute ID corresponding to the attribute of the content as an object to be revoked, and a list distribution part for distributing the revoke list to the content processing device 10. The content processing device 10 is also equipped with a capture part for capturing the revoke list from the server 20, and a revoke part for disabling the processing of the content as the object to be processed based on the content attribute ID added to the content as the object to be processed and the content attribute ID included in the revoke list. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a copyright management system, a content processing apparatus, a server, a program, and a content processing method, and in particular, a copyright management system that revokes content provided from a server to a content processing apparatus afterwards. About.

  Unlike conventional analog content, digital content such as video content and music content can be copied multiple times without quality degradation. For this reason, in recent years, with the spread of the Internet and the increase in speed and capacity of PCs (personal computers), the distribution and exchange of illegal content without obtaining the permission of the content provider (copyright holder) has increased. doing.

  In order to prevent these illegal acts, copyright management systems using DRM (Digital Rights Management) technology that restricts the distribution and use of contents are becoming widespread. In such a copyright management system, a method of controlling content processing (reproduction, copying, etc.) in each content processing device (client) owned by a user based on a license issued by a server is generally used.

  By the way, in such a copyright management system, it may be necessary to revoke the content after distributing the content from the server to each content processing apparatus. The cause of the revoke is, for example, that a data defect was discovered afterwards in the distributed content.

  In the copyright management system, as a technique for performing revocation processing, as described in Patent Document 1, by adopting a tree-structured key distribution configuration, devices that can be updated at the time of key update are limited, and other devices are used. The technology of revoking

JP 2001-352322 A

  However, in the above-described conventional copyright management system, there is a problem that the unit to be revoked is a content processing device (device) unit, and revocation processing cannot be performed in content units. For this reason, even when revocation processing is required only for a specific content, all the content processed by the content processing apparatus is revoked, which is inconvenient.

  Therefore, the present invention has been made in view of the above problems, and an object of the present invention is to provide a new and improved copyright management system, content processing apparatus, It is to provide a server, a program, and a content processing method.

  In order to solve the above problems, according to the first aspect of the present invention, one or more content processes for processing content based on a content, a server that provides a license for the content, and a license acquired from the server And a copyright management system for revoking content already provided from a server to a content processing device. In this copyright management system, the server includes: an attribute setting unit that sets a content attribute ID that represents a content attribute; an ID adding unit that adds a content attribute ID corresponding to the content attribute to the content; A content providing unit that provides the content processing apparatus with the content to which the attribute ID is added; a license issuing unit that issues a license and provides the content processing apparatus; and a revocation including a content attribute ID corresponding to the attribute of the content to be revoked A list creation unit that creates a list; and a list distribution unit that distributes the revocation list to the content processing apparatus. The content processing apparatus includes a list acquisition unit that acquires a revocation list from a server or another content processing apparatus; a content attribute ID added to the content to be processed; a content attribute ID included in the revocation list; And a revoke unit that disables processing of the content to be processed.

  With this configuration, the content already provided from the server to the content processing apparatus can be revoked in units of content attributes. Therefore, the content to be revoked can be revoked flexibly and efficiently.

  In order to solve the above problem, according to another aspect of the present invention, a content processing apparatus that processes content based on a license issued by a server is provided. The content processing apparatus includes a list acquisition unit that acquires a revocation list including a content attribute ID corresponding to a revocation target content attribute from a server or another content processing apparatus; and a content attribute added to the processing target content A revocation unit that disables processing of the content to be processed based on the ID and the content attribute ID included in the revocation list.

  With this configuration, when the content attribute ID of the content to be revoked included in the revocation list is added to the content to be processed, the content processing apparatus can revoke the processing of the content to be processed. . Therefore, content can be revoked flexibly and efficiently in units of content attributes.

  The content attribute ID may include a content ID that is uniquely given to each content unit to which a license is applied.

  The content attribute ID may include a file ID that is uniquely assigned to each content file including one or more contents.

  Further, the content attribute ID may include a track ID that is uniquely given for each track constituting the content.

  Further, the content attribute ID may include a group ID that is uniquely given in common attribute units common to a plurality of contents.

  The group ID may be set on the server based on an input from the server administrator.

  The content attribute ID added to the content may be included in the security information added to the content.

  The revocation unit disables the reproduction processing of the content to be reproduced based on the content attribute ID added to the content to be reproduced and the content attribute ID included in the revocation list when the content is reproduced. You may do it.

  In addition, the revoke unit converts the content attribute ID added to the content to be provided / acquired and the content attribute ID included in the revoke list when the content is provided / income with other content processing apparatuses. Based on this, the provision / acquisition processing of the content to be provided / acquired may be disabled.

  The license may be issued by the server in units of content attribute IDs.

  And a license management unit that provides / acquires a license with the other content processing apparatus, and the revocation unit includes content included in the license to be provided / acquired when the license management unit provides / acquires the license. Based on the attribute ID and the content attribute ID included in the revocation list, the provision / acquisition process of the license to be provided / acquired may be disabled.

  The revoke list may be added with a first digital signature by the server.

  The revocation list may be added with version information indicating whether the revocation list is new or old by the server.

  Moreover, you may make it further provide the list provision part which provides the said revoke list to another content processing apparatus.

  Further, a list management unit that integrates a plurality of revocation lists acquired by the list acquisition unit to create an integrated revocation list may be further provided.

  The list management unit may add a second digital signature corresponding to the content processing apparatus to the integrated revocation list.

  The revocation list includes version information indicating whether the revocation list is new or old, and the list management unit includes the newly acquired version information of the revocation list, the version information of the revocation list acquired in the past, Based on the above, it may be determined whether or not to integrate the newly acquired revoke list into the integrated revoke list.

  The revocation list includes version information indicating whether the revocation list is new or old. The list management unit is based on the integrated revocation list and the version information among a plurality of revocation lists acquired by the list acquisition unit. The latest revoke list determined to be up-to-date may be stored.

  The revocation unit may disable processing of the processing target content based on the content attribute ID added to the processing target content and the content attribute ID included in the integrated revocation list. .

  Moreover, you may make it further provide the list provision part which provides the said latest revoke list to another content processing apparatus.

  In order to solve the above problem, according to another aspect of the present invention, a computer is used: from a server or another content processing apparatus, a revocation list including a content attribute ID corresponding to a content attribute to be revoked. A list acquisition process for acquiring the content; and a revocation process for disabling the processing of the content to be processed based on the content attribute ID added to the content to be processed and the content attribute ID included in the revocation list; A program is provided that is characterized by being executed.

  Details of the processing that this program causes the computer to execute are substantially the same as the processing of the content processing apparatus described above, and thus detailed description thereof is omitted.

In order to solve the above problems, according to another aspect of the present invention, a server for providing content and a content license to a content processing apparatus is provided. The server includes: an attribute setting unit that sets a content attribute ID that represents a content attribute; an ID adding unit that adds a content attribute ID corresponding to the content attribute to the content; and a content to which the content attribute ID is added A content providing unit that provides the content processing apparatus; a license issuing unit that issues a license and provides the content processing apparatus; and a list creation unit that creates a revocation list including a content attribute ID corresponding to the attribute of the content to be revoked A list distribution unit that distributes the revocation list to the content processing device;
Is provided. In the content processing apparatus that has acquired the revoke list, processing of the content to which the content attribute ID included in the previous revoke list is added is disabled.

  The attribute setting unit may be able to set a content attribute ID based on an input from a server administrator.

  In order to solve the above problem, according to another aspect of the present invention, a computer is used: an attribute setting process for setting a content attribute ID representing a content attribute; An ID adding process for adding a corresponding content attribute ID; a content providing process for providing the content processing apparatus with the content attribute ID added; a license issuing unit for issuing a license and providing the content processing apparatus; A content processing apparatus that executes a list creation process for creating a revoke list including a content attribute ID corresponding to an attribute of the target content; a list distribution process for distributing the revoke list to the content processing apparatus, and acquires the revoke list In the previous revoke list Wherein the attribute ID is processed disabled additional content, the program is provided.

  In order to solve the above problems, according to another aspect of the present invention, there is provided a method of processing content provided from a server to a content processing apparatus. In this content processing method, a step of reading a content attribute ID added to content to be processed; and whether the read content attribute ID is included in a revocation list including a content attribute ID corresponding to the attribute of the content to be revoked A step of determining whether or not; if the read content attribute ID is included in the revocation list, the processing of the content to be processed is disabled, while the read content attribute ID is not included in the revocation list Includes a step of enabling processing of content to be processed.

  As described above, according to the present invention, the revoke process can be executed for each content in the content processing apparatus. For this reason, after providing various contents and licenses from the server to the content processing apparatus, when a cause of revocation occurs in one or more specific contents, only the specific contents can be revoked.

  Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. In the present specification and drawings, components having substantially the same functional configuration are denoted by the same reference numerals, and redundant description is omitted.

(First embodiment)
<1. Overview>
First, an outline of the copyright management system according to the first embodiment of the present invention will be described.

  The copyright management system according to the present embodiment is a system for managing the use (especially reproduction) of content in a content processing apparatus owned by each user and protecting the copyright of the content.

  Specifically, this copyright management system sets up a license for the content, thereby paying a legitimate user (payable compensation for the copyright of the content and purchasing the license for use within the scope of private use. Users) are allowed to use the content relatively freely. On the other hand, users who use illegally such as mass distribution of content through the Internet, etc., or users who try to use content beyond the scope of the license without paying a reasonable price, should not use the content. Strictly restrict.

  Furthermore, in the copyright management system according to the present embodiment, a server that provides content and a license sets a content attribute ID that represents the attribute of the content, and adds the content attribute ID to the content and the license. Further, such a server distributes to the content processing device a revocation list including a content ID that identifies the content to be revoked, and the content processing device controls processing of the content based on this revocation list. As described above, the copyright management system according to the present embodiment is characterized in that the content attribute ID and the revocation list are adopted, and the content distributed in the system is revoked in units of content attributes.

  The “content” according to the present embodiment is, for example, audio (Audio) content such as music, a lecture, a radio program, a still image constituting a movie, a television program, a video program, a photograph, a picture, a chart, or the like. Video (Video) content made up of moving images, content combining the video content and audio content, electronic books (E-books), games, software (software), and all other contents are included. The “content data” is, for example, digital data representing the contents of the above various contents, such as video data, audio data, character data (subtitle data), electronic book data, electronic game data, software data, and the like. is there. In the following description, an example of movie content (for example, video data, audio data, and subtitle data) will be described as the content, but the present invention is not limited to such an example.

  Hereinafter, the copyright management system according to the first embodiment for realizing the above-described features will be described in detail.

<2. System configuration>
First, the overall configuration of the copyright management system 100 according to the first embodiment of the present invention will be described with reference to FIG. FIG. 1 is a block diagram schematically showing the overall configuration of the copyright management system 100 according to the first embodiment of the present invention.

  As shown in FIG. 1, the copyright management system 100 according to the present embodiment may be collectively referred to as a plurality of content processing apparatuses 10-1, 2,..., N (hereinafter “content processing apparatus 10”). ), For example, one server 20, a network 5 and a local line 9 that connect these devices to each other, and a recording medium 7 that is exchanged between the content processing devices 10.

  The content processing device 10 is a variety of recording / playback devices, recording-only devices, or playback-only devices that can record / playback content to / from the recording medium 7 or a built-in storage device. More specifically, the content processing apparatus 10 is, for example, a computer apparatus (notebook type or desktop type) such as a personal computer (PC), PDA (Personal Digital Assistant), portable video player / recorder, MP3. Players, portable audio players / recorders such as IC players / recorders, imaging devices such as digital cameras or video recorders, consumer game machines, VTRs, CDs, MDs or DVD recorders / players, radio devices, mobile phones, PHS, information It can consist of home appliances.

  The content processing apparatus 10 includes, for example, a recording / reproducing apparatus (for example, a computer apparatus such as a PC) capable of installing software for content distribution service, and a recording / reproducing apparatus (for example, a DVD player / recorder) incapable of installing the software. Recording devices) and playback-only devices (for example, playback-only portable devices (PD), etc.).

