JP2012108639A - Browsing/viewing system for removable storage media - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a browsing/viewing system for removable storage media in which, when a medium to which a reservation for purchasing specific contents beforehand has been set is purchased, a viewing program corresponding to a viewing terminal and contents can be downloaded and thereafter, utilization by any other devices than a proper device is restricted, thereby preventing contents from being copied.SOLUTION: A password is imparted to a proper medium 100 beforehand and registered while being paired with originally added information specific for the medium 100, matching of the pair is used for authentication to confirm a proper owner and if authenticated, storage of contents is permitted. Thereafter, the eigen-information of the medium 100 is encrypted with eigen-information of a designated viewing terminal 110 and in use, when the eigen-information of the viewing terminal 110 can be restored by decrypting operation, the proper combination is authenticated. The contents are then decrypted using a similarly decrypted decryption code, thereby enabling viewing. Therefore, viewing is disabled in copying to other media or in use with other terminals.

Description

  The present invention guarantees that a specific content requiring copyright protection is downloaded to a predetermined removable storage medium via a network, and further, by combining a specific content browsing / viewing device, The present invention relates to a technology capable of protecting contents by invalidating illegal copies by using unique information for authentication and encryption.

  Memory cards have been used for temporary storage and storage of information due to the convenience of removable media. In recent years, with the development of memory card capacity increasing technology, it has been attracting attention as a permanent storage medium for contents that require large capacity such as viewing information such as movies and music, novels, educational information including image information and audio, etc. As a result, commercial media for these contents are now available.

  The memory card is a non-volatile storage medium and can be rewritten. Content can be downloaded and stored on the memory card via the network. You can browse, view, and edit the content stored on the memory card many times. Due to such features, convenience as a bridge medium that enables delivery of content is highly appreciated. Furthermore, if the capacity is increased and the cost can be reduced appropriately, it is presumed that contents such as movies that have been stored on DVD and marketed until now will be stored on a memory card and sold.

  However, the convenience of the memory card is an obstacle to the protection of copyrighted content. Copy protection and data alteration of the memory card are easy, so copy guard is the most necessary protection function for content protection, and technical measures such as being unusable because it is encrypted even after copying are required Become. One example is CPRM (abbreviation of Content Protection for Recordable Media, registered trademark). CPRM is a copy control technology for copyright-protected digital broadcast video content, but is also applied to an SD memory card. By adopting CPRM, it is possible to obtain an advantage that the content is encrypted.

  However, the troublesome point of removable media such as memory cards is that even if the content is authorized and received, once it is stored in the memory card, it must be an expert who is familiar with the memory card. For example, it is relatively easy to break the copy guard and illegally copy the content into a usable form. In order to solve this problem, Patent Document 1 encrypts content received from a network or the like to a memory card or the like by using a serial number unique to the terminal or an authentication code that is concealed only in the terminal and stored therein. A method that can be used only by a terminal equipped with the memory card has been proposed.

Patent document 2 collates the correctness by the following authentication method.
1) The accounting process is eliminated by selling the memory card itself storing the pre-encrypted content in-kind.
2) A code unique to a memory card such as a manufacturing number and a password (product number may be given) assigned to the memory card are registered in a set in a database.
3) At the beginning of use, a pair of the unique code of the memory card and the input password is checked in the database, and if the set matches, it is authenticated as use by a legitimate purchaser.
4) If authenticated, transfer the viewer program that matches the model of the viewing device and store it in the legitimate memory card that is installed.
5) Further, only the viewing device with the memory card attached is authorized as a device that can be viewed thereafter, and the code unique to the memory card is encrypted with a code unique to the device (for example, a telephone number for a mobile phone). Record in the memory card.
6) After the second use, the code unique to the encrypted memory card is decrypted with the code unique to the device, and when the code unique to the memory card is reproduced, it is authenticated as a valid combination.
In this way, the convenience of use is ensured by downloading the viewer program suitable for the viewing device, simple and reliable authentication, and copy protection is ensured.

The present invention is an invention using an authentication method which is the invention of Patent Document 2.

  Patent Document 3 is an invention that downloads and uses content. However, when downloading content, there is no leakage of the user's bank account or credit card number, and the payment and collection of charges can be performed safely. Prepaid billing data is recorded on a recording medium, and the fee is reduced each time a download is made. By this method, important information is not leaked, and it is possible to save the trouble of billing.

