JP2008263644A - Key management method, and key management apparatus - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a data copyright management system for working data acquired by a primary user and supplying the worked data to a secondary user. <P>SOLUTION: The key management apparatus comprises a database and a key management center and uses a primary copyright label, a primary utilization key including a first encryption key, a second utilization key, a third encryption key and a copyright management program. The primary user makes primary copyright data which are encrypted using the first encryption key and supplied, into a plaintext and utilizes it using the primary utilization key acquired from the key management center but when preserving the data, they are re-encrypted using the primary utilization key. The primary user works the primary copyright data by acquiring the secondary utilization key for working the primary copyright data from the key management center, and the data in the middle of working are encrypted and preserved by the secondary utilization key. When working is completed, the primary user receives the secondary copyright and third encryption key from the key management center, encrypts the worked data using the third encryption key and distributes the data to the secondary user. The secondary user utilizes the worked data by acquiring the third encryption key from the key management center. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to a system for managing copyright in the use of digital data, that is, display, storage, copying, processing, and transfer.

In today's information age, in addition to normal terrestrial broadcasting, broadcasting satellites (BS), satellite broadcasting called communication satellites (CS), CATV using coaxial cables or optical cables ( Cable TV broadcasting called “Cable Television” is becoming widespread.

In satellite broadcasting or CATV broadcasting that can distribute several tens of channels at the same time, in addition to general channels that are not scrambled that can be viewed by a comprehensive contract, they are viewed by a comprehensive contract. There are specialized channels for scrambled movies, sports and music that cannot be done. In order to view these channels, it is necessary to make a contract in order to release the scramble. However, since this contract period is usually performed in units of about one month, it cannot be viewed by a contract at any time.

In order to cope with this problem, the present inventors obtain a viewing permission key from a charging center through a public telephone line in Japanese Patent Laid-Open Nos. 6-46419 and 6-141004, and charging is performed. Japanese Patent Laid-Open No. 6-132916 has proposed a system for viewing a program by canceling scrambling performed with a different scramble pattern for each program. In these systems and devices, those who wish to view scrambled programs use the communication device to apply to the charging center via the communication line, and the charging center permits the communication device to accept this viewing application. The key is transmitted and the fee is charged to collect the fee. A viewer who has received the permission key by the communication device sends the permission key to the receiving device by direct means for connecting the communication device and the receiving device or by indirect means such as a flexible disk, and the receiving device to which the permission key is sent Unscrambles the program with the permission key.

In JP-A-6-132916, as an application of these systems and apparatuses, a tape or a disk on which a plurality of data scrambled with different scramble patterns is sold or lent, and an authorization key is supplied by an IC card or the like. Systems and devices that use specific data are also described.

In addition, today called the information age, various data that each computer has stored independently so far is a local network called LAN (Local Area Network), a country unit called WAN (Wide Area Network) A database communication system in which a computer communication network system is constituted by a network and a network called the Internet (InterNet) that has been expanded internationally and used mutually is becoming widespread.

On the other hand, a technology that reduces the amount of information by compressing a television video signal that could not be digitized due to the enormous amount of information when digitized has been developed, enabling practical digitization, has been developed. H.261 standard for video conferencing, J for still images
PEG (Joint Photographic image coding Experts Group) standard, MPE for image storage
The MPEG2 standard corresponding to the high-definition television broadcast was created from the G1 (Moving Picture image coding Experts Group 1) standard and the current television broadcast.

Digitization technology using these image compression technologies can be used not only for television broadcasting or video image recording, but also for television video data that could not be handled by computers until now, A “multimedia system” that handles various data handled by computers and digitized television moving image data at the same time is attracting attention as a future technology. This multimedia system is also incorporated into data communication and used as one of the data on the database.

In this way, with the expansion of the database usage range, how to charge for the data usage on the database, and copyright issues arising from copying or transferring other than direct data usage And how to deal with secondary copyright issues arising from data processing. In order to ensure billing and copyright processing, it is necessary to ensure that the data cannot be used unless it is a legitimate user, and encrypting the data is the best means for that. .