  The content processing apparatus 10 such as a PC receives the content distributed by the server 20, the issued license issued by the server 20, the revocation list created by the server 20, and the like, and recording means such as a storage device or a recording medium 7 Can be recorded.

  A recording / playback apparatus and a playback-only apparatus (represented as a content processing apparatus 10-m in FIG. 1) in which the software cannot be installed can be locally connected to the content processing apparatus 10 such as a PC via the local line 9. is there. For this reason, the content processing apparatus 10-m can acquire the distribution content, license, revocation list, and the like received by the content processing apparatus 10 such as a PC via the network 5 via the local line 9. For example, the local line 9 can be configured by a wired cable such as a USB (Universal Serial Bus) cable or a SCSI (Small Computer System Interface) cable, but may be wirelessly connected.

  These content processing apparatuses 10 transmit / receive contents such as distribution contents from the server to / from other content processing apparatuses 10 via the network 5 and the local line 9 or exchange via the recording medium 7. be able to. As a result, content data can be provided / acquired among a plurality of content processing apparatuses 10 to share the content. It is also possible to provide / acquire a license between the content processing apparatuses 10.

  The content processing apparatus 10 will be described later. Based on the acquired revocation list, it can be determined whether or not the content to be processed is the content to be revoked, and the processing of the content to be revoked can be disabled.

  On the other hand, the server 20 is a server device owned by, for example, a service provider that provides a content distribution service. The server 20 is composed of one or more computer devices having a server function.

  The server 20 distributes the content via the network 5 to the content processing apparatus 10 owned by the user who enjoys the content distribution service. At this time, for example, when distributing movie content (including moving image data, audio data, and subtitle data), for example, the content is compressed by MPEG-2, 4, 7, etc., encrypted, and distributed. Can do. The content distributed from the server 20 is copyright-protected content. Specifically, security information including attribute information and content key of the content is added to the encrypted content data. Yes. Details of the copyright-protected content will be described later.

  Further, the server 20 can issue a content license and provide it to the content processing apparatus 10 in response to a purchase request from a user of the content processing apparatus 10. This license is a right to use content, and is granted in content attribute units (for example, content ID units described later). For example, the server 20 issues a license when a user authentication process and an accounting process for an amount corresponding to the license contents are performed.

  Further, when a cause of revocation occurs for specific content, the server 20 creates a revocation list that is a feature of the present embodiment and distributes it to the content processing apparatus 10.

  As described above, a content revocation is performed when any reason (revocation cause) that should exclude the use of a specific content occurs after distribution of content from the server 20 to an arbitrary content processing apparatus 10. The use of the content in the content processing apparatus 10 is disabled (that is, the license of the content is invalidated). Examples of the cause of revoke include the following (1) to (3).

  (1) For example, if a content defect such as a content defect, error, or data defect is discovered after content distribution, it may cause a revoke. Specifically, examples of content loss and error include a case where a part of video of a movie content is missing or an incorrect expression used in a movie. Further, as an example of the data defect, for example, there is a case where noise is mixed in the content when the content is encoded.

  (2) In addition, if a scandal occurs in the performer of the content after the content is distributed, it can also cause a revoke. Specifically, there is a case where the movie actor's leading actor has caused a scandal and the video production company voluntarily cancels the release of the movie content.

  (3) Furthermore, after the content is distributed, the contract between the content creator (movie production company, etc.) and the copyright holder and the content distribution service provider (service provider) is changed, and the distribution service for specific content is discontinued. If this happens, it can cause revoke.

  When such a cause of revocation occurs, the server 20 creates and distributes the revocation list based on the input of the owner of the server 20 (such as a service provider administrator). This revocation list is a list of content attribute IDs corresponding to the attributes of the content to be revoked, details of which will be described later.

  The main functional configuration of the server 20 has been described above. As shown in FIG. 1, the server 20 may be configured as a single server device in terms of hardware, or a plurality of server devices that share the functions of the server 20 (for example, content distribution) A content providing server that issues a license, a license issuing server that issues a license, a charging server that performs a charging process according to the issuance of the license, and a revocation list server that creates and distributes a revocation list.

  The network 5 is a communication line network that connects the plurality of content processing apparatuses 10 and the server 20 so as to enable bidirectional communication. This network 5 is composed of, for example, a public line network such as the Internet, a telephone line network, a satellite communication network, etc., or a dedicated line network such as WAN, LAN, IP-VPN, etc., regardless of wired or wireless.

  Further, such a network 5 may include a private network. This private network is a network that interconnects a plurality of content processing apparatuses 10 that share content data within the scope of private use from the viewpoint of copyright management. Specific examples of such a private network include, for example, a network connecting a plurality of content processing devices 10 used by the same user, a home network connecting a plurality of content processing devices 10 used in the same home, Examples include a LAN that connects a plurality of content processing apparatuses 10 used in a small limited group (company, friend, etc.).

  The recording medium 7 is a removable medium capable of storing various data such as content data, such as a DVD-R, a DVD-RW, a DVD-RAM, a CD-R, a CD-RW, and a magneto-optical disk. These are various optical disks 3, magnetic disks such as flexible disks and hard disks, and various semiconductor memories. Note that the recording medium 7 may be a recording medium with a copyright management function that restricts copying and reproduction of content data using an encryption key or the like, for example.

  This recording medium 7 functions as a provision / acquisition medium for contents, licenses, revoke lists and the like between the content processing apparatuses 10. For example, by loading the recording medium 7 on which the content is recorded by the content processing device 10-1 into the content processing device 10-2 and reading out the content data, the content processing device 10-1 reads the content data. Content data can be provided. Further, the content processing devices 10-1, 2, etc. can also provide / acquire content, licenses, revocation lists, etc. via the recording medium 7 even with the content processing device 10-m that cannot be connected to the network 5. Is possible.

  In the copyright management system 100 configured as described above, the content processing apparatus 10 can process (reproduction processing, duplication processing, etc.) the content distributed from the server 20 based on the license issued by the server 20. . In addition, when a reason for revocation occurs, the server 20 creates and distributes a revocation list related to the content to be revoked, and the content processing apparatus 10 determines the content to be revoked based on the revocation list acquired from the server 20. Forcibly disable processing. As a result, the revocation processing of the content already provided from the server 20 to the content processing apparatus 10 and its license can be executed in units of content attributes.

  In the following, the content, license, and revocation list configuration in the copyright management system 100 will be described, and then the content processing apparatus 10 and the server 20 constituting the copyright management system 100 will be described in detail.

<3. Content structure>
Next, based on FIG. 2 and FIG. 3, the structure of the content in the copyright management system 100 according to the present embodiment will be described. 2 and 3 are explanatory diagrams conceptually showing a configuration example of movie content according to the present embodiment.

  As shown in FIG. 2, one movie file C is included in one content file F. This movie content C includes, for example, a video track T1, an audio track T2, a subtitle track T3, and each track. It consists of security information S1-3 corresponding to T1-3.

  A content file is a file containing one or more contents. In the example of FIG. 2, one movie content C is included in one content file F.

  The track T is a component of content and corresponds to content data that is data representing the actual content. The number of tracks T constituting one content differs for each content, but in the example of FIG. 2, one movie content C is composed of three tracks T1 to T3. Of these, the video track (Video Track) T1 includes video data that is moving image data corresponding to a video of a movie. Also, the audio track (Audio Track) T2 includes audio data corresponding to movie audio. A subtitle track (Subtitle Track) T3 includes subtitle data corresponding to a subtitle of a movie. These tracks T1 to T3 are encrypted with content keys K1 to K3 included in the corresponding security information S, respectively.

  Note that the content may be composed of only one of the video, audio, and subtitle tracks T1 to T3. In addition to the above, a track that represents other content data (still image track, music-related character information track, etc.) ) May be included.

  The security information S is information (SINF) for managing the copyright of the content, and is added for each track T (content data) by the server 20, for example. In the example of FIG. 2, three pieces of security information S1 to S3 are added to three tracks T1 to T3 in one movie content C, respectively. In this embodiment, the security information S is provided for each track T as described above. However, the present invention is not limited to such an example. For example, when license management and revocation management for each track T are not performed, content information is provided. Security information S may be provided in units.

  The security information S includes, for example, an encrypted content key K, attribute information A, and signature D.

  The content key K is a key for decrypting each of the encrypted tracks T. The content key K1 is a key for decrypting the video track T1, the content key K2 is a key for decrypting the audio track T2, and the content key K3 is a key for decrypting the subtitle track T3. . Further, such a content key K itself is also encrypted with a license key. Therefore, without the proper license, the content key K cannot be decrypted, and as a result, the content data of the track T cannot be decrypted and reproduced.

  Attribute information (Attribute) A is information representing content attributes, and consists of a plurality of content attribute IDs to be described later. The attributes of content include not only the properties and characteristics of the copyright management of the content (eg, status, file, track, etc.) but also the properties and characteristics of the content (eg, content supervision, leading actor, etc.) Including. In the present embodiment, the attribute information A is determined for each track T constituting the content, for example, and represents the attribute of each track T constituting the content. For this reason, even in the same movie content C, attribute information A corresponding to different tracks T may be different information. The attribute information A added to the content in this way is used for matching the content with the license and matching the content with the revoke list. The attribute information A includes, for example, an attribute code and a content attribute ID. Details will be described later.

  The signature D is a digital signature added by the server 20 and has a function of preventing falsification of the entire security information S. This signature D includes, for example, a certificate for verifying the validity of the digital signature.

  Next, another configuration example of content will be described with reference to FIG. As shown in FIG. 3, three movie contents C1 to C3 are included in one content file F. Thus, one content file F may be configured to include a plurality of contents. For example, a plurality of mutually related movie contents C1 to C3 (such as “xxx criminal”, “xxx criminal-part2”, “xxx criminal-part3”) belonging to the same movie series, 1 One content file F may be included. As a result, the content file becomes a movie library file containing a series of movie series contents.

  In the example of FIG. 3, the movie content C1 has one video track T1, one audio track T2, and one subtitle track T3. On the other hand, the movie content C2 has two video tracks T4 and T5, and the movie content C3 has, for example, two audio tracks T9 and T10 and two subtitle tracks T11 and T12. ing. Thus, one content can include a plurality of tracks of the same type, such as a plurality of video tracks, a plurality of audio tracks, or a plurality of subtitle tracks.

  As described above, since one movie content C includes a plurality of video tracks, for example, the same movie content C includes a plurality of videos (for example, a theater-released video and a full-version video, or a high-quality video). And low-quality images) can be packaged. In addition, since one movie content C includes a plurality of audio tracks, for example, a plurality of audio (English audio and Japanese audio, high audio quality and low audio quality, etc.) are added to the same movie content C. It becomes possible to package. Further, since one movie content C includes a plurality of subtitle tracks, for example, the same movie content C has a plurality of subtitles (English subtitles and Japanese subtitles, vertical subtitles and horizontal subtitles, etc.). Can be packaged.

  Also in the example of FIG. 3, security information S1-12 is added to each track T1-12. The security information S1-12 is substantially the same as the security information S1-3 in the example of FIG.

<4. Configuration of attribute information>
Next, the attribute information A according to the present embodiment will be described in detail based on FIG. FIG. 4 is an explanatory diagram conceptually showing a configuration example of the attribute information A according to the present embodiment.

  As described above, the attribute information A is information representing content attributes. This attribute information A is set in the server 20 for each content, and is added to the security information S for the content. As shown in FIG. 4, the attribute information A includes, for example, a combination of a plurality of attribute codes and content attribute IDs corresponding to the attribute codes.

  The attribute code is an identification code for identifying the type of content attribute. This attribute code is a code that is commonly defined for each type of content in the copyright management system 100 regardless of the difference in content to which the attribute information A is added. This attribute code is composed of a 4-digit character string such as “A000”. In this embodiment, for example, 1000 attribute codes from “A000” to “A999” can be set, and, for example, 1000 types of attributes can be defined.