JP 2008-60703 A Japanese Patent Application No. 2009-120991 Japanese Patent Laid-Open No. 2001-60286

  However, in the method of Patent Document 1, encryption is not performed at the time of downloading or cataloging to a memory card, and content is encrypted only at the terminal side using its own terminal serial number as a key in the initial work. Content that can be used only by the terminal is generated. Before this encryption, an unauthorized copy content can be produced by a person with an unauthorized purpose.

  Thus, there is an unprotected state before the memory card is put in a copy guard state. In addition, transmission of unencrypted content and encryption after transmission is limited to small-scale content in consideration of encryption processing time.

  In view of this, as described in Patent Document 2, an encrypted content can be produced in advance and stored in a medium such as a memory card. In the production of a memory card storing commercially available content, it is not practical to encrypt the content uniquely for the memory card because of restrictions on the production environment, time, and cost. Usually, a large amount of content with the same code as the original content is produced.

  A system in which the use of a memory card storing content to be protected is limited to only a specific terminal is useful in that the memory card can be prevented from being stolen or illegally used. In addition, when the terminal is a mobile communication device such as a mobile phone, or when the media is a small external storage device that can be mounted in a removable manner, the function that limits the use to the combination is a powerful protection function. Become. This is realized by measures such as encrypting information on the memory card with a code unique to the terminal. That is, it is a method of logically associating (associating) with the other party. When they are separated, there is no information to associate the other party, and in the case of an inappropriate combination, the decrypted information has meaning. No. This method is the point of the invention adopted in Patent Document 2.

  Patent Document 1 describes that the authentication information and application program of the SD memory card are encrypted using the terminal-side serial number as an encryption key. In this case, the combination of the terminal and the SD memory card is executed even if it is not appropriate, and if it is not appropriate, meaningless access or processing is performed. This method is not recommended and it is preferable to determine whether it is appropriate before use. Further, protection of authentication information is an important invention point. However, since detailed description is not described in Patent Document 1, it is presumed that the authentication information held on the terminal side is probably an SD memory card. It is considered that it is used for verification. In this case, since the other party information remains after separation, the decryption and copy guard mechanisms may be elucidated from the SD memory card. Further, when changing the combination, authentication information and programs are encrypted with a code on the terminal side, so that the release and change are very troublesome and the safety of information is hindered.

  A commercially available memory card containing content is valuable because of the content. If the medium storing the content is removable, naturally, as the medium storing the content, the ownership is generated, and a function capable of transferring the ownership to another person is required. In addition, the same purchaser (owner) may change the combination due to failure of the terminal or replacement by purchase. At this time, if the combination cannot be changed or the change takes time and the situation where the safety is impaired occurs, the distribution of the media is hindered. That is, in the setting of encryption and authentication information, when one information is closely related to the other information, it is necessary to be able to cope with the change of the relationship.

  In this regard, Patent Document 2 stores encrypted content in advance, and is convenient for changing the owner of the memory card. In addition, the viewing program can be changed according to the model. However, there is a problem that the content cannot be replaced even if the model that uses the content is changed. When the model changes and the viewing program is switched, there is no guarantee that the content configuration does not need to be changed. In addition, content has been updated, and devices with large screens have appeared due to the recent development of mobile terminals. In this case, the content can be changed.

  Therefore, a method of downloading content can be considered, but the problem of security maintenance associated with billing and settlement emerges. In this respect, Patent Document 3 is a method of paying in advance and reducing the fee each time content is downloaded, and guarantees the certainty of billing, and important information such as credit cards at the time of settlement. It is safe in that it is not handled. However, it is still impossible to solve the problem because the management of the balance is necessary for both the content provider and the purchaser, and it is necessary to maintain the same level of security as the payment when the advance payment is delivered. Further, it is difficult to transfer purchased content, and the content cannot be handled as transferable property.

  The present invention has been made in order to solve the above-described problems, and is intended to prevent copying of content stored in a removable storage medium, and when the combination with a browsing / viewing terminal device as a reproduction means is valid In addition to being able to control usage only, the purchase of a removable storage medium that has been reserved to purchase specific content in advance can be used for billing and settlement processing without handling information such as bank accounts and credit card numbers. To provide a viewing / viewing system for removable storage media, which has no connection, can download viewing programs and contents suitable for viewing / viewing terminal devices, and can safely transfer removable storage media with simple operations. For the purpose.

