JP2008262579A - Content information transmission system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To control an unauthorized use of a content under the management of an end user. <P>SOLUTION: A content use controller is provided with a function to register and check a device or a user to be a receiver of services in providing services so that the services are not used limitlessly by the device or the user other than an authorized receiver of the services and further has a function to limit overwrite of a registered content. By limiting these, copyright protection of information to be provided for the services is performed. An example of the device is a server for holding contents, such as movies or music, and is applied to a system for providing a content in accordance with a request of a client (mobile phones or TV and PC connected to the server) or a user. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to a content information transmission system that controls the use of content under predetermined use conditions, and more particularly to a content information transmission system that controls the use of content provided to a user via a network or the like.

  More particularly, the present invention relates to a content information transmission system that controls the use of content acquired via a network or the like under the control of a specific server administrator, and in particular, for content placed under the management of an end user. The present invention relates to a content information transmission system that controls unauthorized use.

  At present, computing technologies such as information processing and information communication have improved dramatically, and computer systems have become widespread. In addition, there is a growing demand for network computing technology that interconnects computers. Under a network connection environment, it is possible to collaborate among a plurality of users who share computer resources, and to smoothly share, distribute, distribute, and exchange information contents.

  Nowadays, with the widespread use of the Internet and the advancement and lower prices of high-speed access technologies such as broadband, many users can easily transmit various information contents around the world through communication.

  On the other hand, a system that illegally copies and distributes data of a copyrighted work such as a movie or music using such an environment, such as Napster and Gnutella, has appeared and a problem related to content protection has occurred. Although the scale and performance of the network are expected to increase further in the future, the information that can be transmitted is limited without the means to prevent unauthorized use of such content, and the value of the network can be enjoyed effectively. There is a risk that it will not be possible. In addition, if content abuse is rampant, the willingness of content producers / providers will decline, which may hinder the development of the entire industry.

  Generally, when content is distributed via a wide area network such as the Internet, the content is technically protected by registering or charging users in advance and distributing the content only when proper use is ensured. be able to.

  However, recently, private networks such as home networks have become popular, and users can perform home distribution within the scope of proper use under the Copyright Act. For example, content acquired via BS digital is distributed between information devices connected via i-Link or the like. In such a case, the content must be protected by the user at the end, but there is a danger that the user registration is managed independently, and the content is distributed without restriction within the home.

  Therefore, in a system in which contents such as movies and music purchased by a user are stored in a home server and transmitted / viewed via the Internet, a mechanism for preventing access exceeding private use is required.

  At present, there is no standardized method approved by the copyright holder, and confusion has occurred in the United States, such as a lawsuit regarding the content transmission function over the Internet of broadcast recording devices.

  Methods to prevent usage beyond private use include limiting the number of devices that can use the service, or registering client identification information (eg, MAC address) to prevent access from unregistered clients. Already exists. However, these are effective when the server administrator correctly sets and does not intentionally allow unauthorized access. Even if the end user is an administrator, such as a server administrator, especially a home server, the content rights holder thinks that it is necessary to prevent unauthorized distribution to some extent. There is still no standardized method.

  For example, user information is registered by the user registration means, and when the user intends to use this system, the user authentication means authenticates whether or not the user is a registered user. Only the registered user can search for the desired content from the content registered by the content registration means by the content search means, and the user can acquire the usage right for the searched content, and the content for which the usage right has been acquired A content distribution system that monitors the user's operation with respect to content by means of content monitoring means has been proposed (see, for example, Patent Document 1). However, this system eliminates unauthorized use by the user and does not consider allowing the user to use the content within the home or private use.

  Further, a content distribution system in which the number of people who can use the content at the same time is limited has been proposed (see, for example, Patent Document 2). In the system, the receiver that receives the content determines which content can be used according to the collation result of the user ID registered in the management table and the user ID of the receiver itself. The server and client can read out only the content that is licensed to the user ID of the receiver, and the management table matches the number of licenses with a number greater than the contract. Cannot be used simultaneously. However, the number of people that can be used at the same time varies from user to user and content (app), and the use of the content is limited to the license acquired by the user for each content rather than being restricted to home or private use. It is intended to be limited accordingly, and does not exclude unauthorized use by the user and does not allow the user to use the content within the home or private use.

JP 2001-306528 A JP 2001-350862 A

  An object of the present invention is to provide an excellent content information transmission system capable of controlling the use of content acquired via a network or the like under a specific server administrator.