  The content attribute ID is an ID that identifies an attribute of the content. This content attribute ID is composed of a unique character string (a 14-digit character string in the example of FIG. 4) for each content attribute, and uniquely identifies the content attribute to which the content attribute ID is added. A plurality of types of content attribute IDs are set for each type of content attribute (the above attribute code). Hereinafter, each content attribute ID will be described.

(Content ID)
A content attribute ID having an attribute code “A000” is a content ID. This content ID is an ID uniquely given in units of “content to which a license is applied”. This “content to which a license is applied” is a set of content data that is meaningful as a subject of copyright management using the license. By adding this content ID to the content, it becomes possible to identify the “content to which the license is applied” distributed in the system.

  An administrator (service provider) of the server 20 can freely determine a unit for assigning a content ID (that is, a unit of content to which a license is applied) in various forms.

  For example, the content ID may be assigned in units of the content C. More specifically, one content ID may be assigned to one movie content C as shown in FIG. 2, or three movie contents C1, C2, C3 as shown in FIG. One may be given to each. In this case, a license is applied to each movie content C.

  Further, the content ID may be assigned to each track T, for example, or a combination of a plurality of tracks T (for example, a combination of the video track T4 and the audio track T6 in FIG. 3, a video track T5 and an audio track T6). And a combination of the subtitle track T7). In this case, a license is applied to each track T or a combination of a plurality of tracks T.

  Also, one content ID may be assigned to a group of a plurality of movie contents C1, C2, and C3 as shown in FIG. In this case, the license is applied to a plurality of related contents (content groups).

(Track ID)
The content attribute ID whose attribute code is “A001”, for example, is a track ID. This track ID is an ID uniquely assigned to each track T constituting the content. For example, in the example of FIG. 2, different track IDs are assigned to the video track T1 and the audio track T2. In the example of FIG. 3, different track IDs are assigned to the video track T1 of the movie content C1 and the video track T4 of the movie content C2. By adding such a track ID to the content, the track of the content distributed in the system can be identified. In the present embodiment, since the security information S and the track T are set in a one-to-one relationship, the security information S added to the content can be identified by the track ID.

(File ID)
The content attribute ID whose attribute code is “A029” is a file ID, for example. The track ID is an ID uniquely assigned to each content file F including one or more contents. For example, in the example of FIG. 2, one file ID is assigned to a content file F including one movie content C. In the example of FIG. 3, one file ID is added to the content file F including the three movie contents C1 to C3. By adding such a file ID to the content, the file of the content distributed in the system can be identified.

(Group ID)
Eight content attribute IDs having attribute codes “A257” to “A264” are group IDs, for example. This group ID is an ID uniquely assigned in common attribute units that are attributes common to a plurality of contents. A plurality of types of group IDs are set corresponding to a plurality of types of common attributes. The common attribute represented by the group ID can be freely set by the administrator (service provider) of the server 20.

  Here, specific examples of the common attribute and the group ID will be described with reference to FIG. FIG. 5 is an explanatory diagram for explaining a specific example of common attributes and group IDs set for the movie content according to the present embodiment.

  As shown in FIG. 5, common attributes set for movie content are, for example, “service provider” (common attribute 1) whose attribute code is “A257”, and “director” (common) whose attribute code is “A258”. Attribute 2), “Actor Actor” whose attribute code is “A259” (Common Attribute 3), “Actor Actor” whose attribute code is “A260” (Common Attribute 4), “Genre” whose attribute code is “A261” ”(Common attribute 5),“ creation location ”(common attribute 6) whose attribute code is“ A262 ”, and the like.

  “Service provider (common attribute 1)” is an attribute representing a service provider (server 20) that provides content. The group ID 1 corresponding to this “service provider (common attribute 1)” is uniquely assigned for each service provider that provides the content. For example, in the example of FIG. 5, the service provider “Company A” is assigned a group ID “0x0101”, and the service provider “Company B” is assigned a group ID 1 “0x0102”. By adding such a group ID 1 representing “service provider (common attribute 1)” to the content, the service provider of the content providing source can be identified.

  The “director (common attribute 2)” is an attribute representing a director (for example, a movie director) who directed creation of content. The group ID 2 corresponding to this “director (common attribute 2)” is uniquely given in the supervisor unit that commanded the creation of the content. For example, in the example of FIG. 5, the group ID 2 “0x0201” is assigned to the director “Ichiro Yamada”, and the group ID 2 “0x0202” is assigned to the director “Kiyoshi Minamino”. By adding such a group ID 2 representing “director (common attribute 2)” to the content, it becomes possible to identify the director who directed the creation of the content.

  Similarly, “leading actor (common attribute 3)” and “leading actress (common attribute 4)” are attributes representing leading actors and leading actresses appearing in the content. The group IDs 2 and 3 corresponding to the “leading actor (common attribute 3)” and “leading actress (common attribute 4)” are uniquely assigned to the leading actor and the leading actress.

  The “genre (common attribute 5)” is an attribute representing a genre (for example, a movie genre) that is a classification of content contents. The group ID 5 corresponding to this “genre (common attribute 5)” is uniquely given in units of content genres. For example, in the example of FIG. 5, a group ID 5 “0x0501” is assigned to the movie genre “comedy”, and a group ID 5 “0x0202” is assigned to the movie genre “horror”. By adding such a group ID 5 representing “genre (common attribute 5)” to the content, the genre of the content can be identified.

  “Creation location (common attribute 6)” is an attribute that represents a content creation location (for example, a shooting location or editing location of a movie, a country or region to which a movie creation company or director belongs, etc.). The group ID 6 corresponding to this “creation location (common attribute 6)” is uniquely given in units of content creation locations. For example, in the example of FIG. 5, the group ID 6 “0x0601” is assigned to the creation location “Japan”, and the group ID 6 “0x0602” is assigned to the creation location “America”. By adding such a group ID 6 representing “creation location (common attribute 6)” to the content, the creation location of the content can be identified.

  The example of the common attribute according to the present embodiment and the group ID that is the content attribute ID representing the common attribute has been described above. By setting the common attribute and the group ID, a plurality of contents having the same common attribute can be grouped. For example, by entering the group ID 1 “0x0101” in the attribute code “A258” column of the attribute information A for all the movie contents whose director is “Ichiro Yamada”, the movie of the work directed by “Ichiro Yamada” Content can be grouped.

  Note that a plurality of such common attributes may be set at the same time or may be set independently. In addition to the common attributes exemplified above, for example, “supporting actor”, “voice actor”, “caption translator”, “movie music representative”, “movie distributor”, “movie length (time)” ”,“ Original or remake version ”,“ Publication date ”,“ Availability of various movie awards ”,“ Use of CG ”,“ Presence of subliminal ”,“ Form of contract between movie distributor and service provider ” , “Contract period, contract amount”, etc. may be set, and a group ID corresponding to this common attribute may be assigned.

  The content attribute and content attribute ID in the attribute information A according to the present embodiment have been described above. By adding a content attribute ID corresponding to the content attribute to the content, copyright management (license assignment, revocation processing, etc.) can be performed in units of content attribute IDs as described later.

<5. License Configuration>
Next, the configuration of the license according to the present embodiment will be described in detail with reference to FIG. FIG. 6 is an explanatory diagram conceptually showing a configuration example of the license according to the present embodiment.

  As shown in FIG. 6, the license includes, for example, information indicating the license target, information indicating the contents of the license, and a digital signature added by the server 20 that issues the license.

  The license target is represented by a content attribute ID, for example. For example, the license shown in FIG. 6A is a license for a content whose content ID is “0x0011” and “A000 = 0x0011” is described in the license target column. Further, the license shown in FIG. 6B is described as “A258 = 0x0201” in the license target column, and the content whose group ID 2 representing the common attribute 2 (director) is “0x0011” (ie, director) All licenses that are "Ichiro Yamada". Thus, in this embodiment, a license is set for each content attribute ID.

  Note that a license may be set by specifying a plurality of content attribute IDs. Although not shown, for example, when “A257 = 0x0101 and A258 = 0x0201” is described in the license target column in the license, the service provider of the license is the company A, and the license is This means that the license is for all content whose director is “Ichiro Yamada”. When “A258 = 0x0203 or A261 = 0x0502” is described in the license target column in the license, the license is directed to “Q. Tarantula” or the genre is “horror”. It means that the license is for all contents that are.

  The license contents include, for example, the license validity period, whether or not the content can be copied, and the maximum number of times, whether or not the license can be copied, transferred, and loaned, and the maximum number of times. Note that license duplication is a process of copying a license acquired by a certain content processing apparatus 10 to another content processing apparatus 10. The license transfer (Move) is a process for completely transferring a license acquired by a certain content processing apparatus 10 to another content processing apparatus 10 so that no license remains in the original content processing apparatus 10. In addition, license lending is performed by lending a license acquired by one content processing apparatus 10 to another content processing apparatus 10 for a predetermined period, so that no license remains in the original content processing apparatus 10 during the lending period. It is processing.

  The contents of this license will be specifically described. For example, the license shown in FIG. 6A is described as “START_TIME = 2004/5/1 END_TIME = 2004/6/1” in the license content column, and the validity period of the license is May 2004. It is from 1st to June 1st, 2004. Further, the license shown in FIG. 6B is described as “Check Out num. = 3” in the license content column, indicating that the upper limit number of times of duplication (checkout) of the license is three. Yes.

  In addition, a digital signature is added to the license by the server 20. For this reason, unauthorized tampering of the license on the content processing apparatus 10 side can be prevented.

<6. Structure of revocation list>
Next, based on FIG. 7, the structure of the revoke list which is the characteristic concerning this embodiment is demonstrated in detail. FIG. 7 is an explanatory diagram conceptually showing a configuration example of a revoke list according to the present embodiment.

  In the present embodiment, the server 20 creates a revoke list and distributes it to the content processing apparatus 10 in order to revoke the content to be revoked. This revocation list is a list in which content attribute IDs corresponding to the attributes of the content to be revoked are listed. As described above, the present embodiment is characterized in that, in the revocation list, the content to be revoked is specified by the content attribute ID indicating the content attribute described above. The revocation list will be described in detail below.

  As shown in FIG. 7, the revocation list describes, for example, a list of combinations of the attribute code and the content attribute ID. The enumeration of combinations of the attribute code and the content attribute ID is information necessary for specifying the content to be revoked and executing the content revocation process in the content processing apparatus 10.

  Specifically, in the revoke list in the example of FIG. 7, three content IDs (such as “0x0C11223345556600”) are described corresponding to the attribute code “A000” representing the content ID. By describing the content ID in the revocation list in this way, it is possible to revocate each content in units of content ID (content unit to which the license is applied). For example, only a specific content corresponding to a content ID included in the revocation list among a plurality of contents included in one content file can be revoked. In addition, only one or more tracks (for example, a combination of a video track and a Japanese audio track) corresponding to the content ID included in the revocation list among a plurality of tracks included in one content file may be revoked. It becomes possible.

  Further, in the revoke list in the example of FIG. 7, for example, one track ID “0x0C4444444444444444” is described corresponding to the attribute code “A001” indicating the track ID. Thus, by describing the track ID in the revocation list, revocation can be performed in units of track IDs (track units). For example, only one track (for example, a video track) corresponding to a track ID included in the revocation list can be revoked in one content. In addition, when the same track is included in a plurality of different contents, the tracks straddling the plurality of contents can be collectively revoked.

  In the revoke list in the example of FIG. 7, two file IDs (such as “0x0CAB2234456556”) are described corresponding to the attribute code “A029” representing the file ID. By describing the file ID in the revocation list in this way, it becomes possible to revoke one or more contents in file ID units (content file units). For example, when one content file includes one content as shown in FIG. 2, each content can be revoked in units of files. Also, as shown in FIG. 3, when a plurality of contents are included in one content file, the plurality of contents can be revoked in units of files.

