JP2011250068A - Download terminal, viewing terminal, recording medium, content downloading and writing method, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a download terminal that has a function of causing time-acquisition-origin server information with a distributing signature attached thereto to be verified and safely usable even by a viewing terminal having no distributing root certificate.SOLUTION: A download terminal 500 verifies a public key certificate included in time-acquisition-origin information 113 with a distributing root certificate 151. When successfully verifying the public key certificate, the download terminal 500 verifies validity of a signature on the basis of a public key, a time-acquisition-origin URI, and a signature value that are included in the public key certificate. When successfully verifying the validity of the signature, the download terminal 500 generates a signature value NS for medium on the basis of a secret key 525 for medium and the time-acquisition-origin URI, and writes, in a recording medium 511, as time-acquisition-origin information, a set of the time-acquisition-origin URI, the signature value NS for medium, the public key certificate for medium, which includes a public key to be paired with the secret key for medium.

Description

  The present invention relates to a technique for downloading movies, music, and the like over the Internet and writing them to a recording medium.

  In recent years, with the development of the Internet, techniques for downloading and playing back movies, music, and the like are becoming common. As a typical example, many services for downloading contents via a network from a server that distributes contents such as movies and music to PCs, AV devices, mobile phones, and portable devices are provided.

  In this type of content distribution service, a sold-out content sale that allows users to permanently view the purchased content and a rental sale that allows the downloaded content to be viewed within a limited viewing time limit. There is.

  In the latter type of download-type rental sales, a content provider that supplies content typically operates a content server and a DRM (digital rights management) server, and a content receiver on the viewer side is a content server. The encrypted rental content is downloaded from the DRM server, and the decryption key of the encrypted content and the content viewing conditions are acquired from the DRM server. The content viewing conditions include viewing time limit information for permitting viewing of the content, content duplication conditions, and the like.

  When playing the rental content, the content receiver refers to the viewing time limit specified by the DRM server. If the viewing time limit has not been exceeded, the content receiver starts playing the content, and if the viewing time limit has been exceeded, Perform content deletion.

  In addition, the content receiver may write the rental content to a replaceable medium such as an SD card together with the viewing deadline. In this case as well, the SD card playback terminal tries to play the rental content or finishes playing the rental content. The viewing time limit of the content is inspected, and if the viewing time limit is exceeded, the content is deleted.

  Furthermore, depending on the rental content usage permission conditions, it is required to obtain time information (such as the current time) from a reliable time source and more strictly verify the viewing time limit. Time sources used include TOT (Time Offset Table) included in digital broadcast waves, standard radio signals transmitted from radio stations, time servers on the network, etc., and the aforementioned DRM server also provides time information. Sometimes. When the download terminal acquires time information via the network, the download terminal obtains a URI (Uniform Resource Identifier) from the meta information file attached to the content, and accesses the URI as necessary. Get time information.

  The URI of the time information acquisition destination may be accompanied by a digital signature for verifying whether the notation is valid (has not been tampered with). The reason for the attachment is that the URI is falsified so that the server that passes illegal time information is the acquisition destination, and as a result, incorrect time information is passed to the download terminal, resulting in the viewing time limit being exceeded. This is because content that has not been viewed is deleted, or content that is outside the viewing deadline is played back.

  As a conventional method for verifying whether the URI is correct, for example, there is a method described in Patent Document 1.

  Hereinafter, such time information acquisition processing in a conventional download terminal will be described with reference to FIGS.

  FIG. 15 is a block diagram illustrating the configuration of a conventional download terminal 100. The downloader 110 downloads the encrypted content from the content server 201 connected via the Internet and stores it as the content 111, acquires the license of the downloaded content 111 from the license server 202, and stores it as the license 112. Further, the downloader 110 acquires a time information file including a time acquisition destination URI, a signature value, and public key certificate data from a meta information file attached to the content from the content server 201 and accumulates it as time acquisition destination information 113. To do.