  It is a further object of the present invention to provide an excellent content information transmission system that can control unauthorized use of content placed under the control of an end user.

  A further object of the present invention is to perform control so that content is not distributed and distributed indefinitely beyond a predetermined use condition when the content is managed by an end user such as a home network. An object of the present invention is to provide an excellent content information transmission system.

The present invention has been made in consideration of the above problems, and a first aspect thereof is a content use control device or a content use control device that controls use of content under a predetermined use condition,
Acquisition means or step for acquiring information for identifying other devices or users requesting use of the content;
Registration means or step for registering identification information obtained from another device or user;
A usage control means or step for determining whether or not to use the content based on the presence or absence of registration of identification information of the request source in response to a content usage request from another device or user;
A content use control device or a content use control device.

  The present invention is effective in preventing unauthorized use by a user who does not have the authority to use the content by restricting the user of the content by a device capable of outputting paid content such as movies and music. That is, according to the content use control device or content use restriction method of the present invention, it is necessary to register the identification information of the device or user to be used prior to the use of the provided service. This can eliminate unauthorized use by devices and users that cannot be registered.

  Here, the registration means or step may perform registration processing in response to a request from another device or user.

  The registration means or step may perform a new registration process only when there is a margin for a predetermined number of registrations. By limiting the number of registrations in this way, it is possible to prevent a situation in which user registration is performed without limitation and content is illegally distributed / distributed.

  The registration means or step holds an invalid flag for controlling service provision to a client having registered identification information together with other device or user identification information, and the use control means or step is invalid. You may make it restrict | limit use of the content by the other apparatus or user in which the flag is set.

  In addition, the content use restriction device or the content use restriction method according to the first aspect of the present invention may further include a change restriction unit that restricts a change in registered content in the registration unit.

  If the change of the registration contents of the registration information database is allowed without limitation, there is a risk that the contents will be distributed or distributed beyond the home (within the copyright protection range). Therefore, the content use control apparatus or the content use control method according to the present invention is a procedure for changing the registered information that replaces the identification information once registered in the registration information database, that is, another device or user that can use the service with another one. Can be limited.

  Further, even if the user of the content use control device intentionally registers a device or a user who does not have the authority to use the service, the change is limited, and thus unlawful unauthorized use is not possible. In addition, if other users or their devices are registered, there is a possibility that the use by themselves or their families may be hindered. Therefore, the restriction of the change can be expected to suppress the unauthorized registration.

  On the other hand, by setting restrictions on the use of services in this way, it is possible to prevent unlimited unauthorized use, so that the requirements of content providers will be fully satisfied, and various services and content can be used. .

  Here, the change limiting means or step may limit the number of times the registered identification information is replaced with identification information of another device or user to a predetermined number. Further changes are prohibited after a predetermined number of changes. The changeable number of times shall be protected so that the end user cannot tamper.

  The change restriction means or step may restrict the frequency of replacing the registered identification information with the identification information of another device or user. For example, it is prohibited to change again until the predetermined time has elapsed since the last change of registered content, or the number of changes within the predetermined time is limited.

  The change restricting means or step may request the other apparatus or user for a predetermined operation when replacing the registered identification information with the other apparatus or user identification information. Good. For example, input of a password, predetermined button pressing operation (for example, pressing some buttons in a predetermined order), and the like.

  Further, the change restriction means or step may request to obtain change permission information from another device or an administrator when replacing the registered identification information. For example, a password or key data is obtained by telephone, the Internet, mail, a recording medium, orally, and can be changed when the apparatus confirms it directly or indirectly.

  The change restriction means or step may perform a billing process according to the number of change restrictions.

  Further, the change restriction means or step may request to obtain change permission information from another device or a predetermined administrator when changing the restriction contents of registration. For example, a password or key data is obtained by telephone, the Internet, mail, a recording medium, orally, and can be changed when the apparatus confirms it directly or indirectly.

  In addition, by making it possible to change the restrictions on the replacement of registered information, it is possible to obtain an option to relax the restriction to a level at which the end user does not feel inconvenience. The range of unauthorized use can be controlled.

According to a second aspect of the present invention, there is provided a computer program written in a computer-readable format so as to execute a process for controlling the use of content under a predetermined use condition on a computer system.
An acquisition step of acquiring identification information of another device or user that requests use of the content;
A registration step of registering identification information obtained from another device or user;
In response to a content usage request from another device or user, a usage control step of determining whether or not to use can be made depending on whether or not the identification information of the request source is registered;
A computer program characterized by comprising:

  The computer program according to the second aspect of the present invention defines a computer program described in a computer-readable format so as to realize predetermined processing on a computer system. In other words, by installing the computer program according to the second aspect of the present invention in the computer system, a cooperative action is exhibited on the computer system, and the viewpoint according to the first aspect of the present invention is free. It is possible to obtain the same effects as the shape image display device or the method thereof.

