JP2006309589A - License division device - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a content use system for performing strict export control regardless of the frequency of export processing while a license within a predetermined extent can be reproduced. <P>SOLUTION: A license is divided into a license for reproduction (example: the number of reproducible times is 10 times) and a license for export (example: the number of exportable times is 5 times). The license for reproduction is allowed to be reproduced within a predetermined extent, and the license for export is inhibited from being reproduced within the predetermined extent, and only allowed to be moved. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to content usage control in a copyrighted content usage system.

  In recent years, content distribution systems for distributing contents, which are digital works such as music, video, and games, over the Internet and digital broadcasting have been developed, and some of them have been put to practical use. Further, in the distribution of these contents, from the viewpoint of copyright protection and the like, the number of reproductions of the distributed contents and a content usage control method that restricts the movement, duplication, and writing of the contents are also being studied.

  In the conventional system, the server distributes information (hereinafter referred to as “license”) that is necessary for using the content and includes the content usage conditions and the content key. It is modeled so that content can be played back and written out using the distributed license.

  Further, the license distributed from the server is held in each terminal device, and the terminal device uses the content using the license held by itself. When copying or moving such licenses between multiple terminal devices, copying or moving within an unlimited range is not permitted from the viewpoint of protecting the rights of the content provider and protecting the privacy of the terminal device owner. In general, only copying and moving between terminal devices belonging to a certain range are allowed, and it is considered that copying and moving are allowed only between a plurality of terminals owned by the same user. In order to realize such duplication or movement within a certain range, it is necessary to form a group that can be duplicated or moved by the terminal device group and to limit the range in which the license can be moved.

  In addition, when writing a license and content whose range of movement is limited as described above to an external storage medium such as a DVD-RAM or an SD card, unlimited writing is not permitted from the viewpoint of protecting the rights of the content provider. It is thought that only a certain amount of writing is allowed. This is because, if there is no restriction on writing to the storage medium, it is logically possible to create an unlimited number of external storage media on which the content to be protected is recorded, and the rights of the copyright holder are not substantially protected. .

  Thus, there is a need for a content utilization device that can restrict the writing to an external storage medium from the viewpoint of copyright protection while allowing the license to be copied or moved within a predetermined range from the viewpoint of user convenience. Yes.

For example, in Patent Document 1, when content that can be shared within a predetermined range is written to an external storage medium or the like, the ID of the content is recorded as a list, and when the content is written, the ID of the content to be written is the list Describes a content use apparatus that prevents unlimited writing of content to be protected by performing a control of not permitting export.
JP 2004-5526 A

However, the conventional content utilization apparatus has the following problems.
With the control based on the content-only ID list in the prior art, the second and subsequent writings on the same terminal can be prevented, that is, writing more than the number of terminals belonging to the same group can be prevented, but the number of writings must be strictly limited. I can't. Specifically, control that “do not write more than the number of terminals belonging to the same group” is possible, but it is not possible to limit “restrict the number of times that data can be written in the same group to 10 times”.

  Also, in the prior art, as a solution to the above problem, a set of content IDs and the number of times of writing is recorded as a list, and the list is synchronized or centrally managed between terminals so that the number of times of writing is strictly controlled. Yes.

  The above solution requires not only a list management function such as a content ID and a list synchronization or centralized management function to limit the number of times of writing, but also has the following problems.

  First, problems in list synchronization will be described. As an example, a description will be given assuming that each terminal holds a list of “content ID: 0001, number of times of writing 9 times” and a license of “number of times of writing: 10 times”.

  When a terminal writes content, the list in the terminal is updated to “content ID: 0001, number of times of writing 10 times”. Next, when the terminal synchronizes the list with another terminal, if the other terminal cannot synchronize due to power OFF or the like, the list of the other terminal remains “content ID: 0001, number of times of writing 9 times”. Originally, subsequent writing should be prohibited, but it is possible to write once more. For this reason, an additional mechanism is required such as synchronization when the power is turned on or when the writing process is performed.

Next, problems in centralized list management will be described.
When a terminal writes content, if the list cannot be acquired because the terminal is in an offline environment or the list central management terminal is down, the writing should not be permitted from the viewpoint of copyright protection. In this case, a user who should originally be able to write cannot write, which is not preferable from the viewpoint of user convenience.

  Also, the number of IDs in the list increases monotonously with each export. Considering that the storage area of the list is finite, if the list is exported more than a predetermined number of times, the list overflows. As a solution to this problem, the prior art describes a solution in which some IDs are deleted, for example, old IDs are deleted.

  As in the prior art, if a part of the ID is deleted when the list overflows, the export prevention of the content corresponding to the deleted ID does not function, which is not preferable from the viewpoint of copyright protection.

  The present invention solves such a conventional problem, and enables use of content that enables strict export control regardless of the number of exports while allowing a license to be duplicated within a predetermined range without an additional function in the terminal. It is an object of the present invention to provide a system and a license dividing apparatus necessary for realizing a desired content use system.

  In order to solve the above-described problem, a license dividing apparatus according to the present invention includes a license receiving unit that receives a license from the outside, a license transmitting unit that transmits a license to the outside, a license dividing unit that performs a license dividing process, License division control means for determining whether or not to divide the license based on the information and controlling the license division means.

  According to the present invention, it is possible to strictly control the usage conditions that are not permitted to be duplicated while allowing the usage conditions that are permitted to be duplicated within a predetermined range. That is, it is possible to protect the rights of the copyright holder while improving user convenience.

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.
FIG. 1 is a diagram showing an overall schematic configuration of a content use system according to an embodiment of the present invention.

  This content usage system is a system for playing back content on the terminal device 300, which includes a license distribution server 100 that generates and distributes licenses, a content distribution server 200 that holds and distributes content, and acquires content and licenses. The terminal devices 300a to 300c that use the content (hereinafter may be simply referred to as the terminal device 300), the license dividing device 400 that performs the license dividing process, the transmission path 500 that connects them together, It is composed of

  The license distribution server 100 has a function of connecting to the transmission path 500, holds user information, usage condition information, and the like, generates a license based on a request from the terminal device 300, and transmits the license. Yes, realized by a workstation or the like.

  The content distribution server 200 has a function of connecting to the transmission path 500, holds content information, and transmits content based on a request from the terminal device 300, and is realized by a workstation or the like.

  The terminal device 300 has a function of connecting to the transmission line 500, holds the content and license, outputs the content to a monitor screen, writes the content to a storage medium, and transmits the content and license to other terminal devices 300. It is a device that performs processing related to the use of content, such as moving the content.

  Specifically, the terminal device 300 includes an STB (Set Top Box), a digital TV, a DVD (Digital Versatile Disc) recorder, an HDD (Hard Disk Drive) recorder, a PC (Personal Computer), a PDA for receiving digital broadcasting. (Personal Digital Assistance), a data reproducing device such as a mobile phone, a recording device, or a composite device thereof.

  The license dividing apparatus 400 has a function of connecting to the transmission line 500, receives a license from another apparatus, divides the license based on a division rule, etc., and divides the divided license into the other apparatus or the other apparatus Is a device that transmits to a different device.

  Specifically, the license dividing device 400 is realized by a workstation or the like and is physically independent of other devices, or is realized by a secure LSI or IC card with hardware tamper resistance and other devices. Coexisting in a fixed manner, or in a program that operates in a secure program execution environment and distributed freely to various devices. More specifically, considering the content utilization system, the license dividing device 400 is installed as a program in a proxy server or the like that is mounted on the license distribution server 100 or the terminal device 300 or when the terminal device 300 is connected to an external network. Or function as a license division server independent of other devices. These are merely examples, and the configuration or mounting location of the license dividing device 400 is not limited to these.

The transmission path 500 is a network that connects the license distribution server 100, the content distribution server 200, the terminal device 300, and the license dividing device 400 to each other.
Specifically, the transmission path 500 includes a wired network such as Ethernet (registered trademark), a wireless network such as a wireless LAN, or a network in which these are combined.

  In the present embodiment, the following seven processes relating to content reproduction, writing, license transfer, etc. in such a content utilization system will be described in detail with reference to FIGS.

A process in which the terminal device 300 acquires a license.
A process in which the terminal device 300 acquires content.
A process in which the license dividing device 400 divides a license received from another device and transmits the license to the other device.
A process in which the license dividing device 400 divides a license received from another device and transmits the license to a device different from the other device.
A process in which the terminal device 300 duplicates or moves a license with another terminal device 300.
A process in which the terminal device 300 reproduces content.
A process in which the terminal device 300 writes (exports) content.

Here, prior to detailed description, a domain in the present invention is defined.
In a content distribution service, when there are terminal devices that can mutually copy and move content, these terminal device groups can be logically grouped. A unit to which the grouped terminal device group belongs is defined as a domain. In addition, content transfer and sharing between terminal devices belonging to different domains is not permitted.

  Generally, the unit for setting a domain is determined based on the viewpoint of protecting the rights of the provider providing the content distribution service and the viewpoint of protecting the privacy of the user. However, the domain is determined for each user as a contractor of the content distribution service. Setting is a typical example. In the domain setting, a domain to which only one terminal device belongs may be formed, or one terminal device may belong to two or more domains.