  When the reproduction control unit 120 is instructed to reproduce any of the stored content by an instruction (not shown) from the user, the reproduction control unit 120 controls the license management unit 130 to read the license 112 of the target content 111 and to view the viewing condition. If the content decryption key is confirmed, the content decryption key is set in the decryptor 140, and the encrypted content 111 is read and decryption / reproduction is started.

  The above viewing conditions are confirmed as follows. That is, the first time management unit 150 refers to the time acquisition destination information 113, verifies the time acquisition destination URI using the signature value, the certificate data, and the distribution route certificate 151, and the time acquisition destination URI is valid. If it is, the time information is acquired from the time information server 203 indicated by the time acquisition destination URI. Then, the first time management unit 150 transmits the acquired time information in response to a request from the reproduction control unit 120.

  FIG. 16 is a diagram showing conventional time acquisition destination information 113. The time acquisition destination information 113 includes a time acquisition destination URI 114 including a URI of the time information server 203, a signature value 115 of the time acquisition destination URI 114, and a public key certificate obtained by converting a public key certificate for verifying the signature value 115 into data. Book data 116. The public key certificate 117 obtained by analyzing the public key certificate data 116 includes at least a public key 118 that is paired with the private key that created the signature value 115 and the validity of the public key certificate. A root signature 119 is included.

  FIG. 17 shows a conventional distribution route certificate 151. The distribution root certificate 151 includes a root public key 152 for verifying a root signature attached to a public key certificate issued by a distribution root server (not shown), and the validity of the root public key is verified. A self-root signature 153 created with a private key paired with the root public key is included so that it can be done.

  FIG. 18 is a flowchart illustrating processing in the first time management unit 150 when a current time acquisition request is received from the playback control unit 120 in a conventional download terminal. First, the first time management unit 150 reads a set of the time acquisition destination URI 114, the signature value 115, and the public key certificate data 116 from the time acquisition destination information 113 (step S301). Then, the first time management unit 150 verifies the validity of the root signature 119 included in the public key certificate data 116 using the root public key of the distribution root certificate 151 (step S302).

  If the verification is successful, the validity of the signature value 115 is verified from the public key 118 included in the time acquisition destination URI 114, the signature value 115, and the public key certificate data 116 (step S304). If the verification is successful, the current time is acquired from the time information server 203 indicated by the time acquisition destination URI (step S306), and the response is made to the reproduction control unit 120 (step S307). When validity verification fails (N in step S303 or step S305), an acquisition failure is returned to the reproduction control unit 120.

JP 2008-59550 A

  By the way, when the content sold for rental is written on a removable medium such as an SD card and viewed on a portable terminal or the like, it is required to use the content in accordance with the use permission condition. Depending on the content, it is necessary to check the viewing deadline with the time information obtained from a reliable time source, so it is possible to write the time acquisition destination URI to the SD card together with the content and conditions such as the viewing deadline and use it on the portable terminal. Conceivable.

  However, since portable terminals mainly use contents stored in media such as SD cards, there are cases where the portable terminal is not equipped with a distribution root certificate for verifying the time acquisition destination URI. Many. In addition, even if the distribution root certificate is installed in the portable terminal, it is necessary to implement to store the distribution root certificate safely and to add a new module to verify the signature for distribution. There was a problem that the production cost would be increased.

  In consideration of the problems of the conventional content distribution technology, the present invention uses a time certificate acquired from a reliable time source and rents content that needs to be checked for a viewing deadline as a distribution root certificate. An object is to provide a download terminal or the like that can be written to media so that it can be used even by a viewing terminal that does not have it.

The first aspect of the present invention is
Download copyright-protected content from the content server,
A license for writing the content to a portable medium from a license server, and obtaining a writing license having a viewing condition including information defining a viewing period or a viewing time limit of the content;
A download terminal capable of writing the content to the portable medium in accordance with the writing license;
A content download unit for downloading the content;
A license acquisition unit for acquiring the export license;
Time acquisition for acquiring time acquisition destination information from an external server, including a location address of the time information for confirming the viewing condition of the content and a first signature for ensuring the validity of the time information location address The information acquisition department,
A first time management unit that verifies the validity of the time acquisition destination information by means of a distribution root certificate that it has,
When the verification by the first time management unit is successful, a signature conversion unit that generates the second signature NS of the time acquisition destination information using a media private key that is different from the first signature generation key When,
A public key paired with the content, an inherited license including at least the same viewing condition as the viewing condition included in the write license, the time acquisition destination information, the second signature, and the media secret key And a portable medium read / write unit that writes the media root signature for verifying the validity of the public key to the portable medium.