  Other objects, features, and advantages of the present invention will become apparent from more detailed description based on embodiments of the present invention described later and the accompanying drawings.

  ADVANTAGE OF THE INVENTION According to this invention, the outstanding content information transmission system which can control use regarding the content acquired via the network etc. under a specific server administrator can be provided.

  Furthermore, according to the present invention, it is possible to provide an excellent content information transmission system that can control unauthorized use of content placed under the management of an end user.

  Further, according to the present invention, when content is placed under the control of an end user such as a home network, control is performed so that the content is not distributed and distributed indefinitely beyond a predetermined use condition. Therefore, it is possible to provide an excellent content information transmission system.

  The present invention is effective in preventing unauthorized use by a user who does not have the authority to use the content by restricting the user of the content by a device capable of outputting paid content such as movies and music.

  First, the content information transmission system according to the present invention needs to register the identification information of the device or user to be used prior to the use of the provided service. This can eliminate unauthorized use by devices and users that cannot be registered.

  Furthermore, even if the user of the content information transmission system according to the present invention intentionally registers a device or user who is not authorized to use the service, the change is limited, and thus unlawful unauthorized use is not possible. In addition, if other users or their devices are registered, there is a possibility that the use by themselves or their families may be hindered. Therefore, the restriction of the change can be expected to suppress the unauthorized registration.

  On the other hand, by setting restrictions on the use of services in this way, it is possible to prevent unlimited unauthorized use, so that the requirements of content providers will be fully satisfied, and various services and content can be used. .

  In addition, by making it possible to change the restrictions on the replacement of registered information, it is possible to obtain an option to relax the restriction to a level at which the end user does not feel inconvenience. The range of unauthorized use can be controlled.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

  FIG. 1 schematically shows a basic configuration of a content use control apparatus 100 provided for implementing the present invention.

  The content usage control apparatus 100 operates in a form in which a CPU (Central Processing Unit) 101 as a main controller executes a predetermined program code under a program execution environment provided by an operating system (OS). The CPU 101 is interconnected with other devices via a bus.

In the present embodiment, the CPU 101 controls content provision (distribution / distribution, etc.) under a predetermined use condition, and restricts content provision destination registration and registration content modification. Execute.

  The storage unit 102 includes, for example, a semiconductor memory such as a RAM (Random Access Memory) and a ROM (Read Only Memory), an external storage device such as a hard disk device and a CD / DVD read / write device, and the like.

  The RAM is used for loading a program code to be executed by the CPU 101 and temporarily storing work data of the execution program. In the present embodiment, a content use restriction application for controlling content provision (distribution / distribution, etc.) under a predetermined use condition, or restricting registration of content provision destinations or changes in registered contents is provided on the RAM. To be loaded.

  The ROM is a semiconductor memory for permanently storing data. For example, a self-diagnostic test (POST: Power On Self Test) at startup and a program code (BIOS: Basic Input / Output System) for hardware input / output. ) Etc. are written.

  A hard disk device is an external storage device in which a magnetic disk as a storage carrier is fixedly mounted (well-known), and is superior to other external storage devices in terms of storage capacity and data transfer speed. Placing the software program on the hard disk device in an executable state is called “installation” of the program in the system. Normally, hard disk devices store operating system program codes, application programs, device drivers, and the like to be executed by the CPU 101 in a nonvolatile manner. For example, a content use restriction application for controlling the provision (distribution / distribution) of content under a predetermined use condition or restricting registration of content provision destinations or changes in registration contents on a hard disk device Can be installed on. Further, the content to be provided and the information on the content providing destination that is registered and the registered content is changed by the content use restriction application may be stored on the hard disk device.

  The CD / DVD read / write device is a device for loading a portable medium such as a CD-ROM, CD-R, or DVD and accessing the data recording surface. The portable media is mainly used for the purpose of backing up software programs, data files, and the like as data in a computer-readable format, and for moving them between systems (that is, including sales, distribution, and distribution). For example, content usage restriction applications for controlling the provision (distribution, distribution, etc.) of content under predetermined usage conditions, and restricting the registration of content provision destinations and changes in registration details, etc. are portable. It can be physically distributed and distributed among multiple devices using media. In addition, portable media can be used to exchange information to be provided or information on a content provider to which registration and registration contents are changed by a content use restriction application with other devices. .

