JP2007028142A - Apparatus and method for managing contents, reproducing apparatus, its controlling method, and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To manage the viewing right of contents in each contents. <P>SOLUTION: In updating contents to be provided to a portable device 6-1, a personal computer 1-1 invalidates a current shared key, temporarily releases all allocated viewing right, encrypts the contents key of contents whose viewing right should not be released by a shared key newly prepared together with a contents key of contents to be newly checked out to prepare viewing right and the prepared viewing right is transmitted. This invention can be applied to a contents management apparatus for managing the viewing right of contents for instance. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to a content management apparatus and method, a playback apparatus, a control method thereof, and a program, and more particularly, to a content management apparatus and method, a playback apparatus, and a control for the same. The present invention relates to a method and a program.

  In recent years, portable devices (hereinafter referred to as PDs) such as portable digital audio players for storing and reproducing music data (contents) on a recording medium such as a small hard disk or semiconductor memory have become widespread. The content stored in the PD is provided (distributed) from a management terminal device such as a content distribution server. Patent Document 1 discloses such a content distribution system.

  FIG. 1 shows an example of data recorded on a PD recording medium.

  The PD stores, for example, contents A, B, and C as reproducible contents.

That is, the PD includes encrypted contents CON _A , CON _B , and CON in which contents A, B, and C are encrypted with respective content keys CEK-A, CEK-B, and CEK-C (not shown). Viewing rights (licenses) L _{A for} content A, B, and C encrypted with shared key K _DOM shared by _C and content keys CEK-A, CEK-B, and CEK-C. , L _B , and L _C are stored.

For example, if the PD is reproducing the content A, the first, PD decodes the view right L _A of the content A in the shared key K _DOM, to obtain the content key CEK-A of the content A. Next, the PD decrypts the encrypted content CON _A with the content key CEK-A, and reproduces the content A (data thereof) obtained as a result.

Here, each of the PD and the management terminal device has the other party's PKI public key authenticated by a third-party certification organization such as PKI (Public Key Infrastructure). That is, the PD has the PKI public key K ′ _PKI-PC of the management terminal device together with its own PKI private key K _PKI-PD . The shared key K _DOM held by the PD is encrypted from the PD PKI public key K ′ _PKI-PD (not shown) and transmitted from the management terminal device. The shared key K _DOM is managed so that it cannot be deleted or changed (hidden from the PD user). Note that the viewing rights L _A , L _B and L _C of the contents _A , _B and _C and the encrypted contents CON _A , CON _B and CON _C may be recognized by the user as the contents held in the PD. It is managed so that it can be seen by the user so that it can be copied (backed up) to another recording medium.

The PD and the management terminal device hold the above-mentioned shared key K _DOM in advance in accordance with the process shown in the flowchart of FIG.

That is, in step S1, the management terminal device transmits to the PD a trigger signal for causing the PD to generate a shared key K _DOM creation request signal.

In step S31, the PD receives a trigger signal from the management terminal device, and in step S32, the PD transmits a shared key K _DOM creation request signal to the management terminal device.

In step S2, the management terminal apparatus receives the shared key K _DOM creation request signal from the PD, proceeds to step S3, and creates the shared key K _DOM . In step S4, the management terminal device stores the created shared key K _DOM therein.

In step S5, the management terminal device encrypts the shared key K _DOM with the PKI public key K ′ _PKI-PD of the PD, and transmits the encrypted shared key K _DOM to the PD.

In step S33, the PD receives the encrypted shared key K _DOM from the management terminal device. In step S34, the _PD decrypts the encrypted shared key K _DOM with the PKI private key K _PKI-PD of the _PD . Then, the process proceeds to step S35, in which the PD stores therein the shared key K _DOM obtained by decryption, and transmits a completion notification to the management terminal apparatus in step S36.

  In step S7, the management terminal device receives a completion notification from the PD.

  Thereafter, when an operation for checking out the contents A, B, and C is performed in the management terminal device, a check-out process shown in the flowchart of FIG. 3 is executed.

First, in step S51, the management terminal device creates viewing rights L _A , L _B , and L _C for the contents A, B, and C. That is, in step S51, the management terminal device encrypts the content keys CEK-A, CEK-B, and CEK-C of the contents A, B, and C with the shared key K _DOM that is held, and the result Are viewing rights L _A , L _B , and L _C.

In step S52, the management terminal device transmits the encrypted contents CON _A , CON _B , and CON _C and the viewing rights L _A , L _B , and L _C to the PD.

The PD receives the encrypted contents CON _A , CON _B , and CON _C and the viewing rights L _A , L _B , and L _C transmitted from the management terminal device in step S71, and in step S72, Remember inside. In step S73, the PD transmits a completion notification to the management terminal device. In step S53, the management terminal device receives the notification and ends the process.

Since the PD holds the shared key K _DOM as described above, when the user instructs playback of the content A, B, or C in the PD, the PD holds the shared key K _DOM The viewing right L _A , L _B , or L _C corresponding to the content instructed to be played in is decrypted with the shared key K _DOM , and the resulting content key CEK-A, CEK-B, or CEK-C is encrypted. The encrypted content CON _A , CON _B , or CON _C is further decrypted and played back.

  When the user instructs to check out new contents other than the contents A, B, and C, the checkout process shown in FIG. 3 is repeatedly executed.

JP 2001-236081 A

Here, when the management terminal wants to prevent can listen to the content A in PD, in other words, when the management terminal wants to collect the view right L _A of the content A from the PD, for example, the management terminal even deletes the view right L _a of the contents a, the view right L _a of the contents a, since the user can freely copy such, if it is backed up, such as to another recording medium, view right L again content a _A is resurrected. That is, in the deletion of the view right L _A of the content A, it can not be reliably collected the viewing rights L _A of the content A from PD.

Also, for example, if the management terminal device deletes the shared key K _DOM stored in the PD in order to prevent the decryption of the viewing right L _A of the content A, the content that the PD still has the right to reproduce The viewing rights L _B and L _C of _B and _C cannot be decrypted, which is disadvantageous to the user.

  In other words, the content distribution method described above cannot manage content viewing rights for each content.

  The present invention has been made in view of such a situation, and makes it possible to manage content viewing rights for each content.

  The content management device according to the first aspect of the present invention is the content management device that manages the content provided to the playback device that plays back the content, and updates the content provided to the playback device. Receiving means for receiving a request for creating a new shared key different from the shared key that the playback apparatus currently has, which is transmitted from the playback apparatus in response to the trigger signal transmitted by the playback apparatus, and in response to the creation request, the new Creating means for creating a shared key, and a shared key for updating the shared key stored in the shared key storage means in association with the playback device information representing the playback device to the created new shared key A storage control unit and an encryption key for encrypting a content key for decrypting the content to be provided to the playback device with the newly created shared key. And transmitting means for transmitting the trigger signal, the created new shared key, and the content key encrypted with the new shared key as the right to view the content to the playback device And the content information storage means for storing the playback device and the content information representing the content of the playback device in association with each other according to the content key encrypted with the new shared key Content information storage control means is provided.

  The transmission unit can also transmit the content to the playback device.

  The encryption unit further encrypts the created new shared key with a public key infrastructure (PKI) public key of the playback device, and the transmission unit uses the PKI public key of the playback device. The new shared key encrypted can be transmitted to the playback device.

  The content management method according to the first aspect of the present invention is the content management method of the content management device that performs the content management process for managing the content provided to the playback device that plays back the content, wherein the content provided to the playback device A request to create a new shared key that is different from the shared key that the playback device currently has is transmitted from the playback device in response to the trigger signal sent by the content management device when the content management device is updated, and the creation request In response, the new shared key is created, and the shared key stored in the shared key storage unit in association with the playback device information representing the playback device is updated to the created new shared key. And encrypting a content key for decrypting the content to be provided to the playback device with the created new shared key, The rigger signal, the created new shared key, and the content key encrypted with the new shared key as the content viewing right are transmitted to the playback device, and the new shared key is used. In accordance with the encrypted content key, there is a step of updating content information storage means for storing the playback device and content information representing the content of the playback device in association with each other.

  A program according to a first aspect of the present invention is a program that causes a computer to execute control of a content management apparatus that performs content management processing for managing the content provided to a playback apparatus that plays back content, and is provided to the playback apparatus Receiving a request for creating a new shared key different from the shared key that the playback device currently has, transmitted from the playback device in response to a trigger signal transmitted by the content management device when updating the content; In response to the creation request, the new shared key is created, and the shared key stored in the shared key storage unit is stored in association with the playback device information representing the playback device. The content key for decrypting the content to be provided to the playback device is updated with the newly created shared key. And transmitting the trigger signal, the created new shared key, and the content key encrypted with the new shared key as the right to view the content to the playback device, and Updating a content information storage unit that stores the playback device and content information representing the content of the playback device in association with each other according to the content key encrypted with a shared key.