The second aspect of the present invention
A viewing terminal capable of reproducing the copyright-protected content from the portable medium in the download terminal of the first invention,
A reading unit that reads out the content, the inherited license, the time acquisition destination information, the second signature, a public key that is paired with the media private key, and the root signature from the portable medium; ,
The read time acquisition information is verified using the second signature and the public key, and if the verification is successful, an external server having a location address of the time information based on the time acquisition information A second time management unit for obtaining the time information;
And a playback control unit that determines whether or not the content can be played back based on the acquired time information.

The third aspect of the present invention provides
An area for recording copyright-protected content downloaded from the content server;
An area for accumulating viewing conditions for the content, including information defining a viewing deadline or a viewing period of the content;
Time acquisition destination information used when checking the viewing time limit or the viewing period, a signature value generated from the time acquisition destination information, and a public key paired with the secret key that generated the signature value A recording medium including a secure storage area that is recorded and requires authentication at the time of viewing.

The fourth invention relates to
Download copyright-protected content from the content server,
A license for writing the content to a portable medium from a license server, and obtaining a writing license having a viewing condition including information defining a viewing period or a viewing time limit of the content;
A content downloading / writing method in a download terminal capable of writing the content to the portable medium in accordance with the writing license,
A content download step for downloading the content;
A license acquisition step of acquiring the export license;
Time acquisition for acquiring time acquisition destination information from an external server, including a location address of the time information for confirming the viewing condition of the content and a first signature for ensuring the validity of the time information location address Ahead information acquisition step,
A first time management step of verifying the validity of the time acquisition destination information by a distribution root certificate that the self has,
A signature conversion step of generating a second signature NS of the time acquisition destination information using a media private key that is different from the first signature generation key when verification by the first time step is successful; ,
A public key paired with the content, an inherited license including at least the same viewing condition as the viewing condition included in the write license, the time acquisition destination information, the second signature, and the media secret key And a portable medium read / write step of writing a media root signature for verifying the validity of the public key to the portable medium.

The fifth aspect of the present invention relates to
At least the content download / write-out method of the fourth aspect of the present invention,
The content download step for downloading the content;
The license acquisition step of acquiring the export license;
The time acquisition destination information is acquired from the external server, including a location address of the time information for confirming the viewing condition of the content and a first signature for guaranteeing the validity of the time information location address Time acquisition destination information acquisition step,
The first time management step of verifying the validity of the time acquisition destination information by a distribution root certificate that the self has,
The signature conversion that generates the second signature NS of the time acquisition destination information by using a media private key that is different from the generation key of the first signature when verification by the first time management step is successful Steps,
A public key paired with the content, an inherited license including at least the same viewing condition as the viewing condition included in the write license, the time acquisition destination information, the second signature, and the media secret key And a portable medium read / write step of writing a media root signature for verifying the validity of the public key to the portable medium.

The sixth invention relates to
A recording medium on which the program of the fifth aspect of the present invention is recorded, and is a recording medium that can be processed by a computer.

  As described above, the present invention can use rental contents that require confirmation of a viewing deadline using time information acquired from a reliable time source even on a viewing terminal that does not have a distribution route certificate. Can be exported to media.