  The output unit 103 includes a user output device (not shown) such as a display, a speaker, and a printer, a communication interface that transmits content and other information to other devices, and the content to other devices (clients) and users. It is used to provide a predetermined service. In addition, the output unit 103 can be used to present information when a registration process of another device or a user as a content providing destination of the content or a request for using a predetermined service cannot be satisfied.

  The input unit 104 is used to receive registration requests and usage requests for predetermined services from other devices (clients) and users, and to obtain identification information of other devices and users. In addition, an operation for changing registration contents and registration restrictions is performed via the input unit 104. Specifically, the input unit 104 includes a communication interface, a user input device (not shown) such as a keyboard or a mouse, or a switch, sensor, camera, or the like that can accept user requests and identification information.

  Downloading a content use restriction application to the apparatus 100 for controlling the provision (distribution / distribution) of the content under a predetermined use condition, or restricting the registration of the content provision destination or the change of the registered content, etc. The communication interface can be used for exchanging information of content providing destinations whose registration and registration contents are changed by the content use restriction application with other devices.

  An example of the content use control device 100 as shown in FIG. 1 is a compatible computer or a successor of IBM's personal computer “PC / AT (Personal Computer / Advanced Technology)”. Of course, a computer having another architecture can be applied as the content use control apparatus 100 according to the present embodiment. Another example is a broadcast receiver with a hard disk device. In this way, the content usage control device 100 itself may hold content and simultaneously have a function of supplying content to other devices and users.

  Other devices and users who use a predetermined service provided by the content use control device 100 first request the device 100 to register the identification information. On the other hand, the content use control apparatus 100 checks whether or not the number of registrations and the restriction on the registration change do not conflict, and performs registration processing if registration is possible. By limiting the number of registrations and registration changes in this way, it is possible to prevent a situation in which user registration or registered user changes are performed indefinitely and content is illegally distributed / distributed.

  FIG. 2 shows a registration processing sequence performed by the content use control apparatus 100 (server) for other apparatuses and users (clients).

  At the time of registration, the client sends a registration request with its identification information to the server. Receiving this, the server starts the registration process and sends the result information as a response to the client.

  Further, FIG. 3 shows a procedure of registration processing executed on the content use control apparatus 100 in the form of a flowchart. This processing procedure is actually realized in a form in which the CPU 101 executes a predetermined program code.

  First, it is confirmed whether or not the requesting client has already been registered (step S1). If so, registration is unnecessary and the process ends successfully.

  On the other hand, if the request source is not registered, it is further confirmed whether new registration is possible by referring to the number of registrations imposed on the content use control apparatus 100 (step S2), and if possible, registration processing is performed. Finish successfully.

  If new registration is impossible, it is checked whether or not already registered can be replaced by referring to the contents of restriction of registration change imposed on the content use control apparatus 100 (step S3). In this case, the processing routine ends in failure (step S8).

  If the registered contents can be replaced, it is confirmed whether or not a predetermined process is necessary for that purpose (step S4). In particular, if the process is unnecessary, nothing is performed. If necessary, the process is performed (step S5), the registration content replacement registration process is performed (step S6), and the process routine is completed successfully (step S7).

  Another device or user who wants to use the predetermined service provided by the content use control device 100 requests the device 100 for the predetermined service. On the other hand, the content use control device 100 checks whether or not the requesting device or user identification information is registered, and provides a predetermined service if it is registered, and does not provide it if it is not registered. .

  FIG. 4 shows an operation sequence for another apparatus or a user (client) to make a service request to the content use control apparatus 100 as a server.

  When using the service, the client sends a service request with its own identification information to the server. Upon receiving this, the server activates the service availability determination process and sends the result information to the client as a response. If the service is available, the server supplies the service to the client.

  FIG. 5 shows a procedure of service availability determination processing performed when the content use control apparatus 100 provides a service in the form of a flowchart. This processing procedure is actually realized in a form in which the CPU 101 executes a predetermined program code.

  First, it is confirmed whether or not the identification information sent by the service use requester is registered (step S11).

  If it has been registered, it is determined that the service can be provided (step S12), and this processing routine is completed successfully. If it is not registered, it is determined that the service cannot be provided (step S13), and this processing routine fails. finish.