  In the first aspect of the present invention, when updating the content provided to a playback device that plays back content, the content management device that manages the content is transmitted from the playback device in response to a trigger signal transmitted. A request for creating a new shared key different from the shared key that the playback device currently has is received, the new shared key is created in response to the creation request, and the playback device is represented in the shared key storage means. The shared key stored in association with the playback device information is updated to the created new shared key, and a content key for decrypting the content to be provided to the playback device is created. Encrypted with a shared key, the trigger signal, the created new shared key, and the new shared key as the right to view the content The encoded content key is transmitted to the playback device, and in response to the content key encrypted with the new shared key, the playback device and content information representing the content of the playback device The content information storage means stored in association is updated.

  The playback device according to the second aspect of the present invention is a playback device that plays back content provided from a content management device, and a trigger transmitted from the content management device when the content of the playback device is updated. In response to the signal, a transmission means for transmitting a request for creating a new shared key different from the shared key that the playback device currently has to the content management device, the trigger signal, the new shared key, and the content As a viewing right, the content key of the content encrypted with the new shared key is received from the content management device and concealed from the user who uses the playback device and stored in the shared key storage device. Shared key storage control means for updating the shared key to the new shared key and content key storage means Is 憶, the content key encrypted by the shared key, a content key storage control unit configured to update the content key encrypted with said new shared key is provided.

  The content key storage control means further includes the content encrypted with the shared key stored in the content key storage means without being updated to the content key encrypted with the new shared key. The key can be deleted.

  The content key storage means also stores the content encrypted with the content key, and the content key storage control means can also delete the content corresponding to the deleted content key. .

  The new shared key received by the receiving means is encrypted with a public key infrastructure (PKI) public key of the playback device, and the new shared key encrypted with the PKI public key of the playback device is Further, it is possible to further provide decryption means for decrypting with the PKI private key of the playback apparatus.

  A control method according to a second aspect of the present invention is a control method for a playback device that plays back content provided from a content management device, and is transmitted from the content management device when the content of the playback device is updated. In response to the incoming trigger signal, a request to create a new shared key different from the shared key that the playback device currently has is transmitted to the content management device, and the trigger signal, the new shared key, and the content The content key of the content encrypted with the new shared key as a viewing right is received from the content management device and is concealed from the user who uses the playback device and stored in the shared key storage unit The shared key is updated to the new shared key and encrypted with the shared key stored in the content key storage means. And the content key, comprising the step of updating the said content key encrypted with the new shared key.

  According to a second aspect of the present invention, there is provided a program for causing a computer to execute control of a playback device that plays back content provided from a content management device, wherein the content of the playback device is updated. In response to a trigger signal transmitted from the management apparatus, a request to create a new shared key different from the shared key that the playback apparatus currently has is transmitted to the content management apparatus, and the trigger signal, the new shared key, And the content key of the content encrypted with the new shared key as the right to view the content is received from the content management device and concealed from the user who uses the playback device. Update the shared key stored in the new shared key to the content key storage means Is 憶, the content key encrypted by the shared key, comprising the step of updating the said content key encrypted with the new shared key.

  In the second aspect of the present invention, the reproduction is performed according to a trigger signal transmitted from the content management device when the content included in the reproduction device that reproduces the content provided from the content management device is updated. A request for creating a new shared key different from the shared key that the device currently has is transmitted to the content management device, and the new shared key as the trigger signal, the new shared key, and the viewing right of the content The content key of the content encrypted with the content management device is received from the content management device, and the shared key concealed from the user who uses the playback device and stored in the shared key storage means is the new shared key. And the content key encrypted with the shared key stored in the content key storage means is Said encrypted with Do shared key is updated to the content key.

  According to the first aspect of the present invention, content can be provided to a playback device. According to the first aspect of the present invention, the right to view content can be managed for each content.

  According to the second aspect of the present invention, content can be reproduced. Also, according to the second aspect of the present invention, the content management apparatus can manage the right to view content for each content.

  Embodiments of the present invention will be described below. Correspondences between the configuration requirements of the present invention and the embodiments described in the detailed description of the present invention are exemplified as follows. This description is to confirm that the embodiments supporting the present invention are described in the detailed description of the invention. Accordingly, although there are embodiments that are described in the detailed description of the invention but are not described here as embodiments corresponding to the constituent elements of the present invention, It does not mean that the embodiment does not correspond to the configuration requirements. Conversely, even if an embodiment is described here as corresponding to a configuration requirement, that means that the embodiment does not correspond to a configuration requirement other than the configuration requirement. It's not something to do.

Content management according to the first aspect of the present invention includes:
In a content management device (for example, personal computer 1-1 in FIG. 4) that manages the content provided to a playback device (for example, PD 6-1 in FIG. 4) that plays back content,
When updating the content provided to the playback device, a new shared key that is transmitted from the playback device in response to a trigger signal transmitted by the content management device and is different from the current shared key of the playback device Receiving means for receiving the creation request (for example, the receiving unit 211 in FIG. 8);
In response to the creation request, creation means for creating the new shared key (for example, the shared key creation unit 213 in FIG. 8);
Shared key storage control means for updating the shared key stored in the shared key storage means in association with the playback device information representing the playback device to the created new shared key (for example, the shared key storage in FIG. 8). Key correspondence table control unit 215),
An encryption unit (for example, the encryption unit 214 in FIG. 8) that encrypts a content key for decrypting the content to be provided to the playback device with the created new shared key;
Transmission means for transmitting the trigger signal, the created new shared key, and the content key encrypted with the new shared key as the right to view the content to the playback device (for example, FIG. 8 transmission units 212),
Content information for updating content information storage means for storing the playback device and content information representing the content of the playback device in association with each other according to the content key encrypted with the new shared key Storage control means (for example, the content correspondence table control unit 216 in FIG. 8).

The content management method or program according to the first aspect of the present invention includes:
A content management method of a content management apparatus (for example, personal computer 1-1 in FIG. 4) that performs content management processing for managing the content provided to a playback apparatus (for example, PD 6-1 in FIG. 4) that reproduces content, or In a program for causing a computer to execute control of the content management device,
When updating the content provided to the playback device, a new shared key that is transmitted from the playback device in response to a trigger signal transmitted by the content management device and is different from the current shared key of the playback device The creation request is received (for example, step S113 in FIG. 12),
In response to the creation request, the new shared key is created (for example, step S114 in FIG. 12),
The shared key stored in the shared key storage unit in association with the playback device information representing the playback device is updated to the created new shared key (for example, step S115 in FIG. 12).
A content key for decrypting the content to be provided to the playback device is encrypted with the created new shared key (for example, step S119 in FIG. 12),
The trigger signal, the created new shared key, and the content key encrypted with the new shared key as the content viewing right are transmitted to the playback device (for example, FIG. 12). Step S121),
In accordance with the content key encrypted with the new shared key, the content information storage unit that stores the playback device and content information representing the content of the playback device in association with each other is updated (for example, , Step S120 in FIG. 12)
Includes steps.

The playback device according to the second aspect of the present invention is, firstly,
In a playback device (for example, PD 6-1 in FIG. 4) that plays back content provided from a content management device (for example, the personal computer 1-1 in FIG. 4),
In response to a trigger signal transmitted from the content management device when the content of the playback device is updated, a request for creating a new shared key different from the shared key that the playback device currently has is sent to the content management Transmission means for transmitting to the apparatus (for example, the transmission unit 241 in FIG. 10)
Receiving means for receiving the content key of the content encrypted with the new shared key as the trigger signal, the new shared key, and the viewing right of the content from the content management device (for example, FIG. 10 receiving units 242),
Shared key storage control means (for example, the shared key storage control unit 245 in FIG. 10) that updates the shared key that is hidden from the user who uses the playback device and is stored in the shared key storage means to the new shared key. )When,
Content key storage control means for updating the content key encrypted with the shared key stored in the content key storage means to the content key encrypted with the new shared key (for example, FIG. 10) Content key storage control unit 246).

Secondly, the playback device according to the second aspect of the present invention includes:
The new shared key received by the receiving means is encrypted with the PKI (Public Key Infrastructure) public key of the playback device,
Decryption means (for example, decryption unit 243 in FIG. 10) for decrypting the new shared key encrypted with the PKI public key of the playback device with the PKI private key of the playback device is further provided.

The control method or program according to the second aspect of the present invention includes:
A method for controlling a playback device (for example, PD 6-1 in FIG. 4) for playing back content provided from a content management device (for example, personal computer 1-1 in FIG. 4) or control of the playback device is controlled by a computer. In the program to be executed,
In response to a trigger signal transmitted from the content management device when the content of the playback device is updated, a request for creating a new shared key different from the shared key that the playback device currently has is sent to the content management (E.g., step S151 in FIG. 12)
The content key of the content encrypted with the new shared key as the trigger signal, the new shared key, and the viewing right of the content is received from the content management device (for example, FIG. 12). Steps S152 and S156),
Update the shared key concealed from the user who uses the playback device and stored in the shared key storage means to the new shared key (for example, step S154 in FIG. 12),
The content key encrypted with the shared key stored in the content key storage means is updated to the content key encrypted with the new shared key (for example, step S157 in FIG. 12).
Includes steps.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

  FIG. 4 is a diagram showing an embodiment of a music data management system to which the present invention is applied.