It is a block diagram of a download terminal in an embodiment of the invention. It is a block diagram of a viewing terminal in an embodiment of the present invention. It is a schematic diagram showing the viewing license and the writing license in the embodiment of the present invention. (A) is a diagram showing a license list of viewing licenses in the embodiment of the present invention, and (b) is a diagram showing a license list of write-out licenses. It is a time acquisition destination list | wrist which is a specific form of time acquisition destination information about each content accumulate | stored in the download terminal in embodiment of this invention. It is a flowchart showing the content viewing-and-listening start process on a download terminal in embodiment of this invention. It is a flowchart of the process which writes content in a recording medium in embodiment of this invention. It is a flowchart showing the process at the time of starting viewing / listening of the content on a recording medium with a viewing-and-listening terminal in embodiment of this invention. It is a flowchart showing the viewing-side license issuing process by the server side in embodiment of this invention. It is a schematic diagram showing the writing license with a viewing period in the embodiment of the present invention. It is a figure showing the license list | wrist of the writing license containing the writing license with a viewing-and-listening period in embodiment of this invention. It is a flowchart of the process which writes content on a recording medium using the license with viewing-and-listening period in embodiment of this invention. It is a flowchart showing the process at the time of starting viewing / listening with the viewing terminal on the content with the viewing / listening period set in the embodiment of the present invention. It is a flowchart of the writing license grant process by the server side in embodiment of this invention. It is the block diagram explaining the structure of the conventional download terminal. It is a schematic diagram showing the conventional time acquisition destination information. It is a schematic diagram showing the conventional root certificate for distribution. It is the flowchart explaining the time acquisition process in the conventional download terminal.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. Hereinafter, parts having the same functions as those in the conventional example are denoted by the same reference numerals, and detailed description thereof is omitted.

  FIG. 1 is a block diagram of a download terminal 500 in the present embodiment. In this download terminal 500, the reading / writing unit 510 of the recording medium (portable medium) writes the accumulated content 111 to the recording medium 511 in accordance with an instruction (not shown) from the user, This is means for copying the license 112 related to all of the licenses to the recording medium 511, reading data from the recording medium 511, and copying the media public key certificate 515 to the recording medium 511.

  Further, the recording medium read / write unit 510 is a unit that reads the time acquisition destination information 113 and passes it to the signature conversion unit 520 or writes the data received from the signature conversion unit 520 to the recording medium 511.

  The first time management unit 150 is means for verifying the time acquisition destination information 113 with the distribution route certificate 151.

  The signature conversion unit 520 is a means for creating a signature value NS that is a card signature with the media private key 525.

  The other downloader 110, reproduction control unit 120, license management unit 130, and the like are the same units as the corresponding units of the conventional download terminal 100. The downloader 110 is an example of a unit that also serves as the content download unit, license acquisition unit, and time acquisition destination information acquisition unit of the present invention.

  The license server 202 is a server that issues a writing license in addition to the viewing license.

  FIG. 2 is a block diagram of viewing terminal 600 in the present embodiment. When the reproduction control unit 620 is instructed to reproduce any of the contents stored on the recording medium 511 by an instruction (not shown) from the user, the reproduction control unit 620 controls the license management unit 630 to license the target content 611. When the content is read and the viewing conditions are confirmed and satisfied, the content decryption key is set in the decryptor 640 and the encrypted content 611 is read from the recording medium 511 and decryption / reproduction is started. Note that the reading unit 660 is means for reading the content 611 and the license 612.

  The license management unit 630 is the same as the license management unit 130 of the download terminal 500 except that the license 612 is read from the recording medium 511. The decoder 640 is the same as the decoder 140 of the download terminal 500.

  The second time management unit 650 is similar to the first time management unit 150 in the download terminal 500 except that the second time management unit 650 performs signature verification using the media root certificate 651 instead of the distribution route certificate 151. It is.

  Here, the viewing terminal 600 uses a root certificate for verifying whether or not the recording medium 511 is properly manufactured (not revoked) in order to safely handle the authentication mechanism of the recording medium 511. Have in advance. For example, if the content is written on a recording medium whose protection strength is intentionally lowered so that the content can be easily copied, the content cannot be handled safely. As the media root certificate 651, it is assumed that such a root certificate used for authenticating the recording medium 511 is used.