  In the revoke list in the example of FIG. 7, one group ID 1 “0x0000000000000001” is described corresponding to the attribute code “A257” representing the group ID 1 (service provider; SP). Further, one group ID 2 “0x0000000000000022” is described corresponding to the attribute code “A258” representing the group ID 2 (director). By describing the group ID in the revocation list in this way, a plurality of contents grouped with the same common attribute can be revoked in a group ID unit (common attribute unit).

  For example, the group ID 1 “0x0101” of the service provider “Company A” is described in the “A257” column of the revocation list, so that all contents provided by the service provider “Company A” are revoked at once. Can do. In addition, by describing the group ID 2 “0x0201” of the director “Ichiro Yamada” in the column of “A258” in the revocation list, all contents whose director is “Ichiro Yamada” can be revoked in a lump.

  As described above, among the content attribute IDs used in the security information S, the content attribute ID corresponding to the attribute of the content to be revoked is described in the revocation list, so that the content can be revoked flexibly and efficiently. It becomes.

  In addition, version information and a digital signature (first digital signature) are added to the revocation list as described above.

  The version information is information (for example, a time stamp or the like) indicating whether the revocation list is new or old, and is added to the revocation list by the server 20. The content processing apparatus 10 that has acquired the revocation list can determine whether the revocation list is new or old (the order of issue by the server 20) based on this version information.

  The digital signature (first digital signature) is, for example, a signature for preventing data tampering composed of MAC ((Message Authentication Code), random numbers, etc., and is added to the revoke list itself by the server 20. The digital signature can prevent the revocation list from being counterfeited by the content processing apparatus 10 and can ensure that the revocation list is normally issued by the server 20. For this reason, the content processing apparatus 10 in a home network or the like can be used. , It is possible to exchange revoke lists with each other.

<7. Server configuration>
Next, the server 20 according to the present embodiment will be described in detail with reference to FIG. FIG. 8 is a block diagram schematically showing the configuration of the server 20 according to the present embodiment.

  As shown in FIG. 8, the server 20 includes, for example, a CPU 202, a memory 204, an input device 206, an output device 208, a communication device 210, a storage device 220, an attribute setting unit 240, and a distribution service execution unit. 250, a list creation unit 270, and a list distribution unit 280.

  The CPU 202 functions as an arithmetic processing device and a control device, and can control processing of each unit in the server 20. The memory 204 is constituted by, for example, a RAM, a ROM, a cache memory, and the like, and has a function of temporarily storing various data related to the processing of the CPU 202, an operation program of the CPU 202, and the like.

  The input device 206 includes, for example, operation means such as a mouse, a keyboard, a touch panel, a button, a switch, and a lever, and an input control circuit that generates an input signal and outputs it to the CPU 202. An administrator of the server 20 can input various data and instruct processing operations to the server 20 by operating the input device 206. For example, the administrator can freely input information for setting the common attribute and the group ID by operating the input device 206.

  The output device 208 includes, for example, a CRT display device, a liquid crystal display (LCD) device, a display device such as a lamp, and an audio output device such as a speaker. The output device 208 can display the contents of the distribution content reproduced to confirm the contents, and can display these information when setting the common attribute and the group ID.

  The communication device 210 is a communication interface configured with, for example, a communication line, a communication circuit, a communication device, and the like. The communication device 210 can transmit and receive distribution content, a revoke list, various control signals, and the like via the network 5 with an external device such as the content processing device 10.

  The storage device 220 is, for example, a data storage device composed of a hard disk drive or the like, and can store various data such as programs. Further, the storage device 220 stores, for example, a user registration database 222, a content database 224, a charging information database 226, a charging information database 228, and a revoke list database 230.

  The user registration database 222 is a database that stores user registration information of users registered in the content distribution service. The content database 224 is a database that stores a plurality of contents that are to be distributed by the content distribution service. The license database 224 is a database that stores licenses issued to users who use the content distribution service. The accounting information database 228 is a database that stores accounting information (amount, settlement method, settlement date, etc.) for each user who uses the content distribution service. The revocation list database 230 is a database that stores all versions of the revocation list created by the list creation unit 270 described later.

  The attribute setting unit 240 sets a content attribute ID representing the content attribute. For example, the attribute establishment unit 240 automatically sets the content ID, the track ID, the file ID, etc. among various content attribute IDs. Further, the attribute setting unit 240 sets the group ID based on, for example, an input from the administrator of the server 20. Thereby, the administrator of the server 20 can freely set the group ID of the common attribute desired by the server 20 and apply the freely set group ID to the issuance of a license or the creation of a revoke list.

  The distribution service execution unit 250 is a component for executing a content distribution service that distributes content, for example, for a fee to the user of the content processing apparatus 10. The distribution service execution unit 250 is configured by content distribution service software installed in the server 20, for example.

  As shown in FIG. 8, the distribution service execution unit 250 includes, for example, a registration management unit 252, a license issuance unit 254, a charging processing unit 256, an ID addition unit 258, and a content providing unit 260.

  The registration management unit 252 performs registration, registration change, deregistration processing, and the like of users who wish to use the content distribution service. Specifically, the registration management unit 252 performs, for example, user authentication processing, distribution service form (license) selection processing, etc. when a new user is registered or changed, and user registration information (name, password, credit card) Number, selected delivery service form, etc.) are recorded in the user registration database 222. By such registration and registration change processing, the registered user can use the content processing apparatus 10 to acquire and use the distribution content within the range of the registered distribution service form (license). The registration management unit 252 also performs, for example, user authentication processing and registration deletion processing when canceling a user registration, and writes the registration deletion contents in the user registration database 222.

  The license issuing unit 254 issues a license according to the registration contents (selected distribution service form) by the registration management unit 252. The license issuing unit 254 provides the issued license to the content processing apparatus 10 of the registered user. This license provision processing is preferably performed by transmission via the network 5 from the viewpoint of speediness, but may be performed by providing a recording medium in which the license is recorded. Further, the license issuing unit 254 records the issued license in the license database 226 in association with the registered user of the issue destination or the content processing apparatus 10.

  For example, the billing processing unit 256 performs billing processing that requests a user who uses the content distribution service to pay an amount corresponding to the selected distribution service form (license). Billing information such as the billing amount, settlement method, settlement date and time generated by this billing process is stored in the billing information database 228.

  The ID adding unit 258 adds a content attribute ID corresponding to the attribute of the content to the content, for example, when the server 20 acquires the content or distributes the content.

  Specifically, the ID adding unit 258 first generates a content attribute ID corresponding to the content attribute for each type of content attribute set by the attribute setting unit. At this time, for example, the content ID, track ID, file ID, and the like are automatically generated sequentially by the ID adding unit 258, while the various group IDs are generated based on an input from the administrator. You may make it do.

  Further, the ID adding unit 258 adds the generated content attribute ID to the content by storing it in the security information S of the content. The ID adding unit 258 stores the content added with the content attribute ID in the content database 224 in this way.

  The content providing unit 260 provides the content processing apparatus 10 with the content with the content attribute ID added thereto. Specifically, first, for example, when the content providing unit 260 receives a distribution request from the content processing apparatus 10, the content providing unit 260 allows a registered user to browse a list of contents that can be distributed and select a content that is desired to be distributed. . Next, the content providing unit 260 reads the selected content from the content database, and distributes the read content to the content processing apparatus 10 used by the registered user via the network 5. This distribution of content may be, for example, content download or streaming.

  The content providing unit 260 provides content by distribution via the network 5 as described above. However, the content providing unit 260 is not limited to this example, and may be provided to the content processing apparatus 10 via a recording medium on which the content is recorded. Good. Further, the content providing unit 260 not only distributes content in response to a distribution request as described above, but also automatically distributes predetermined content according to a license to the content processing apparatus 10 periodically. Good.

  The list creation unit 270 creates a revocation list including a content attribute ID corresponding to the attribute of the content to be revoked. Specifically, when a cause of revocation occurs, the administrator of the server 20 first specifies a content attribute ID corresponding to the attribute of the content to be revoked. Then, list creation unit 270 reads the latest version of the revocation list from the revocation list database 230 among the revocation lists created in the past. Next, the list creation unit 270 adds the specified content attribute ID and attribute code pair to the read revocation list. Further, the list creation unit 270 adds the new version information and the first digital signature to the revocation list to which the content attribute ID or the like is added, and completes the latest version of the revocation list.

  An upper limit is set for the data size of the revocation list created by the list creation unit 270. The upper limit (M bytes) of the data size of the revocation list is, for example, 16 kbytes. By setting an upper limit on the data size of the revoke list in this way, the transmission load can be suppressed when the revoke list is transmitted from the server 20 to the content processing apparatus 10, so that high-speed transmission is possible.

  In order to set the upper limit of the revocation list, the list creation unit 270 preferentially includes the content attribute ID with the new cause of revocation in the newly created revocation list, which will be described in detail later.

  The list distribution unit 280 distributes the revocation list created by the list creation unit 270 to the content processing apparatus 10. Specifically, for example, when the content processing apparatus 10 is connected to the server 20, the list distribution unit 280 transmits the latest version of the revocation list to the content processing apparatus 10 via the network 5. For example, the content processing apparatus 10 is connected to the server 20 when purchasing a license or receiving distribution of content. At the time of this connection, the list distribution unit 280 transmits the latest version of the revoke list to the content processing apparatus 10 together with the issued license and the content to be distributed.

  If the content processing apparatus 10 and the server 20 are always connected, the list distribution unit 280 immediately transmits the created revocation list to the content processing apparatus 10. In order to synchronize the time between the content processing apparatus 10 and the server 20, or to authenticate the content processing apparatus 10 or confirm the server 20, the content processing apparatus 10 and the server 20 are periodically connected. In such a case, the list distribution unit 280 transmits the latest version of the revocation list to the content processing apparatus 10 as needed.

  As described above, the list distribution unit 280 according to the present embodiment distributes the revocation list to the content processing apparatus 10 by transmission via the network 5. At this time, if the revocation list is transmitted as it is from the server 20 to the content processing apparatus 10, there is a possibility that a replay attack (an act of an unauthorized server distributing the old revocation list to the content processing apparatus 10) may occur.

  For this reason, at the time of transmitting the revocation list, the list distribution unit 280 applies the third digital signature for transmission to the revocation list and the entire information (authentication information, server time information, etc.) transmitted together with the revocation list. Add and transmit. This third digital signature is different from the first digital signature added to the revoke list itself described with reference to FIG. The third digital signature performs two-way authentication between the server 20 and the content processing apparatus 10 and uses the MAC generated from the shared secret according to the authentication result or the random number transmitted by the content processing apparatus 10. Including signature. By transmitting the third digital signature added to the revocation list or the like, the replay attack can be prevented, and the correct revocation list can be safely distributed from the valid server 20 to the content processing apparatus 10.

  In the above description, the distribution method of the revoke list by transmission via the network 5 has been described. For example, the list distribution unit 280 may record the revoke list together with the content or license on a recording medium, and distribute the revoke list to the content processing apparatus 10 via the recording medium.

  The configuration of the server 20 has been described in detail above. The server 20 can execute the content distribution service by providing the content and its license to the content processing apparatus 10 owned by the registered user of the content distribution service. Furthermore, if any cause of revocation occurs in any of the delivered contents, the server 20 can create a revocation list for revoking the content to be revoked and distribute it appropriately to the content processing apparatus 10. it can. The revocation list distributed in this way is used for revocation processing in the content processing apparatus 10.

  The attribute setting unit 240, the distribution service execution unit 250, the list creation unit 270, and the list distribution unit 280 may be configured, for example, by installing software having the above functions in the server 20, or You may comprise as hardware which has said each function.

<8. Configuration of Content Processing Device>
Next, based on FIG. 9, the structure of the content processing apparatus 10 concerning this embodiment is demonstrated in detail. FIG. 9 is a block diagram schematically showing the configuration of the content processing apparatus 10 according to the present embodiment. FIG. 9 exemplifies a configuration of the content processing apparatus 10 configured by the PC or the like.