  The personal computer (content management apparatus) 1-1 is connected to a network 2 constituted by a local area network or the Internet. The personal computer 1-1 converts music data (hereinafter referred to as content) received from EMD (Electrical Music Distribution) servers 4-1 to 4-3 into a predetermined compression method (for example, ATRAC3 (trademark)). The data is converted and encrypted by an encryption method such as DES (Data Encryption Standard).

  Further, the personal computer 1-1 provides content to portable devices (hereinafter referred to as PD) 6-1 to 6-3 connected to the personal computer 1-1 as necessary, and the viewing right of the content is stored in the content management table. (Managed by a content management table TB described later).

  That is, the personal computer 1-1 stores (transmits) the encrypted content recorded in any of the connected PDs 6-1 to 6-3, and causes the PDs 6-1 to 6-3 to store the content. In response to the storage, the content management table is updated (hereinafter referred to as checkout).

  Further, the personal computer 1-1 manages the content by preventing the PD 6-1 to 6-3 from listening to the content checked out by the personal computer 1-1 to the connected PD 6-1 to 6-3. Data on the checked-out content in the table is updated (erased) (hereinafter referred to as check-in).

  The personal computer 1-2 is also connected to the network 2. As with the personal computer 1-1, the personal computer 1-2 converts the content received from the EMD servers 4-1 to 4-3 into a predetermined compression method, and encrypts it with an encryption method such as DES. The content management table is stored and the right to view the content is managed. That is, the personal computer 1-2 checks out and checks in the content that is encrypted and recorded in the connected PD 6-4, and updates the content management table accordingly.

  The PDs 6-1 to 6-3 can be connected to the personal computer 1-2, and the PD 6-4 can be connected to the personal computer 1-1. However, the personal computer 1-2 cannot check in the content that the personal computer 1-1 has checked out to the PDs 6-1 to 6-3. Further, the personal computer 1-1 cannot check in the content that the personal computer 1-2 has checked out to the PD 6-4.

  In the following description, PDs 6-1 to 6-4 are referred to as PD6 when it is not necessary to distinguish between them. When there is no need to distinguish between the personal computer 1-1 and the personal computer 1-2, they are simply referred to as the personal computer 1.

  When the personal computer 1 starts acquiring content from the EMD servers 4-1 to 4-3, the EMD registration server 3 responds to the request from the personal computer 1 via the network 2 and the EMD server. An authentication key necessary for mutual authentication with 4-1 to 4-3 is transmitted to the personal computer 1, and a program for connecting to the EMD servers 4-1 to 4-3 is transmitted to the personal computer 1.

  Each of the EMD servers 4-1 to 4-3 supplies content to the personal computer 1 via the network 2 in response to a request from the personal computer 1. The content supplied by each of the EMD servers 4-1 to 4-3 is compressed by the same or different compression method. Further, the contents supplied by each of the EMD servers 4-1 to 4-3 are encrypted by the same or different encryption methods. In the following description, EMD servers 4-1 to 4-3 are simply referred to as EMD server 4 when it is not necessary to distinguish them.

  The PD (playback device) 6-1 includes, for example, a mobile phone, a PDA (Personal Digital Assistant), a digital camera, a portable digital audio player having a flash memory and a hard disk, a CD (Compact Disc), and a CD-ROM ( Content provided from a personal computer 1 (compact disc-read only memory) or a portable disc recording / playback device for playing back content recorded on a magneto-optical disc such as a DVD (Digital Versatile Disc). That is, the checked-out content) is stored (recorded). In addition, the PD 6-1 reproduces the stored content and outputs it as a sound (music) to a headphone (not shown). The same applies to PD6-2 to 6-4. In the following description, PDs 6-1 to 6-4 are simply referred to as PD6 when it is not necessary to distinguish between them.

  The user (owner of the PD 6) removes the PD 6 storing the content (mounted with a recording medium storing the content) from the personal computer 1, carries it around, and plays back the stored content. , You can listen to music corresponding to the content with headphones.

  When the PD 6 is a mobile phone, the PD 6 uses a mobile phone network 7 via a base station 5-1 or 5-2 installed in a cell obtained by dividing a communication service providing area into a desired size. Can be connected to. The cellular phone network 7 is connected to the network 2.

  FIG. 5 is a block diagram showing a configuration of the personal computer 1-1. A CPU (Central Processing Unit) 11 actually executes various application programs (details will be described later) and an OS (Operating System). A ROM (Read-only Memory) 12 generally stores basically fixed data among the programs used by the CPU 11 and calculation parameters. A RAM (Random-Access Memory) 13 stores programs used in the execution of the CPU 11 and parameters that change as appropriate during the execution. These are connected to each other by a host bus 14 composed of a CPU bus or the like.

  The host bus 14 is connected to an external bus 16 such as a PCI (Peripheral Component Interconnect / Interface) bus via a bridge 15.

  The keyboard 18 is operated by the user when inputting various commands to the CPU 11. The mouse 19 is operated by the user when specifying or selecting a point on the screen of the display 20. The display 20 includes a liquid crystal display device, a CRT (Cathode Ray Tube), or the like, and displays various types of information as text and images. An HDD (Hard Disk Drive) 21 drives a hard disk and records or reproduces programs and information executed by the CPU 11.

  The drive 22 reads data or a program recorded on the magnetic disk 41, the optical disk 42, the magneto-optical disk 43, or the semiconductor memory 44 to be mounted, and supplies the data or program to the RAM 13 or the HDD 21.

  A PD 6-1 is connected to a USB (Universal Serial Bus) port 23-1 via a predetermined cable. The USB port 23-1 is data supplied from the HDD 21, the CPU 11, or the RAM 13 via the interface 17, the external bus 16, the bridge 15, or the host bus 14 (including, for example, commands for content or PD 6-1). Is output to PD6-1.

  The PD port 6-2 is connected to the USB port 23-2 via a predetermined cable. The USB port 23-2 is data supplied from the HDD 21, the CPU 11, or the RAM 13 via the interface 17, the external bus 16, the bridge 15, or the host bus 14 (for example, contents or commands for the PD 6-2 are included). Is output to PD6-2.

  The PD 6-3 is connected to the USB port 23-3 via a predetermined cable. The USB port 23-3 is data supplied from the HDD 21, the CPU 11, or the RAM 13 via the interface 17, the external bus 16, the bridge 15, or the host bus 14 (for example, contents or commands for the PD 6-3 are included). Is output to PD6-3.

  The speaker 24 outputs a predetermined sound corresponding to the content based on the data supplied from the interface 17 or the audio signal.

  These keyboard 18 to speaker 24 are connected to the interface 17, and the interface 17 is connected to the CPU 11 via the external bus 16, the bridge 15, and the host bus 14.

  The communication unit 25 is connected to the network 2 and stores data (for example, a registration request or a content transmission request) supplied from the CPU 11 or the HDD 21 in a packet of a predetermined method. The CPU 11 and the RAM 13 transmit data (for example, an authentication key or content) stored in a packet received from the EMD registration server 3 or EMD server 4 via the network 2 to the EMD registration server 3 or EMD server 4. Or output to the HDD 21.

  The communication unit 25 is connected to the CPU 11 via the external bus 16, the bridge 15, and the host bus 14.

  Since the configuration of the personal computer 1-2 is the same as that of the personal computer 1-1, description thereof is omitted.

  FIG. 6 is a block diagram illustrating a configuration example of the PD 6-1 including a hard disk as a recording medium for storing content.

  The CPU 61 executes content exchange with the personal computer 1, decryption processing of the encrypted content, decompression processing of the compressed content, and the like. The ROM 62 generally stores basically fixed data among programs used by the CPU 61 and calculation parameters. The RAM 63 stores programs used in the execution of the CPU 61 and parameters that change as appropriate during the execution. These are connected to each other by a host bus 64 including a CPU bus.

  The host bus 64 is connected to the external bus 66 via the bridge 65.

  The button 68 is operated by the user when inputting various commands to the CPU 61. The display 69 is composed of a liquid crystal display device or the like, and displays various information as text (characters) and images (graphics). The HDD 70 stores the content supplied (checked out) from the personal computer 1 and a key necessary for decrypting the encrypted content on the hard disk. The USB port 71 is connected to the personal computer 1 via a predetermined cable, and exchanges predetermined data (contents, commands, etc.) with the personal computer 1.

  The drive 72 reads data or a program recorded in the semiconductor memory 91 to be mounted and supplies the data or program to the RAM 63 or the HDD 70. The recording medium loaded in the drive 72 may be a magnetic disk other than the semiconductor memory 91, an optical disk, a magneto-optical disk, or the like.

  These buttons 68 to 72 are connected to an interface 67, and the interface 67 is connected to the CPU 61 via an external bus 66, a bridge 65, and a host bus 64.

  The PD 6-1 may include a flash memory other than the hard disk as a recording medium for storing content.

  Next, functions realized by the personal computer 1-1 executing a predetermined program will be described.

  FIG. 7 is a block diagram illustrating a functional configuration example of the personal computer 1-1 that is realized by execution of a predetermined program of the CPU 11.