  Next, there are two types of licenses 112, and FIG. 3 is a diagram showing a viewing license and a writing license in the present embodiment. The viewing license 700 includes a license type 701 indicating a viewing license, a content ID 702 that is an identifier of the target content, a decryption key 703 for decrypting the encrypted content, and a viewing that indicates an absolute date and time when the target content is allowed to be viewed. It consists of a time limit start 704 and a viewing time limit end 705. Note that the viewing expiration date start 704 or the viewing expiration date end 705 may not be specified. For example, when neither the viewing deadline start 704 nor the viewing deadline end 705 is designated, it indicates that the viewing is possible permanently. When only the viewing deadline start 704 is designated, viewing is not possible until the designated date and time, but viewing is possible after the viewing deadline starts.

  In the write license 710, a media type 711 indicating a medium that can be written with this license is added to the viewing license 700.

  FIG. 4 shows a specific form of the license list 720 for each content of the two types of licenses 112 stored in the download terminal 500 in the present embodiment. 4A shows the license list 720 of the viewing license 700, and FIG. 4B shows the license list 720 of the write license 710. The license 612 written to the recording medium 511 also takes the same form as that shown in FIG.

  FIG. 5 is a time acquisition destination list 730 which is a specific form of the time acquisition destination information 113 for each content stored in the download terminal 500 in the present embodiment. In this time acquisition destination list 730, time acquisition destination information 113 is stored in association with a content ID 702 that is an identifier of each target content. The time acquisition destination information 613 recorded on the recording medium 511 also takes the same form.

  FIG. 6 is a viewing start processing flowchart in the download terminal 500 in the present embodiment. First, the license list 720 of the viewing license 700 is searched to check whether or not the viewing license 700 for the content has been acquired (step S801). If it has not been acquired, the viewing license 700 is acquired from the license server 202 (step S802). Next, referring to the values of the viewing deadline start 704 and the viewing deadline end 705 of the viewing license 700, if the viewing deadline is not set (N in step S803), the reproduction of the content is started (step S808).

  If the viewing time limit has been set (Y in step S803), an entry including the content ID of the content is searched from the list 730 of the time acquisition destination information 113, and the time verification server 203 performs the above-described signature verification processing and the like. To acquire the current time (steps S804 to S805).

  If acquisition of the current time is successful (Y in step S806), the viewing time limit information is compared with the current time, and if the viewing time limit has expired, the content is deleted (step S810), and must be exceeded. Then, reproduction is started (step S808). If acquisition of the current time has failed (N in step S806), appropriate error processing is performed and the process ends (step S809).

  FIG. 7 is a flowchart of the recording medium writing process in the download terminal 500 in the present embodiment. First, the license list 720 of the export license 710 (FIG. 4B) is searched for the content to be exported, and it is confirmed whether or not the export license 710 for exporting the export target content to the recording medium 511 has been acquired. Alternatively, if there is no license suitable for the export destination (N in step S820), the content export license 710 is acquired from the license server 202 (step S821). If the acquired license has already been acquired (Y in step S820), the writing license 710 that has been acquired is used to perform the writing process to the recording medium 511 as follows (step S822). .

  That is, when the viewing deadline is set for the content, the time acquisition destination information 113 corresponding to the content is extracted from the time acquisition destination information list 730 even if the viewing is not started. The signature verification process is performed using the certificate 151 (step S825). If the signature verification is successful (Y in step S826), a new signature value NS is generated from the time acquisition destination URI included in the time acquisition destination information 113 and the media private key 525 provided by itself (step S827). Then, the time acquisition destination URI, the signature value NS, and the media public key certificate 515 including the media public key and media root signature corresponding to the media secret key 525 are recorded as time acquisition destination information NT. Write to 511 (step S828).

  Thereafter, the contents of the write license 710 are copied to the list of licenses 612 of the recording medium 511 (step S829), and the process ends.

If the viewing deadline is not set for the content (N in step S823), the process of steps S824 to S828 is skipped and step S829 is executed. If the signature verification of the time acquisition destination information fails (N in step S826), an appropriate error process is performed and the writing process is terminated (step S830).
It should be noted that such an area for recording copyright-protected content downloaded from the content server and an area for accumulating the viewing conditions for the content, including information for defining the viewing deadline or viewing period of the content A time acquisition destination information used when confirming the viewing time limit or the viewing period, a signature value generated from the time acquisition destination information, and a public key paired with the private key that generated the signature value; The recording medium 511 (see FIG. 2), which includes a secure storage area that requires authentication at the time of viewing, is an example of the recording medium of the present invention.