  A viewing / viewing system for removable storage media according to the present invention has a removable storage media storing media-specific information and encrypted content, and the removable storage media is mounted, and the encrypted content is decrypted with a content decryption key. Viewing / viewing terminal device to be browsed / viewed, a password uniquely assigned to each removable storage medium as legitimate media, the unique media-specific information linked to this password, and the removable storage medium in advance When the structured information block, the media specific information, and the password, which are registered in association with each other, the content code, which is identification information about the encrypted content reserved for storage, is input, Media-specific information If there is a record with the structured key as a key, the medium authentication means for authenticating the removable storage medium associated with the input password, and the removable storage medium whose validity is authenticated by the media authentication means The structured information block based on the content code and the encrypted media unique information obtained by encrypting the media unique information using the unique device unique information as a key for the browsing / viewing terminal device equipped with the removable storage medium Authentication information storage means for storing the decryption key of the encrypted content read from the encrypted content decryption key using the device-specific information as a key in the removable storage medium, and storage designation in the removable storage medium The encrypted content Is stored in the structured information block based on the content code, and the encrypted content storage means for downloading to the removable storage medium, and when the removable storage medium is attached to the browsing / viewing terminal device, A combination of the removable storage medium and the browsing / viewing terminal device when the encrypted media specific information decrypted with the device specific information matches the media specific information stored in the removable storage medium. A combination authentication means that authenticates the combination, and the encrypted content decryption key stored in the removable storage medium in which the validity of the combination is authenticated is obtained by decrypting with the device-specific information of the viewing / viewing terminal device The content decryption key is used to store the removable storage media. Browsing / viewing means for decrypting the stored encrypted content for browsing / viewing is provided.

  Further, in the above invention, the browsing / viewing means converts the structured information block from the structured information block to a model of the browsing / viewing terminal apparatus based on the content code, to a removable storage medium that is authenticated by the media authentication means. A viewer program storage means for accessing and downloading a library in which a suitable viewer / viewer viewer program is located, and the encrypted content stored in the removable storage medium by loading the viewer program into the viewer / viewer terminal device And a viewer program execution means for browsing and viewing.

  Furthermore, in the above invention, it is preferable that the encrypted content storage unit includes a download for updating the encrypted content associated with the content code as long as the validity is authenticated by the media authentication unit.

  The download of the content at this time may be retransmission of the same content, or content with updated contents. As described above, the contents resending / updating function of the present invention can also be used for applications such as electronic weekly magazines and electronic newspapers that regularly send publications. Also, at the time of media transfer or rental, authentication information and a viewer program are retransmitted and stored in accordance with the terminal device of the next user, but the content is also retransmitted.

  The present invention adopts a form in which one type of content is reserved and stored by downloading, but it can take an application construction or service form that can be selected from a content group or a content menu. After the purchaser selects one content, the same authentication function and browsing / viewing function can be demonstrated.

  In the above invention, it is preferable that the authentication information storage means includes a process for processing the target data as one process of the encryption process of the media unique information and the encrypted content decryption key.

  Since the secret key encryption and decryption use the same key, the decryption key can be easily decrypted by comparing the original data before encryption and the data after encryption. Particularly in the present invention, since the authentication information is in the medium, the risk of decryption of the encryption algorithm is high. In order to prevent this, encryption processing and decryption processing can be performed irreversibly by adding bit operations and bit shifting processing before encryption, after encryption processing, or both. It becomes difficult to decipher. Bit shifting is an effective decryption defense means, but decryption becomes more difficult when key information is used. According to the present invention, when the value of the last byte of the device specific information is used for bit shifting, since the shifting information is in the key, it is completely hidden. In order to decipher this, there is a total check, but it is possible to give up deciphering by taking a long key.

  For encrypted content, it is preferable to compress the content before encryption. Furthermore, since the encryption / decryption key is 256 bytes or 512 bytes long, and a random source such as a random number gives strong security against the total number check, it is preferable.

  Furthermore, in the above invention, it is desirable that the media specific information and the encrypted content decryption key are stored in a protected area of the removable storage medium, and that the data access means is concealed in the protected area.

  A removable storage medium with a built-in controller that controls input / output of stored data, such as an SD memory card, is provided with a protected area where information that should be kept secret, such as authentication information, is stored and a special command is sent. There is something that can be accessed by using it. It would be preferable if such media could be used. Since the authentication information can be concealed by encryption even if there is no protected area, the present invention includes both the presence and absence of the protected area.

  In the above invention, it is preferable that the media-specific information is either media-specific manufacturing information set at the time of manufacturing the removable storage media or generated information for uniquely identifying the media.