  The content management program 111 includes an EMD selection program 131, a check-in / check-out management program 132, an encryption method conversion program 133, a compression method conversion program 134, an encryption program 135, an authentication program 136, an decryption program 137, a PD driver 138, A plurality of programs such as a purchase driver 141 and a purchase driver 142 are configured.

  The EMD selection program 131 selects a connection with any of the EMD servers 4-1 to 4-3, and sends any of the EMD servers 4-1 to 4-3 to the purchase application 115 or the purchase driver 141 or 142. Communication with the heel (for example, download of content when purchasing content) is executed.

  The check-in / check-out management program 132 performs check-in or check-out of the specified content with respect to the PD 6 when the user performs a check-in or check-out operation of the content with respect to the PD 6. Further, the check-in / check-out management program 132 updates the content management table TB of the content database 114 in accordance with the check-in or check-out of the designated content.

  The encryption method conversion program 133 stores the content encryption method received from the EMD server 4 via the network 2 by the purchase application program 115, the purchase driver 141, or the purchase driver 142 in the content database 114. Convert to the encryption method. When the content is checked out to the PD 6, the encryption method conversion program 133 converts the checked-out content into an encryption method that can be used by the PD 6.

  The compression method conversion program 134 is a content database for compressing the content received from the EMD servers 4-1 to 4-3 via the network 2 by the purchase application program 115, the purchase driver 141, or the purchase driver 142. The data is converted into a compression method when stored in 114. When the content is checked out to the PD 6, the compression method conversion program 134 converts the checked-out content into a compression method that can be used by the PD 6.

  The compression method conversion program 134 encodes the content (uncompressed) read from, for example, a CD (Compact Disc) and supplied from the recording program 113 by the encoding method used when the content database 114 stores the content. You can also

  The encryption program 135, for example, encrypts content (not encrypted) read from a CD and supplied from the recording program 113 by an encryption method used when the content database 114 stores the content.

  The authentication program 136 executes a mutual authentication process between the content management program 111 and the purchase application program 115 and a mutual authentication process between the content management program 111 and the purchase driver 141. The authentication program 136 is a process of mutual authentication between the EMD server 4-1 and the purchase application program 115, a process of mutual authentication between the EMD server 4-2 and the purchase driver 141, and purchase with the EMD server 4-3. The authentication key used in the mutual authentication process with the driver 142 is stored.

  The decryption program 137 decrypts the content when the personal computer 1 reproduces the content recorded in the content database 114.

  The PD driver 138 exchanges data (content or a command for executing a predetermined process) with the PD 6 when checking out the predetermined content to the PD 6 or checking in the predetermined content from the PD 6. The PD driver 138 exchanges data with the PD 6-1 or 6-3 via the device driver 116-1 or 116-2, and directly exchanges data with the PD 6-2. To do.

  The purchase driver 141 is a so-called plug-in program. The purchase driver 141 is supplied from the EMD registration server 3 through the network 2 or supplied by being recorded on a predetermined recording medium and installed together with the content management program 111. When the purchase driver 141 is installed in the personal computer 1, it transmits and receives data to and from the content management program 111 via an interface in a predetermined format that the content management program 111 has.

  The purchase driver 141 requests the EMD server 4 to transmit predetermined content via the network 2 and receives content from the EMD server 4. Further, the purchase driver 141 executes billing processing when receiving content from the EMD server 4.

  The purchase driver 142 is a program installed together with the content management program 111, requests the EMD server 4 to transmit predetermined content via the network 2, and receives content from the EMD server 4. Further, the purchase driver 142 executes billing processing when receiving content from the EMD server 4.

  The display operation instruction program 112 displays a display operation instruction window (image thereof) on the display 20 and performs processing such as check-in or check-out to the content management program 111 based on the user's window operation using the keyboard 18 or the mouse 19. Instruct execution.

  The recording program 113 displays a recording window (image thereof) on the display 20, reads the content from the CD, which is the optical disk 42 mounted on the drive 22, based on the user's window operation with the keyboard 18 or the mouse 19, and Output to the content management program 111.

The content database 114 stores encrypted content that is compressed by a predetermined method supplied from the content management program 111 and encrypted by the predetermined method. The content database 114 also stores a content key for decrypting the encrypted content supplied from the content management program 111. In FIG. 7, the content database 114 includes encrypted contents CON _{A to} CON _N corresponding to the contents _{A to N,} and content keys CEK-A to CEK- for decrypting the encrypted contents CON _{A to} CON _N , respectively. N is remembered.

  The content database 114 also stores a content management table TB that is updated when content is checked out or checked in to the PD 6.

  The activation program 117 is a so-called resident program that is always operating when the operating system of the personal computer 1-1 is operating. For example, the device driver 116-1 to the PD 6-1 are connected to the USB port 23-1. When a signal indicating connection is received, the display operation instruction program 112 is activated. The same applies when a signal indicating that the PD 6-3 is connected to the USB port 23-3 is received from the device driver 116-2.

  When the PD6-1 is connected to the USB port 23-1, or the PD6-3 is connected to the USB port 23-3 and the display operation instruction program 112 is activated, the display operation instruction program 112 is connected The content data (eg, song title, performance time, etc.) recorded therein is read from the PD 6-1 or 6-3 and displayed on the display operation instruction window.

  Since the functional configuration of the personal computer 1-2 is the same as the functional configuration of the personal computer 1-1, the description thereof is omitted.

  FIG. 8 is a block diagram showing a functional configuration example in the case of exchanging (checking out / checking in) content with the PD 6, which is realized by various programs or drivers in the content management program 111. The content management program 111 in FIG. 7 corresponds to the content management unit 201 in FIG.

  The content management unit 201 includes a reception unit 211, a transmission unit 212, a shared key creation unit 213, an encryption unit 214, a shared key correspondence table control unit 215, and a content correspondence table control unit 216.

The receiving unit 211 receives a request for creating a shared key (shared key K _DOM1 or shared key K ′ _DOM1 described later) from the PD 6 or receives a completion notification from the PD 6. The shared key is a key that the PD 6 (respectively) and the personal computer 1-1 have in common, and is used for encryption or decryption of the content key.

The transmission unit 212 transmits the shared key created by the shared key creation unit 213 to the PD 6, or transmits encrypted content, viewing rights, and the like corresponding to the content instructed to be checked out by the user. For example, when the user instructs the display device instruction program 112 to check out the content A, the transmission unit 212 transmits the encrypted content CON _{A in} which the content _A is encrypted with the content key CEK- _A and the content key CEK. -A is transmitted with the viewing right L _{A of} content A encrypted with a shared key. The transmission unit 212 also transmits a trigger signal for causing the PD 6 to transmit a shared key creation request signal to the PD 6.

  The shared key creation unit 213 creates a new shared key when the reception unit 211 receives a shared key creation request from the PD 6.

  The encryption unit 214 encrypts the content key with the shared key of the PD 6. The content key encrypted with the shared key functions as a viewing right (license) for the content corresponding to the content key. That is, since the content is transmitted to the PD 6 as encrypted content encrypted with the content key, the PD 6 cannot reproduce the content without the content key. In other words, if the PD 6 has a content key encrypted with the shared key, the encrypted content key can be decrypted and obtained with the shared key, so that the content can be reproduced. .

In addition, the encryption unit 214 encrypts the created shared key with the PKI public key K ′ _PKI-PD of the _PD 6 in order to securely transmit the created shared key to the PD 6. Before exchanging content, the personal computer 1-1 and the PD 6 mutually acquire the other party's PKI public key authenticated by a third-party certification organization such as PKI (Public Key Infrastructure). Yes. That is, the personal computer 1-1 has the PKI public key K ′ _PKI-PD of the _PD 6 together with its own PKI private key K _PKI-PC . The PD 6 has the PKI public key K ′ _PKI-PC of the personal computer 1-1 together with its own PKI private key K _PKI-PD .

  The shared key correspondence table control unit 215 controls the shared key correspondence table in the content management table TB. As will be described later with reference to FIG. 9, the shared key correspondence table is a table in which the PD 6 from which the personal computer 1-1 has checked out the content and the shared key (domain key) transmitted to the PD 6 are stored in association with each other. .

  The content correspondence table control unit 216 controls the content correspondence table in the content management table TB. As will be described later with reference to FIG. 9, the content correspondence table is a table in which the personal computer 1-1 checks out the content PD 6 and the content information indicating the checked out content in association with each other.

  FIG. 9 illustrates the content management table TB when the personal computer 1-1 has checked out the contents A, B, and C to the PD 6-1 and has checked out the contents B to the PD 6-2. FIG.

  The content management table TB stores the above-described content correspondence table and shared key correspondence table.

  In the content correspondence table, the PD 6 that has checked out the content and the content ID that represents the checked-out content are stored in a one-to-one correspondence. That is, the content correspondence table control unit 216 associates the content correspondence table with the device ID “PD1” of the PD 6-1 and represents the contents A, B, and C checked out to the PD 6-1. IDs “A”, “B”, and “C” are stored. The content correspondence table control unit 216 associates “B”, which is a content ID indicating the content B checked out to the PD 6-2, in association with the device ID “PD2” of the PD 6-2 in the content correspondence table. I remember it.