  FIG. 6 shows an operation sequence in the case where the pre-processing corresponding to the registration sequence as described with reference to FIGS. 2 and 3 is omitted and the client registration processing is performed in the service request sequence. Is shown.

  When using the service, the client sends a service request with its own identification information to the server.

  Receiving this, the server activates the registration process, subsequently activates the service availability determination process, and sends the result information to the client as a response. If the service is available, the server supplies the service to the client.

  Since the procedures of the registration process and service availability determination process started on the server are the same as those in the flowcharts shown in FIGS. 3 and 5, description thereof is omitted here.

  FIG. 7 shows a configuration example of a registration information database held by the content usage control apparatus 100 as a server.

  A value indicating how many other devices or user identification information can be newly registered is written in the field of the number of newly registerable. When a maximum of n registrations are possible, the initial value is n, and the value is decreased by 1 each time one is registered, and becomes 0 after n registrations. When it is confirmed in step S2 of the flowchart shown in FIG. 3 whether there is a surplus in the number that can be registered, it is referred to whether this value is not zero. Note that this value does not change when a registered item is changed and registered.

  In a field called client identification information, identification information of a registered client is stored. In step S1 of the flowchart shown in FIG. 3 and step S11 of the flowchart shown in FIG. 5, when it is confirmed whether the client has been registered, the information stored here is referred to, and the registration request source or service use request source Compared with identification information. In the registration process of FIG. 3, the identification information is stored in an unregistered area at the time of new registration, and the new identification information is overwritten in the already registered area at the time of registration change.

  The invalid flag field is information for controlling service provision to a client having registered identification information. For example, when the value of this flag is 0, the service is not permitted, and when the flag is 1, the service is permitted.

  If the change of the registration contents of the registration information database described above is allowed without limitation, there is a risk that the contents will be distributed and distributed beyond the home (within the copyright protection range). Therefore, the content use control apparatus 100 according to the present embodiment limits identification information change procedures for replacing identification information once registered in the registration information database, that is, replacing other devices and users that can use the service with different ones. be able to. A specific example of the registration change restriction method will be described below.

Specific example (1)
The number of times the registered identification information is replaced with identification information of another device or user is limited to a predetermined number. Further changes are prohibited after a predetermined number of changes.

  The changeable number of times is set as a predetermined value in advance, and is stored in a nonvolatile rewritable memory (NVRAM, EEPROM, HDD, etc.) such as the storage unit 102. Then, in the changeable confirmation process in step S3 of the flowchart shown in FIG. 3, the held value may be referred to.

  FIG. 8 shows a processing procedure for confirming whether registration contents can be changed in the form of a flowchart. This processing procedure is actually realized in a form in which the CPU 101 executes a predetermined program code.

  First, on the basis of the client identification information transmitted from the requesting client, the entry of the corresponding client held in the registration information database is referred to and it is determined whether or not the number of registration contents that can be changed is 0 (step) S21).

  If the changeable count is not 0, the changeable count is decremented by 1 (step S22), the requested registration content is changed (step S23), and this processing routine is completed successfully.

  On the other hand, if the possible number of changes is 0, the requested registration contents are not allowed to be changed (step S24), and the processing routine ends in failure.

  The changeable number of times shall be protected so that the end user cannot tamper. For example, using tamper-resistant hardware such as the CPU 101 incorporating the storage unit 102, the processing as shown in FIG. 8 and storage of the number of changeable times are held inside the CPU 101, and physical rewriting from the outside of the chip is performed. To make it impossible.

Specific example (2)
The frequency of replacing the registered identification information with the identification information of another device or user is limited.

  FIG. 9 schematically shows a modification of the content use control apparatus 100 that can execute such processing. As shown in the figure, the content use control apparatus 100 is further provided with a timer unit 105 having a time counting function in addition to the apparatus configuration shown in FIG. Alternatively, a function of obtaining time information supplied from another device (not shown) via the input unit 104 instead of the timer unit 105 may be provided.

  FIG. 10 shows, in the form of a flowchart, a processing procedure for imposing a restriction that can be changed only once within a predetermined time in the registration confirmation process shown in FIG. This processing procedure is actually realized in a form in which the CPU 101 executes a predetermined program code.

  The predetermined time limit is determined by the value set in the timer and the down count period of the timer. Note that the timer counter is set to 0 in the initial state.

  First, it is determined whether the timer counter has already reached 0 (step S31).

  If the counter value of the timer has not yet reached 0, the registration content cannot be changed (step S32), and the processing routine is failed.