In these television systems or database systems, an encryption key is required to encrypt data and decrypt and use the encrypted data, and the encryption key must be passed to the data user. This operation is very complicated because safety and certainty are required. An object of the present invention is to easily distribute an encryption key.

In the present invention, encryption technology plays an important role in its configuration. First, general encryption technology will be described. In the encryption technology, encryption (Encryption) for encrypting plaintext M using an encryption key K and obtaining ciphertext C is C = E (K, M).
Decryption that decrypts the ciphertext C using the encryption key K to obtain plaintext M (Decryption) is M = D (K, C)
It expresses.

Furthermore, the present inventors have proposed a specific configuration of a data copyright management system in Japanese Patent Application No. 6-64889. In this system, encryption is provided to subscribers in order to manage copyright in the display, storage, copying, processing, and transfer of digital data in a database system that includes real-time transmission of digital video. In addition to the key permitting use of the data, one or more of a program for managing copyright, copyright information, and a copyright management message are transmitted as necessary. The copyright management message is displayed on the screen when an attempt is made to violate the application or permission, and a warning or warning is given to the user. The copyright management program is used against the application or permission. Monitor and manage so that there is no.

In addition, the data is supplied after being encrypted, and is decrypted and used with the use permission key. However, when data is stored in the device, copied to a medium outside the device, or transferred to the outside of the device. Encrypted. In addition, a usage permission key (hereinafter referred to as a usage key) is prepared for each usage mode such as display / use, storage, copying, processing, and transfer. In this specification, a copyrighted work converted into digital data is expressed as copyrighted data.

The system of the present invention comprises a database, a key management center, a primary user, a secondary user, and a network system that interconnects them, and includes a primary copyright label, a primary usage key including a first encryption key, a second key A secondary usage key including an encryption key, a secondary copyright label, a third encryption key, and a copyright management program are used. The plaintext primary copyrighted data is supplied to the primary user in an encrypted state using the first encryption key, and the primary user who wishes to use the encrypted primary copyrighted data goes to the key management center. The key management center which has requested distribution of the primary usage key via the network system and received the primary usage key distribution request from the primary user distributes the primary usage key to the primary user. Make a charge.

The primary user uses the first encryption key included in the distributed primary usage key and plainly uses the encrypted primary copyrighted data, but the plaintext primary copyrighted data is used in the primary user's device. In the case of saving to, it is re-encrypted using the primary usage key. When a primary user who wishes to process primary copyrighted data requests the key management center to distribute a secondary usage key for processing plaintext primary copyrighted data via the network system, key management The center distributes the secondary usage key to the primary user. The primary user who has received the secondary usage key creates a copy of the data with the primary copyright, processes the copied data with the primary copyright, and applies the secondary data with the plaintext secondary copyright in the process of processing. Encryption is performed using the second encryption key included in the use key, and the final processed data is encrypted using the third encryption key and stored in the primary user's device. The primary user registers the third encryption key in the key management center to use the secondary copyright for the data processing of the data with the secondary copyright, and uses the third encryption key for the encrypted secondary copyrighted data. The data is encrypted and copied to an external storage medium or transferred via a network system to be supplied to a secondary user.

The secondary user who wishes to use the encrypted secondary copyrighted data requests the key management center to distribute the third encryption key, and the key management center that receives the third encryption key distribution request receives the third encryption key. Is distributed to secondary users via the network system. The secondary user who has received the third encryption key decrypts the encrypted secondary copyrighted data using the third encryption key and uses it.

  According to the present invention, when encrypting data and decrypting and using the encrypted data, the encryption key can be easily passed to the data user.