  With this content correspondence table, the personal computer 1-1 can manage the content checked out to each PD 6 (content type, number of checkouts, etc.).

Also, in the shared key correspondence table, the PD 6 that has checked out the content and the shared key that is shared with the PD 6 are stored in a one-to-one correspondence. That is, the shared key correspondence table control unit 215 stores the shared key K _DOM1 shared with the PD 6-1 in association with the device ID “PD1” of the PD 6-1 in the shared key correspondence table. ing. Further, the shared key correspondence table control unit 215 stores the shared key K _DOM2 that is shared with the PD 6-2 in association with the device ID “PD2” of the PD 6-2 in the shared key correspondence table. ing.

  With this shared key correspondence table, the personal computer 1-1 can manage the shared key that is shared by each PD 6 that has checked out the content.

For example, when the personal computer 1-1 checks out the content A to the PD 6-1, the personal computer 1-1 receives the encrypted content CON _{A in} which the content A is encrypted with the content key CEK- _A as the PD 6-1. , The shared right correspondence table is referenced, and the viewing right L _1A obtained by encrypting the content key CEK-A of the content A with the shared key K _DOM1 of the PD 6-1 is created and transmitted to the PD 6-1. The same applies when checking out content B or C to PD6-1.

Further, for example, when the personal computer 1-1 checks out the content B to the PD 6-2, the personal computer 1-1 receives the encrypted content CON _{B in} which the content B is encrypted with the content key CEK-B. 2, and by referring to the shared key correspondence table, the viewing right L _2B obtained by encrypting the content key CEK-B of the content B with the shared key K _DOM2 of the PD 6-2 is created and transmitted to the PD 6-2.

In FIG. 9, for example, E (K _DOM1 , CEK-A) indicates that the content key CEK-A is encrypted with the shared key K _DOM1 .

  FIG. 10 is a block diagram showing a functional configuration example of the PD 6-1 when exchanging (checking out / checking in) content with the personal computer 1-1.

  The PD 6-1 includes a transmission unit 241, a reception unit 242, a decryption unit 243, an expansion unit 244, a shared key storage control unit 245, a content key storage control unit 246, and a storage unit 247. The storage unit 247 includes a shared key storage unit 251 and a content storage unit 252.

  When the reception unit 242 receives the trigger signal, the transmission unit 241 transmits a shared key creation request signal or a completion signal indicating that the shared key or content viewing right has been received to the personal computer 1-1. Send.

The receiving unit 242 receives a trigger signal transmitted from the personal computer 1-1, receives encrypted content, content viewing rights, and the like. For example, in the personal computer 1-1, when the user instructs to check out the content A, the receiving unit 242 includes the encrypted content CON _A in which the content A is encrypted with the content key CEK- _A , and the content key CEK. -A receives the viewing right L _A of content A encrypted with a shared key (shared key K _DOM1 or shared key K ′ _DOM1 ).

The decryption unit 243 decrypts the encrypted content and the viewing right of the content. For example, the decryption unit 243 decrypts the encrypted content CON _A and the viewing right L _A of the content A in which the content key CEK-A is encrypted with the shared key.

  The decompressing unit 244 decompresses the content decrypted by the decrypting unit 243 when the user instructs to reproduce the content using the button 68 (FIG. 6). Thereafter, the music data of the expanded content is subjected to D / A (Digital to Analog) conversion processing and the like, and is output as sound to a headphone (not shown) or the like.

The shared key storage control unit 245 controls the shared key stored in the shared key storage unit 251 in the storage unit 247. For example, the shared key storage control unit 245 stores the shared key K _DOM1 transmitted from the personal computer 1-1 and received by the receiving unit 242 in the shared key storage unit 251 or a new sharing in place of the shared key K _DOM1. key (for example, shared key K _'DOM1) if has been transmitted from the personal computer 1-1, to update the shared key K _DOM1 stored in the shared key storage unit 251 to the new shared key.

The content key storage control unit 246 controls the viewing rights of content stored in the content storage unit 252 in the storage unit 247 and the encrypted content. That is, the content key storage control unit 246 causes the content storage unit 252 to store the encrypted content and the content viewing right that are transmitted from the personal computer 1-1 and received by the reception unit 242. In the example of FIG. 10, the content key storage control unit 246 has the encrypted contents CON _A , CON _B , and CON _C and the viewing rights L _A , L _B , and L _{C of} the contents A, B, and _C , that is, The content keys CEK-A, CEK-B, and CEK-C encrypted with the shared key K _DOM1 are stored in the content storage unit 252.

  In addition, when the shared key stored in the shared key storage unit 251 is updated to a new shared key, the content key storage control unit 246 can view content that cannot be played back with the new shared key. Delete rights and encrypted content.

For example, as shown in FIG. 10, when the personal computer 1-1 that has checked out the contents A, B, and C to the PD 6-1 checks in the content A, the personal computer 1-1 uses the shared key. A new shared key K ′ _DOM1 replacing the shared key K _DOM1 stored in the storage unit 251 is transmitted to the PD 6-1 and the content keys CEK-B and CEK− encrypted with the new shared key K ′ _DOM1 are transmitted. Send _C as viewing rights L _B and L _C. In this case, the viewing right L _A of the content A stored (remaining) in the content storage unit 252 is the content key CEK-A encrypted with the old shared key K _DOM1 and cannot be decrypted. . Accordingly, since the content key CEK-A of the content A cannot be obtained, the content A cannot be reproduced (decrypted with the content key CEK-A). Therefore, the content key storage control unit 246 determines the viewing right L _{A of the} content A stored in the content storage unit 252 (the content key CEK-A encrypted with the old shared key K _DOM1 ) and the encrypted content CON _A. Is deleted.

The storage unit 247 stores its own PKI private key K _PKI-PD and the PKI public key K ′ _{PKI-PC of} the personal computer 1-1. In addition, as described above, the shared key storage unit 251 of the storage unit 247 stores the shared key transmitted from the personal computer 1-1, and the content storage unit 252 transmits the shared key from the personal computer 1-1. The content viewing right and the encrypted content are stored. In the example of FIG. 10, the shared key storage unit 251 stores the shared key K _DOM1 , and the content storage unit 252 stores the viewing rights L _A , L _B , and L _C (shared key K Content keys CEK-A, CEK-B, and CEK-C encrypted with _DOM1 , respectively, and corresponding encrypted contents CON _A , CON _B , and CON _C (content keys CEK-A, CEK-B, And contents A, B, and C) encrypted by CEK-C, respectively.

The shared key storage unit 251 is an area hidden and managed (stored) from the user of the PD 6-1, and the user cannot delete or change the shared key K _DOM1 stored therein. It is like that.

  Next, content check-out / check-in processing for the PD 6-1 of the personal computer 1-1 will be described with reference to the flowcharts of FIGS.

  11 and 12, first, the contents A, B, and C are checked out from the personal computer 1-1 to the PD 6-1 and then the contents D are checked out together with the check-in of the contents A. The check-out / check-in process will be described.

  In the display operation instruction window by the display operation instruction program 112, when the user performs an operation (instruction) for checking out contents A, B, and C, in step S101, the transmission unit 212 of the personal computer 1-1 A trigger signal for causing the PD 6-1 to send a shared key creation request is transmitted to the PD 6-1.

  In step S141, the receiving unit 242 of the PD 6-1 receives the trigger signal transmitted from the personal computer 1-1. In step S142, the transmission unit 241 transmits a shared key creation request signal corresponding to the trigger signal to the personal computer 1-1.

  In step S102, the reception unit 211 of the personal computer 1-1 receives the shared key generation request signal from the PD 6-1 and supplies the shared key generation unit 213 to that effect.

The shared key creation unit 213 creates the shared key K _DOM1 in step S103, and proceeds to step S104. The shared key correspondence table control unit 215 uses the created shared key K _DOM1 as the device ID (PD1) of PD6-1. ) And stored in the shared key correspondence table.

In step S105, the encryption unit 214 encrypts the created shared key K _DOM1 with the PKI public key K ′ _PKI-PD of the _PD 6-1 and supplies it to the transmission unit 212. In step S106, the transmission unit 212 transmits the encrypted shared key K _DOM1 to the PD 6-1.

In step S143, the receiving unit 242 of the PD 6-1 receives the encrypted shared key K _DOM1 transmitted from the personal computer 1-1 and supplies it to the decrypting unit 244.

In step S144, the decryption unit 244 decrypts the encrypted shared key K _DOM1 with the PKI private key K _PKI-PD of itself (PD6-1), and proceeds to step S145, where the shared key storage control unit 245 decrypts The shared key K _DOM1 obtained in this way is stored in the shared key storage unit 251. In step S146, the transmission unit 241 transmits a completion notification _indicating that the shared key K _DOM1 has been received to the personal computer 1-1.

  In step S107, the reception unit 211 of the personal computer 1-1 receives the completion notification from the PD 6-1.

As described above, the common shared key K _DOM1 is held by the personal computer 1-1 and the PD 6-1.

In step S108, the personal computer 1-1 creates viewing rights L _1A , L _1B , and L _1C for the contents A, B, and C, respectively. That is, in step S108, the encryption unit 214 encrypts each of the content keys CEK-A, CEK-B, and CEK-C with the shared key K _DOM1 .