Next, a domain construction method will be briefly described.
The domain management server (not shown) is a server device that manages terminal devices belonging to a domain, generates and manages domain common information set for each domain, and transmits the domain common information to the terminal device.

  Specifically, the domain management server manages the domain and the domain common information, and transmits the domain common information to the terminal devices 300a to 300c through the transmission path 500 based on a request from the terminal device. A server device, which is realized by a workstation or the like.

  Here, the domain common information is information for determining whether or not a communication partner terminal device belongs to the same domain when communication is performed between the terminal devices.

  Specifically, a common key encryption key shared by terminal devices belonging to the same domain, a list of information for identifying terminal devices of terminal devices belonging to the same domain, and terminal devices belonging to other domains are acquired, There are random values that cannot be inferred.

  The domain determination based on the domain common information includes, for example, when the domain common information is the random value, determining whether or not they belong to the same domain by performing matching confirmation of the random value information in mutual communication. When data that needs to be managed securely, such as domain common information and licenses, is transmitted / received via the transmission line 500, a secure authentication channel (hereinafter referred to as “SAC”) is used to ensure security. The content is transmitted / received after establishment. For example, SSL (Secure Socket Layer) or TLS (Transport Layer Security) can be used to establish the SAC.

  FIG. 1 shows that the terminal device 300a and the terminal device 300b belong to the same domain α. That is, the terminal device 300a and the terminal device 300b hold common domain common information and are permitted to copy and move licenses. Further, since the terminal device 300a and the terminal device 300c do not belong to the same domain, copying or moving of the license is not permitted.

Next, the identifier in this embodiment is defined.
The user identifier is information for uniquely identifying the user in the content use system.

  The terminal identifier is information for uniquely identifying the terminal device in the content use system. In the present embodiment, the terminal identifier of terminal apparatus 300 will be described as “TERMINAL-ID-0001”. Further, the following description will be made assuming that the terminal identifier is stored in the ROM of the terminal device 300.

  The content identifier is information for uniquely specifying content in the content use system.

  The license identifier is information for uniquely identifying a license in the terminal device 300. Further, by combining the terminal identifier and the license identifier, the license can be uniquely specified in the license use system.

  The domain identifier is information for uniquely specifying a domain in the content use system.

  Other identifiers and specific values of the identifiers will be defined and explained as appropriate where necessary.

This completes the description of the definition of each identifier.
Next, detailed configurations of the license distribution server 100, the content distribution server 200, the terminal device 300, and the license dividing device 400 will be described.

First, a detailed configuration of the license distribution server 100 will be described.
FIG. 2 is a functional block diagram showing a detailed configuration of the license distribution server 100 shown in FIG.

  The license distribution server 100 is connected to a user information storage unit 111 for storing user information, a usage condition storage unit 112 for storing usage conditions, a content key storage unit 113 for storing content keys, and a transmission line 500, and a terminal device The communication unit 101 communicates with the terminal 300, and a license generation / transmission unit 102 that generates and transmits a license based on a use condition and a content key based on a request from the terminal device 300.

Next, a detailed configuration of the content distribution server 200 will be described.
FIG. 3 is a functional block diagram showing a detailed configuration of the content distribution server 200 shown in FIG.

  The content distribution server 200 acquires content from the content storage unit 211 that stores content, the communication unit 201 that is connected to the transmission line 500 and communicates with the terminal device 300, and the content storage unit 211 based on a request from the terminal device 300. And a content acquisition / transmission unit 202 for transmission.

Next, a detailed configuration of the terminal device 300 will be described.
FIG. 4 is a functional block diagram showing a detailed configuration of the terminal device 300 shown in FIG. Note that the functional configuration of the terminal devices 300a to 300c will be described as the terminal device 300 with the terminal device 300a as a representative.

  The terminal device 300 includes a content storage unit 311 that stores content acquired from the content distribution server 200, a license storage unit 312 that stores licenses acquired from the license distribution server 100, another terminal device 300, and the like, and is described above. Domain information storage unit 313 for storing common domain information acquired from the domain management server and information related to the domain, and the license distribution server 100, content distribution server 200, other terminal device 300, and license division connected to the transmission path 500 A communication unit 301 that communicates with the apparatus 400, a license processing unit 302 that determines whether or not playback is possible based on license usage conditions, updates a usage condition, a content playback unit 303 that decrypts and plays back content, and a license Distribution server 10 Or a license acquisition / transmission unit 304 that acquires a license from another device or transmits a license to another device, a content acquisition unit 305 that acquires content from the content distribution server 200, and an export based on license usage conditions. It comprises an export license processing unit 306 that determines whether or not it is possible and updates the use conditions for export, and an export processing unit 307 that exports contents and licenses.

Finally, a detailed configuration of the license dividing device 400 will be described.
FIG. 5 is a functional block diagram showing a detailed configuration of the license dividing apparatus 400 shown in FIG.

  The license dividing device 400 is connected to the transmission line 500 and communicates with other devices such as the license distribution server 100 and the terminal device 300, a license receiving unit 402 that receives a license from the outside, and an external license. License transmission unit 403 for transmitting licenses, a division control information acquisition unit 404 for acquiring division control information that is information relating to license division control, a license division control unit for controlling license division such as determination of whether or not license division is possible, and a division method 405 and a license division unit 406 that performs license division processing.

  The detailed configurations of the license distribution server 100, the content distribution server 200, the terminal device 300, and the license dividing device 400 have been described above. Each server, the terminal device 300, and the license dividing device 400 includes each data storage unit and each processing unit. Each data storage unit is realized by a storage medium such as an HDD, and each processing unit is a hardware such as an LSI. Hardware or a program executed using a CPU, RAM, ROM, or the like. In the terminal device 300 and the license dividing device 400, it is desirable that each storage unit and each processing unit be tamper resistant in hardware or software.

  Next, data and data structure handled in the present embodiment will be described. First, the data structure of the data held by each storage unit will be described in the order of the license distribution server 100, the content distribution server 200, and the terminal device 300. Finally, in this embodiment, the data is distributed from the license distribution server 100 to the terminal device 300. The license data structure and the license data structure divided by the license dividing apparatus 400 will be described.

  First, data held by the storage unit of the license distribution server 100 will be described with reference to the drawings.

  The user information storage unit 111 is a database having a user information management table for managing information related to users. The terminal device 300 accessing the license distribution server 100 and the use of content managed by the use condition storage unit 112 are used. Used to associate with the user who owns the condition.

  Specifically, the user information storage unit 111 has a user information management table D600 shown in FIG. 6, and manages a user identifier D601 and a terminal identifier D602. For example, in FIG. 6, a user whose user identifier D601 is “USER-ID-0001” indicates that the terminal device 300 whose terminal identifier D602 is “TERMINAL-ID-0001” is owned. In addition, a user whose user identifier D601 is “USER-ID-0002” has two terminal apparatuses 300 whose terminal identifier D602 is “TERMINAL-ID-1001” and “TERMINAL-ID-1002”, both It is shown that the license distribution server 100 can be accessed from the terminal device 300.

  Note that data registration in the user information storage unit 111 is performed when a user registers as a member in order to receive a service provided by a service provider that operates a content distribution service. In this member registration process, the user may connect to the website of the provider providing the content distribution service through the transmission line 500 and register online using the member registration screen, or use a postcard for member registration. Etc., it may be performed offline.

  In the member registration process, first, the service provider assigns a user identifier D601 to the user. Thereafter, since the terminal identifier D602 of the terminal device 300 owned by the user is notified to the service provider online or offline, the user identifier D601 and the terminal identifier D602 are associated with each other, and the user information management table of the user information storage unit 111 Registered in D600. As a result of performing the member registration process as described above, the user information management table D600 of the user information storage unit 111 is constructed.

  The usage condition storage unit 112 is a database that manages usage conditions for content for each user, and determines whether usage conditions owned by the user can be issued in response to a license distribution request from the terminal device 300. Used to generate usage conditions when it can be issued.

  Specifically, as shown in FIG. 7, the use condition storage unit 112 is represented by a user identifier D701 indicating the owner of the use condition, a content identifier D702 of the content that the use condition permits use, and a content identifier D702. The valid period D703 indicating the start and end date and time when the content can be used, the reproducible number of times D704 indicating the number of times the content indicated by the content identifier D702 can be reproduced, and the content indicated by the content identifier D702 can be exported. It has a use condition management table D700 including an export count D705 indicating the count and a division rule D707 which is a rule for determining whether or not a license can be divided. For example, for a user whose user identifier D701 is “USER-ID-0001”, the content permitted to be used is the content “CONTENT-ID-0001” indicated by the content identifier D702, and the valid period D703 is “˜2003 / 1/30 ”, the reproducible count D704 is“ 10 ”, the export count D705 is“ 3 ”, and the division rule D706 is“ 10 ”.

Here, export is defined in the present invention.
The process of transferring a license and content managed by a certain rights management method to management under a different rights management method is defined as export. More specifically, it refers to a process of writing a license under the control of an original rights management system established by the business operator γ and content to an SD card managed by a different rights management system. The contents of the division rule D706 will be described later in the description of the data structure of the license 1200.

  The data registration in the use condition storage unit 112 is performed when the user purchases the right to use the content by the service provider that operates the content distribution service. This purchase process may be performed online by the user connecting to the service provider's website via the transmission line 500 and using the content purchase screen, or using a postcard for purchase. .