  FIG. 8 is a flowchart of a viewing start process for the content 611 recorded on the recording medium 511 of the viewing terminal 600 according to this embodiment. First, the license 612 of the content 611 is searched from the recording medium 511 (step S841). If the viewing time limit is not set in the license 612 (N in step S842), the reproduction of the content 611 is started. If the viewing time limit is set (Y in step S842), the time acquisition destination information NT corresponding to the content 611 is extracted from the time acquisition destination information 613 on the recording medium 511 (step S843), and the media root certificate is extracted. After verifying the media root signature included in the media public key certificate 515 using the media root public key included in 651, signature verification of the signature value NS is performed (step S844).

  If the signature verification fails, appropriate error processing is performed (N in step S845), and if the signature verification is successful (Y in step S845), the current time is acquired from the time information server indicated by the time acquisition destination URI (step S846). . Henceforth, it is the same as the viewing start process in the download terminal 500. (Steps S847 to S852).

  FIG. 9 is a flowchart of the viewing license grant process of the license server 202 in the present embodiment. Upon receiving a viewing license request from the download terminal 500, the license server 202 checks whether it is the first viewing license request for the content from its history information (not shown) based on the content ID ( In step S860), if it is the first time, the viewing time limit for the content is determined based on the current time, and then the viewing license with the viewing time limit for the content is returned to the terminal (step S861).

  As described above, to summarize the operation of the characteristic part of the present embodiment, the download terminal 500 verifies the public key certificate 117 included in the time acquisition destination information 113 with the distribution root certificate 151. If the verification is successful, the validity of the signature is verified from the public key 118, the time acquisition destination URI 114, and the signature value 115 included in the public key certificate 117. If the signature verification is successful, the download terminal 500 generates a media signature value NS from the media private key 525 and the time acquisition destination URI 114. Then, a set of the time acquisition destination URI 114, the media signature value NS, and the media public key certificate 515 including the public key paired with the media private key is written in the recording medium 511 as the time acquisition destination information 613.

  By the way, as the writing license 710, a writing license with a viewing period 732 including a viewing period indicating a usable period from the first viewing may be used.

  FIG. 10 shows a specific form of the writing license with viewing period 732 in the present embodiment. The writing license with viewing period 732 includes a column indicating a viewing period 731 indicating a usable period from the first viewing in addition to the configuration of the writing license 710 described above. In this example, it is 2 days. N / A is entered in each of the viewing expiration date start 704 column and the viewing expiration date end 705 column.

  FIG. 11 shows a specific form of the license list 740 including the writing license with viewing period in the present embodiment. That is, content # 1 is a writing license in which the above-described viewing time limit is written as a specific time, but content # 2 is a writing license with a viewing period. Here, in addition to the structure of the license list 720 including the writing license, a column indicating the viewing period 731 is included.

  FIG. 12 is a flowchart showing processing in the download terminal 500 in the case where contents are written to the recording medium 511 using the writing license with viewing period 732 according to the present embodiment. The content 111 is written to the recording medium 511 using the writing license with viewing period acquired from the license server 202 (step S871). Next, the time acquisition destination information 113 corresponding to the content 111 is extracted from the time acquisition destination information list (step S824), and the time acquisition destination information and the contents of the license are written to the recording medium 511 in the same manner as in FIG. Step S825 to Step S830). In the case of this export license with a viewing period, there is no check that there is no viewing time limit.

  FIG. 13 shows processing when the viewing terminal 600 starts viewing the content 611 for which the viewing period on the recording medium 511 is set (and the viewing deadline start and the viewing deadline end are not set) in this embodiment. It is the flowchart demonstrated. The search for the license 612 of the content 611 from the recording medium 511 (step S841) is the same as in FIG.