  In step S109, the content correspondence table control unit 216 assigns content A, B, and C to the PD 6-1 in the content correspondence table in the content management table TB. That is, the content correspondence table control unit 216 associates “PD1” that is the device ID of the PD 6-1 in the content correspondence table with content IDs “A” and “A” that represent the content checked out to the PD 6-1. “B” and “C” are stored.

Thereafter, in step S110, the transmission unit 212 transmits the encrypted contents CON _A , CON _B , and CON _C stored in the content database 114 and the viewing rights L _1A , L _1B , and L _1C created in step S108. Are transmitted to the PD 6-1. Here, the personal computer 1-1 uses the hash value of the transmission data (encrypted contents CON _A , CON _B , and CON _C and viewing rights L _1A , L _1B , and L _1C ) as the PKI secret of the personal computer 1-1. By encrypting with the key K _PKI-PC and adding it as an electronic signature to the transmission data and transmitting it to the PD 6-1, the PD 6-1 is the information that the transmission data is definitely transmitted by the personal computer 1-1. You can be sure that it is not.

In step S147, the receiving unit 242 of the PD 6-1 receives the encrypted contents CON _A , CON _B , and CON _C transmitted from the personal computer 1-1 and the viewing rights L _1A , L _1B , and L _1C . In step S148, the content key storage control unit 246 stores them in the content storage unit 252.

In step S149, the transmission unit 241 sends a completion notification indicating that the encrypted contents CON _A , CON _B and CON _C and the viewing rights L _A , L _B and L _C have been received to the personal computer 1-1. In step S111, the personal computer 1-1 receives this information.

As described above, the content storage unit 252 of the PD 6-1 stores the encrypted content CON _A , CON _B , and CON _C and the viewing rights L _1A , L _1B , and L _1C . In the PD 6-1, the content A, B, or C can be reproduced.

For example, when the PD 6-1 reproduces the content A, the PD 6-1 first decrypts the viewing right L _1A of the content A with the shared key K _DOM1 to obtain the content key CEK-A. Then, the PD 6-1 decrypts the encrypted content CON _A with the content key CEK-A to obtain the content A (music data). Then, decompression processing, D / A conversion processing, and the like are performed on the content A, and the content A is output as sound (music).

When the PD 6-1 deletes the encrypted content CON _A and the viewing right L _1A from the content storage unit 252 and requests the personal computer 1-1 to retransmit them, the personal computer 1-1 In the content correspondence table in the management table TB, since the content checked out to the PD 6-1 is managed (stored), it is confirmed whether it is a re-sending request of the content checked out to the PD 6-1 and the encrypted content is checked. Resend viewing rights L _1A for CON _A or content A.

  Assume that the user desires to check in the content A after the content A is listened to by the user for a predetermined period in the PD 6-1. Also, assume that the user desires to check out content D at the same time as content A is checked in. Therefore, the user connects the PD 6-1 to the USB port 23-1 of the personal computer 1-1 again and starts the display operation instruction program 112. In the display operation instruction window, the user performs an operation (instruction) for checking in content A and checking out content D.

  In this case, in step S112 in FIG. 12, the transmission unit 212 of the personal computer 1-1 transmits a trigger signal for causing the PD 6-1 to send a shared key creation request to the PD 6-1.

  In step S150, the receiving unit 242 of the PD 6-1 receives the trigger signal transmitted from the personal computer 1-1. In step S151, the transmission unit 241 transmits a shared key creation request signal corresponding to the trigger signal to the personal computer 1-1.

  In step S113, the reception unit 211 of the personal computer 1-1 receives the shared key generation request signal from the PD 6-1 and supplies the shared key generation unit 213 to that effect.

In step S114, the shared key creation unit 213 creates a new shared key K ′ _DOM1 and proceeds to step S115, where the shared key correspondence table control unit 215 _{sends the} created shared key K ′ _DOM1 to the PD 6-1. It is stored in the shared key correspondence table in association with the device ID (PD1).

In step S 116, the encryption unit 214 encrypts the created shared key K ′ _DOM1 with the PKI public key K ′ _PKI-PD of the _PD 6-1 and supplies it to the transmission unit 212. In step S117, the transmission unit 212 transmits the encrypted shared key K ′ _DOM1 to the PD 6-1.

In step S152, the receiving unit 242 of the PD 6-1 receives the encrypted shared key K ′ _DOM1 transmitted from the personal computer 1-1 and supplies it to the decrypting unit 244.

In step S153, the decryption unit 244 decrypts the encrypted shared key K ′ _DOM1 with the PKI private key K _PKI-PD of itself (PD6-1), proceeds to step S154, and the shared key storage control unit 245 The shared key K ′ _DOM1 obtained by decryption is stored in the shared key storage unit 251. In step S155, the transmission unit 241 transmits a completion notification _indicating that the shared key K ′ _DOM1 has been received to the personal computer 1-1.

  In step S118, the reception unit 211 of the personal computer 1-1 receives the completion notification from the PD 6-1.

As described above, the new shared key K ′ _DOM1 is held by the personal computer 1-1 and the PD 6-1. At this time, the viewing rights L _1A , L _1B , and L _{1C of the} contents A, B, and C stored in the content storage unit 252 of the _{PD 6-1} are encrypted with the shared key K _DOM1 before the update. Therefore, all of the contents A, B, and C cannot be temporarily reproduced on the PD 6-1.

In step S119, the personal computer 1-1 creates viewing rights L ′ _1B , L ′ _1C , and L ′ _1D for content B, content C, and content D, respectively. That is, in step S119, the encryption unit 214 encrypts each of the content keys CEK-B, CEK-C, and CEK-D with the shared key K ′ _DOM1 .

  In step S120, the content correspondence table control unit 216 deletes the assignment of the content A to the PD 6-1 in the content correspondence table in the content management table TB, and newly assigns the content D to the PD 6-1. That is, the content correspondence table control unit 216 deletes the registration of the device ID “PD1” of the PD 6-1 and the content ID “A” representing the content A from the content correspondence table, and newly registers the PD 6-1. The device ID “PD1” and the content ID “D” representing the content D are stored in the content correspondence table.

Thereafter, in step S121, the transmission unit 212 transmits the encrypted content CON _D stored in the content database 114 and the viewing rights L ′ _1B , L ′ _1C , and L ′ _1D (new sharing) created in step S119. The content keys CEK-B, CEK-C, and CEK-D) encrypted with the key K ′ _DOM1 are transmitted to the PD 6-1. Here, the personal computer 1-1 uses the hash value of the transmission data (encrypted content CON _D and viewing rights L ′ _1B , L ′ _1C , and L ′ _1D ) as the PKI private key K _PKI− of the personal computer 1-1. _By encrypting it with a _PC and adding it as an electronic signature to the transmission data and transmitting it to the PD 6-1, the PD 6-1 is the information that the transmission data is definitely transmitted by the personal computer 1-1 and has not been tampered with. Can be confirmed. Note that the encrypted contents CON _B and CON _C have no effect on the change of the shared key and are the same as those sent in step S110 described above, so they are not sent (of course, they may be sent).

In step S156, the receiving unit 242 of the PD 6-1 receives the encrypted content CON _D and the viewing rights L ′ _1B , L ′ _1C , and L ′ _1D transmitted from the personal computer 1-1. In step S157, the content key storage control unit 246 stores them in the content storage unit 252.

In step S158, the content key storage control unit 246 _deletes the encrypted content CON _A and the viewing right L _1A (the content key CEK-A encrypted with the shared key K _DOM1 ) stored in the content storage unit 252. To do.

In step S159, the transmission unit 241 transmits a completion notification indicating that the encrypted content CON _D and the viewing rights L ′ _1B , L ′ _1C , and L ′ _1D have been received to the personal computer 1-1. The computer 1-1 receives this in step S122.

As described above, the content storage unit 252 of the PD 6-1 stores the encrypted content CON _B , CON _C , and CON _D and the viewing rights L ′ _1B , L ′ _1C , and L ′ _1D . That is, content A is checked in and content D is checked out.

11 and 12, when the content provided by the personal computer 1-1 to the PD 6-1 is updated, that is, the content checked by the personal computer 1-1 to the PD 6-1. When checking in A or when the personal computer 1-1 checks out new content D in the PD 6-1, the transmission unit 212 of the personal computer 1-1 sends a shared key creation request to the PD 6-1. A trigger signal for transmission is transmitted to the PD 6-1. The transmission unit 241 of the PD 6-1 changes a new shared key (shared key K ′ _DOM1 in the above example) different from the shared keys currently held (shared key K _DOM1 in the above example) according to the trigger signal. Is sent to the personal computer 1-1. The reception unit 211 of the personal computer 1-1 receives the shared key creation request signal, and the shared key creation unit 213 creates a new shared key K ′ _DOM1 that is different from the shared key K _DOM1 currently held by each other. To do. In addition, the shared key correspondence table control unit 215 uses the shared key K _DOM1 stored in the shared key correspondence table in association with the device ID (reproducing device information) representing the PD 6-1 as a newly created shared key. Update to K ' _DOM1 .