  On the other hand, if the timer counter is 0, a limit value is set in the timer counter (step S33), the timer countdown is started (step S34), and the change of the registration contents is permitted (step S34). S35) The process routine is successfully processed.

  The counter value during timer operation shall be protected against tampering. For example, when the CPU 101 with a built-in timer function is used, or when the timer value is periodically read and stored in a register in the CPU 101, the read value is compared with the immediately previous stored value, and the read value is larger A method such as resetting the stored value in the timer is used.

  In addition, when canceling the change, it is possible to implement that the timer is not initialized. In order to realize this, it is possible to cope with the problem by initializing the timer when making a change after the final cancel confirmation process.

  FIG. 11 shows, in the form of a flowchart, a processing procedure for limiting the number of changes within a predetermined time by using the current date and time instead of using the timer function as shown in FIGS. 9 and 10. . This processing procedure is actually realized in a form in which the CPU 101 executes a predetermined program code.

  First, it is determined whether or not the change date and time and the current interval are greater than or equal to the time limit (step S41).

  If the change date and time and the current interval are less than the time limit, the registration contents cannot be changed (step S42), and the processing routine is failed.

  On the other hand, if the interval between the change date and the current time is greater than or equal to the time limit, the current time is stored as the change date (step S43), the change of the registration contents is permitted (step S44), and the processing routine is processed successfully. .

  When the current date and time is obtained from another device, falsification is prevented by a method such as encrypted transmission with a shared key or an electronic signature using a public key encryption technique.

Specific example (3)
When replacing the registered identification information, a predetermined operation is requested. For example, input of a password, predetermined button pressing operation (for example, pressing some buttons in a predetermined order), and the like.

  FIG. 12 shows a processing procedure for requesting password input in the form of a flowchart in the registration possibility confirmation processing shown in FIG. This processing procedure is actually realized in a form in which the CPU 101 executes a predetermined program code.

  First, a password input process is performed via the input unit 104 (step S51), and it is determined whether or not the input password is correct (step S52).

  If the password is incorrect, the registration contents cannot be changed (step S52), and the processing routine is failed.

  On the other hand, if the password is correct, the registration content is allowed to be changed (step S53), and this processing routine is processed successfully.

  It is assumed that what kind of password is valid is stored in the storage unit 102 in advance. If the password in the figure is a predetermined operation, a processing procedure relating to a button pressing operation is performed.

Specific example (4)
When replacing the registered identification information, it is requested to obtain change permission information from another device or administrator. For example, a password or key data is obtained by telephone, the Internet, mail, a recording medium, orally, and can be changed when the apparatus confirms it directly or indirectly.

  FIG. 13 shows a sequence example of a process in which the user of the content usage control apparatus 100 requests a password that enables a change to the issuer of the change permission information.

  The user sends a password request with the device's unique identification information (eg, stamped on the device). On the other hand, the issuer creates a password based on the obtained device identification information and the password / serial number managed by the issuer.

  FIG. 14 shows a configuration example of the password. In the example shown in the figure, the password includes device identification information, a password / serial number, and signature data. Here, the signature data is, for example, an electronic signature based on public key encryption technology for device identification information and a password / serial number.

  The user performs an operation for changing the registered contents by inputting the received password into the apparatus. Then, the content usage control device 100 side determines whether or not the registered content can be changed according to the processing procedure as shown in FIG.

  FIG. 15 shows a processing procedure for determining the validity of the password created as described above in the form of a flowchart. Here, the content use control device 100 holds information necessary for verifying signature data (such as the authorized person's public key) and device identification information in the storage unit 102 in advance, and the password / serial number is stored as 0 in the initial state. Shall be retained.

  First, it is determined whether or not the signature data corresponds to the device identification information and the password / serial number (step S61). If this determination result is negative, the change of the registered contents is not permitted (step S66), and this processing routine is terminated with failure.

  Next, it is determined whether or not the device identification information in the password matches a value stored in advance (step S62). If this determination result is negative, the change of the registered contents is not permitted (step S66), and this processing routine is terminated with failure.

  Next, it is determined whether or not the password / serial number is larger than the stored value (step S63). If this determination result is negative, the change of the registered contents is not permitted (step S66), and this processing routine is terminated with failure.

  On the other hand, if all the above determination results are affirmative, the stored contents of the password / serial number are updated (step S64), the change of the registered contents is permitted (step S65), and the processing routine is completed successfully. To do.