  Next, the time acquisition destination information 613 corresponding to the content 612 is extracted from the time acquisition destination information list on the recording medium 511 (step S843), and the time information server 203 indicated by the time acquisition destination URI is subsequently shown in FIG. To obtain the current time (steps S844 to S847, S851). Then, the absolute time of the viewing deadline start and the viewing deadline end is calculated from the current time and the viewing period and reflected in the license. (S881). Henceforth, it is the same as that of the viewing start process in FIG. (Steps S848 to S849, S852).

  FIG. 14 is a flowchart of the writing license grant process in the license server 202. Upon receiving the request for the writing license from the download terminal 500, the license server 202 searches its own history information (not shown) to determine whether or not the viewing period of the content has already been determined (step S891). If it is unconfirmed, the writing license with viewing period 732 is returned to the download terminal 500 (steps S892 and S893).

  As described above, when writing download content that requires time acquisition from a reliable time source to a recording medium such as an SD card, the time acquisition source information corresponding to the content is verified and the time acquisition source information is verified. A media signature is generated from the time acquisition destination URI and the media private key of the download terminal included in the file, and the time acquisition destination URI, the media signature, and the media public key certificate are stored in the recording medium as new time acquisition destination information. By writing out, the downloaded content can be viewed even on a viewing terminal that does not have a distribution route certificate.

  In the present embodiment, it has been described that the recording medium writing unit copies the license related to the content to the recording medium. However, instead of copying the license, it is converted into a parameter format of another copyright protection method and written. Also good. The content can be flexibly used by writing in a copyright protection system that is easy to process by the viewing terminal from the viewpoint that the processing load of the CPU is small, the memory used is small, and the reproduction compatibility is high.

  In the present embodiment, the viewing license, the writing license shown in FIG. 3, and the writing license with a viewing period shown in FIG. 10 are merely examples, and the content description and configuration of the license are not specified.

  In the present embodiment, the content of the time acquisition destination list shown in FIG. 5 is merely an example, and does not define the content notation or configuration of the time acquisition destination list. It goes without saying that the same effect can be obtained even if there is no entry corresponding to the content that does not require time acquisition.

  In the present embodiment, it has been described that when content is written on a recording medium, the content of the content writing license is copied. However, when the content is re-encrypted using unique information of the recording medium, the content is written. A license having a decryption key different from the decryption key included in the write license is written to the recording medium.

  In this embodiment, providing the download terminal with the media root certificate is beneficial because the content on the recording medium can be reproduced in the same manner as the viewing terminal.

  The program of the present invention is a program that causes a computer to execute at least the operation of each step of the above-described download / write-out method of the present invention, and is a program that operates in cooperation with the computer.

  The recording medium of the present invention is a recording medium that records a program that causes a computer to execute all or part of the operations of the above-described downloading / writing method of the present invention. The recorded program is a recording medium for executing the operation in cooperation with the computer.

  The above steps of the present invention mean all or a part of the operations of the steps.

  Further, one usage form of the program of the present invention may be an aspect in which the program is recorded on a recording medium such as a ROM readable by a computer and operates in cooperation with the computer.

  Also, one use form of the program of the present invention is an aspect in which the program is transmitted through a transmission medium such as the Internet and a transmission medium such as light, radio wave, and sound wave, read by a computer, and operates in cooperation with the computer. Also good.

  The computer of the present invention described above is not limited to pure hardware such as a CPU, and may include firmware, an OS, and peripheral devices.

  As described above, the configuration of the present invention may be realized by software or hardware.

  As described above, the present invention can use rental contents that require confirmation of a viewing deadline using time information acquired from a reliable time source even on a viewing terminal that does not have a distribution route certificate. Thus, it is effective in the technical field of downloading and playing back movies, music, etc. over the Internet or the like.