The encryption unit 214 of the personal computer 1-1 encrypts the content key of the content to be provided to the PD 6-1 with the created new shared key K ′ _DOM1 , and creates the created new shared key K ′ _DOM1 . The content key encrypted with the new shared key K ′ _DOM1 is transmitted to the PD 6-1 (the encrypted content is also transmitted to the PD 6-1 as necessary). Then, the content correspondence table control unit 216 associates and stores the PD 6-1 and the content ID (content information) representing the content of the PD 6-1 according to the transmitted content key. Update.

The receiving unit 242 of the PD 6-1 receives the new shared key K ′ _DOM1 and the content key encrypted with the new shared key K ′ _DOM1 transmitted from the personal computer 1-1 (encryption). (If the encrypted content is transmitted, it is also received). The decryption unit 244 of the PD 6-1 decrypts the received new shared key K ′ _DOM1 with its own PKI private key, and the shared key storage control unit 245 is concealed from the user and stored in the shared key storage unit 251. The _existing shared key K _DOM1 is updated to a new shared key K ′ _DOM1 . The content key storage control unit 246 uses the content viewing right (content key encrypted with the shared key K _DOM1 ) stored in the content key storage unit 252 as a new viewing right (new shared key K ′ _DOM1 To the content key encrypted with

Accordingly, the viewing right L ′ _1A of the content A (the content key CEK-A of the content A encrypted with the new shared key K ′ _DOM1 ) is not transmitted to the PD 6-1, so that the new shared key K ′ _{DOM 1} After the update, the PD 6-1 cannot reproduce the content A. That is, the content A is checked in. On the other hand, the contents B and C can be reproduced in the same manner as before even after being updated to the new shared key K ′ _DOM1 . Also, newly checked-in content D can be played.

  That is, according to the check-out / check-in process of FIG. 11 and FIG. 12, when updating the content to be provided to the PD 6-1, the personal computer 1-1 invalidates the current shared key, Once the viewing rights of the content have been released (checked out), the content key of the content that should not be released should be encrypted with the newly created shared key along with the content key of the content to be newly checked out Create and send viewing rights. When the right to view the content is created with the next effective shared key, the personal computer 1-1 considers that the content has been allocated to the PD 6-1 so that the content to be supplied to the PD 6-1 can be viewed. Rights can be managed for each content. In addition, the PD 6-1 can cause the personal computer 1-1 to manage viewing rights for each content and reproduce the checked-out content.

  In the check-out / check-in processing, the content key storage control unit 246 of the PD 6-1 is stored in the content key storage unit 252 without being updated to the content key encrypted with the new shared key (remaining By deleting the content key encrypted with the old shared key, the storage unit 247 (the content storage unit 252) can be used effectively.

In the processing of FIGS. 11 and 12, in step S120, the content correspondence table control unit 216 deletes the allocation of the content A and allocates the content D so that the content B and C are not changed. However, as described above, when the shared key K _DOM1 is updated to the new shared key K ′ _DOM1 , the PD 6-1 cannot reproduce all the contents A, B, and C. 1 receives the completion notification that the new shared key K ′ _DOM1 has been received in step S118, temporarily deletes the assignment of the contents A, B, and C to the PD 6-1 in the contents correspondence table, In S120, the contents B, C, and D may be assigned to the PD 6-1.

  FIG. 13 shows another example of the content correspondence table shown in FIG.

  In the content correspondence table in FIG. 9, the PD 6 that has checked out the content and the checked out content ID are associated one-to-one. However, in the content correspondence table in FIG. The content IDs of all the contents checked out to the PD 6 are stored in association with each other.

  That is, in the content correspondence table of FIG. 13, “A” which is the content ID of content A, B and C checked out to PD 6-1 in association with “PD1” which is the device ID of PD 6-1. , “B”, and “C” are stored. In addition, “B”, which is the content ID of content B checked out to PD6-2, is stored in association with “PD2”, which is the device ID of PD6-2.

  Further, as shown in FIG. 14, the content correspondence table can also store the content ID of the checked-out content and the check-out destination PD 6 of the content in association with each content.

  That is, the content correspondence table in FIG. 14 stores “PD1”, which is the device ID of the PD 6-1 in which content A is checked out, in association with “A”, which is the content ID of content A. Further, “PD1” and “PD2”, which are device IDs of PD 6-1 and PD 6-2 in which content B is checked out, are stored in association with “B” which is the content ID of content B. Further, “PD1” that is the device ID of the PD 6-1 in which the content C is checked out is stored in association with “C” that is the content ID of the content C.

  Even when the content correspondence table of FIG. 13 or FIG. 14 is adopted, the content checked out to each PD 6 can be managed as in the case of FIG.

  FIG. 15 shows a screen example of a display operation instruction window that the display operation instruction program 112 displays on the display 20.

  In the display operation instruction window, a button 341 for starting the recording program 113, a button 342 for starting the EMD selection program 131, and a field for setting a check-in or check-out process are displayed. 343 is arranged.

  In the display operation instruction window, a field 348 for displaying a selected package (a group of a plurality of contents) or an image associated with the contents is arranged. The button 349 is clicked when the selected content is reproduced (the sound corresponding to the content is output to the speaker 24).

  When the button 345 is selected, the data corresponding to the original package is displayed in the field 351. When the button 346 is selected, the field 351 displays data corresponding to the My Select package. When the button 347 is selected, data corresponding to the filtering package is displayed in the field 351.

  The data displayed in the field 351 is data relating to the package, such as a package name or an artist name.

  For example, in FIG. 15, the package name “first” and artist name “Taro”, the package name “second”, and artist name “Taro” are displayed in the field 351. Further, in FIG. 15, the package name “Asynchronized” and the artist name “JJ” are selected.

  In the field 352, data corresponding to the content belonging to the package selected in the field 351 is displayed. The data displayed in the field 352 is, for example, a song name (Content Name), a performance time (Time), or the number of possible checkouts. When there is no limit on the number of checkouts, for example, musical notes are displayed as shown in FIG.

  When the button 343 for displaying the field for setting the check-in or check-out process is clicked, the display operation instruction program 112 displays the PD 6 (connected PDs 6-1 to 6- 6 in the display operation instruction window). The field 481 for displaying the song title of the content stored in (one of 3 is designated in advance) is displayed.

  When the display operation instruction program 112 displays the field 481 in the display operation instruction window, the display operation instruction program 112 displays a field 482 for displaying the name of the package of the content stored in the PD 6 in the display operation instruction window. A button 483 for closing 481 and a button 484 for executing check-in or check-out are displayed.

  Further, when the display operation instruction program 112 displays the field 481 in the display operation instruction window, the display operation instruction program 112 has a button 491 for setting the checkout of the content corresponding to the song name selected in the field 352, and the field 481. A button 492 for setting the check-in of the content corresponding to the song name selected in, a button 493 for setting the check-in of all the content corresponding to the content name displayed in the field 481, and a check-in or check-out setting. A cancel button 494 is displayed between the field 352 and the field 481.

  In the field 481, a symbol indicating whether or not the content can be checked into the personal computer 1-1 is displayed on the leftmost side of the field 481 in association with the song name of the content. For example, “O” located at the leftmost of the field 481 indicates that the content corresponding to the title of the content can be checked in to the personal computer 1-1 (that is, checked out from the personal computer 1-1). Yes. If “x” is displayed on the leftmost of the field 481, the content corresponding to the song title of the content cannot be checked into the personal computer 1-1 (that is, checked out from the personal computer 1-1). Not, for example, checked out from the personal computer 1-2).

  For example, when the song name “fan key” displayed in the field 352 is selected and the checkout setting button 491 is clicked, the display operation instruction program 112 sets the checkout of the content corresponding to the song name “fan key”. Then, the song name “Fankey” is displayed in the field 481.

  If the package name displayed in the field 351 is dragged and dropped into the field 481, checkout of all contents belonging to the package corresponding to the dragged and dropped package name is set.

  The personal computer 1-1 does not execute the check-in or check-out process only by setting the check-in or check-out by operating the buttons 491 to 494.

  When the button 484 is clicked after setting check-in or check-out by operating the buttons 491 to 494, the display operation instruction program 112 causes the content management program 111 to execute check-in or check-out processing. That is, when the button 484 is clicked, the display operation instruction program 112 supplies check-in or check-out setting information, and the content management program 111 creates a new shared key and newly checked out content. Alternatively, the right to view continuously provided content is transmitted to the PD 6.

  Note that the button 484 may be omitted, and when the buttons 491 to 494 are operated, the personal computer 1-1 may execute check-in or check-out processing.

  In the above-described embodiment, the personal computer 1-1 manages the right to view content. However, the EMD server 4 that supplies (distributes) content to the personal computer 1-1 manages the right to view content. You can also. In this case, the personal computer 1-1 relays data exchanged between the EMD server 4 and the PD 6 (commands such as trigger signals and shared key creation request signals, encrypted contents, viewing rights, shared keys, etc.). To do.