  In the purchase process, the user first designates the content identifier D702 of the content to be purchased, confirms the usage conditions, and then performs the purchase process. The user identifier D701, content identifier D702, and usage conditions of the user who has performed the purchase process are associated with each other and registered in the usage condition management table D700 of the usage condition storage unit 212. As a result of performing the purchase process as described above, the use condition management table D700 of the use condition storage unit 112 is constructed.

  The content key storage unit 113 is a database that manages content keys for decrypting encrypted content, and is included in the license acquisition request when generating a license in response to the license acquisition request from the terminal device 300. Used to acquire the content key corresponding to the identifier.

  Specifically, as shown in FIG. 8, the content key storage unit 113 includes a content key management table D800 including a content identifier D801 and a content key D802 corresponding to the content identifier D801. For example, it is indicated that the content key D802 for decrypting the encrypted content whose content identifier D801 is “CONTENT-ID-0001” is “CONTENT-KEY-0001”.

  Note that data registration in the content key storage unit 113 is performed by a content provider that encrypts content.

  Next, data held by the storage unit of the content distribution server 200 will be described with reference to the drawings.

  The content storage unit 211 is a database for managing encrypted content. When content is transmitted in response to a content acquisition request from the terminal device 300, the content storage unit 211 stores encrypted content corresponding to the content identifier included in the content acquisition request. Used to get.

  Specifically, as shown in FIG. 9, the content storage unit 211 has a content management table D900 including a content identifier D901 and an encrypted content D902 corresponding to the content identifier D901. For example, the encrypted content D902 whose content identifier D901 is “CONTENT-ID-0001” is “CONTENT-DATA-0001”. Note that data registration in the content storage unit 211 is performed by a content provider that encrypts content.

Finally, data held by the storage unit of the terminal device 300 will be described with reference to the drawings.
The content storage unit 311 is a database that manages encrypted content, and is used to acquire encrypted content when the content is used in the terminal device 300.

  The specific details are as described in the content storage unit 211 of the content distribution server 200.

  Note that data registration in the content storage unit 311 is performed when the terminal device 300 acquires content from the content distribution server 200.

  The license storage unit 312 is a database for managing licenses, and is used to acquire a license corresponding to a content identifier when using content in the terminal device 300. Specifically, as shown in FIG. 10, the license storage unit 312 has a license management table D1000 including a license identifier D1001 and a license D1002 corresponding to the license identifier D1001. For example, it is indicated that the license whose license identifier D1001 is “LICENSE-ID-0001” is “LICENSE-0001”. Data registration in the license storage unit 312 is performed when the terminal device 300 acquires a license from the license distribution server 100.

  The domain information storage unit 313 is a database for managing domain information, and is used when performing license duplication or transfer processing with another terminal device 300 or license division. Specifically, as shown in FIG. 11, the domain information storage unit 313 includes a domain identifier D1101, domain common information D1102 commonly held by the terminal devices 300 belonging to the domain corresponding to the domain identifier D1101, and the domain information A domain information management table D1100 including a domain security level D1103 indicating a security level and a terminal number D1104 in a domain indicating the number of terminals 300 belonging to the domain; For example, the domain common information D1102 of the domain corresponding to the domain identifier D1101 “DOMAIN-ID-0001” is “DOMAIN-INFO-0001”, the domain security level D1103 of the domain is “3”, and the domain This indicates that the number of terminals in domain D1104 is “10”. The data registration in the domain information storage unit 313 is registered when the terminal device 300 communicates with a domain management server (not shown) and registers itself, and when another device is registered in the domain. The number of intra-domain terminals D1104 is updated. The number of records in the domain information storage unit 313 is the same as the number of domains to which the terminal device 300 belongs. In this embodiment, unless otherwise specified, the terminal device 300 belongs to one domain, and the number of records in the domain information storage unit 313 is assumed to be one.

  Finally, the data structure of the license distributed from the license distribution server 100 to the terminal device 300 in the present embodiment and the data structure of the license after the license splitting by the license splitting device 400 will be described.

  First, the data structure of a license issued by the license distribution server 100 will be described with reference to FIG. The license 1200 is a usage condition (for reproduction) 1201 that indicates a condition for reproducible content, a usage condition (for export) 1202 that indicates a condition that allows the content and the license to be exported, and whether or not the license 1200 can be divided. A division rule 1203 which is a rule and a content key 1204 for decrypting encrypted content corresponding to the license 1200 are included. Here, the usage condition (for playback) 1201 is the number of times content corresponding to the license 1200 can be played, for example, “10 times”, or the playback period, for example, “December 1st 2002 to February 2003”. 13th ". The usage conditions (for export) 1202 are the content corresponding to the license 1200 and the number of times the license 1200 can be exported, for example, “5 times”. The division rule 1203 indicates whether or not the license may be divided. For example, when the division rule 1203 is “10 or less”, the terminal device in the domain to which the terminal device 300 that acquires the divided license belongs. If the number of 300 is 10 or less, it indicates that the license can be divided. If the division rule 1203 is “security level (hereinafter sometimes referred to as SL) 3 or more”, a post-division license is acquired. If the SL of the domain to which the terminal device 300 belongs is 3 or more, it indicates that the terminal device 300 may be divided.

  Next, an example of a license data structure after license division by the license division device 400 will be described with reference to FIGS. 13 and 14.

  First, a model for dividing license usage conditions into “for reproduction” and “for export” will be described with reference to FIG.

  A license 1300 that is a “reproduction” license includes a use condition (for reproduction) 1301 that indicates a condition for reproducing the content, and a content key 1302 for decrypting the encrypted content corresponding to the license 1300. . Since a specific example is the same as the description of the license 1200, a description thereof will be omitted.

  A license 1310 that is a license for “export” includes a content and a use condition (for export) 1311 that indicates a license exportable condition, and a content key 1312 for decrypting encrypted content corresponding to the license 1310. It consists of. Since a specific example is the same as the description of the license 1200, a description thereof is omitted.

  Next, a model for dividing the license usage conditions into “for reproduction” and “for reproduction + export” will be described with reference to FIG.

  A license 1400, which is a “playback” license, includes a use condition (for playback) 1401 indicating a content reproducible condition, and a content key 1402 for decrypting encrypted content corresponding to the license 1400. . Since a specific example is the same as the description of the license 1200, a description thereof will be omitted.

  The license 1410, which is a license for “playback + export”, includes a use condition (for reproduction) 1411 indicating a condition that allows content to be played, and a use condition (for export) 1412 that indicates a condition that allows content and a license to be exported. And a content key 1413 for decrypting the encrypted content corresponding to the license 1410. Since a specific example is the same as the description of the license 1200, a description thereof is omitted.

  The difference between the case where the license 1200 is divided into the license 1300 and the license 1310 as shown in FIG. 13 and the case where the license 1200 is divided into the license 1400 and the license 1410 as shown in FIG. 14 will be described later.

  In the above description of the license, the usage conditions in the destination rights management method exported may be included in the usage conditions (for export). Specifically, it may include the number of times of reproduction in the case of managing by the export destination, for example, the SD card right management method. Naturally, it is not possible to reproduce content under the rights management method before export under the usage conditions of the number of reproductions in the SD card.

  Note that the license 1200, the license 1300, the license 1310, the license 1400, and the license 1410 described above need to be associated with the license identifier and the content identifier in the processing related to the license storage unit 312 and the license. Since the association process between 1200, the license identifier, and the content identifier is omitted, the license 1200 may include the license identifier and the content identifier. The data structure of the license has been described above.

The data structure of data handled in the present embodiment has been described above.
Next, the following seven processes relating to content reproduction, writing, license transfer, etc. in the content utilization system will be described.

A process in which the terminal device 300 acquires a license.
A process in which the terminal device 300 acquires content.
A process in which the license dividing device 400 divides a license received from another device and transmits the license to the other device.
A process in which the license dividing device 400 divides a license received from another device and transmits the license to a device different from the other device.
A process in which the terminal device 300 duplicates or moves a license with another terminal device 300.
A process in which the terminal device 300 reproduces content.
A process in which the terminal device 300 writes (exports) content.

  The above processing in the content use system having the above configuration will be described with reference to FIGS. 25 to 32 in the above order.

Prior to description of each process, communication messages handled in the present embodiment will be described.
FIG. 15 is a diagram illustrating the contents of the message format of the communication message M1500 transmitted and received in the communication between the servers of the license distribution server 100, the content distribution server 200, the terminal device 300, and the license dividing device 400, and the devices.

  A communication message M1500 shown in FIG. 15 includes a message header M1501 and a message body M1502.

  Here, the message header M1501 includes at least information for specifying the transmission destination and information for specifying the transmission source. The information specifying the transmission destination is referred to as a message destination, and the information specifying the transmission source is referred to as a destination when a reply message is transmitted to the message. A typical example of information for specifying the transmission source or transmission destination is an IP address.

  Message body M1502 includes information unique to each message. Information specific to the message body will be described in the description of the processing that requires a message.

First, the license acquisition process will be described.
Prior to the description of the license acquisition process, a data structure of a communication message related to the license acquisition process will be described with reference to FIGS. 16 and 17. The license acquisition request message body M1600 in FIG. 16 includes a terminal identifier M1601 and a content identifier M1602. The license transmission message body M1700 in FIG. 17 includes a license M1701.