  As shown in FIG. 9, the content processing apparatus 10 includes, for example, a CPU 102, a memory 104, an input device 106, an output device 108, a communication device 110, a recording medium reader / writer 112, a storage device 114, A user registration unit 130, a distribution service utilization unit 132, a content processing unit 140, a license management unit 150, a list acquisition unit 160, a list management unit 162, a list provision unit 164, and a revocation unit 170 are provided.

  The CPU 102 functions as an arithmetic processing device and a control device, and can control processing of each unit in the content processing device 10. The memory 104 includes, for example, a RAM, a ROM, a cache memory, and the like, and has a function of temporarily storing various data related to processing of the CPU 102, an operation program of the CPU 102, and the like.

  The input device 106 includes, for example, operation means such as a mouse, a keyboard, a touch panel, a button, a switch, and a lever, and an input control circuit that generates an input signal and outputs it to the CPU 102. A user of the content processing apparatus 10 can input various data and instruct a processing operation to the content processing apparatus 10 by operating the input device 106.

  The output device 108 includes, for example, a CRT display device, a liquid crystal display (LCD) device, a display device such as a lamp, and an audio output device such as a speaker. The output device 108 can output content reproduced by a content reproduction unit 170 described later. Specifically, the display device displays reproduced video data, electronic books, games, GUI screens of various software, and the like. On the other hand, the audio output device can sound the reproduced audio data. Note that when the content handled by the content processing apparatus 10 is composed only of audio data, the display device is unnecessary, whereas when the content is composed only of video data, the audio output device is unnecessary.

  The communication device 110 is a communication interface configured by, for example, a communication line, a communication circuit, a communication device, and the like. The communication device 110 transmits and receives various data such as content, licenses, revocation lists, and control signals to / from external devices such as other content processing devices 10 and servers 20 via the network 5 or the local line 7. be able to.

  The recording medium reader / writer 112 is, for example, a device that records / reproduces various data such as contents, licenses, and revoke lists on the recording medium 7. For example, when the recording medium 7 is an optical disk or the like, the recording medium reader / writer 112 is configured by a disk device such as an optical disk drive, and when the recording medium 7 is a semiconductor memory, the recording medium reader / writer 112 is used. It consists of reader / writers. The recording medium reader / writer 112 may be incorporated in the content processing apparatus 10 or may be externally attached.

  The storage device 114 is a data storage device configured by, for example, a hard disk drive, a flash memory, and the like, and can store various data such as programs and contents.

  The storage device 114 stores, for example, a content database 116, a license database 118, and a revoke list database 120.

  The content database 116 is a database that stores content distributed from the server 20 and content acquired from other content processing apparatuses 10. The license database 224 is a database that stores licenses issued by the server 20 and licenses acquired from other content processing apparatuses 10. The revocation list database 230 is a database that stores the integrated revocation list 122 and the latest revocation list 124.

  The integrated revocation list 122 is a list obtained by integrating one or more revocation lists acquired from the server 20 or another content processing apparatus 10, and is used for revocation processing inside the content processing apparatus 10. The latest revoke list 124 is a revoke list of the latest version among one or more revoke lists acquired from the server 20 or another content processing apparatus 10, and is used for providing to the other content processing apparatus 10. It is done. Details of the integrated revocation list 122 and the latest revocation list 124 will be described later.

  The user registration unit 130 performs, for example, a user registration request process on the server 20. Specifically, the user registration unit 130 transmits, for example, user account information (user ID, credit card number, etc.) input by the user to the server 20.

  The distribution service using unit 132 is a component for using the content distribution service provided by the server 20. The distribution service utilization unit 132 performs license purchase request processing and content distribution request processing.

  Specifically, for example, when a license purchase request is made, the distribution service using unit 132 displays a list of licenses that can be purchased received from the server 20 on the output device 108, and then the input of the user who has viewed the display. The license purchase request information corresponding to the distribution service form desired by the user is generated and transmitted to the server 20.

  As a result, when the server 20 issues a license in response to the purchase request, the distribution service using unit 132 receives the license transmitted by the server 20 via the network 5, for example, the license of the storage device 114. It records in the database 118, the recording medium 7, etc. As described above, the distribution service using unit 132 functions as a license acquisition unit that acquires a license from the server 20.

  In addition, for example, when a content distribution request is made, the distribution service using unit 132 displays the list information of distributable content received from the server 20 on the output device 108, and then, based on the user input browsing the display, User-desired content distribution request information is generated and transmitted to the server 20.

  As a result, when the server 20 distributes the content in response to the distribution request, the distribution service using unit 132 receives the content distributed by the server 20 via the network 5, for example, the content of the storage device 114. It records in the database 116, the recording medium 7, etc. As described above, the distribution service using unit 132 functions as a content acquisition unit that acquires content from the server 20. As described above, the security information S including the content attribute ID corresponding to the attribute of the content is added to the content acquired by the content processing apparatus 10 as described above.

  The distribution service using unit 132 transmits / receives various information such as user authentication information (user ID, password, etc.) and billing information necessary for using the content distribution service to / from the server 20, It is possible to support the input and output of these information.

  The content processing unit 140 processes the content provided from the server 20 based on the license issued by the server 20. As described above, the security information S including the content attribute ID is added to this content.

  The content processing unit 140 includes a reproduction unit 142 that reproduces content, a duplication unit 144 that duplicates (copys) content, an acquisition unit 146 that obtains content from another content processing apparatus 10, and other content. And a providing unit 148 for providing the content to the processing device 10.

  The playback unit 142 is configured by, for example, a playback device having a content playback function or content playback software installed in the content processing device 10 and can play back content. The content reproduced by the reproducing unit 142 is output from the output device 108.

  The playback unit 142 plays back content within the license range of the content processing apparatus 10. Specifically, the playback unit 142 first reads the content attribute ID added to the content requested to be played by the user, and then whether the content processing apparatus 10 corresponding to the read content attribute ID has. It is determined whether or not (that is, whether or not the license is stored in the license database 122). Further, the playback unit 142 determines whether or not the playback condition specified in the license is satisfied. This reproduction condition is, for example, the validity period of the license, the upper limit number of reproductions, or the like.

  As a result of these determinations, when the content processing apparatus 10 has a license corresponding to the read content attribute ID and satisfies the reproduction condition of the license (the license is within the valid period, the past reproduction When the number of times does not reach the upper limit number of reproductions defined in the license), the reproduction unit 142 can reproduce the content. On the other hand, when there is no license for the content for which the playback request has been received, or when the playback condition of the license is not satisfied (when the license has expired, or when the above playback limit has already been played) In other words, the playback unit 142 cannot play back the content.

  The duplicating unit 144 can duplicate the content within the license range of the content processing apparatus 10 in the same manner as the reproducing unit 142 described above. At this time, reference is also made to the maximum number of copies specified in the license.

  Similarly to the playback unit 142, the acquisition unit 146 and the providing unit 148 also acquire content from other content processing devices 10 within the scope of the license of the content processing device 10, or perform other content processing. The device 10 can be provided.

  The acquisition unit 146 and the provision unit 148 may execute such content provision / acquisition processing by, for example, transmission / reception processing via the network 5 or the local line 9, or the recording medium 7 may be stored. It may be executed via.

  When providing / acquiring content via the network 5, for example, the providing unit 148 functions as a content transmission control unit that controls the communication device 110 and transmits content via the network 5 or the local line 9. On the other hand, the acquisition unit 146 functions as a content reception control unit that controls the communication device 110 to receive content via the network 5 or the local line 9.

  Also, when providing / acquiring content via the recording medium 7, for example, the providing unit 146 functions as a content write control unit that controls the recording medium reader / writer 112 to write the content to the recording medium. The acquisition unit 146 functions as a content read control unit that controls the recording medium reader / writer 112 to read content from the recording medium.

  The license management unit 150 manages one or more licenses held by the content processing apparatus 10. The license processing management unit 150 includes a copying unit 152 that copies a license to another content processing device 10, a transfer unit 154 that transfers a license to another content processing device 10, and other content A lending unit 156 that lends a license to the processing device 10 for a predetermined period, and an acquisition unit 158 that acquires the license copied, transferred, and lent as described above from the other content processing device 10. The details of this duplication, transfer, and loan processing are as described above. As a result of this duplication, transfer, and lending process, a license is provided from one content processing apparatus 10 to another content processing apparatus 10.

  The license processing by the duplicating unit 152, the transfer unit 154, and the lending unit 156 is limited according to the license content defined by the license to be processed. For example, when the duplication unit 152 duplicates a license and provides it to another content processing apparatus 10, when the upper limit number of times of copying (checkout number; for example, three times) is determined for the license, the upper limit of duplication You cannot duplicate more than the number of times.

  Next, the list acquisition unit 160, the list management unit 162, and the list provision unit 164 will be described with reference to FIG. FIG. 10 is a block diagram schematically illustrating the configuration of the revoke list database 120 according to the present embodiment.

  The list acquisition unit 160 acquires a revocation list from the server 20 or another content processing apparatus 10 as shown in FIG. This acquisition process may be performed by receiving the revoke list via the network 5 or the local line 9, or may be performed via the recording medium 7 on which the revoke list is recorded.

  For example, a case where the list acquisition unit 160 acquires a revoke list from the server 20 via the network 5 will be described. As described above, when the content processing apparatus 10 and the server 20 are connected at the time of license purchase or content distribution, the list distribution unit 280 of the server 20 performs the content processing on the revocation list of the latest version at that time. Transmit to device 10. Therefore, the list acquisition unit 160 receives and acquires the revoke list transmitted from the server 20 in this way via the network 5.

  A case where the list acquisition unit 160 acquires a revocation list from another content processing apparatus 10 will be described. When providing / acquiring licenses and contents, the two content processing apparatuses 10 are connected to each other via the network 5 or the local line 9. At this time, the list acquisition unit 160 of one content processing apparatus 10 receives and acquires the latest revoke list 124 of the other content processing apparatus 10 via the network 5 or the local line 9. The list acquisition unit 160 can also acquire the revocation list from the other content processing apparatus 10 by reading the revocation list from the recording medium 7 on which the revocation list is recorded by the other content processing apparatus 10.

  The list management unit 162 manages the revocation list acquired by the list acquisition unit 160. Specifically, the list management unit 162 creates an integrated revocation list 122 that integrates a plurality of revocation lists acquired by the list acquisition unit 160 (integrated revocation list creation processing). The list management unit 162 holds only the latest version of the revocation list as the latest revocation list 124 among the plurality of acquired revocation lists (latest revocation list update processing).

  First, the process for creating the integrated revocation list 122 will be described in detail. The list management unit 162 integrates the revocation list acquired by the list acquisition unit 160 into the integrated revocation list 122 held in the revocation list database 120. This integration process is performed by adding the content attribute ID included in the newly acquired revoke list to the integrated revoke list 122 without excess or deficiency.

  The integrated revocation list 122 is used for revocation processing by the revocation unit 170 described later, and functions as an internal revocation list used inside the content processing apparatus 10. By creating such an integrated revocation list 122, the contents (content attribute IDs to be revoked) of all acquired revocation lists can be stored with the minimum necessary data amount.

  The list management unit 162 adds, for example, a digital signature (second digital signature) unique to each content processing apparatus 10 to the created integrated revocation list 122, for example. As a result, it is possible to guarantee that the integrated revocation list 122 is a valid list in the content processing apparatus 10, and thus the revocation process can be performed safely.

  Next, the update process of the latest revoke list 124 will be described in detail. When a new revocation list is acquired, the list management unit 162 checks the version information of the acquired revocation list, and the version of the acquired revocation list is already stored in the revocation list database 120. It is determined whether or not the latest version of the latest revoke list 124 is newer. As a result, when it is determined that it is new, the list management unit 162 replaces the stored latest revocation list 124 with the acquired revocation list. Thus, the latest revoke list is always stored in the revoke list database 120 among the plurality of acquired revoke lists.

  The latest revocation list 124 is stored as a revocation list for provision to other content processing apparatuses 10. Since the latest revocation list 124 is the revocation list itself acquired from the server 20 or the like, the digital signature of the server 20 (first digital signature) is added.