111 Content 112 License 113 Time acquisition destination information 130 License management unit 150 First time management unit 151 Distribution route certificate 201 Content server 202 License server 203 Time information server 500 Download terminal 510 Recording medium read / write unit 511 Recording medium (portable medium) )
515 Media public key certificate 520 Signature conversion unit 525 Media private key 600 Viewing terminal 611 Content 612 License 613 Time acquisition destination information 620 Playback control unit 630 License management unit 650 Second time management unit 651 Media root certificate 660 Read 710 Export license 720 License list 730 Time acquisition destination list 732 Export license with viewing period

Claims (6)

Download copyright-protected content from the content server,
A license for writing the content to a portable medium from a license server, and obtaining a writing license having a viewing condition including information defining a viewing period or a viewing time limit of the content;
A download terminal capable of writing the content to the portable medium in accordance with the writing license;
A content download unit for downloading the content;
A license acquisition unit for acquiring the export license;
Time acquisition for acquiring time acquisition destination information from an external server, including a location address of the time information for confirming the viewing condition of the content and a first signature for ensuring the validity of the time information location address The information acquisition department,
A first time management unit that verifies the validity of the time acquisition destination information by means of a distribution root certificate that it has,
When the verification by the first time management unit is successful, a signature conversion unit that generates the second signature NS of the time acquisition destination information using a media private key that is different from the first signature generation key When,
A public key paired with the content, an inherited license including at least the same viewing condition as the viewing condition included in the write license, the time acquisition destination information, the second signature, and the media secret key And a portable medium read / write unit that writes the media root signature for verifying the validity of the public key to the portable medium. A viewing terminal capable of reproducing the copyright-protected content from the portable medium in the download terminal according to claim 1,
A reading unit that reads out the content, the inherited license, the time acquisition destination information, the second signature, a public key that is paired with the media private key, and the root signature from the portable medium; ,
The read time acquisition information is verified using the second signature and the public key, and if the verification is successful, an external server having a location address of the time information based on the time acquisition information A second time management unit for obtaining the time information;
A viewing terminal comprising: a playback control unit that determines whether or not the content can be played back based on the acquired time information. An area for recording copyright-protected content downloaded from the content server;
An area for accumulating viewing conditions for the content, including information defining a viewing deadline or a viewing period of the content;
Time acquisition destination information used when checking the viewing time limit or the viewing period, a signature value generated from the time acquisition destination information, and a public key paired with the secret key that generated the signature value A recording medium comprising a secure storage area that is recorded and requires authentication when viewed. Download copyright-protected content from the content server,
A license for writing the content to a portable medium from a license server, and obtaining a writing license having a viewing condition including information defining a viewing period or a viewing time limit of the content;
A content downloading / writing method in a download terminal capable of writing the content to the portable medium in accordance with the writing license,
A content download step for downloading the content;
A license acquisition step of acquiring the export license;
Time acquisition for acquiring time acquisition destination information from an external server, including a location address of the time information for confirming the viewing condition of the content and a first signature for ensuring the validity of the time information location address Ahead information acquisition step,
A first time management step of verifying the validity of the time acquisition destination information by a distribution root certificate that the self has,
A signature conversion step of generating a second signature NS of the time acquisition destination information using a media private key that is different from the first signature generation key when verification by the first time step is successful; ,
A public key paired with the content, an inherited license including at least the same viewing condition as the viewing condition included in the write license, the time acquisition destination information, the second signature, and the media secret key And a portable medium read / write method for writing a media root signature for verifying the validity of the public key to the portable medium. The content download / write-out method according to claim 4,
The content download step for downloading the content;
The license acquisition step of acquiring the export license;
The time acquisition destination information is acquired from the external server, including a location address of the time information for confirming the viewing condition of the content and a first signature for guaranteeing the validity of the time information location address Time acquisition destination information acquisition step,
The first time management step of verifying the validity of the time acquisition destination information by a distribution root certificate that the self has,
The signature conversion that generates the second signature NS of the time acquisition destination information by using a media private key that is different from the generation key of the first signature when verification by the first time management step is successful Steps,
A public key paired with the content, an inherited license including at least the same viewing condition as the viewing condition included in the write license, the time acquisition destination information, the second signature, and the media secret key And a portable medium read / write step of writing to the portable medium a media root signature for verifying the validity of the public key. A recording medium on which the program according to claim 5 is recorded, the recording medium being processable by a computer.

Images