  The data structure of the communication message related to the license acquisition process has been described above.

  Next, processing of each unit until the terminal device 300 acquires a license from the license distribution server 100 will be described with reference to FIG.

  The terminal device 300 starts a license acquisition process in response to information input from the user to the application of the terminal device 300 and a license acquisition instruction (FIG. 25: step S2531). The user must input at least a content identifier, which is one piece of information for specifying a license to be acquired, or information according to the content identifier to the application of the terminal device 300. The following description will be given on the assumption that the user inputs the content identifier “CONTENT-ID-0001” and starts the license acquisition process.

  Upon receiving information input from the user, the terminal device 300 generates a license acquisition request message in the license acquisition / transmission unit 304 and transmits it to the license distribution server 100 through the communication unit 301 (FIG. 25: Step S2532). The terminal identifier M1601 included in the license acquisition request message body M1600 sets a terminal identifier of the terminal device 300 that transmits the license acquisition request message, for example, “TERMINAL-ID-0001”, and the content identifier M1602 is input by the user A content identifier “CONTENT-ID-0001” is set.

  The license distribution server 100 receives the license acquisition request message via the communication unit 101 (FIG. 25: Step S2511).

  The license generation / transmission unit 102 extracts the content identifier M1602 from the license acquisition request message body M1600, and determines whether or not the content key corresponding to the content identifier M1602 exists in the content key storage unit 113 (FIG. 25: Step S2512).

  If the content key does not exist, the license cannot be generated, so the process is terminated, and a reply message including that the content key does not exist, that is, the content identifier is invalid is transmitted to the terminal device 300 (see FIG. 25: Step S251A). If the content key exists, the license generation / transmission unit 102 acquires the content key and performs the subsequent processing. In the present embodiment, as shown in FIG. 8, the following description will be continued on the assumption that a content key “CONTENT-KEY-0001” corresponding to the content identifier “CONTENT-ID-0001” exists.

  The license generation / transmission unit 102 extracts the terminal identifier M1601 from the license acquisition request message body M1600, and uses the terminal identifier M1601 as a key from the user information management table D600 held by the user information storage unit 111. It is determined whether or not it exists (FIG. 25: Step S2513). If the terminal identifier M1601 does not exist in the user information management table D600, it is determined that the terminal device 300 that transmitted the license distribution request message is not registered in the content distribution service, and the license usage conditions cannot be generated. The reply message including the message body indicating that the terminal identifier does not exist is transmitted to the terminal device 300 (FIG. 25: step S251A).

  When the user identifier D601 exists, the user identifier D601 is acquired and the subsequent processing is performed. In the present embodiment, as shown in FIG. 5, the following description will be continued on the assumption that the user identifier “USER-ID-0001” exists as the user identifier corresponding to the terminal identifier “TERMINAL-ID-0001”.

  Based on the user identifier D601 and the content identifier M1602 extracted from the license acquisition request message body M1600, the license generation / transmission unit 102 has a target usage condition from the usage condition management table D700 held by the usage condition storage unit 112. Whether or not (FIG. 25: Step S2514). Specifically, the user identifier D701 and the content identifier D702 of the use condition management table D700 specify a record in which both the user identifier D601 and the content identifier M1602 match. If there is no corresponding record, a reply message including that there is no usage condition is transmitted to the terminal device 300 (FIG. 25: step S251A).

  When the corresponding record exists, the usage condition to be distributed is generated based on the stored usage condition (FIG. 25: step S2515). As a generation method at this time, there are generation of all usage conditions described in the record, generation of a part of usage conditions described in the record, and the like.

  Here, it demonstrates using a specific example. The usage conditions for the record specified by the user identifier “USER-ID-0001” and the content identifier “CONTENT-ID-0001” are the valid period “˜2003 / 1/30”, the reproducible number “10 times”, and the export number. “3 times” and division rule “10 or less”. When all usage conditions are distributed, the reproducible number of times, which is a variable available condition, is generated as “10 times”, and the reproducible number of times for the record after generation is “0 times”.

  In addition, when a part of the user's rights is distributed, the terminal device 300 transmits a desired number of times, for example, three times for a variable availability condition, and the request is generated three times. The recordable number of times may be set to “7 times”. In addition, when it is determined that it is generated once every time due to operation, the record is generated once, and the recordable number of times after generation is “9 times”. Although various operations are conceivable, it is not the essence of the present invention, and a detailed description thereof will be omitted. The same applies to the number of exports.

  Here, the description will be made assuming that the distribution is performed with the reproducible number of times “10 times” and the number of times of export “3 times”.

  The license generation / transmission unit 102 sets the usage conditions (for playback) 1201 related to the playback of the generated usage conditions, in this case, the validity period “˜2003 / 1/30” and the reproducible number of times “10 times”. Then, the validity period “˜2003 / 1/30” and the number of exports “3 times” are set in the use condition (for export) 1202, and the division rule “10 or less” is set in the division rule 1203. The content key acquired in advance is set in the content key 1204, and the license 1200 is generated (FIG. 25: Step S2516).

  Then, the license 1200 is set as the license M1701 of the license transmission message body M1700, and is transmitted to the terminal device 300 through the communication unit 101 (FIG. 25: step S2517).

  The terminal device 300 receives the license transmission message body M1700 through the communication unit 301, and acquires the license M1701 (FIG. 25: Step S2534).

  The terminal device 300 generates a license identifier that is unique within the terminal device (FIG. 25: Step S2535).

  The terminal device 300 stores the acquired license M1701 in the license storage unit 312 in association with the same content identifier as the content identifier M1602 of the license acquisition request message and the license identifier (FIG. 25: step S2536). When the content identifier is included in the license 1200, the association process with the content identifier is not necessary.

  In the above description, the license identifier is defined as information for uniquely identifying the license in the terminal device 300 and is generated by the terminal device 300. However, the license identifier is uniquely identified in the license use system. The license distribution server 100 may create the information at the time of generating the license and assign it to the license. Alternatively, the license identifier may be defined as information for uniquely identifying the license within the domain, and the license identifier may be assigned when the license is acquired.

  When the terminal device 300 receives a reply message including a non-generation notification from the license distribution server 100, the terminal device 300 presents the reason for non-generation included in the reply message to the user, and ends the process.

  In the above description, the terminal device 300 is assumed to belong to one domain, and the description of the domain identifier is omitted. However, the domain identifier is included in the license acquisition request message, the license is associated with the domain when the license is issued, and the terminal device 300 The license and the domain identifier may be held in association with each other. In particular, when one terminal apparatus 300 belongs to a plurality of domains, it is necessary to particularly associate a license with a domain identifier. For example, when a license is divided, if the license division control parameter includes a domain environment or the like, the possibility of division and the processing content may change depending on which domain the license belongs to.

The processing from when the user issues a license acquisition instruction until the terminal device 300 acquires a license from the license distribution server 100 has been described.
Next, content acquisition processing will be described.

  Prior to the description of the content acquisition process, the data structure of a communication message related to the license acquisition process will be described with reference to FIGS. The content acquisition request message body M1800 in FIG. 18 includes a content identifier M1802. The content transmission message body M1900 in FIG. 19 includes content data M1901. The data structure of the communication message related to the content acquisition process has been described above.

  Next, processing of each unit until the terminal device 300 acquires content from the content distribution server 200 will be described with reference to FIG.

  The terminal device 300 starts content acquisition processing in response to information input from the user to the application of the terminal device 300 and a content acquisition instruction (FIG. 26: step S2631). The user must input to the application of the terminal device 300 at least a content identifier, which is one piece of information for specifying content to be acquired, or information according to the content identifier. The following description will be given on the assumption that the user has entered the content identifier “CONTENT-ID-0001” and started the content acquisition process.

  Upon receiving information input from the user, the terminal device 300 generates a content acquisition request message in the license processing unit 302 and transmits it to the content distribution server 200 through the communication unit 301 (FIG. 26: step S2632).

  The content identifier M1801 included in the content acquisition request message body M1800 sets the content identifier “CONTENT-ID-0001” input by the user.

  The content distribution server 200 receives the content acquisition request message through the communication unit 201 (FIG. 26: step S2611).

  The content acquisition / transmission unit 202 extracts the content identifier M1801 from the content acquisition request message body M1800, and determines whether or not the content corresponding to the content identifier M1801 exists in the content storage unit 211 (FIG. 26: Step S2612). ).

  If the content does not exist, the content cannot be acquired, so the process is terminated, and a reply message including that the content does not exist, that is, the content identifier is invalid is transmitted to the terminal device 300 (FIG. 26: Step S261A). If the content exists, the content acquisition / transmission unit 202 acquires the content and performs the subsequent processing. In the present embodiment, as shown in FIG. 9, it is assumed that there is a content “CONTENT-DATA-0001” corresponding to the content identifier “CONTENT-ID-0001”.

  The content acquisition / transmission unit 202 sets the content in the content data M1901 of the content transmission message main body M1900, and transmits the content to the terminal device 300 through the communication unit 201 (FIG. 26: step S2613).

  The terminal device 300 receives the content transmission message main body M1900 through the communication unit 301 and acquires the content data M1901 (FIG. 26: step S2634).