  In a removable storage medium such as an SD memory card, manufacturing information is often stored in the medium at the time of manufacture. The production information includes a production number that is uniquely set, and can be used as media-specific information. The manufacturing information includes a controller for controlling the output of manufacturing information, and a special command for accessing the manufacturing information is prepared. This information also has the advantage that it cannot be updated or destroyed. However, in the case of a medium that does not have such a mechanism, it is necessary to generate and store unique information for each medium when the medium is manufactured or when a product is formed before sales. In this case, the generation method of the media specific information is preferably “year / month / day / hour / minute / second + random number”.

  In the above invention, it is desirable that the browsing / viewing terminal device is any one of a mobile phone, a portable information terminal, a tablet terminal, a personal computer, an educational information device, a car navigation device, or an information home appliance.

A device suitable for the present invention is equipped with an audiovisual device that can be mounted with a removable storage medium such as an SD memory card and can communicate with the Internet or the like. In addition to a mobile phone, a portable information terminal such as a smartphone and a tablet terminal such as iPhone (registered trademark) or iPad (registered trademark) are representative devices. Further, although there are many provisions in personal computers, educational information devices, car navigation devices or information home appliances, the present invention can be implemented.

  Furthermore, in the above invention, the device-specific information includes device-specific manufacturing information, a telephone number, an e-mail address, and information on a device accessory that can uniquely identify the device set when the browsing / viewing terminal device is manufactured, or the device. It is desirable that the generated information uniquely identify any one of them.

  In the present invention, the device-specific information is important information that serves as an encryption key for authentication information and must be unique to the browsing / viewing terminal device. Also, information that can be automatically accessed from the viewer program is preferable. In that sense, phone numbers and email addresses are suitable. It is also useful when device manufacturing information and communication specifications are accessible. If they are not available, they must be generated and stored in a storage device. Since uniqueness is required, “year / month / day / hour / minute / second + random number” is preferable as the method for generating the device-specific information.

  Furthermore, in the above invention, it is desirable that the password input method is any one of manual input, barcode reading, and two-dimensional barcode reading.

  The password of the present invention is in a form set by the media manufacturer or seller. In other words, it corresponds to the product number. Therefore, it is difficult for the purchaser to memorize, and the purchaser is provided with a sheet or the like on which the password is written inside the medium packed. In principle, this is sufficient because it is used only once, but it is inconvenient if it is used many times, such as rental. In such a usage form, it is preferable to use a barcode or a two-dimensional barcode (such as a QR code). However, in the case of a barcode, since it is defenseless outside, a second removable storage medium is sold together, and a password is recorded on the second. If the medium is an SD memory card, the program reads the second SD memory card when a password is used, and automatically sends it to a server or the like. The second SD memory card can store authentication information such as a content decryption key in addition to a password, and can be an authentication card that safely protects the authentication information. If a password is automatically generated, “year / month / day / hour / minute / second + random number” or a uniqueness check method after random number generation can be used.

  In the above invention, the structured information block is preferably one of a database, a spreadsheet, an indexed library, an indexed search file, or a directory type folder file.

  For verification of password / media specific information, acquisition of content code, and acquisition of programs and content associated with content code, a medium with structured information that can be used for information storage / registration function and search function is required. become. Databases are most preferred, and worksheets and indexed libraries can be used. An information form having a directory / dictionary is also suitable.

According to the present invention, a valid host device and a memory card that can be viewed and viewed only by the device are provided. That is, there is an effect that it becomes impossible to execute an application on the memory card to which the content is copied, or that the copied content or the like cannot be normally viewed.

It also provides a mechanism that allows for easy transfer of commercially available content while keeping security secure. That is, only when the owner is determined, the validity of the memory card is authenticated. If the authentication is valid, the authentication is set to permit the use of only the combination of the host device and the memory card. Only with the combination authentication, the content can be safely browsed by the encryption method.

Furthermore, the memory card at the time of sale does not store the content and the viewing / viewing program, but the storable content is reserved, and after purchase, the owner can view and view the content suitable for his / her host device. Provide a mechanism to download the program via the network. Even when the model of the host device is changed or transferred to another person, there is an effect that the content and program can be exchanged for the model.

1 is a schematic diagram showing an overall configuration of a browsing / viewing system for a removable storage medium according to an embodiment of the present invention. It is a resource relation diagram which implement | achieves the download reservation of specific content and its viewer in the browsing / viewing system of the removable storage medium which concerns on one Embodiment of this invention. 6 is a flowchart showing a processing flow of the browsing / viewing terminal device when initializing, transferring or renting the removable storage medium shown in FIG. It is a flowchart which shows the processing flow of the browsing / viewing terminal device when browsing / viewing the content of the removable storage medium in the present invention by the browsing / viewing terminal device. FIG. 2 is a block diagram mainly showing an electrical configuration of a removable storage medium and a browsing / viewing terminal device shown in FIG. 1 and a setup information supply device connected to a network. FIG. 3 is a schematic diagram specifically explaining the location of the specific content shown in FIG. 2 and its viewer.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. In addition, the same code | symbol is attached | subjected to the same or an equivalent part in these several drawings.