(Example)
Embodiments of the present invention will be described below with reference to the drawings. First, the configuration of a data copyright management system targeted by the present invention will be described with reference to FIG. The system shown in FIG. 1 includes a database 1, a key management center 2, users 3, 3, 3..., And a network system 4 that interconnects them. Further, the database 1 is supplied with data from information providers (IP) 5, 5, 5..., But in some cases, the information providers 6, 6, 6. Data may be supplied directly to the user 3 via the network system 4 from The data used in the present invention is an object formed by combining a program and data. The user 3 is not a mere user but becomes an information provider 5 or 6 that provides a new work (secondary work) by combining or correcting a plurality of copyrighted data obtained.
In the data copyright management system of the present invention configured as described above, the copyrighted data provided from the information providers 5 and 6 is encrypted in order to protect the copyright. Therefore, it is necessary for the user 3 who has acquired the encrypted copyrighted data to decrypt the encrypted copyrighted data in order to use it. Therefore, in this system, all encryption keys are deposited in the key management center 2 and managed by the key management center 2. In addition, the encryption method employed by each of the information providers 5 and 6 is arbitrary, but the encryption method used after the secondary use described later is limited to the method employed by the key center.

Data utilization from a database is generally performed using a personal computer, and it is necessary to use an OS incorporating security processing as the OS used there. Also, a copyright management program is used to manage encryption keys and the like. Since it is necessary to store the copyright management program and the encryption key received from the key management center 2, the copyright management program is stored on a memory or HDD. In addition, a “key card” that is realized as software or hardware as a dedicated board, PC card, or the like is prepared as a storage place for these.

The key management center 2 stores the key to protect the copyright of the data work and charge for the use of the copyright, regardless of whether it is actually used or simply registered and not used. The key is managed by associating the stored key with the copyright label.

FIG. 2 shows the data copyright processing of the present invention in which a primary user who has obtained a data work from an information provider processes the obtained data and supplies the processed data to a secondary user. 1 is a schematic configuration of a system embodiment. In this system, plaintext primary copyrighted data D1, encrypted primary copyrighted data (Encrypted Data) ED1i, plaintext secondary copyrighted data D2, encrypted secondary copyrighted data ED2j, plaintext primary copyright label (Label) LC1, a primary usage key K1 including a first encryption key (Key) K1i, a secondary usage key K2 including a second encryption key K2j, a third encryption key K3j, and a plaintext copyright management program PC are used.

This system includes a database 11, a key management center 12, a primary user 13, a secondary user 19, and a network system 14 that connects these to each other. Further, data is supplied to the database 11 from the information providers 15, 15, 15..., But in some cases, the information provider 16, 16, 16. In some cases, data is directly supplied to the user 13 from the information provider 16 via the information recording medium 17 such as a CDROM. In this figure, the solid data path is shown by a solid line, the encrypted data path is shown by a broken line, and the key path is shown by a dotted line.

In this system, the plaintext primary copyrighted data D1i is encrypted using the first encryption key K1i in the form of encrypted primary copyrighted data ED1i,
ED1i = E (K1i, D1i)
The information is supplied from the information provider 15 to the primary user 13 via the database 11 via the network system 14 and from the information provider 16 via the network system 14 or via an information recording medium 17 such as a CDROM. The primary user 13 who wishes to use the supplied encrypted primary copyrighted data ED1i presents the primary copyright label LC1 to the key management center 12 via the network system 14 and supplies the primary usage key K1. Request distribution.

The key management center 12 that has received the distribution request for the primary usage key K1 from the primary user 13 searches for the primary usage key K1 using the presented primary copyright label LC1, and uses the primary usage key K1 through the network system 14. It is distributed to the primary user 13 via, and charging is performed at this time. The primary user 13 uses the first encryption key K1i included in the distributed primary usage key K1 to plainly encrypt the encrypted primary copyrighted data ED1i,
D1i = D (K1i, ED1i)
Use.

When the plaintext primary copyrighted data D1i is stored in the primary user 13 device, it is re-encrypted using the first encryption key K1i,
ED1i = E (K1i, D1i)
The encrypted data ED1i is stored. When the re-encrypted data ED1i is reused, re-peated culture and re-encryption are performed using the first encryption key K1i.

The primary user 13 who wishes to process the plaintext primary copyrighted data D1i distributes the secondary use key K2 for processing the plaintext primary copyrighted data D1i via the network system 14 to the key management center. 12 to request.