  The terminal device 300 stores the acquired content data M1901 in the license storage unit 312 in association with the same content identifier as the content identifier M1801 of the content acquisition request message (FIG. 26: step S2635). When the content identifier is included in the content data M1901, the association process with the content identifier is not necessary.

  Further, when the terminal device 300 receives a reply message including a non-generation notification from the content distribution server 200, the terminal device 300 presents the reason for non-generation included in the reply message to the user, and ends the process. Further, the content may be distributed with attribute information related to license division. Specifically, “reproduction is possible with a divided license”, “reproduction is not possible with a divided license”, “reproduction is possible if the license is divided into three or fewer times”, and the like. Such control based on attribute information is useful in differentiating from other operators in a business model in which a data distribution company sells encrypted content, in addition to a service provider selling a license.

  The process from when the user issues a content acquisition instruction until the terminal device 300 acquires content from the content distribution server 200 has been described.

Next, the license division process will be described.
First, the license dividing process can be roughly classified into the following two types depending on the relationship between the license dividing device 400 and other devices.

  The first is processing in which the license dividing apparatus 400 divides a license received from another apparatus and transmits the license to the other apparatus.

  Second, the license dividing device 400 divides a license received from another device, and transmits at least one license to a device different from the other device.

  First, a process in which the license dividing apparatus 400 divides a license received from another apparatus and transmits the license to the other apparatus will be described. Here, as a typical example, a process in which the license dividing apparatus 400 divides the license received from the terminal apparatus 300 and transmits the license to the terminal apparatus 300 will be described. As a usage scene of the division processing, the terminal device 300 performs the division processing before performing processing such as license transfer, duplication, and export, and performs the processing after dividing the license in advance. Is assumed.

  Prior to the description of the division processing, a data structure of a communication message related to the division acquisition processing will be described with reference to FIG. 20 and FIG. The license division acquisition request message body M2000 in FIG. 20 includes a license M2001 and domain information M2002. The divided license transmission message body M2100 in FIG. 21 includes a license (for reproduction) M2101 and a license (for export) M2102.

The data structure of the communication message related to the division process has been described above.
Next, processing of each unit from when the terminal device 300 transmits a license stored in the license storage unit 312 to the license dividing device 400 and acquiring and storing the divided license will be described with reference to FIG.

  The terminal device 300 starts the license division process in response to an input of information from the user to the application of the terminal device 300 and a license division instruction, or an instruction of a process that requires license division such as license copying or transfer. (FIG. 27: Step S2731). The user must input a license identifier that is at least one piece of information for specifying the license to be divided into the application of the terminal device 300. The following description will be given on the assumption that the user inputs the content identifier “LICENSE-ID-0001” and starts the license division process. In inputting information specifying a license, a content identifier may be input, and after a license list corresponding to the content identifier is shown, the user may select the content identifier.

  The license acquisition / transmission unit 304 of the terminal device 300 uses the license identifier input by the user as a key to identify and acquire a license to be divided from the license storage unit 312 and acquire domain information from the domain information storage unit 313. Then, a license division request message is generated and transmitted to the license division apparatus 400 through the communication unit 301 (FIG. 27: step S2732).

  The license M2001 included in the license division request message body M2000 sets the license specified and acquired in the above processing, and the domain information M2002 sets the domain information acquired in the above processing. When the terminal device 300 belongs to a plurality of domains, that is, when there are a plurality of records in the domain information storage unit 313, the target domain is stored in the domain information storage unit 313 using the domain identifier associated with the target license as a key. Identify information.

  The license division device 400 receives the license division request message through the communication unit 401 (FIG. 27: step S2711).

  The license receiving unit 402 extracts the license M2001 and the domain information M2002 from the received license division request message body M2000, and transmits the license M2001 and domain information M2002 to the license division control unit 405.

  Upon receiving the license M2001 and the domain information M2002, the license division control unit 405 performs a license division process (FIG. 27: step S2712) described later with reference to the flowchart of FIG.

  The license division control unit 405 determines whether or not the license is divided in the license division processing process (FIG. 27: step S2713).

  When the license is not divided, the license division control unit 405 transmits a reply message including a message body indicating that the license could not be divided to the terminal device 300 (FIG. 27: step S2715). The reason why the message could not be divided may be included.

  When the license has been divided, the license division control unit 405 acquires the divided license from the license division unit 406, and converts the license including the usage conditions for reproducing the divided license into the license (in the divided license transmission message main body M2100). The license including the usage conditions for export is set as the license (for export) of the divided license transmission message body M2100 in the reproduction M2101 and transmitted to the terminal device 300 through the communication unit 401 (FIG. 27: step S2714).

  The terminal device 300 receives the divided license transmission message body M2100 through the communication unit 301, and acquires a license (for reproduction) M2101 and a license (for export) M2102 (FIG. 27: step S2734).

  The terminal device 300 associates the acquired license (for reproduction) M2101 and the license (for export) M2102 with the content identifier associated with the license M2001, newly assigns and associates the license identifier, and stores them in the license storage unit 312. (FIG. 27: Step S2735). When the license dividing device 400 assigns the license identifier, the license identifier is stored in association with the assigned license identifier. In addition, when a content identifier or a license identifier is included in a license, an association process with each is not necessary.

  In addition, when the terminal device 300 receives a reply message including a non-dividable notification from the license dividing device 400, the terminal device 300 presents to the user the reason for the non-division included in the reply message, and ends the process.

  In the above description, the processing when the license is divided on the classification axis of classifying into “playback license” and “export license” has been described. The same applies to the processing when the license is divided by another classification axis such as “License with no usage condition”.

  Here, the processing of the license M2001 included in the license division request message body M2000 will be briefly described.

  If a divided license is acquired while the license M2001 is held in the license storage unit 312, a plurality of the same licenses are obtained, which is not preferable from the viewpoint of copyright protection. The problem of holding a plurality of the same licenses is to lock the license (make it unusable) when transmitting the license division message, release the lock if it is not divided, and delete the license when it is divided. There are other solutions, but the description is omitted because it is not the essence of the present application.

  Next, the license division process in step S2712 in FIG. 27 will be described with reference to the flowchart in FIG.

  The license division control unit 405 acquires the license to be divided and the domain information of the domain to which the terminal device 300 that has requested division processing belongs (FIG. 28: step S2801).

  The license division control unit 405 determines the necessity of division based on the division rule included in the license and the domain information (FIG. 28: Step S2802).

  Here, the division necessity determination based on the domain security level and the division necessity determination based on the domain size will be described.

First, division necessity determination based on the security level of the domain will be described.
Specifically, a case where “security level 3 or higher” is set as the division rule will be described. When the security level included in the domain information is “2”, it is determined that license division is not necessary, and when the security level is “4”, it is determined that license division is necessary.

  An example in which such control is effective will be described. For example, the license before splitting can only be transferred without allowing copying, the license after splitting (for playback) can be copied and moved, and the license (for export) can only be transferred without allowing copying. When the operation of permitting is performed, the convenience of the user is improved if the license can be divided. Therefore, it is possible to perform control such that an improvement in user convenience is recognized only in a protected (high security level) environment, that is, an advantage is given.

  Conversely, when an operation is considered in which the functions that can be used in the terminal device 300 are restricted when the license is divided, it is possible to perform control such that a demerit is given if the division rule is satisfied.

Next, division necessity determination based on the size of the domain will be described.
Specifically, the case where “the number of terminals in the domain is 5 or less” is set as the division rule will be described. When the number of intra-domain terminals included in the domain information is “7”, it is determined that license division is not necessary, and when the number of intra-domain terminals is “4”, it is determined that license division is necessary. The effect of the split possibility control is as described above.

  Information related to the determination of whether to divide licenses can be broadly divided into the following three types. The first is “information set by the content provider (CP) or service provider (SP)”, hereinafter referred to as CP setting information.

  The second is “the environment in which the user or the terminal is placed”, hereinafter referred to as the user environment.

  The third is “information set by the user”, hereinafter referred to as user setting information. Whether or not license division is possible is determined based on these three types of information.

  In the above description, an example of “division rule” as “CP setting information” and “domain information” as “user environment” has been described.

  As an example of “user setting information”, there is a user's intention for division, that is, whether the user wants to do division or not. For example, in a system in which a license division process is performed and billed as a division fee, a user who does not need to share a license among a plurality of terminal devices 300, or until a user pays money, a plurality of terminal devices 300 The user who does not want to share the license sets “Do not divide”.

  It is also conceivable to give priority in the determination to information used for determining whether or not the license can be divided. Specifically, when “always split” is set as “CP setting information” and “not split” is set as “user setting information”, a priority order is required to determine whether license splitting is possible. For example, when “priority: 1” is set in “CP setting information” and “priority: 2” is set in “user setting information”, “always split” is given priority, and division processing is always performed.

  Here, an example of information used for determining whether licenses can be divided has been described, but the information is not limited thereto.

  In the above description, “CP setting information” is given to the license and “user environment” is included in the communication message. However, the present invention is not limited to this.

  For example, at each division process, the “CP setting information” is inquired of the server managed by the CP, the “user environment” is obtained separately from the environment management device or the terminal device 300, or the “user setting information” is communicated. Included in the message, or registered in advance in the license dividing device 400 or another device. The acquisition process of information related to the license division control is performed by the division control information acquisition unit 404.