The browsing / viewing system for removable storage media according to the embodiment of the present invention uses a personal computer (PC) or a portable terminal such as a mobile phone as a browsing / viewing terminal device. Information home appliances having a communication function and a computer function can also be included in the browsing / viewing terminal apparatus of the present invention. In addition, an SD memory card or a USB flash memory is assumed as a removable storage medium. A server system having a database is used as the setup information supply device. However, the present invention is not limited to a database, and any data structure such as a spreadsheet that is logically arranged and that has an information structure that allows immediate access to necessary information and reconfiguration of information accompanying data update can be used. .

A typical configuration of the browsing / viewing system is a mode in which an SD memory card is attached to a mobile phone, and is optimal for browsing various educational materials such as novels and English conversations and viewing movies and music contents. The SD memory card can store a large amount of content in a compact manner and is suitable as a memory medium that can be freely replaced (removable).

  In the mobile phone, address information unique to the mobile phone, that is, a unique address information can be used. In addition, the mobile phone can call an application program (viewer) for viewing / viewing from either a server or an SD memory card, and the application program can call a telephone number.

  In addition, since the manufacturing serial number (serial NO (number: number)), which is one of the manufacturing information added to the medium when the SD memory card is manufactured, is unique to the medium, that is, a unique number. Can be used as information for identifying.

  On the other hand, the SD memory card can set a protected area that cannot be accessed by general users. This protected area can be used as an area for safely storing control information such as authentication information. However, since the authentication information of the present invention is protected by encryption or the like, the use of a protected area is not essential. This function can be used to provide a double safety mechanism when safer protection is required.

  The browsing / viewing terminal device has a function of mounting a removable storage medium and a function of communicating with a setup information supply device. As a premise for explaining the present embodiment, the hardware configuration and functions of the browsing / viewing terminal apparatus will be described first.

  FIG. 5 is a configuration diagram showing a hardware configuration of the browsing / viewing terminal apparatus 2 in the present embodiment. The browsing / viewing terminal device 2 basically includes a ROM 5, a RAM 6, and a CPU 7, and further includes a built-in nonvolatile memory 8, an operation unit 9, a memory card interface 4, a network interface 10, an attached device interface 11, and a display unit 12. It has. A removable storage medium 1 is detachably mounted on the memory card interface 4, and the removable storage medium 1 stores programs and contents, or incorporates control information regarding usage conditions of the removable storage medium 1.

  The browsing / viewing terminal apparatus 2 connects hardware functional elements 4 to 12 such as the CPU 7 via a bus 13. The CPU 7 controls the entire browsing / viewing terminal device 2, and calls and executes a control program stored in the ROM 5 from the ROM 5 to the RAM 6. The built-in nonvolatile memory 8 is a fixed storage device provided in the browsing / viewing terminal device 2 and stores data, temporary information, programs, and the like. The operation unit 9 is a keyboard, has various buttons and keys, and has a function for a user to give a command to the CPU 7. The display unit 12 is a display such as a liquid crystal (LCD), and displays menus, data, images, and the like of services to be provided. The attached device interface 11 is an interface for inputting / outputting information of a speaker, a camera, and other functional parts included in the browsing / viewing terminal apparatus 2, and there are a plurality of interfaces (not shown). These I / O data and commands are exchanged via the bus 13, and the CPU 7 controls the exchange.

  The setup information supply device 3 exchanges information with the browsing / viewing terminal device 2 through the network interface 10 via various networks such as the Internet. The setup information supply device 3 is, for example, the server 120 illustrated in FIG. 1 and includes a password verification DB 121. In FIG. 5, the setup information supply device 3 includes a viewer program library 124 and a content library 126. The viewer program library 124 is a library of viewer program groups for viewing for each content type. The content library 126 is a library that stores content groups used for movies, music, performing arts, literature, education, and the like.

Although the viewer program library 124 and the content library 126 are connected to the setup information supply apparatus 3 together with the password verification DB 121 in FIG. 5, a viewer program library or a content library connected to another server can also be used. For example, the server 120a, the server 120b, and the server 120c in FIG. In the record of the password verification DB 121, content information related to the content and the viewer program is registered as a record. In the item of this record, the viewer program and the catalog location of the content (location information such as server / folder / file) are registered.