The key management center 12 that has received the distribution request for the secondary usage key K 2 distributes the secondary usage key K 2 to the primary user 13 via the network system 14. The primary user 13 receiving the secondary usage key K2 processes the plaintext primary copyrighted data D1 according to the contents of the usage key, and obtains the plaintext secondary copyrighted data D1j by processing. When the plaintext secondary copyrighted data D2j is stored in the device of the user 13, it is encrypted with the second encryption key K2j included in the distributed secondary usage key K2.
ED2j = E (K2j, D2j)
When the processing is finally finished, the primary user 13 generates the third encryption key K3j and generates the third encryption key K3j in order to exercise the secondary copyright for the data processing of the data with the secondary copyright. Is registered in the key management center. Note that the third encryption key K3j may be created by the key management center 12 instead of the primary user 13 and distributed in response to a request from the primary user 13.

When the primary user 13 copies the plaintext secondary copyrighted data D2j to the external storage medium 18 or transfers it via the network system 14, the plaintext secondary copyrighted data D2j is encrypted with the third encryption key K3j. And
ED2j = E (K3j, D2j)
Supply to secondary user 19.

The secondary user 19 who desires to use the supplied encrypted secondary copyrighted data ED2j requests the key management center 12 to distribute the third encryption key K3j via the network system. Upon receiving the distribution request for the third encryption key K3j from the secondary user 19, the key management center 12 distributes the third encryption key K3j to the secondary user 19 via the network system. The secondary user 19 receiving the third encryption key K3j decrypts the encrypted secondary copyrighted data ED2j using the third encryption key K3j,
D2j = D (K3j, ED2j)
Use. Also in this case, when the encrypted data ED2j is used again, decryption and encryption are performed using the third encryption key K3j.

Acquisition of data with primary copyright Primary use of data with primary copyright, processing of data with primary copyright, supply of processed data with secondary copyright, and use of data with secondary copyright This will be described in detail. In this system, a plurality of primary copyrighted data D1i are encrypted using the first encryption key K1i, and ED1i = E (K1i, D1i).
Along with the plaintext primary copyright label LC1, it is supplied to the primary user 13 directly from the information provider 11 or via a database.

The copyright management program PC manages the use of copyrighted data by the user.
Specifically, the copyrighted data is decrypted and re-encrypted using a given encryption key, and use of the copyrighted data is restricted according to the contents of the usage key. The encrypted data ED1j provided in this system has a plaintext primary copyright label LC1 for use in obtaining an encryption key. That is, the encrypted primary copyrighted data ED1 is a plaintext primary copyright. Label LC1 and cipher 1
It consists of the following copyrighted data ED1i. The plaintext primary copyright label LC1 is filled with the title of the data, the name of the application program being used, and the name of the primary copyright holder. The primary user 13 who desires to use the supplied encrypted primary copyrighted data ED1i presents the plaintext primary copyright label LC1 to the key management center 12 via the network system 14, and the primary usage key K1. Request distribution of.

The key management center 12 confirming that the primary usage key to be distributed is the key K1 based on the presented primary copyright label LC1 is sent to the primary usage key K1 via the network system 14 as the primary. Distribute to user 13. When the distributed primary usage key K1 is received, the primary user 13's device enters the copyright management mode, and the primary user 13 can use the primary copyrighted data. Since the first encryption key K1i is included in the primary usage key K1, the primary user 13
Therefore, the first encryption key K1i is not recognized. On the other hand, the key management center 12 performs billing processing and grasps the usage status of copyrighted data and the database usage status of the primary user 13.

FIG. 3 is a conceptual diagram illustrating restrictions on primary use performed by the copyright management program PC in the present invention. Similar to the invention described in Japanese Patent Application No. 6-64889, which is the prior application, the primary use of the obtained data in the data copyright management system of the present invention is the normal use form, that is, the direct use of the data and its use. It is limited to output including printing of use results, and cannot be copied to an external storage medium, transferred and processed via a network system, and in principle, data cannot be stored inside the apparatus. However, storage is possible if the data is encrypted. It goes without saying that data D other than copyrighted data can be displayed, printed, stored, copied, processed, and transferred by the application program being used.