  When it is determined that license division is not necessary, the license division control unit 405 ends the license division processing.

If it is determined that the license needs to be divided, the following processing is performed.
The license division control unit 405 determines a license division type indicating how to divide the license (FIG. 28: step S2803).

  The division type indicates a classification axis for classifying the usage conditions of the target license when dividing the license. For example, “classification into a reproduction license and an export license” or “a usage condition having no state (for example: “Unlimited playback” licenses and licenses with usage conditions that have status (eg, licenses that can be played back 10 times), “licenses that can be used only on terminal devices belonging to a specific domain, and only on specific terminal devices” Classification into licenses that can be used ". Licenses divided according to these classification axes can be controlled more flexibly with compatibility between user convenience and copyright protection by making different processing (eg, movement, copying) possible for each. .

  Specifically, in the above three examples, the former license can be duplicated, and the latter license can only be moved without allowing duplication. It becomes possible to protect strictly. More specifically, a case where the division type is “classified as a reproduction license and an export license” will be described. In this case, the reproduction license can be copied, and the export license can only be moved. Since the license before the division includes an export usage condition that requires strict control, copying is not permitted, and copying between the terminal devices 300 is not permitted even for playback. Was bad. By dividing the license in this way and making the processing for the divided licenses different for each license, it is possible to strictly protect the rights of the copyright holder without impairing user convenience.

  In addition, processing possible for each license may be given superiority or inferiority in terms of restrictions for copyright protection.

  Specifically, in the case of “move” and “copy”, when the license is moved, the number of the license remains one, but when the license is copied, the number of the license is two. In this case, it can be said that “move” is more restrictive for the user than “copy”.

  At least the following two A and B methods are possible for the division method.

A division method: A license is divided into the following A1 and A2.
Divided into A1 “licenses with usage conditions requiring relatively strong restrictions” and A2 “licenses with relatively weak restrictions and good usage conditions”. For example, A1 can only move and A2 can move and duplicate. Specifically, A1 is “a license consisting of usage conditions (for export)”, and A2 is “a license consisting of usage conditions (for reproduction)”.

B division method: The license is divided into the following B1 and B2.
Divided into B1 “License with good usage conditions with relatively weak restrictions and license with both usage conditions that require relatively strong restrictions” and B2 “Licenses with good conditions with relatively weak restrictions”. For example, the restriction that B1 can only move and B2 can move and duplicate is performed. Specifically, B1 is "a license consisting of usage conditions (for reproduction) and usage conditions (for export)", and B2 is "a license consisting of usage conditions (for reproduction)".

  In terms of the data structure of the license, FIG. 13 shows the A division method, and FIG. 14 shows the B division method. This division method may be included in the division type.

  In the above description, one license is divided into two, but it may be divided into three or more.

  These determinations may also be made based on “CP setting information”, “user environment”, and “user setting information” in the same manner as the license division possibility determination. Further, the division type may be determined in advance.

  In addition to the division type, an attribute for the divided license, for example, permitted processing (eg, movement, duplication) may be determined based on the three types of information.

  The license division control unit 405 divides the license based on the division type determined in step S2803 (FIG. 28: step S2804).

  In addition, a license identifier may be newly given at the time of license division. Specifically, the license identifiers “LICENSE-ID-0001-01” and “LICENSE-ID-0001-02” are assigned to the license generated by dividing the license with the license identifier “LICENSE-ID-0001”. . When the license ID is assigned as described above, the license before the division can be grasped by the upper few digits, which is useful in the process of recombining the divided licenses.

  In the above description, since the license identifier is defined as information for uniquely identifying the license in the terminal device 300, and the terminal device 300 generates the license identifier, the license identifier in the license dividing device 400 is also free. There was no problem to grant.

  When the license identifier is defined as information for uniquely identifying the license in the license using system, and the license distribution server 100 manages all license identifiers, the license dividing device 400 is configured to perform the license division, That is, at the time of granting a license identifier, it is preferable to ask the license distribution server 100 or acquire a range of license identifiers that may be assigned in advance.

The license division process has been described above.
Next, processing in which the license dividing apparatus 400 divides a license received from another apparatus and transmits at least one license to an apparatus different from the other apparatus will be described. Here, as a typical example, the terminal device 300 requests the license distribution server 100 to acquire a license, the license dividing device 400 divides the license received from the license distribution server 100, and transmits the divided license to the terminal device 300. Processing, that is, a case where the license distribution server 100 acquires a license from the license distribution server 100 and transmits the license to the terminal device 300 will be described. In addition to the above, a scene where the terminal device 300 transmits a divided license to another terminal device 300 via the license dividing device 400 may be assumed as a use scene of this division processing.

  Prior to the description of the division processing, a data structure of a communication message related to the division acquisition processing will be described with reference to FIG. 22 and FIG. The divided license request message body M2200 of FIG. 22 includes a terminal identifier M2201, a content identifier M2202, and domain information M2203. The license transmission message body M2300 before division shown in FIG. 23 includes a license M2301, domain information M2302, and transmission source terminal information M2303.

The data structure of the communication message related to the division process has been described above.
Next, the terminal device 300 requests the license distribution server 100 to acquire a license, the license dividing device 400 divides the license received from the license distribution server 100, and transmits the divided license to the terminal device 300. The processing will be described with reference to FIG.

  The terminal device 300 starts a license acquisition process in response to information input from the user to the application of the terminal device 300 and a split license acquisition instruction (FIG. 29: step S2931). The user must input at least a content identifier, which is one piece of information for specifying a license to be acquired, or information according to the content identifier to the application of the terminal device 300. The following description will be given on the assumption that the user inputs the content identifier “CONTENT-ID-0001” and starts the license acquisition process.

  Upon receiving information input from the user, the terminal device 300 generates a split license request message in the license acquisition / transmission unit 304 and transmits it to the license distribution server 100 through the communication unit 301 (FIG. 29: step S2932). The terminal identifier M2201 included in the divided license request message body M2200 sets the terminal identifier of the terminal device 300 that transmits the divided license request message, for example, “TERMINAL-ID-0001”, and the content identifier M1602 is input by the user The content identifier “CONTENT-ID-0001” is set, and the domain information M2203 sets information stored in the domain information storage unit 313 of the terminal device 300.

  The license distribution server 100 receives the divided license request message through the communication unit 101 (FIG. 29: step S2911).

  The license generation / transmission unit 102 generates a license to be divided based on information included in the divided license request message (FIG. 29: step S2912). The license generation process is omitted because it has been described above.

  The license generation / transmission unit 102 generates a pre-division license transmission message and transmits it to the license division device 400 through the communication unit 101 (FIG. 29: step S2913). The license M2301 included in the pre-division license transmission message body M2300 sets the license generated in step S2912, the domain information M2302 sets the domain information M2203 included in the divided license request message, and the transmission source terminal information M2303 includes This is information for uniquely identifying the terminal device 300 that has transmitted the divided license request message, and sets a terminal identifier M2201 included in the divided license request message or an IP address included in the message header.

  The license dividing device 400 receives the pre-division license division transmission message through the communication unit 401 (FIG. 29: step S2921).

  The license receiving unit 402 extracts the license M2301 and the domain information M2302 from the received pre-division license transmission message body M2300, and transmits them to the license division control unit 405.

  Upon receiving the license M2301 and the domain information M2302, the license division control unit 405 performs the license division process (FIG. 29: step S2922) described above with reference to the flowchart of FIG.

  The license division control unit 405 determines whether or not the license is divided in the license division processing process (FIG. 29: step S2923).

  If the license is not divided, the license division control unit 405 identifies a reply message including a message body indicating that the license could not be divided in the transmission source terminal information M2303 included in the pre-division license transmission message body M2300. 300 (FIG. 29: Step S2925).

  When the license has been divided, the license division control unit 405 acquires the divided license from the license division unit 406, and converts the license including the usage conditions for reproducing the divided license into the license (in the divided license transmission message main body M2100). For reproduction) M2101, a license including usage conditions for export is set as a license (for export) of the divided license transmission message body M2100, and the transmission source terminal information M2303 included in the pre-division license transmission message body M2300 through the communication unit 401 Is transmitted to the terminal device 300 specified by (FIG. 29: step S2924).

  The terminal device 300 receives the divided license transmission message body M2100 through the communication unit 301, and acquires a license (for reproduction) M2101 and a license (for export) M2102 (FIG. 29: step S2934).

  The terminal device 300 associates the acquired license (for reproduction) M2101 and the license (for export) M2102 with the content identifier associated with the license M2001, newly assigns and associates the license identifier, and stores them in the license storage unit 312. (FIG. 29: Step S2935). The association with each identifier is as described above.

  In the above description, the two divided licenses are transmitted to the terminal device 300 uniquely specified by the transmission source terminal information M2303. However, the licenses may be transmitted to a plurality of terminal devices 300. In this case, two pieces of information that uniquely identify the terminal device 300 that is the transmission destination of the license are set as the transmission destination terminal information. Also, information such as which terminal of the divided license is transmitted may be given to which terminal device.

  Similarly, when the license is divided into three or more, the divided licenses can be transmitted to the plurality of terminal devices 300.