  FIGS. 16 and 17 are flowcharts of content check-out / check-in processing for the PD 6-1 when the EMD server 4-1 manages the right to view the content.

  In the flowcharts of FIGS. 16 and 17, the processes of steps S241 to S259 performed by the PD 6-1 are the same as the processes of steps S141 to S159 of FIGS.

  Also, in the flowcharts of FIGS. 16 and 17, the processes of steps S201 to S222 performed by the EMD server 4-1 are the same as the processes of steps S101 to S122 performed by the personal computer 1-1 in FIGS. Since each is the same, the description is omitted.

  In steps S301 to S324 of FIGS. 16 and 17, the personal computer 1-1 transmits the data received from the EMD server 4-1 to the PD 6-1 and the data received from the PD 6-1 to the EMD server 4-1. Send.

  According to the check-out / check-in process of FIG. 16 and FIG. 17, the EMD server 4-1 is similar to the personal computer 1-1 in the check-out / check-in process of FIG. 11 and FIG. It is possible to manage the viewing rights of the content supplied to each content. Further, the PD 6-1 can cause the EMD server 4-1 to manage viewing rights for each content, and reproduce the content received (checked out) via the personal computer 1-1.

  If the PD 6-1 can communicate with the EMD server 4-1 that manages content viewing rights, the PD 6-1 does not necessarily have to go through the personal computer 1-1. For example, when the PD 6-1 is a mobile phone, the PD 6-1 is connected to the telephone network 7 via the base station 5-1 or 5-2, and further connected to the EMD server 4-1 via the network 2. You may communicate. For example, when the PD 6-1 has a wireless LAN (Local Area Network) function such as IEEE (The Institute of Electrical and Electronic Engineers) 802.11a, 802.11b, and 802.11g, the PD 6-1 2 can be directly connected to communicate with the EMD server 4-1.

  In the present specification, the steps described in the flowcharts are executed in parallel or individually even if they are not necessarily processed in time series, as well as processes performed in time series in the described order. It also includes processing.

  Further, in this specification, the system represents the entire apparatus constituted by a plurality of apparatuses.

  The embodiment of the present invention is not limited to the above-described embodiment, and various modifications can be made without departing from the gist of the present invention.

It is a figure which shows the example of data currently recorded on the recording medium of PD. 10 is a flowchart for explaining processing when a common shared key K _DOM is shared between a PD and a management terminal device. It is a flowchart explaining the conventional checkout process. It is a figure which shows one Embodiment of the music data management system to which this invention is applied. It is a block diagram which shows the structure of the personal computer 1-1. It is a block diagram which shows the structural example of PD6. It is a block diagram which shows the functional structural example of the personal computer 1-1. It is a block diagram which shows the functional structural example of the personal computer 1-1 in the case of exchanging contents with PD6. It is a figure explaining the content management table TB. It is a block diagram which shows the functional structural example of PD6-1. It is a flowchart explaining the content check-out / check-in process with respect to PD6-1 of the personal computer 1-1. It is a flowchart explaining the check-out / check-in process of content. 10 shows another example of the content correspondence table shown in FIG. 10 shows still another example of the content correspondence table shown in FIG. It is a figure which shows the example of a screen of a display operation instruction | indication window. It is a flowchart explaining the check-out / check-in process of content. It is a flowchart explaining the check-out / check-in process of content.

Explanation of symbols

  1-1, 1-2 Personal computer, 4-1 to 4-3 EMD server, 6-1 to 6-4 Portable device, 11 CPU, 12 ROM, 13 RAM, 21 HDD, 23-1 to 23-3 USB Port, 41 magnetic disk, 42 optical disk, 43 magneto-optical disk, 44 semiconductor memory, 61 CPU, 62 ROM, 63 RAM, 70 HDD, 71 USB port, 91 semiconductor memory, 201 content management unit, 211 receiving unit, 212 transmitting unit , 213 shared key creation unit, 214 encryption unit, 215 shared key correspondence table control unit, 216 content correspondence table control unit, 241 transmission unit, 242 reception unit, 243 decryption unit, 244 decompression unit, 245 shared key storage control unit, 246 content key storage control unit, 247 storage unit, 2 1 shared key storage unit, 252 content storage unit

Claims (11)

In a content management device that manages the content provided to a playback device that plays back content,
When updating the content provided to the playback device, a new shared key that is transmitted from the playback device in response to a trigger signal transmitted by the content management device and is different from the current shared key of the playback device A receiving means for receiving the creation request;
Creating means for creating the new shared key in response to the creation request;
Shared key storage control means for updating the shared key stored in the shared key storage means in association with the playback apparatus information representing the playback apparatus to the created new shared key;
An encryption means for encrypting a content key for decrypting the content provided to the playback device with the created new shared key;
Transmitting means for transmitting the trigger signal, the created new shared key, and the content key encrypted with the new shared key as a right to view the content to the playback device;
Content information for updating content information storage means for storing the playback device and content information representing the content of the playback device in association with each other according to the content key encrypted with the new shared key A content management device comprising storage control means. The content management apparatus according to claim 1, wherein the transmission unit also transmits the content to the playback apparatus. The encryption means further encrypts the created new shared key with a PKI (Public Key Infrastructure) public key of the playback device,
The content management apparatus according to claim 1, wherein the transmission unit transmits the new shared key encrypted with the PKI public key of the playback apparatus to the playback apparatus. In a content management method of a content management device that performs content management processing for managing the content provided to a playback device that plays back content,
When updating the content provided to the playback device, a new shared key that is transmitted from the playback device in response to a trigger signal transmitted by the content management device and is different from the current shared key of the playback device Receives a creation request,
In response to the creation request, create the new shared key,
Update the shared key stored in the shared key storage means in association with the playback device information representing the playback device to the created new shared key,
A content key for decrypting the content provided to the playback device is encrypted with the created new shared key,
The trigger signal, the created new shared key, and the content key encrypted with the new shared key as the content viewing right are transmitted to the playback device,
Updating a content information storage unit that stores the playback device and content information representing the content of the playback device in association with each other according to the content key encrypted with the new shared key. Including content management method. In a program for causing a computer to execute control of a content management device that performs content management processing for managing the content provided to a playback device that plays back content,
When updating the content provided to the playback device, a new shared key that is transmitted from the playback device in response to a trigger signal transmitted by the content management device and is different from the current shared key of the playback device Receives a creation request,
In response to the creation request, create the new shared key,
Update the shared key stored in the shared key storage means in association with the playback device information representing the playback device to the created new shared key,
A content key for decrypting the content provided to the playback device is encrypted with the created new shared key,
The trigger signal, the created new shared key, and the content key encrypted with the new shared key as the content viewing right are transmitted to the playback device,
Updating a content information storage unit that stores the playback device and content information representing the content of the playback device in association with each other according to the content key encrypted with the new shared key. Including programs. In a playback device for playing back content provided from a content management device,
In response to a trigger signal transmitted from the content management device when the content of the playback device is updated, a request for creating a new shared key different from the shared key that the playback device currently has is sent to the content management Transmitting means for transmitting to the device;
Receiving means for receiving, from the content management device, the content key of the content encrypted with the new shared key as the trigger signal, the new shared key, and the viewing right of the content;
Shared key storage control means for updating the shared key that is concealed from the user who uses the playback device and stored in the shared key storage means to the new shared key;
A reproduction apparatus comprising: a content key storage control unit configured to update the content key encrypted with the shared key, which is stored in the content key storage unit, to the content key encrypted with the new shared key. The content key storage control means is further configured to store the content key encrypted with the shared key stored in the content key storage means without being updated to the content key encrypted with the new shared key. The playback device according to claim 6. The content key storage means also stores the content encrypted with the content key,
The playback apparatus according to claim 7, wherein the content key storage control unit also deletes the content corresponding to the deleted content key. The new shared key received by the receiving means is encrypted with the PKI (Public Key Infrastructure) public key of the playback device,
The playback device according to claim 6, further comprising decryption means for decrypting the new shared key encrypted with the PKI public key of the playback device with the PKI private key of the playback device. In a control method of a playback device for playing back content provided from a content management device,
In response to a trigger signal transmitted from the content management device when the content of the playback device is updated, a request for creating a new shared key different from the shared key that the playback device currently has is sent to the content management To the device,
Receiving the content signal of the content encrypted with the new shared key as the trigger signal, the new shared key, and the viewing right of the content from the content management device;
Updating the shared key concealed from the user using the playback device and stored in the shared key storage means to the new shared key;
A control method comprising the step of updating the content key encrypted with the shared key stored in a content key storage means to the content key encrypted with the new shared key. In a program for causing a computer to execute control of a playback device that plays back content provided from a content management device,
In response to a trigger signal transmitted from the content management device when the content of the playback device is updated, a request for creating a new shared key different from the shared key that the playback device currently has is sent to the content management To the device,
Receiving the content signal of the content encrypted with the new shared key as the trigger signal, the new shared key, and the viewing right of the content from the content management device;
Updating the shared key concealed from the user using the playback device and stored in the shared key storage means to the new shared key;
A program comprising the step of updating the content key encrypted with the shared key stored in a content key storage means to the content key encrypted with the new shared key.

Images