In this figure, 21 is a storage device such as a non-volatile semiconductor memory or hard disk drive incorporated in the primary user's device 20, 22 is a display device for output, 23 is a printing device for output, D1 is 1 Next copyrighted data, D is general data, 24 is a secondary user who is supplied with data by copying on a flexible disk or CDROM, or transferring by a network system. In this figure, a solid line indicates a permitted processing path, and a dotted line indicates a non-permitted processing path.

The encrypted primary copyrighted data ED1i obtained by the primary user 13 from the external information provider 15 or 16 directly or via the database 11 is combined with the plaintext primary copyright label LC1 supplied together with the encrypted primary copyright label LC1. It is stored in the storage device 21 of the next user device 20. The primary user 13 who desires primary use of the encrypted primary copyrighted data ED1i stored in the storage device 21 uses the copyright management program PC to give an overview of the encrypted primary copyrighted data ED1i and the encrypted primary copyrighted work. Refers to the plaintext primary copyright label LC1 that displays information about the application program used by the copyrighted data ED1i, and the presence / absence of the application program used to create the encrypted primary copyrighted data ED1i Check the usage environment of this encrypted primary copyrighted data ED1i.

As a result, it is determined that the encrypted primary copyrighted data ED1i can be used, and when the primary user 13 inputs to the copyright management program PC that the encrypted primary copyrighted data ED1i is used, The copyright management program PC activates an application program used by the encrypted primary copyrighted data ED1i, and reads the encrypted primary copyrighted data ED1i from the storage device 21 into the memory in the apparatus. On the other hand, the plaintext primary copyright label LC1 is sent to the key management center 12, and as a result, when the primary usage key K1 is supplied according to the processing flow described above, it is included in the primary usage key K1. The encrypted primary copyrighted data ED1i is plainly converted into plaintext primary copyrighted data D1i using the first encryption key K1i,
D1i = D (K1i, ED1i)
It can be used by the activated application program.

When the plaintext primary copyrighted data D1i in the memory of the device 20 is stored in the storage device 21, it is encrypted using the first encryption key K1i,
ED1i = E (K1i, D1i)
Saving is done. This storage includes creation and storage of a temporary file (Temporaly File) for data integrity. When the re-encrypted data ED1i is reused, re-decryption and re-encryption are performed using the first encryption key K1i. It should be noted that the plaintext primary copyrighted data D1 or the encrypted primary copyrighted data ED1i is used in a form other than display / printing, saving or processing, that is, copying to an external storage medium and transferring to another device is a copyright management program Prohibited by PC.

As described above, in the data copyright management system of the present invention, the obtained copyrighted data is directly used by displaying the normal usage form, that is, the data on the display device 22, and the result of the use is displayed. The output is limited to the printer 23 and cannot be copied to an external storage medium or transferred to the secondary user 24 via the network system and processed. Therefore, a part of the primary copyrighted data D1i is cut out and pasted on the other data D (Cut & Paste), and a part of the other data D is cut out and pasted on the primary copyrighted data D1i. Is prohibited by copyright management programs. The primary copyrighted data D1i can be exceptionally saved in the storage device 21 as long as it is encrypted using the first encryption key K1i. However, if any processing is performed, saving is prohibited. Is done.

In the data copyright management system of the present invention, the copyright management program PC discriminates between the primary copyrighted data D1 and the general data D and whether or not the copyrighted data has been processed. A computer file is composed of a file body and a management table describing attributes of the file. Therefore, it is determined whether or not the file is copyrighted data by examining this management table. In addition, the file size and creation date are entered in this management table, and it is determined whether or not the file has been processed by checking these.