  The list providing unit 164 provides the latest revoke list 124 to other content processing apparatuses 10. This providing process may be performed by transmitting the latest revocation list 124 via the network 5 or the local line 9 or may be performed via the recording medium 7 on which the latest revocation list 124 is recorded.

  The timing at which the list providing unit 164 provides the revocation list will be described. As described above, when a license or content is provided / acquired between two content processing devices 10, the two content processing devices 10 are connected to each other via the network 5 or the local line 9. At the time of this interconnection, the list providing unit 164 of one content processing apparatus 10 transmits the latest revocation list 124 held in the revocation list database 120 via the network 5 or the local line 9 to the other content processing apparatus 10. Send to.

  The revocation unit 170 executes revocation processing in the content processing apparatus 10 based on the revocation list. Specifically, the revocation unit 170 restricts (for example, prohibits) the content processing by the content processing unit 140 with respect to the content to be revoked based on the integrated revocation list 122, and the license management unit 150 determines the license. Restrict (eg, prohibit) processing.

  For example, when the playback unit 142 of the content processing unit 140 tries to play back the content to be played back, the revoke unit 170 reads and reads one or more content attribute IDs added to the content to be played back. It is determined whether or not the content attribute ID is included in the integrated revocation list 122. As a result of this determination, when at least one of the read content attribute IDs is included in the integrated revocation list 122, the revocation unit 170 cannot perform the reproduction process of the reproduction target content by the reproduction unit 142. Turn into. The same applies to a case where content to be processed is to be copied, acquired, or provided by the copying unit 144, the acquiring unit 146, or the providing unit 148 of the content processing unit 140.

  When the duplication unit 152, transfer unit 154, or lending unit 156 of the license management unit 150 tries to provide a license (duplication, transfer, lending, etc.) to another content processing apparatus 10, the revocation unit 170 One or more content attribute IDs added to the license are read out, and it is determined whether or not the read content attribute IDs are included in the integrated revocation list 122. As a result of this determination, when at least one of the read content attribute IDs is included in the integrated revocation list 122, the revocation unit 170 disables the license providing process by the duplication unit 152. The same applies to the case where the acquisition unit 158 of the license management unit 150 tries to acquire a license from another content processing apparatus 10.

  In this way, the revocation unit 140 restricts the processing (reproduction, duplication, acquisition, provision, etc.) of the content to be revoked, or the license processing (replication, transfer, lending, acquisition of the revocation target content). Etc.) By limiting, the use of the content already provided from the server 20 to the content processing apparatus 10 can be prohibited and the content can be revoked.

  Heretofore, each component of the content processing apparatus 10 has been described. The content processing apparatus 10 can revoke the content based on the revoke list acquired from the server 20 or the like.

  The user registration unit 130, distribution service utilization unit 132, content processing unit 140, license management unit 150, list acquisition unit 160, list management unit 162, list provision unit 164, revocation unit 170, etc. May be configured by installing software (such as a DRM module) in the content processing apparatus 10, or may be configured as hardware having the above functions. When a user uses a plurality of content distribution services by a plurality of servers 20, for example, a plurality of user registration units 130, distribution service use units 132, etc. are provided for each content distribution service used by the user. May be.

  Further, depending on the type of the content processing apparatus 10, it is not always necessary to include all the above-described components. For example, the content processing apparatus 10 such as a recording device or PD includes, for example, one of a user registration unit 130, a distribution service use unit 132, a license management unit 150, a list acquisition unit 160, a list management unit 162, and a list provision unit 164. It is not always necessary to have all and some parts.

  The list management unit 162 does not necessarily have to manage the integrated revocation list 122 and the latest revocation list 124. For example, all revocation lists acquired from a server or the like are stored in the revocation list database 120 or the like as they are. It may be left.

<9. Revocation method>
Next, a basic flow example of a content revocation method using the copyright management system 100 as described above will be described with reference to FIG. FIG. 11 is a timing chart showing an example of a basic flow of the content revocation method according to the present embodiment.

  As shown in FIG. 11, first, the content processing apparatus 10 owned by the registered user makes a request for purchasing a license desired by the user to the server 20 of the service provider that provides the content distribution service (step S10).

  Then, the server 20 performs a user authentication process for the registered user and then performs a charging process for the license requested to be purchased (step S12). Next, the server 20 issues a license for which a purchase request has been received, and provides (transmits) the license to the content processing apparatus 10 (step S14). This license specifies content to be licensed using, for example, a content attribute ID. Further, simultaneously with the license providing process, the server 20 provides (transmits) the latest version of the revoke list at that time to the content processing apparatus 10 (step S14).

  Next, the content processing apparatus 10 stores the license acquired (received) from the server 20 in the license database 118, and stores the revocation list acquired (received) from the server 20 in the revocation list database 120 (step S16). In this case, since the content processing apparatus 10 has acquired the revocation list for the first time, the list management unit 162 of the content processing apparatus 10 newly creates and stores the integrated revocation list 122 including only the contents of the acquired revocation list. The list management unit 162 stores the acquired revocation list as it is as the latest revocation list 124.

  Thereafter, the content processing apparatus 10 makes a distribution request for the content desired by the user to the server 20 (step S18). Then, the server 20 distributes the content that has received the distribution request to the content processing apparatus 10 that is the distribution request source (step S20). A content attribute ID corresponding to the attribute of the content is added to the content distributed in this way.

  Next, the content processing unit 140 of the content processing apparatus 10 processes (for example, reproduction processing) the distributed content (step S22). At this time, if the attribute content attribute ID of the content is not included in the integrated revocation list 122 stored in step S16, the content processing unit 140 can process the content, while the content attribute ID is If the content is included in the integrated revocation list 122, the content is revoked by the revocation unit 170, and the content processing unit 140 cannot process the content.

  Thereafter, when some cause of revocation occurs (step S24), the list creation unit 270 of the server 20 creates a new version of the revocation list including the content attribute ID corresponding to the attribute of the content to be revoked (step S26). The created new version of the revocation list is stored in the revocation list database 230 of the server 20.

  Next, the content processing apparatus 10 connects (accesses) to the server 20 via the network 5 for, for example, a new license purchase request or content distribution request (step S28). Then, the list distribution unit 280 of the server 20 provides (transmits) the new version of the revoke list created in step S26 to the connected content processing apparatus 10 (step S30). Thus, the server 20 provides the latest version of the revoke list when accessed from the content processing apparatus 10.

  Thereafter, the content processing apparatus 10 performs a revocation list update process in response to the acquisition of a new revocation list from the server 20 (step S32). The list management unit 162 integrates the newly acquired revoke list into the integrated revoke list 124 and saves the acquired revoke list as the latest revoke list 124.

  Next, the content processing unit 140 of the content processing apparatus 10 processes (for example, reproduction processing) the distributed content (step S34). At this time, if the attribute content attribute ID of the content is not included in the integrated revocation list 122 updated in step S32, the content processing unit 140 can process the content, while the content attribute ID is If it is included in the integrated revocation list 122, the content is revoked by the revocation unit 170, and the content processing unit 140 cannot process the content. Accordingly, when the content that can be processed in step S22 is newly revoked in step S24, the content cannot be processed in step S34.

  The basic flow example of the content revocation method according to the present embodiment has been described above. In such a revocation method, when a cause of revocation occurs, a revocation list is created by the server 20 and distributed to the content processing apparatus 10, so that the content provided from the server 20 to the content processing apparatus 10 can be revoked afterwards. it can.

  In the above example, the example in which the revocation list is provided from the server 20 to the content processing apparatus 10 has been described. However, the revocation list may be exchanged (provided and acquired) between the content processing apparatuses 10. Therefore, the exchange of the revocation list between the content processing apparatuses 10 will be described with reference to FIG.

  As shown in FIG. 12, the server 20 and the two content processing devices 10-1 and 10-2 are connected via the network 5, and these two content processing devices 10-1 and 10- are connected. 2 are connected to each other via a private network 52 such as a home network.

  In the state shown in FIG. 12, the server 20 sequentially creates, for example, three versions of revocation lists # 1, # 2, and # 3 according to the occurrence of the revocation cause. Since the content processing apparatus 10-1 is connected to the server 20 after the revocation list # 1 is created by the server 20 and before the revocation list # 2 is created, and after the revocation list # 3 is created, the revoking list # 1 1 and # 3. On the other hand, since the content processing apparatus 10-2 is connected to the server 20 after the revocation list # 2 is created by the server 20 and before the revocation list # 3 is created, the content processing apparatus 10-2 has only the revocation list # 2.

  In this state, when the content processing device 10-1 and the content processing device 10-2 are connected, the latest revoke list # 3 is provided (transmitted) from the content processing device 10-1 to the content processing device 10-2. ) This is because the revocation list # 3 held by the content processing apparatus 10-1 is the latest version than the revocation list # 2 held by the content processing apparatus 10-2. As described above, when the revocation list is exchanged between the plurality of content processing apparatuses 10, the latest version of the revocation list is provided.

  In this way, the revoke list can be exchanged between the content processing apparatuses 10. Thus, the latest version of the revoke list can be distributed and spread among the content processing apparatuses 10 without being connected to the server 20.

<10. Revocation list creation method>
Next, a revocation list creation processing method by the server 20 according to the present embodiment will be described based on FIG. 13 and FIG. FIG. 13 is a flowchart showing a revocation list creation processing method by the server 20 according to the present embodiment. FIG. 14 is an explanatory diagram showing the relationship between the revocation list created by the server 20 according to the present embodiment, the integrated revocation list 122 and the latest revocation list 124 stored in the content processing apparatus 10.

  As shown in FIG. 13, first, in step S102, a cause of revocation occurs in a certain content (step S102). The cause of the revoke is, for example, when a defect in the content is found, when a performer of the content has caused a scandal, or when distribution of the content is canceled due to a contract change.

  In step S104, the administrator of the server 20 designates a content attribute ID corresponding to the attribute of the content to be revoked (step S104). The administrator operates the input device 206 of the server 20 to specify the content attribute ID corresponding to the attribute of the content to be revoked and instruct the creation of a new revocation list.

  Further, in step S106, the latest version of the revocation list is read out of the created revocation lists (step S106). Specifically, when a revocation list creation instruction is made in step S104, the list creation unit 270 revokes the latest version from the revocation list created in the past and stored in the revocation list database 230. Read the list.

  Thereafter, in step S108, the specified content attribute ID is added to the read revoke list (step S108). Specifically, list creation unit 270 adds the set of content attribute ID and attribute code specified in step S104 to the latest revoke list read in step S106.

  For example, as shown in the upper part of FIG. 14, a case will be described in which a version # 2 revocation list is newly created based on a version # 1 revocation list created in the past. In this case, the content attribute ID “A000 = 002” is already included in the revocation list # 1. The list creation unit 270 adds the content attribute IDs “A001 = 00F” and “A000 = 00A” corresponding to the new revocation target to the revocation list # 1 and adds three content attributes such as the revocation list # 2. A list including the content attribute ID is created.

  Next, in step S110, it is determined whether or not the revoke list to which the content attribute ID has been added exceeds the upper limit of the data size (step S110). In the present embodiment, as described above, an upper limit (for example, M bytes) is provided for the data size of the revocation list to be distributed in order to reduce the load during transmission of the revocation list from the server 20 to the content processing apparatus 10. Yes. Therefore, in this step, the list creation unit 270 checks the data size of the revoke list to which the new content attribute ID is added in step S108, and determines whether or not the upper limit is exceeded.

  As a result, if the data size of the revoke list exceeds the upper limit, the process proceeds to step S112. If the data size does not exceed the upper limit, the process proceeds to step S114.

  Further, in step S112, the old content attribute ID is deleted from the list from the revocation list (step S112). If it is determined in step S109 that the data size of the revoke list to which the new content attribute ID has been added exceeds the upper limit, the list creation unit 270 determines from the content attribute ID corresponding to the oldest revoke cause. The data is deleted in order (that is, in order from the content attribute ID included in the oldest revocation list) so that the data size of the revocation list is equal to or less than the upper limit.