  As described above, regarding the license dividing process, the license dividing apparatus 400 divides the license received from another apparatus, and transmits the license to the other apparatus. The license dividing apparatus 400 receives the license received from the other apparatus. And the process of transmitting the license to a device different from the other devices.

  Next, an inter-terminal license acquisition process in which the terminal device 300 duplicates or moves a license with another terminal device 300 will be described.

  Prior to the description of the inter-terminal license acquisition process, the data structure of a communication message related to the inter-terminal license acquisition process will be described with reference to FIG. The inter-terminal license acquisition request message body M2400 in FIG. 24 includes a request type M2401, a license identifier M2402, and domain common information M2403.

The data structure of the communication message related to the license acquisition processing has been described above. Next, the terminal device 300a transmits an inter-terminal license acquisition request to the terminal device 300b, and the terminal device 300a receives the acquisition target license. Processing of each unit up to this point will be described with reference to FIG.

  The terminal device 300a starts the license acquisition process in response to information input from the user to the application of the terminal device 300a and an inter-terminal license acquisition instruction (FIG. 30: step S3031).

  The user, for the application of the terminal device 300a, at least a license identifier that is one piece of information for specifying the license to be acquired, information for uniquely specifying the terminal device 300b that holds the license, and a copy of the license, A request type that is information for identifying a desired process such as movement must be input. It is assumed that the license identifier has been acquired in advance by a prior license search process. Further, information that uniquely identifies the terminal device 300b includes a terminal identifier, an IP address, and the like.

  Upon receiving information input from the user, the terminal device 300a generates an inter-terminal license acquisition request message in the license acquisition / transmission unit 304, and transmits the message to the terminal device 300b through the communication unit 301 (FIG. 30: Step S3032).

  The request type M2401 included in the inter-terminal license acquisition request message body M2400 sets the request type input by the user in step S3031, and the license identifier M2402 sets the license identifier input by the user in step S3031, and the domain common information M2403 sets the domain common information D1102 stored in the domain information storage unit 313 of the terminal device 300a.

  The terminal device 300b receives the inter-terminal license acquisition request message through the communication unit 301 (FIG. 30: Step S3011).

  Based on the domain common information M2403 included in the inter-terminal license acquisition request message and the domain common information D1102 of the domain information storage unit 313 of the terminal device 300b, the license acquisition / transmission unit 304 has the same terminal device 300a and terminal device 300b. A domain match determination is made as to whether or not the domain belongs (FIG. 30: Step S3012).

Specifically, when two pieces of common domain information match, it is determined that they are the same domain.
If the terminal device 300a and the terminal device 300b do not belong to the same domain, license transfer or copying is not permitted. Therefore, the processing is terminated, and a reply message including a message body indicating that the domain belongs to is different from the terminal device 300a. (FIG. 30: Step S3020).

  When the terminal device 300a and the terminal device 300b belong to the same domain, the license acquisition / transmission unit 304 specifies the target license based on the license identifier M2402 included in the inter-terminal license acquisition request message (FIG. 30). : Step S3013), the subsequent processing is performed.

  The license acquisition / transmission unit 304 determines the necessity of division based on the request type M2401 included in the inter-terminal license acquisition request message and the license usage conditions specified in step S3013 (FIG. 30: step S3014).

  Specifically, if the usage conditions include the number of exports and the request type includes “Duplicate”, the usage conditions for export are not permitted to be duplicated, so the license cannot be copied as it is. It is determined that the license needs to be divided. In addition, the division necessity control based on the number of divisions, such as not dividing the already divided license, is also assumed.

  In the above description, the description has been made on the assumption that the determination rule “export usage conditions cannot be duplicated” is determined in advance. However, for each attribute of the usage conditions such as “reproduction” and “export”, “duplication ”,“ Move ”, or a list describing whether processing is possible may be set separately. The list may be included in the license, may be held by the terminal device 300 and may be updated as necessary, or may be separately obtained from another device.

  When it is determined that the license needs to be divided, the license dividing process is performed by the license dividing device 400 and one terminal device 300 described with reference to FIG. Note that the license dividing process performed by the license dividing apparatus 400 and the plurality of terminal apparatuses 300 described with reference to FIG. 29 may be performed, and the license may be transmitted to the terminal apparatus 300a via the license dividing apparatus 400.

  Regardless of whether the license is divided or not, the license acquisition / transmission unit 304 determines whether the license can be processed in the request type M2401, that is, whether the license can be transmitted. (FIG. 30: Step S3014).

  If transmission of the license is not permitted, the process is terminated, and a reply message including that the transmission is not permitted is transmitted to the terminal device 300a (FIG. 30: step S3020).

  When license transmission is permitted, the license acquisition / transmission unit 304 sets the license permitted to be transmitted to the license M1701 of the license transmission message body M1700, and transmits the license to the terminal device 300a through the communication unit 301 (FIG. 30). : Step S3017). Here, it has been described that one permitted license is transmitted. However, in the case of a divided license, a plurality of licenses may be transmitted. In addition, when there are a plurality of permitted licenses for transmitting one license, a license with less restrictions, specifically, a license permitted to be copied may be preferentially transmitted.

  The terminal device 300a receives the license transmission message body M1700 through the communication unit 301, and acquires the license M1701 (FIG. 30: step S3034).

  The terminal device 300a stores the acquired license M1701 in the license identifier, content identifier and association license storage unit 312 (FIG. 30: step S3035), and notifies the terminal device 300b of a processing completion notification indicating completion of processing. (FIG. 30: Step S3036).

  When the terminal device 300b receives the processing completion notification via the communication unit 301 (FIG. 30: step S3018), the terminal device 300b performs appropriate processing on the license M1701. Specifically, when the request type is duplication, if the usage condition of the license M1701 includes the number of duplication possible, the duplication possible number is subtracted, and when the request type is migration, the license M1701 is deleted.

  In the above description, the terminal device 300a has set the request type in the inter-terminal license acquisition request message, and the terminal device 300b has been described as switching processing based on the request type. What can be transmitted by the device 300b may be selectively transmitted to the terminal device 300a.

  In the above, the process in which the terminal device 300 duplicates or moves the license with another terminal device 300 has been described.

Next, a process in which the terminal device 300 reproduces content will be described.
The terminal device 300 starts content reproduction processing in response to information input from the user to the application of the terminal device 300 and a content reproduction instruction (FIG. 31: step S3101). The user must input at least a content identifier or license identifier, which is one piece of information for specifying content to be reproduced, to the application of the terminal device 300. The following description will be given on the assumption that the user inputs a license identifier and starts the content reproduction process.

  In the terminal device 300 that has received information input from the user, the license processing unit 302 specifies a license based on the license identifier (FIG. 31: step S3102), and based on the usage conditions (for reproduction) of the specified license, It is determined whether or not playback is possible (FIG. 31: Step S3103). It should be noted that the determination as to whether playback is possible may be based on the number of divisions. Specifically, an upper limit value of the number of divisions that can be used for each terminal is set, and control may be performed based on a comparison with the number of divisions included in the license.

If playback is not allowed, the process ends and the user is notified with the reason not allowed.
When the reproduction is permitted, the content reproduction unit 303 specifies the corresponding content from the content storage unit 311 using the content identifier associated with the license as a key (FIG. 31: step S3104).

  The content playback unit 303 decrypts and plays back the content using the content key included in the license (FIG. 31: step S3105).

  When the content reproduction unit 303 finishes reproducing the content, the content reproduction unit 303 transmits the usage record such as the number of reproductions and the reproduction time to the license processing unit 302.

  The license processing unit 302 updates the usage condition of the license based on the usage record.

  Specifically, when the usage condition before reproduction is “available time: 10 hours”, when the reproduction is performed for 1 hour, the usage time is updated to “available time: 9 hours”.

The processing for playing back content on the terminal device 300 has been described above.
Next, a process in which the terminal device 300 exports content will be described.

  The terminal device 300 starts content export processing in response to an input of information from the user to the application of the terminal device 300 and a content export instruction (FIG. 32: step S3201). The user must input at least a content identifier or license identifier, which is one piece of information for specifying content to be exported, to the application of the terminal device 300. The following description will be given on the assumption that the user has input the license identifier and started the content export processing.

  In the terminal device 300 that has received the information input from the user, the export license processing unit 306 specifies the license based on the license identifier (FIG. 32: step S3202), and based on the usage condition (for export) of the specified license, Whether or not content export is possible is determined (FIG. 32: step S3203). It should be noted that the determination as to whether export is possible may be based on the number of divisions. Specifically, an upper limit value of the number of divisions that can be used for each terminal is set, and control may be performed based on a comparison with the number of divisions included in the license.

  If the export is not allowed, the process is terminated and the user is notified with the reason not allowed.

  When the export is permitted, the export processing unit 307 specifies the corresponding content from the content storage unit 321 using the content identifier associated with the license as a key (FIG. 32: step S3204).

  The export processing unit 307 decrypts the content using the content key included in the license, performs processing according to the rights management method of the export destination, and exports the content (FIG. 32: step S3205). Specifically, the processing according to the rights management method at the export destination includes content encryption conversion, license usage condition conversion, and the like.

  When the export of the content is finished, the export processing unit 307 transmits the success or failure of the export to the export license processing unit 306.

  The export license processing unit 306 updates the license usage conditions (for export) based on the success or failure of the export.