The primary copyrighted data D1i is encrypted and combined with the primary copyright label LC1 when stored in the storage device 21, but when read into the memory, the primary copyright data D1i is read by the copyright management program. The copyrighted data D1i and the primary copyright label LC1 are separated, and the separated copyright label LC1 is managed by the copyright management program PC. The copyright management program PC monitors which application program uses the primary copyrighted data D1i, cuts / pastes the primary copyrighted data D1i into the general data D, and the primary data D primary. It is prohibited to cut out / paste to the copyrighted data D1i.

FIG. 4 is a conceptual diagram for explaining restrictions on the use of data processing performed by the copyright management program PC in the present invention. As a result of the primary use, when it is determined that it is appropriate to process the plaintext primary copyrighted data D1i, the primary user 13 processes the plaintext primary copyrighted data D1i. 14 to the key management center 12.

The primary user 13 who wishes to use the plaintext primary copyrighted data D1i distributes the secondary usage key K2 for processing the plaintext primary copyrighted data D1i via the network system 14 to the key management center. 12 to request. The key management center 12 that has received the distribution request for the secondary usage key K 2 distributes the secondary usage key K 2 to the primary user 13 via the network system 14. As a result, the device 20 of the primary user 13 enters the processing mode, and the primary user 13 can process the data with the primary copyright.

The primary user 13 processes the data by displaying the encrypted primary copyrighted data ED1i on the display device 23 after plaining the plaintext primary copyrighted data D1i with the first encryption key K1i. In order to protect the copyright of the primary copyrighted data, the processing plaintext primary copyrighted data D1i is copied, and the processing plaintext primary copyrighted data D1i ′ obtained by this copying is copied. Processing is performed. When this processing plaintext primary copyrighted data D1i ′ or this plaintext primary copyrighted data D1i ″ in the middle of processing is stored in the user 13 device, it is included in the distributed secondary usage key K2. 2 encrypted with encryption key K2j
ED1i '= E (K2j, D1i')
Or ED1i ″ = E (K2j, D1i ″)
Saving is done. The encrypted primary copyrighted data ED1i is stored in the storage device 21 without being processed, and the management table and the processed plaintext primary copyrighted data D1i ′ or D1i ″ for processing are created. By checking the date, it is determined whether or not the file is a processed file.

When the data processing is completed, the data becomes a plurality of new plaintext secondary copyrighted data D2j, and secondary copyrights are newly generated for these data D2j. The primary user 13 who has processed the plain text primary copyright D1 to protect the secondary copyright requests the key management center 12 to distribute the third encryption key K3j, and requests the distribution of the third encryption key K3j. In response, the key management center 12 distributes the third encryption key k3j to the primary user 13 via the network system 14. The primary user 13 receiving the distribution of the third encryption key K3j encrypts the plaintext secondary copyrighted data D2j using the third encryption key K3j,
ED2j = E (K3j, D2j)
Encrypted data ED2j is stored in the storage device 21 of the primary user 13. When this encrypted data ED2j is used, decryption and encryption are performed using the third encryption key K3j.

The plaintext secondary copyright-added data D2j processed by the primary user 13 includes, in addition to the primary copyright of the plaintext primary copyright-added data D1i before the processing provided by the information provider, data processing Secondary copyright exists. In order to use this secondary copyright, the primary user 13 sends the key title to the key management center 12 along with the third encryption key K3j, the title of the data, the name of the application program used, the outline of the contents, and the name of the primary copyright holder The key management center 12 stores and manages it together with the third encryption key K3j.

On the other hand, the primary user 13 supplies the encrypted secondary copyrighted data ED2j to the secondary user 24 by copying it to the external storage medium 18 or transferring it via the network system 14.

The secondary user 24 who wishes to use the supplied encrypted secondary copyrighted data ED2j requests the key management center 12 to distribute the third encryption key K3j. Use of the plaintext secondary copyrighted data D2j by the third encryption key K3j is limited to general use of the plaintext secondary copyrighted data D2j and storage in the user device, and plaintext secondary copyrighted data D2j. Alternatively, the encrypted secondary copyrighted data ED2j cannot be copied to the external storage medium 18 or transferred to the tertiary user by using the network system 14 and the plaintext secondary copyrighted data D2j cannot be processed.