  The password verification DB 121 is a database for verifying whether the person who presented the password is an authorized owner of the removable storage medium. In the present invention, in order to authenticate whether or not the user is a legitimate owner or a legitimate user of the removable storage medium, the removable storage medium is associated with information unique to the removable storage medium (for example, the serial number of the SD memory card) in advance. If the passwords are combined and both can be presented at the same time, a method of authenticating the password is used. Therefore, a database registered in pairs with the above-mentioned password was prepared, and the unique information pair of the manufacturing information and the password was registered in the database. When confirming the validity, the two data presented at the same time may be compared with the information in the database.

  The information unique to the removable storage medium is preferably a serial number (for example, serial number of the SD memory card) automatically assigned to the manufactured medium. However, some media may not be attached automatically or may not be unique at all. In this case, it may be generated at the time of media production, package production, or database registration. For example, if “year / month / day + hour / minute / second + random number” is set to the number, a practical and unique number is generated, though not absolute. This is the unique information of the removable storage medium, and is registered in the password verification DB 121 in combination with the password. By this DB registration, it becomes a removable storage medium that can be uniquely identified.

  The password is a code unique to the media and is artificially provided. This may be a product number, but it must be unique. The timing of associating with the media is the same as that for media without a production number, and can be given by generating a number such as “year / month / day + hour / minute / second + random number”.

  Further, the password verification DB 121 stores information for transferring the content and the viewer program for viewing the content to the browsing / viewing terminal device 2 when the verification of the validity is established. When the setup information supply device 3 confirms the location of the viewer program library 124 that stores a viewer, which is a playback application program corresponding to the model of the browsing / viewing terminal device 2, a viewer for viewing / viewing the content, etc. Is transmitted to the browsing / viewing terminal device 2 via the network 130 which is an example of a telecommunication line. If the setup information supply device 3 itself does not own the program file, the program is obtained from the server that owns the program via the content information providing network 131 and transferred. Alternatively, it can be transferred directly from the server that owns the program to the browsing / viewing terminal apparatus 2, but this is not shown in the embodiment. Similarly, for the content, after the validity is confirmed, the necessary content is extracted from the location information of the content corresponding to the model of the browsing / viewing terminal device 2 and transmitted via the network 130. The content is encrypted, and the decryption key is encrypted together with the encrypted content and transmitted to the browsing / viewing terminal device 2. If the setup information supply device 3 itself does not own the content file, the content is obtained from the server that owns the content via the content information providing network 131. If this content is not encrypted, it must be encrypted, so that the setup information supply device 3 performs encryption processing and transmits it to the browsing / viewing terminal device 2. Note that the encrypted content is stored in the removable storage medium 1.

  Next, in this embodiment, a removable storage medium browsing / viewing system that achieves the purpose of providing copy-protected content using a mobile phone, an SD memory card, and a server will be described.

  FIG. 1 is a schematic diagram illustrating a mechanism in which the removable storage medium 1 attached to the browsing / viewing terminal device 2 of the present embodiment realizes copy guard. First, when overviewing the whole, the SD memory card 100 is used as the removable storage medium 1. A mobile phone 110 is used as the browsing / viewing terminal device 2. The mobile phone 110 can communicate with the server 120 as the setup information supply device 3 via the network 130.

  In the SD memory card 100, serial NO (number: number) 30 is set as manufacturing information 103 from the time of manufacture. The serial number 30 is a unique and unique code that is continuously assigned to each medium when the SD memory card 100 is manufactured. When the application program issues a command to the controller of the SD memory card 100, the card The manufacturing information 103 stored in the identification register CID is given. In the present embodiment, the sequence number in the manufacturing information is used as information for identifying the SD memory card 100 as the serial NO30. The manufacturing information 103 stored in the CID register cannot be destroyed.

  In the authentication information area 102 of the SD memory card 100, the encrypted content decryption key 40a encrypted by the telephone number 20 is stored in the same manner as the encrypted serial NO 30a encrypted by the telephone number 20 as the address information of the mobile phone 110. However, these two pieces of information do not exist at the beginning of the market and are encrypted and stored at the time of initial setting. Since it is most important to ensure the security of information in the authentication information area 102, the public key method is recommended as the encryption method, but the purpose can be sufficiently achieved even with the common key method. In this embodiment, a common key (secret key) method is used. The encryption algorithm may be any known method, but when a common key (secret key) method is adopted, the encryption key also serves as a decryption key, so that the encryption algorithm is easily deciphered. Therefore, in order to make decryption impossible, it is impossible to immediately decrypt the information to be encrypted by adding one cushion such as bit shifting or bit calculation before encryption. It is desirable to perform such an irreversible treatment.