  For example, as shown in the upper part of FIG. 14, when creating a revocation list from version # 1 to version # 2, the revocation list of version # 1 has not reached the upper limit (M bytes), so list creation unit 270 Does not need to delete the old content attribute ID. On the other hand, when creating a revocation list from version #n to version # n + 1, since the revocation list of version #n has reached the upper limit (M bytes), the list creation unit 270 has a new content attribute ID “A258”. = EE4 ”is added instead of the oldest content attribute ID“ A000 = 002 ”.

  Thereafter, in step S114, new version information and a digital signature are added to the revocation list (step S114). The list creation unit 270 adds the latest version information, for example, sequentially to the revoked list whose size has been adjusted as described above, and further adds the digital signature of the server 20. As a result, a revocation list (the latest version of the revocation list) including the content attribute ID corresponding to the new cause of revocation is completed.

  Next, in step S116, the created revocation list is stored (step S116). The list creation unit 270 stores the latest version of the revocation list completed as described above in the revocation list database 230. As a result, when the server 20 is accessed from the content processing apparatus 10, the latest version of the revoke list can be distributed to the content processing apparatus 10 by the list distribution unit 280.

<11. Revocation list update processing method>
Next, a revocation list update processing method by the content processing apparatus 10 according to the present embodiment will be described based on FIGS. FIG. 15 is a flowchart showing a revocation list update processing method by the content processing apparatus 10 according to the present embodiment.

  When the content processing apparatus 10 acquires a new version of the revocation list from the server 20 or another client, the revocation list is updated.

  At this time, since there is an upper limit on the data size of the revocation list transmitted as described above, the content attribute ID in the already owned revocation list is missing simply by updating to the new revocation list acquired. There is a possibility that.

  For example, it is assumed that the upper limit of the revocation list is M bytes, and two revocation target content attributes IDA and B exist in the revocation list already held by the content processing apparatus 10. Furthermore, it is assumed that the data size of the revocation list newly acquired by the content processing apparatus 10 is M bytes, and the content attributes IDA and B are not included in the newly acquired revocation list due to the upper limit of the data size. In this case, if the content processing apparatus 10 simply updates the possessed revocation list to the newly acquired revocation list, the original content attributes IDA and B are lost from the updated revocation list.

  In order to prevent such a problem and to make the revocation list with the digital signature of the server 20 in another content processing apparatus 10, in the present embodiment, the integrated revocation list 122 and the latest revocation list 124 are used to A revocation list update process is performed.

  As shown in FIG. 15, first, in step S202, a revoke list is acquired (step S202). Specifically, the list acquisition unit 160 of the content processing apparatus 10 acquires a revoke list from the server 20 or another content processing apparatus 10 via, for example, the network 5 or the local line 9. For example, in the example of FIG. 14, the content processing apparatus 10 sequentially receives revocation lists of versions # 1,..., #N, # n + 1 from the server 20.

  Next, in step S204, it is determined whether or not the digital signature of the acquired revoke list is correct (step S204). The list management unit 162 checks the digital signature added to the acquired revoke list and determines whether the digital signature is properly added by the valid server 20. As a result, when the digital signature of the acquired revoke list is not correct, the list management unit 162 discards the acquired revoke list and ends all the processes. On the other hand, if the digital signature of the acquired revoke list is correct, the process proceeds to step S206.

  Further, in step S206, it is determined whether or not the acquired revocation list is a newer version than the revocation list already possessed by the content processing apparatus 10 (step S206). Specifically, the list management unit 162 compares the version of the latest revocation list 124 already stored in the revocation list database 120 with the version of the acquired revocation list, and determines which is the newer version. As a result, if the acquired version of the revocation list is older or the same as the version of the latest revocation list 124 that is held, the acquired revocation list is discarded and all the processes are terminated. On the other hand, if the acquired version of the revoke list is newer than the version of the latest revoke list 124 that was held, the process proceeds to step S208.

  Thereafter, in step S208, the acquired revocation list is integrated into the integrated revocation list 122 (step S208). Specifically, the list management unit 162 additionally writes a set of attribute code and content attribute ID included in the newly acquired revocation list to the integrated revocation list 122 stored in the revocation list database 120, The integrated revocation list 122 is updated. At this time, in order to prevent double writing of the same information (a set of attribute code and content attribute ID), it is determined whether or not the set of the attribute code and content attribute ID to be added has already been described in the integrated revocation list 122. Perform additional processing while checking.

  For example, in the example of FIG. 14, in the example where the newly acquired version #n revocation list (latest revocation list 124 #n) is integrated into the existing integrated revocation list 122 # 1, the existing integrated revocation list 122 # 1 and The content attribute ID “A000 = 002” is included in both of the revocation lists of version #n. For this reason, the revocation list of version #n is integrated into the existing integrated revocation list 122 # 1 so that the content attribute ID “A000 = 002” does not overlap.

  Further, in the example of FIG. 14, when the newly acquired version # n + 1 revocation list (latest revocation list 124 # n + 1) is integrated into the integrated revocation list 122 # n, the content attribute ID included in both lists in common “A001 = 00F”,..., “A001 = FF5” are integrated so as not to overlap.

  In the example of FIG. 14, the content processing apparatus 10 has not acquired the version # 2 revocation list created by the server 20. For this reason, the content processing apparatus 10 has an integrated revocation list 124 # 1 reflecting only the contents “A000 = 002” of the past version # 1 revocation list even after the creation of the revocation list of version # 2. doing.

  Next, in step S210, a digital signature is added to the updated integrated revocation list 122 (step S210). Specifically, the list management unit 162 calculates, for example, the second digital signature created with the MAC or the secret key of the content processing apparatus 10 and adds it to the updated integrated revocation list 122. Thereby, it can be ensured that the integrated revocation list 122 is a legitimate list for use in the processing in the content processing apparatus 10. The second digital signature does not necessarily have to be added.

  Further, in step S212, the acquired revocation list is stored as the latest revocation list 124 (step S212). Specifically, it is found from the determination in step S206 that the acquired version of the revoke list is newer than the version of the latest revoke list 124 that was held. Therefore, the list management unit 162 replaces the latest revoke list 124 already held with the newly acquired revoke list and stores it in the revoke list database 120.

  As a result, the latest one revoke list among the revoke lists acquired in the past is stored in the revoke list database 120. The latest revocation list 124 is provided to the other content processing apparatus 10 when connected to the other content processing apparatus 10.

  The revocation list update process according to the present embodiment has been described above. Accordingly, the content processing apparatus 10 uses the integrated revocation list 122 to retain newly acquired revocation information without excess or deficiency without losing previously acquired revocation information (content attribute ID to be revoked). Can do. Further, the content processing apparatus 10 can provide the latest revocation list 124, which is a revocation list with the digital signature (first digital signature) of the server 20, to the other content processing apparatuses 10.

<12. Content processing method>
Next, a content processing method by the content processing apparatus 10 according to the present embodiment will be described based on FIG. FIG. 16 is a flowchart showing a content processing method by the content processing apparatus 10 according to the present embodiment.

  As shown in FIG. 16, first, in step S302, the content processing apparatus 10 receives a processing request from the user (step S302). When making this processing request, the user operates the input device 106 of the content processing apparatus 10 to select a desired processing target content and processing content (for example, reproduction processing) and process the selected content. To the content processing unit 140 of the content processing apparatus 10.

  Next, in step S304, it is determined whether the license is correct (step S304). Specifically, the content processing unit 140 first searches the license database 118 to check whether there is a license corresponding to the content to be processed. As a result, if there is no corresponding license, all processing is terminated. On the other hand, if the corresponding license does not exist, then the digital signature (see FIG. 6) added to the license is checked, so that the license is a valid license issued from the legitimate server 20. Determine whether or not. As a result, if the license is invalid, all the processes are terminated. On the other hand, if the license is valid, the process proceeds to step S306.

  In step S306, it is determined whether the security information S of the content to be processed is correct (step S306). Specifically, the content processing unit 140 first reads a digital signature (see FIG. 2 and the like) in the security information S added to the content to be processed, and then checks the read digital signature, thereby It is determined whether the security information of the content to be processed has been legitimately added by the legitimate server 20. As a result, if the security information S is invalid, all the processes are terminated. If the security information S is valid, the process proceeds to step S308.

  Thereafter, in step S308, the content attribute ID added to the content to be processed is read (step S308). The content processing unit 140 or the revocation unit 170 of the content processing apparatus 10 reads all the attribute information (a set of attribute code and content attribute ID) from the security information S added to the content to be processed.

  Next, in step S310, it is determined whether or not the content attribute ID read from the content to be processed is included in the revoke list stored in the content processing apparatus 10 (step S310). Specifically, first, the revoke unit 170 reads and interprets the integrated revoke list 122 stored in the revoke list database 220, for example. Next, the revocation unit 170 compares the content attribute ID read from the processing target content with the revocation target content attribute ID included in the integrated revocation list 122, and reads the content attribute ID read from the processing target content. It is determined whether at least one of the IDs is included in the integrated revocation list 122.

  As a result of this determination, if at least one of the content attribute IDs read from the processing target content is included in the integrated revocation list 122, the processing target content is the revocation target content. Therefore, the process proceeds to step S312.

  In step S312, processing of the content to be processed is disabled (step S312). The revocation unit 170 disables processing (for example, reproduction processing) of the content to be processed by the content processing unit 140. As a result, the content to be processed that has been determined to be revoked content has been revoked. After this step, all processing is completed.

  On the other hand, if none of the content attribute IDs read from the processing target content is included in the integrated revocation list 122 in step S310, the processing target content is not a revocation target content. Therefore, the revoke unit 170 enables (permits) processing of the content to be processed by the content processing unit 140, and the process proceeds to step S314.

  Next, in step S314, it is evaluated whether or not the processing of the content to be processed satisfies the license condition (step S314). For example, the content processing unit 140 interprets the license that is determined to be valid in step S306, and evaluates the conditions of the license (for example, the license validity period, the processing upper limit number, etc.). The evaluation based on the license in step S314 may be performed before the evaluation based on the revoke list in step S310.

  As a result of the license evaluation in this step S314, if the processing content requested for the content to be processed does not satisfy the license condition, it is determined that processing exceeding the authority granted by the license has been requested. Then, the process proceeds to step S316.

  In step S316, the content processing unit 140 disables processing of the processing target content (step S312). After this step, all processing is completed.

  On the other hand, as a result of the license evaluation in step S314, if the processing content requested for the content to be processed satisfies the license condition, the processing is within the authority given by the license, and the process proceeds to step S318. .

  Next, in step S318, processing of the requested content is executed (step S318). For example, when executing the reproduction process, the content processing unit 140 decrypts the encryption of the content key K included in the security information S of the content to be processed based on the license. Next, the content processing unit 140 can decode the encrypted content data of each track T using the content key K. As a result, the content to be processed is reproduced.

  The content processing method according to the present embodiment has been described above. In such a content processing method, the content to be processed can be revoked in units of content by using the content attribute ID added to the content and the content attribute ID included in the revocation list.

  In FIG. 16, the content processing method for revoking the content that has received the processing request has been described. However, the license processing method for revoking the processing (duplication, transfer, etc.) of the license that has received the processing request can be similarly realized. It is.

  Heretofore, the copyright management system 100 according to the present embodiment, its components, the revocation method using this system, and the like have been described in detail. In the copyright management system 100, among the content attribute IDs used in the security information S of the content, the content attribute ID corresponding to the attribute of the content to be revoked is described in the revocation list, whereby the content is attributed to the content attribute unit. Can be revoked.

  For this reason, by setting various content attribute IDs included in the revocation list, for example, the content can be revoked in units of content files, content units to which a license is applied, track units, and the like. Furthermore, content groups having common attributes such as the same director and the same provider can be revoked in a batch. Therefore, after the cause of revocation occurs, the content owned by the content processing apparatus 10 can be revoked flexibly and efficiently.