As described above, the copyrighted data handled in the present invention is an “object” in which a program and data are integrated, and this object can be handled as a part in computer programming or various processes. A case where new copyrighted data is created using a plurality of copyrighted data as objects will be described with reference to FIGS. 5 and 2. In FIG. 5, 31, 32, and 33 are copyrighted data D 11, D 12, and D 13 configured as objects, respectively, and new copyrighted data D 2 j 30 is created using these copyrighted data D 11, D 12, and D 13. Created. As usage forms of the copyrighted data D11, D12, and D13, all of them are used like the copyrighted data D11 shown in 34, and a part thereof like the copyrighted data D12 shown in 35. Are used, or modified and used like copyrighted data D13 shown in 36.

Processing of copyrighted data is performed by linking and quoting copyrighted data in units of objects and performing superposition / combination, and such superposition and combination can be freely performed. . Further, other items can be added to the copyrighted data 37 that has been superposed / combined in this way. The copyrighted data D2j newly created in this way is configured as a collection of objects.

In the plaintext secondary copyright-added data D2j created in this way, the secondary copyright of the primary user 13 who has newly processed is generated in addition to the copyright of the primary copyright-added data D1i. In order to exercise this secondary copyright, it is necessary to encrypt the plaintext secondary copyrighted data. For this purpose, the primary user 13 prepares the third encryption key K3j and the plaintext copyrighted data D2j 3 Encrypt using the encryption key K3j,
ED2j = E (K3j, D2j)
The data is supplied to the secondary user 19 by copying it to the external storage medium 18 or transferring it via the network system 14. Further, the third encryption key K3j is registered in the key management center 12 so that the tertiary user can easily obtain the third encryption key K3j. By registering the third encryption key K3j, the secondary copyright of the primary user 13 is recorded in the key management center 12.

At this time, the primary user 13 sends the key management center 12 with the third encryption key K3j in addition to the plurality of third encryption keys K3j corresponding to the number of created secondary copyrighted data. Number, primary copyrighted data used, information on other copyrighted data linked to the copyright management program, access path to the copyrighted data used, and copyrighted data used Application programs and copyrighted material explanations.

The secondary user 19 who desires to use the supplied encrypted secondary copyrighted data D2j requests the key management center 12 to distribute the third encryption key K3j. The key management center 12 that has received the distribution request for the third encryption key K3j distributes the third encryption key K3j to the secondary user 19 via the network system 14. Receiving the third encryption key K3j, the secondary user 19 uses the third encryption key K3j to decrypt and plainly use the encrypted secondary copyrighted data ED2j.

Upon receiving the third encryption key K3j, the copyright management program PC attaches a copyright label LC2j to each copyrighted data D2j so that it can be used by the secondary user. At this time, the link between the newly created copyrighted data and the copyrighted data, which is an object linked to the newly created copyrighted data, is released. At the time of release, the substance of the used copyrighted data that was only linked is embedded in the new copyrighted data ED2j, so that the copyrighted work can be distributed only with the ED2j file. Also in this case, when the encrypted copyrighted data ED2j is used again, decryption and encryption are performed using the third encryption key K3j.

The key management center returns the third encryption key K3j to the request source and performs accounting processing based on the copyright labels LC1 and LC2. The copyrighted data owner can change his / her copyrighted data access path by applying to the key management center. The owner of the copyrighted data can process (modify) his / her copyrighted data with the third encryption key K3j, and can also register with another key.

The block diagram of the data copyright management system which this invention makes object. 1 is a schematic configuration diagram of an embodiment of a data copyright processing system according to the present invention. The conceptual diagram explaining the restriction | limiting of the primary use which the copyright management program PC performs in this invention. The conceptual diagram explaining the restriction | limiting of the data processing utilization which the copyright management program PC performs in this invention. Explanatory drawing of the creation of new copyrighted data using a plurality of copyrighted data as objects.