  For example, for encryption, the method of XORing the data to be encrypted is simple, and if the key data length is increased, it becomes stronger in exhaustive search. In addition, if the zero value continues, the original value remains and the decoding method may be known. After repeating the process of concealing the zero value by subtracting 255 for each byte or shifting the 8 bytes by 1 bit. It is desirable to also use the method of applying XOR. By doing so, an irreversible relationship occurs between encryption and decryption. However, this means may be deciphered from the program. Therefore, it is most desirable to introduce the above function into the controller of the SD memory card.

The authentication information area 102 is preferably set as a protect area provided as a security protection function of the SD memory card. This is because the protected area cannot be accessed unless a specific command is issued, and is protected and protected from general users. In this embodiment, a form that does not employ a protected area is provided.

  In Patent Document 2, it is treated that the encrypted content 70a already stored in the SD memory card 100 is stored. In the present invention, the user area 101 of the SD memory card 100 is empty at the time of marketing, and after the user purchased the SD memory card, it was encrypted with a specially set encryption key via the network 130 at the time of setup. A method of receiving the encrypted content 70a is adopted. The same applies to the viewer file 60a. The user area 101 is an area that is freely accessed or referred to by a general user program. Therefore, the user can store and use programs and data files unrelated to the present embodiment in this area. Of course, the encrypted content 70a can be copied and recorded on other media, but since it is encrypted, it cannot be browsed or viewed unless decrypted with a predetermined decryption key.

  The mobile phone 110 includes a mobile screen 112 as a part of the display unit 12. In addition, an application execution area 113 used for program and data processing is provided. The viewer program 60 is called from the viewer file 60a stored in the SD memory card 100 in the application execution area 113, the viewer program 60 reads the encrypted content 70a, decrypts it with the content decryption key 40, and displays it on the mobile screen 112. To do. The content decryption key 40 is obtained by the viewer program 60 calling the encrypted content decryption key 40 a from the authentication information area 102 of the SD memory card 100 and decrypting it with the telephone number 20.

  The telephone number 20 of the mobile phone 110 corresponds to unique address information of the browsing / viewing terminal device 2. This information must be unique to the browsing / viewing terminal device 2. In the present embodiment, the telephone number of the mobile phone 110 is used. The unique address information may be a mail address or a serial number unique to the device. However, the viewer program 60 needs to be information that can be acquired by the program. The telephone number 20 is stored in the built-in nonvolatile memory 8 of the mobile phone 110 and is information that can be accessed by the viewer program 60. Note that a unique number generated independently may be used without using known information such as a telephone number. A unique number uniquely generated is stored in the built-in nonvolatile memory 8. The unique number may be a random number, or in order to maintain more uniqueness, “year / month / day + hour / minute / second + random number” when the combination with the SD memory card is established may be used.

  Since the encrypted serial NO 30 a and the encrypted content decryption key 40 a of the SD memory card 100 are encrypted with the telephone number 20, when the SD memory card 100 is attached to the mobile phone 110, the telephone number 20 that is the decryption key is obtained. It is done. However, if the combination is not valid, it cannot be a correct decryption key. If this combination is correct, the serial NO30 obtained by decrypting the encrypted serial NO30a coincides with the serial NO30 in the manufacturing information 103 and is known to be a correct combination. Therefore, if the encrypted content decryption key 40 a is decrypted with the telephone number 20, the content decryption key 40 is obtained, and if the encrypted content 70 a is decrypted with the content decryption key 40, it can be used as the content 70. That is, the mobile phone 110 is characterized in that the serial NO 30 for authentication of the SD memory card 100 does not exist, and similarly that the telephone number 20 for authentication of the mobile phone 110 does not exist in the SD memory card 100. Decoding is difficult with only one of them.

  Cellular phones have different OS specifications depending on communication carriers. Therefore, it means that the specification of a program such as a viewer operating under the OS must also conform to the OS. Furthermore, it is necessary to support the viewer program so that the specifications and functions of the viewer program can be viewed. Further, it is desirable that the SD memory card 100 is freely transferred after being used, and can be replaced with a viewer program and contents according to the model of the other party at the time of transfer. Therefore, at the time of purchasing or transferring the SD memory card 100, the viewer program for viewing and viewing content must be provided through operations such as downloading resources corresponding to the OS of the use model.