By this flow processing, the password can be used only once by a specific device.

  The frequency management in the above-described specific example (1) and the frequency management in the specific example (2) are performed not by the content usage control apparatus 100 installed on the end user side such as at home but by the password issuer. The application is also conceivable. In this case, the password issuer has a database that holds the number of changes and the date and time of change for each device identification information, and executes the processing procedure shown in FIGS. 8 to 11 each time the registered contents are changed. become.

  It is also conceivable to implement a combination of two or more of the processes given in the specific examples (1) to (4). For example, every time a change permission is obtained, the change can be made up to three times.

Specific example (5)
Change the contents of the registration change restrictions. For example, it is possible to change the change limit number from 5 times to 10 times with a paid service.

Specific example (6)
When changing the registration restriction content, it is requested to obtain change permission information from another device or a predetermined administrator. For example, a password or key data is obtained by telephone, the Internet, mail, a recording medium, orally, and can be changed when the apparatus confirms it directly or indirectly.

  FIG. 16 shows a sequence example of a process in which the user of the content usage control apparatus 100 requests the change permission information issuer for a password that can be changed.

  The user sends a password request with the device's unique identification information (eg, stamped on the device). On the other hand, the issuer creates a password based on the obtained device identification information and the password / serial number managed by the issuer.

  FIG. 17 shows a configuration example of the password. In the example shown in the figure, the password includes device identification information, a password / serial number, registration change restriction contents, and signature data. Here, the signature data is, for example, an electronic signature based on public key encryption technology for device identification information and a password / serial number.

  The user performs an operation for changing the registered contents by inputting the received password into the apparatus. Then, the content usage control apparatus 100 side determines whether or not the registered content can be changed according to the processing procedure as shown in FIG.

  FIG. 18 shows a processing procedure for determining the validity of the password created as described above in the form of a flowchart. Here, the content use control device 100 holds information necessary for verifying signature data (such as the authorized person's public key) and device identification information in the storage unit 102 in advance, and the password / serial number is stored as 0 in the initial state. Shall be retained.

  First, it is determined whether or not the signature data corresponds to the device identification information and the password / serial number (step S71). If this determination result is negative, the change of the registered contents is not permitted (step S76), and this processing routine is terminated with failure.

  Next, it is determined whether or not the device identification information in the password matches a value stored in advance (step S72). If this determination result is negative, the change of the registered contents is not permitted (step S76), and this processing routine is terminated with failure.

  Next, it is determined whether or not the password / serial number is larger than the stored value (step S73). If this determination result is negative, the change of the registered contents is not permitted (step S76), and this processing routine is terminated with failure.

  On the other hand, if all the determination results described above are affirmative, the stored contents of the password / serial number are updated (step S74), the registration change restriction is updated to the restricted contents (step S75), and this processing routine is executed. Exits successfully.

Specific example (7)
Without changing the registration information, it is possible to control permission / non-permission of use of a predetermined service by another registered device or user.

  In such a case, in the unlikely event that a registered device is stolen, lost, or transferred to another person's hand, unauthorized use can be stopped by prohibiting the use of the service.

  For example, as shown in FIG. 7, it is possible to set an invalid flag for each registered device or user to the user, and the content use control device 100 refers to this to perform permission control of use.

  The present invention has been described in detail above with reference to specific embodiments. However, it is obvious that those skilled in the art can make modifications and substitutions of the embodiment without departing from the gist of the present invention. That is, the present invention has been disclosed in the form of exemplification, and the contents described in the present specification should not be interpreted in a limited manner. In order to determine the gist of the present invention, the description of the scope of claims should be considered.