  Specifically, when the use condition (for export) before export is “exportable number of times: 3 times” and the export is successful, the use condition (for export) is set to “exportable number of times: 2 times”. Update to

  The processing for exporting content in the terminal device 300 has been described above.

  At the time of license division, domain information at the time of division is assigned to the divided license, and the domain information at the time of processing differs from the domain information assigned to the divided license in the content playback processing and export processing, or at the time of processing For example, when the domain information is less restrictive than the domain information assigned to the split license, control such as not permitting the reproduction process and the export process may be performed.

  As described above, the license dividing device 400 can be incorporated into the license distribution server 100 and the terminal device 300, and communication processing can be simplified.

  Further, in the above description, it has been described that the license is divided in the process between the license distribution server under the management of the same right management method and the terminal device. The license dividing apparatus according to the present application acquires a license from a license distribution server under the management of the right management method X, or a terminal device under the management of the right management method Y, or between terminal devices under different rights management methods. It can also be applied to license exchange.

In general, when licenses are exchanged between devices under different rights management methods, license format conversion, usage condition conversion, and the like are required. Therefore, in such a case, the license dividing device of the present application is more useful when incorporated in a license conversion device.
Further, in the present application, the license division has been described. However, the divided licenses can be combined and returned to the original license.

  However, from the viewpoint of copyright protection, when the divided licenses are duplicated, it is desirable to ensure that the duplicated licenses are invalidated when the licenses are combined. Such rules for combining licenses may be given to divided licenses.

  Also, the license may be divided a plurality of times, and the division rule may be changed according to the number of divisions.

(Other variations)
Although the present invention has been described based on the above embodiment, it is needless to say that the present invention is not limited to the above embodiment. The following cases are also included in the present invention.

  (1) Each of the above devices is specifically a computer system including a microprocessor, a ROM, a RAM, a hard disk unit, a display unit, a keyboard, a mouse, and the like. A computer program is stored in the RAM or hard disk unit. Each device achieves its functions by the microprocessor operating according to the computer program. Here, the computer program is configured by combining a plurality of instruction codes indicating instructions for the computer in order to achieve a predetermined function.

  (2) A part or all of the constituent elements constituting each of the above-described devices may be configured by one system LSI (Large Scale Integration). The system LSI is an ultra-multifunctional LSI manufactured by integrating a plurality of components on a single chip, and specifically, a computer system including a microprocessor, ROM, RAM, and the like. . A computer program is stored in the RAM. The system LSI achieves its functions by the microprocessor operating according to the computer program.

  (3) Part or all of the constituent elements constituting each of the above devices may be configured from an IC card that can be attached to and detached from each device or a single module. The IC card or the module is a computer system including a microprocessor, a ROM, a RAM, and the like. The IC card or the module may include the super multifunctional LSI described above. The IC card or the module achieves its function by the microprocessor operating according to the computer program. This IC card or this module may have tamper resistance.

  (4) The present invention may be the method described above. Further, the present invention may be a computer program that realizes these methods by a computer, or may be a digital signal composed of the computer program.

  The present invention also provides a computer-readable recording medium such as a flexible disk, hard disk, CD-ROM, MO, DVD, DVD-ROM, DVD-RAM, BD (Blu-ray Disc). ), Recorded in a semiconductor memory or the like. The digital signal may be recorded on these recording media.

  In the present invention, the computer program or the digital signal may be transmitted via an electric communication line, a wireless or wired communication line, a network represented by the Internet, a data broadcast, or the like.

  The present invention may be a computer system including a microprocessor and a memory, wherein the memory stores the computer program, and the microprocessor operates according to the computer program.

  In addition, the program or the digital signal is recorded on the recording medium and transferred, or the program or the digital signal is transferred via the network or the like, and executed by another independent computer system. It is good.

  (5) The above embodiment and the above modifications may be combined.

  The content utilization apparatus according to the present invention is useful in a content distribution service receiving terminal using package media such as a DVD, a content distribution service receiving terminal using digital broadcasting, CATV, the Internet, or the like.

It is a figure which shows the schematic structure of the whole content utilization system which concerns on embodiment of this invention. It is a functional block diagram which shows the structure of the license distribution server 100 which concerns on embodiment of this invention. It is a functional block diagram which shows the structure of the content delivery server 200 which concerns on embodiment of this invention. It is a functional block diagram which shows the structure of the terminal device 300 which concerns on embodiment of this invention. It is a functional block diagram which shows the structure of the license division | segmentation apparatus 400 which concerns on embodiment of this invention. It is a figure which shows the table structure of the user information storage part 111 which concerns on embodiment of this invention. It is a figure which shows the table structure of the use condition storage part 112 which concerns on embodiment of this invention. It is a figure which shows the table structure of the content key storage part 113 which concerns on embodiment of this invention. It is a figure which shows the table structure of the content storage part 211 and the content storage part 311 which concern on embodiment of this invention. It is a figure which shows the table structure of the license storage part 312 which concerns on embodiment of this invention. It is a figure which shows the table structure of the domain information storage part 313 which concerns on embodiment of this invention. It is a figure which shows the data structure of the license which the license distribution server 100 concerning embodiment of this invention distributes. It is a figure which shows an example of the data structure of the divided | segmented license which concerns on embodiment of this invention. It is a figure which shows an example of the data structure of the divided | segmented license which concerns on embodiment of this invention. It is a figure which shows the structure of the communication message which concerns on embodiment of this invention. It is a figure which shows the structure of the license acquisition request message main body which concerns on embodiment of this invention. It is a figure which shows the structure of the license transmission message main body which concerns on embodiment of this invention. It is a figure which shows the structure of the content acquisition request message main body which concerns on embodiment of this invention. It is a figure which shows the structure of the content transmission message main body which concerns on embodiment of this invention. It is a figure which shows the structure of the license division | segmentation request message main body which concerns on embodiment of this invention. It is a figure which shows the structure of the division | segmentation license transmission message main body which concerns on embodiment of this invention. It is a figure which shows the structure of the division | segmentation license request message main body which concerns on embodiment of this invention. It is a figure which shows the structure of the license transmission message main body before a division | segmentation which concerns on embodiment of this invention. It is a figure which shows the structure of the inter-terminal license acquisition request message main body concerning embodiment of this invention. 4 is a flowchart showing processing for acquiring a license from the license distribution server 100 by the terminal device 300 according to the embodiment of the present invention. It is a flowchart which shows the process in which the terminal device 300 which concerns on embodiment of this invention acquires a content from the content delivery server 200. FIG. 7 is a flowchart showing a process in which the terminal device 300 according to the embodiment of the present invention requests license division to the license dividing device 400 and acquires a divided license. It is a flowchart which shows the license division | segmentation process which concerns on embodiment of this invention. It is a flowchart which shows the process which the terminal device 300 which concerns on embodiment of this invention requests | requires a license division | segmentation to the license division | segmentation apparatus 400, and the other terminal device 300 acquires a division | segmentation license. It is a flowchart which shows the process in which the terminal device 300 which concerns on embodiment of this invention acquires a license from the other terminal device 300. FIG. It is a flowchart which shows the process which the terminal device 300 which concerns on embodiment of this invention reproduces | regenerates a content, and updates a license. It is a flowchart which shows the process which the terminal device 300 which concerns on embodiment of this invention exports a content and updates a license.

Explanation of symbols

DESCRIPTION OF SYMBOLS 100 License delivery server 101,201,301,401 Communication part 102 License production | generation part transmission part 111 User information storage part 112 Usage condition storage part 113 Content key storage part 200 Content distribution server 202 Content acquisition / transmission part 211,311 Content storage part 300a, 300b, 300c Terminal device 302 License processing unit 303 Content playback unit 304 License acquisition / transmission unit 305 Content acquisition unit 306 Export license processing unit 307 Export processing unit 312 License storage unit 313 Domain information storage unit 400 License division device 402 License reception Unit 403 License transmission unit 404 Division control information acquisition unit 405 License division control unit 406 License division unit 500 Transmission path

Claims (10)

A license receiving means for receiving a license from the outside;
A license transmission means for transmitting the license to the outside;
A license dividing means for performing a license dividing process;
A license division apparatus comprising: license division control means for determining whether or not division is necessary based on predetermined information and controlling the license division means.   2. The license dividing apparatus according to claim 1, wherein the license dividing unit divides the license into a reproduction license and an export license.   2. The license dividing apparatus according to claim 1, wherein the license dividing unit divides the license into a license whose usage condition has a state and a license whose usage condition does not have a state.   2. The license according to claim 1, wherein the license dividing unit divides the license into a license that is permitted to be used only by a terminal device belonging to a specific domain and a license that is permitted to be used only by a specific terminal device. Splitting device.   4. The license dividing apparatus according to claim 1, wherein the predetermined information is information set by a service provider or a content provider.   The license dividing apparatus according to claim 1, wherein the predetermined information is information representing a state of a user or a terminal.   The license dividing apparatus according to claim 1, wherein the predetermined information is information set by a user.   The license dividing apparatus according to claim 1, further comprising a division control information acquisition unit that acquires the predetermined information from outside.   8. The license dividing apparatus according to claim 1, further comprising license format conversion means for converting a license format.   The license dividing apparatus according to any one of claims 1 to 7, further comprising license use condition conversion means for converting a license use condition.

Images