  In addition, the content processing apparatus 10 separately has an integrated revocation list 122 for internal processing and a latest revocation list 124 for distribution to other content processing apparatuses 10. For this reason, the information on the revoke list is not lost, and the revoke list can be provided to other content processing apparatuses 10.

  As mentioned above, although preferred embodiment of this invention was described referring an accompanying drawing, it cannot be overemphasized that this invention is not limited to the example which concerns. It will be apparent to those skilled in the art that various changes and modifications can be made within the scope of the claims, and these are naturally within the technical scope of the present invention. Understood.

  The present invention can be applied to a copyright management system, and in particular, can be suitably applied to a copyright management system that revokes content provided from a server to a content processing apparatus.

1 is a block diagram schematically showing an overall configuration of a copyright management system according to a first embodiment of the present invention. It is explanatory drawing which shows notionally the structural example of the movie content concerning the embodiment. It is explanatory drawing which shows notionally another structural example of the movie content concerning the embodiment. It is explanatory drawing which shows notionally the structural example of the attribute information concerning the embodiment. It is explanatory drawing for demonstrating the specific example of the common attribute and group ID which are set regarding the movie content concerning the embodiment. It is explanatory drawing which shows notionally the structural example of the license concerning the embodiment. It is explanatory drawing which shows notionally the structural example of the revoke list | wrist concerning the embodiment. It is a block diagram which shows roughly the structure of the server concerning the embodiment. It is a block diagram which shows roughly the structure of the content processing apparatus concerning the embodiment. It is a block diagram which illustrates roughly the structure of the revoke list database concerning the embodiment. 6 is a timing chart showing an example of a basic flow of a content revocation method according to the embodiment. It is a block diagram for demonstrating exchange of the revoke list between the content processing apparatuses concerning the embodiment. It is a flowchart which shows the revocation list creation processing method by the server concerning the embodiment. It is explanatory drawing which shows the relationship between the revocation list created by the server concerning the embodiment, the integrated revocation list, and the latest revocation list saved in the content processing apparatus. It is a flowchart which shows the revocation list update processing method by the content processing apparatus concerning the embodiment. It is a flowchart which shows the content processing method by the content processing apparatus concerning the embodiment.

Explanation of symbols

DESCRIPTION OF SYMBOLS 5 Network 7 Recording medium 10 Content processing apparatus 20 Server 100 Copyright management system 120 Revocation list database 122 Integrated revocation list 124 Latest revocation list 132 Distribution service utilization part 140 Content processing part 150 License management part 160 List acquisition part 162 List management part 164 List providing unit 170 Revocation unit 240 Attribute setting unit 250 Distribution service execution unit 254 License issuing unit 256 ID addition unit 260 Content providing unit 270 List creation unit 280 List distribution unit F Content file C Content T track S Security information A Attribute information

Claims (45)

A server that provides content and a license for the content, and one or more content processing devices that process the content based on the license acquired from the server, and is already provided from the server to the content processing device A copyright management system that revokes content that is revoked:
The server
An attribute setting unit for setting a content attribute ID representing an attribute of the content;
An ID adding unit that adds a content attribute ID corresponding to the attribute of the content to the content;
A content providing unit that provides the content processing apparatus with the content attribute ID added;
A license issuing unit that issues the license and provides the content processing apparatus;
A list creation unit that creates a revocation list including a content attribute ID corresponding to the attribute of the content to be revoked;
A list distribution unit for distributing the revocation list to the content processing device;
With
The content processing apparatus includes:
A list acquisition unit for acquiring the revocation list from the server or another content processing device;
A revocation unit that disables processing of the content to be processed based on the content attribute ID added to the content to be processed and the content attribute ID included in the revocation list;
A copyright management system characterized by comprising: A content processing device that processes content based on a license issued by a server, wherein:
A list acquisition unit for acquiring a revocation list including a content attribute ID corresponding to the attribute of the content to be revoked from the server or another content processing device;
A revocation unit that disables processing of the content to be processed based on the content attribute ID added to the content to be processed and the content attribute ID included in the revocation list;
A content processing apparatus comprising:   The content processing apparatus according to claim 2, wherein the content attribute ID includes a content ID that is uniquely given to each content to which the license is applied.   The content processing apparatus according to claim 2, wherein the content attribute ID includes a file ID that is uniquely assigned to each content file including one or more contents.   The content processing apparatus according to claim 2, wherein the content attribute ID includes a track ID that is uniquely assigned to each track constituting the content.   The content processing apparatus according to claim 2, wherein the content attribute ID includes a group ID that is uniquely given in common attribute units common to a plurality of contents.   The content processing apparatus according to claim 6, wherein the group ID is set in the server based on an input of an administrator of the server.   The content processing apparatus according to claim 2, wherein the content attribute ID added to the content is included in security information added to the content.   The revocation unit disables the reproduction process of the content to be reproduced based on the content attribute ID added to the content to be reproduced and the content attribute ID included in the revocation list when the content is reproduced. The content processing apparatus according to claim 2, wherein:   The revoke unit includes a content attribute ID added to content to be provided / acquired and a content attribute ID included in the revoke list when providing / earning content with the other content processing device. The content processing apparatus according to claim 2, wherein the provision / acquisition processing of the content to be provided / acquired is disabled based on the content.   The content processing apparatus according to claim 2, wherein the license is issued by the server in units of the content attribute ID. A license management unit that provides / acquires the license with the other content processing device;
The revocation unit, when providing / acquiring the license by the license management unit, provides / acquires based on the content attribute ID included in the license to be provided / acquired and the content attribute ID included in the revocation list 12. The content processing apparatus according to claim 11, wherein the provision / acquisition processing of the target license is disabled.   The content processing apparatus according to claim 2, wherein a first digital signature is added to the revocation list by the server.   The content processing apparatus according to claim 2, wherein version information indicating whether the revocation list is new or old is added to the revocation list by the server.   The content processing apparatus according to claim 2, further comprising a list providing unit that provides the revocation list to another content processing apparatus.   The content processing apparatus according to claim 2, further comprising a list management unit that integrates the plurality of revocation lists acquired by the list acquisition unit to create an integrated revocation list.   The content processing apparatus according to claim 16, wherein the list management unit adds a second digital signature corresponding to the content processing apparatus to the integrated revocation list. The revocation list includes version information indicating the new and old of the revocation list,
The list management unit integrates the newly acquired revoke list into the integrated revoke list based on the version information of the newly acquired revoke list and the version information of the revoke list acquired in the past. The content processing apparatus according to claim 16, wherein it is determined whether or not to perform. The revocation list includes version information indicating the new and old of the revocation list,
The list management unit stores the integrated revoke list and the latest revoke list determined to be the latest based on the version information among the plurality of revoke lists acquired by the list acquisition unit. The content processing apparatus according to claim 16.   The revoke unit disables processing of the content to be processed based on the content attribute ID added to the content to be processed and the content attribute ID included in the integrated revocation list. The content processing apparatus according to claim 16, wherein the content processing apparatus is characterized.   The content processing apparatus according to claim 19, further comprising a list providing unit that provides the latest revoke list to another content processing apparatus. Have a computer:
A list acquisition process for acquiring a revocation list including a content attribute ID corresponding to an attribute of the content to be revoked from a server or other content processing apparatus;
Revocation processing for disabling processing of the content to be processed based on the content attribute ID added to the content to be processed and the content attribute ID included in the revocation list;
A program characterized by running   23. The program according to claim 22, wherein the content attribute ID includes a content ID uniquely given to each content unit to which the license is applied.   The program according to claim 22, wherein the content attribute ID includes a file ID that is uniquely assigned to each content file including one or more contents.   The program according to claim 22, wherein the content attribute ID includes a track ID that is uniquely assigned to each track constituting the content.   23. The program according to claim 22, wherein the content attribute ID includes a group ID that is uniquely given in a common attribute unit common to a plurality of contents.   27. The program according to claim 26, wherein the group ID is set in the server based on an input from an administrator of the server.   The program according to claim 22, wherein the content attribute ID added to the content is included in security information added to the content. The revoke process is:
It is a process for disabling the reproduction process of the content to be reproduced based on the content attribute ID added to the content to be reproduced and the content attribute ID included in the revoke list when the content is reproduced. The program according to claim 22, characterized in that it is a feature. The revoke process is:
Based on the content attribute ID added to the content to be provided / obtained and the content attribute ID included in the revoke list when the content is provided / income with the other content processing device 23. The program according to claim 22, wherein the program is a process of disabling the provision / acquisition process of content to be acquired.   The program according to claim 22, wherein the license is issued by the server in units of the content attribute ID. Causing the computer to further execute a license management process for providing / acquiring the license with the other content processing apparatus;
The revoke process is:
The revocation unit provides the provision / acquisition target license based on the content attribute ID included in the provision / acquisition target license and the content attribute ID included in the revocation list when the license is provided / acquired. 32. The program according to claim 31, wherein the program is a process of disabling the acquisition process.   The program according to claim 22, wherein a first digital signature is added to the revocation list by the server.   23. The program according to claim 22, wherein version information indicating whether the revocation list is new or old is added to the revocation list by the server.   23. The program according to claim 22, further causing the computer to further execute a list providing process for providing the revocation list to another content processing apparatus.   23. The program according to claim 22, further comprising: causing the computer to further execute a list management process for creating an integrated revocation list by integrating a plurality of the revocation lists acquired by the list acquisition unit.   The program according to claim 36, wherein in the list management process, a second digital signature corresponding to the computer is added to the integrated revocation list. The revocation list includes version information indicating the new and old of the revocation list,
The list management process integrates the newly acquired revoke list into the integrated revoke list based on the version information of the newly acquired revoke list and the version information of the revoke list acquired in the past. 37. The program according to claim 36, further comprising a process for determining whether or not to perform the process. The revocation list includes version information indicating the new and old of the revocation list,
The list management process includes a process of storing the integrated revoke list and a latest revoke list that is determined to be the latest based on the version information among the plurality of revoke lists acquired by the list acquisition unit. The program according to claim 36, characterized in that:   The revocation process is a process for disabling processing of the content to be processed based on the content attribute ID added to the content to be processed and the content attribute ID included in the integrated revocation list. 37. The program according to claim 36, wherein there is a program.   40. The program according to claim 39, further causing the computer to further execute a list providing process for providing the latest revoke list to another content processing apparatus. A server for providing content and a license for the content to a content processing device, comprising:
An attribute setting unit for setting a content attribute ID representing an attribute of the content;
An ID adding unit that adds a content attribute ID corresponding to the attribute of the content to the content;
A content providing unit that provides the content processing apparatus with the content attribute ID added;
A license issuing unit that issues the license and provides the content processing apparatus;
A list creation unit that creates a revocation list including a content attribute ID corresponding to the attribute of the content to be revoked;
A list distribution unit for distributing the revocation list to the content processing device;
With
In the content processing apparatus that has acquired the revocation list, processing of the content to which the content attribute ID included in the previous revocation list is added is disabled.   43. The server according to claim 42, wherein the attribute setting unit can set the content attribute ID based on an input from an administrator of the server. Have a computer:
An attribute setting process for setting a content attribute ID representing an attribute of the content;
ID addition processing for adding a content attribute ID corresponding to the content attribute to the content;
A content providing process for providing the content processing apparatus with the content attribute ID added;
A license issuing unit that issues a license and provides the content processing apparatus;
A list creation process for creating a revocation list including a content attribute ID corresponding to the attribute of the content to be revoked;
List distribution processing for distributing the revocation list to the content processing device;
And execute
In the content processing apparatus that has acquired the revocation list, the processing of the content to which the content attribute ID included in the previous revocation list is added is disabled. A method for processing content provided from a server to a content processing device comprising:
Reading a content attribute ID added to the content to be processed;
Determining whether the read content attribute ID is included in a revocation list including a content attribute ID corresponding to an attribute of the content to be revoked;
When the read content attribute ID is included in the revoke list, the processing of the content to be processed is disabled, while when the read content attribute ID is not included in the revoke list, Enabling the processing of the content to be processed;
A content processing method comprising:

Images