It is the figure which showed typically the basic composition of the content use control apparatus 100 provided for implementation of this invention. It is the figure which showed the registration process sequence which the content use control apparatus 100 (server) performs with respect to another apparatus or a user (client). 5 is a flowchart showing a procedure of registration processing executed on the content usage control apparatus 100. It is the figure which showed the operation | movement sequence for another apparatus and a user (client) to perform a service request with respect to the content usage control apparatus 100 as a server. It is the flowchart which showed the procedure of the service availability determination processing which the content use control apparatus 100 performs when providing a service. It is the figure which showed the operation | movement sequence at the time of making it perform even the registration process of a client within a service request sequence. It is the figure which showed the structural example of the registration information database which the content use control apparatus 100 hold | maintains. It is the flowchart which showed the processing procedure of the change confirmation of registration content. It is the figure which showed typically the modification of the content use control apparatus 100 which can perform the process which restrict | limits the frequency replaced with another apparatus or the information for user identification. FIG. 4 is a flowchart showing a processing procedure for imposing a restriction that can be changed only once within a predetermined time in the registration possibility confirmation processing shown in FIG. 3. It is the flowchart which showed the process sequence for restrict | limiting the frequency | count of a change within predetermined time by using the present date. FIG. 4 is a flowchart showing a processing procedure for requesting password input in the registration possibility confirmation processing shown in FIG. 3. It is the figure which showed the example of a sequence of the process in which the user of the content use control apparatus 100 requests | requires the password which enables a change with respect to the issuer of change permission information. It is the figure which showed the structural example of the password. It is the flowchart which showed the processing procedure of the validity judgment of a password. It is the figure which showed the example of a sequence of the process in which the user of the content use control apparatus 100 requests | requires the password which enables a change with respect to the issuer of change permission information. It is the figure which showed the structural example of the password. It is the flowchart which showed the processing procedure of the validity judgment of a password.

Explanation of symbols

100 ... Content usage control device 101 ... CPU
102 ... Storage unit 103 ... Output unit 104 ... Input unit

Claims (12)

A content information transmission system that transmits copyrighted content information to one or more clients,
Content storage means for storing the content information on the first device;
Input / output means for transmitting / receiving content information stored in the content storage means or other information to / from the client;
Registration processing means for receiving a registration request accompanied by identification information of the client itself from the client and executing registration processing of the identification information of the client itself;
On a second device different from the first device, a change control means for restricting registration change of client identification information registered by the registration processing means;
Comprising
In response to a registration request from the unregistered other device, the registration processing means registers the identification information of the other device itself if it can be newly registered within a predetermined number that can be registered. If the new registration is impossible, the registration information is replaced with the registration information of the other device itself according to the restriction of the registration change by the change control means.
Content information transmission system characterized by the above. The change control means holds the number of times the registration content of the client identification information registered by the registration processing means can be changed, and can be changed each time the registration processing means changes the registration content of the client identification information. If the number of times of change is decremented by 1 and the changeable number of times is not 0, the change of the registered content of the requested client identification information is permitted after decrementing the number of times of change by 1 and the changeable number of times is 0 Do not allow any requested changes to the registration details,
The content information transmission system according to claim 1. The second device stores the changeable number of times by using tamper-resistant hardware.
The content information transmission system according to claim 2. The change control means restricts the change of registration contents based on frequency information related to the frequency with which the registration processing means replaces the registration contents of the identification information of the client.
The content information transmission system according to claim 1. The change control means starts a countdown of the timer by setting a counter of a timer determined by a predetermined downcount cycle as the frequency information when the registration processing means permits a change in registered contents of the client, Until the registration processing means disallows the change of the registered content of the identification information of the client by the registration processing means,
The content information transmission system according to claim 4, wherein: The change control means holds, as the frequency information, the date and time when the registration processing means last changed the registered content of the client as the frequency information, and when the change date and time and the current interval are less than the time limit, the registration process Disallow changes to the registered information of client identification information by means,
The content information transmission system according to claim 4, wherein: The second device stores the frequency information using tamper-resistant hardware.
The content information transmission system according to claim 4, wherein: The change control means requests to obtain change permission information from another device or administrator when replacing the identification information of a registered client.
The content information transmission system according to claim 1. The change control means performs a billing process according to the change limit number of times.
The content information transmission system according to claim 2. The change control means requests to obtain change permission information from another device or an administrator when the registration restriction content is changed.
The content information transmission system according to claim 1. When the provision of the content information accompanied by the client's own identification information or other service request is received from the client to confirm that the client's own identification information has already been registered by the registration processing means, or has not been registered Further includes service providing means for providing the requested service after undergoing registration processing by the registration processing means.
The content information transmission system according to claim 1. A new registration possible number field in which a value indicating how many client identification information can be newly registered is written, an identification information field for storing identification information for each registered client, and a service provided for each identification information field. A registration information database including an invalid flag for controlling,
Each time the registration processing means registers client identification information, it confirms whether or not new registration is possible within the number that can be registered based on the value described in the number of newly registerable field, and the client identification information is obtained. Each time it is registered, the value is decreased by 1 and the client identification information included in the service request is compared with the identification information stored in the identification information field to confirm whether or not the registration has been completed.
The service providing means performs permission control of use with reference to an invalid flag corresponding to identification information included in the service request.
The content information transmission system according to claim 11.

Images