Explanation of symbols

1, 11 Database 2, 12 Key management center 3 User 4 Network system 5, 6, 15, 16 Information provider 11 Database 12 Key management center 13 Primary user 14 Network system 17 Information recording medium 18 External storage medium 19, 24 2 Next user 20 Primary user device 21 Storage device 22 Display device 23 Printing device 24 Secondary user 30 New copyrighted data 31, 32, 33 Copyrighted data D General data D1 Primary copyrighted data D1i Plain text primary Copyrighted data D1i 'Processing plaintext primary copyrighted data D2j Plaintext secondary copyrighted data ED1i Encryption primary copyrighted data ED2j Encryption data K1i 1st encryption key K3j 3rd encryption key PC Copyright management program

Claims (12)

A first key storage step in which the storage unit stores a first key used for encrypting the first encrypted data;
A management unit, a first key management step of associating a first label corresponding to the first key with the first key;
A receiving step in which the management unit receives the first label from the terminal that has acquired the first encrypted data with the first label;
A first key search step in which a management unit searches the storage unit for the first key corresponding to the first label;
A first key transmitting step in which the management unit transmits the first key found in the first key searching step to the terminal;
A key management method characterized by comprising: A first key storage step in which the storage unit stores a first key used for encrypting the first encrypted data;
A first encrypted data storing step in which a database stores the first encrypted data;
A management unit, a first key management step of associating a first label corresponding to the first key with the first key;
A receiving step in which the management unit receives the first label from the terminal that has acquired the first encrypted data with the first label;
A first key search step in which a management unit searches the storage unit for the first key corresponding to the first label;
A key management method comprising: a first key transmission step in which a management unit transmits the first key found in the first key search step to the terminal.   The key management method according to claim 1, further comprising: a charging step for charging a user of the terminal to which the first key is transmitted.   2. The usage status grasping step for grasping a usage status of the first encrypted data based on transmission of the first key to the terminal. 2. The key management method according to 2.   The key management method according to claim 4, further comprising: a usage status recording step in which the management unit records usage by the terminal as usage status of the first encrypted data. A key storage step in which the storage unit stores a plurality of keys used for encryption of each of the plurality of encrypted data;
A key management step in which a management unit manages a label for identifying the key in association with the plurality of keys;
A receiving step in which the management unit receives a label transmitted from the terminal that has acquired the encrypted data with the label;
A management unit searches the storage unit for a key corresponding to the transmitted label from the plurality of keys, and transmits a key corresponding to the label found by the key search step to the terminal A key transmission step to perform,
A key management method characterized by comprising: A storage unit for storing a first key used for encrypting the first encrypted data;
The first key is managed by associating the first label corresponding to the first key with the first key, and the first encrypted data with the first label is acquired from the terminal that has acquired the first key. A management unit that, when receiving one label, searches the storage unit for the first key corresponding to the first label and transmits the found first key to the terminal. Key management device. A storage unit for storing a first key used for encrypting the first encrypted data;
The first key is managed by associating the first label corresponding to the first key with the first key, and the first encrypted data with the first label is acquired from the terminal that has acquired the first key. When receiving one label, a key management unit having a management unit that searches the storage unit for the first key corresponding to the first label and transmits the found first key to the terminal;
A database for storing the first encrypted data;
A key management device comprising: The key management device according to claim 7 or 8, wherein the management unit transmits the first key to the terminal and charges the user of the terminal.   The key management apparatus according to claim 7 or 8, wherein the management unit grasps a usage status of the first encrypted data based on transmission of the first key to the terminal.   The key management apparatus according to claim 10, wherein the management unit records usage by the terminal as a usage status of the first encrypted data. A storage unit for storing a plurality of keys used for encrypting each of the plurality of encrypted data;
The label for identifying the key is managed in association with the plurality of keys, and when the label transmitted from the terminal that has acquired the encrypted data with the label is received, the transmission from the plurality of keys is performed. A key management device, comprising: a management unit that searches the storage unit for a key corresponding to the label that has been found and transmits the found corresponding key to the terminal.

Images