  The SD memory card 100 is empty at the time of purchase, and no content or viewer program is stored. Of course, the authentication information area 102 is also empty. The package describes the reason that the SD memory card can store and view specific contents. Content varies depending on viewer specifications, viewing equipment, and other languages such as Japanese and English. It is reasonable if it can be downloaded to the SD memory card according to these preferred variations including the viewer program. Further, once the content and the viewer program are stored, it is preferable to use them as they are. However, a function for protecting the content from being copied and used on another SD memory card is required. In addition, a mechanism is required to prevent illegal downloading by those who do not have the right to receive this download. In the present embodiment, the following technical devices have been made.

A unique password for each SD memory card is set when the SD memory card 100 is manufactured or sold. This password needs to be managed so that only the purchaser, that is, the owner of the SD memory card 100 can know. However, the use of the password is once after purchase and is not required for subsequent use. Similarly, once used at the time of transfer, it is not required for subsequent use. That is, at the time of use, as described above, authentication of the combination of the SD memory card 100 and the mobile phone 110 is performed without human intervention. In this way, it is possible to eliminate the trouble of inputting the password every time it is used, and to prevent the password from being forgotten or leaked. As shown in FIG. 1, the password 50 of the legitimate SD memory card 100 (removable storage medium 1) is stored in the password verification database 121 and managed by the server 120. The server 120 is managed by an administrator of the SD memory card 100, for example.

The password verification database 121 includes two items of the password 50 and the serial number 30b, which is the serial number (unique number) of the SD memory card 100, with respect to the total number of SD memory cards 100 to be sold, each of which is assigned a password 50. Is stored as a serial NO information record 122. These serial NO information records 122 include an item of a content code reserved for storage in advance in the target SD memory card 100, that is, a content code 72 item. Further, a viewer information record 123 and a content information record 125 using the content code 72 as key items are stored.

The viewer information record 123 stores content code 72, model 80, viewer location information 61, and viewer file name 60b in association with each other. The model 80 is a model of the mobile phone 110, and it is assumed that the viewer program 60 differs depending on the manufacturer, the type of product, and the OS of the mobile phone 110. Further, the type of viewer program 60 may be prepared depending on the content 70. The file name for storing the desired viewer program 60 is the viewer file name 60b. Among the many viewer programs, the viewer location information 61 indicates which viewer program LIB the desired viewer program 60 is in. The viewer location information 61 is expressed in the form of address information. In this embodiment, the server / library name is used, but any information format can be used as long as the actual location can be computer-processed for various environments such as a country, organization, or site.

Similarly, the content information record 125 stores content code 72, model 80, content location information 71, content file name 70b, and content decryption key 40 information in association with each other. The content code 72, model 80, content location information 71, and content file name 70b have the same significance as when the viewer program and content are replaced. The content 70 is encrypted and stored in the SD memory card 100 as the encrypted content 70a. The content decryption key 40 is a decryption key for decrypting the encrypted content 70 a stored in the SD memory card 100. The content may be encrypted already in the content LIB 126 or may be encrypted immediately before downloading from the server 120 to the SD memory card 100.

  First, at the time of initial use or transfer of use of the SD memory card 100, a user attaches the SD memory card 100 to the mobile phone 110, and then requests setup from the server 120 via the network 130. The serial number and the input password acquired by the loaded setup program, and the telephone number 20 and the model 80 of the mobile phone 110 are transmitted to the server 120. When the serial number 30b (key item) and the password 50 (key item) of the serial number information record 122 of the SD memory card 100 in the password verification DB 121 match the transmitted password or the like, it is authenticated as a valid medium. At the same time, in order to obtain the content associated with this SD memory card 100 and its viewer program, the viewer information record 123 and the content information record 125 are accessed from the content code 72 (key item) of the serial NO information record 122 and transmitted. The viewer program and content suitable for the selected model 80 are searched. The server 120 refers to the viewer location information 61 and the content location information 71 and accesses the viewer file name 60 b stored in the corresponding viewer program library 124 and the content file name 70 b stored in the content library 126. If the content is not encrypted, the server 120 encrypts the content with the content decryption key 40 of the content information record 125. The server 120 sends the viewer file 60a and the encrypted content 70a to the mobile phone 110, and the setup program operating on the mobile phone 110 stores the viewer file 60a and the encrypted content 70a in the user area 101 of the SD memory card 100. To do.

  Next, the server 120 encrypts the content decryption key 40 and the serial number 30 with the telephone number 20 and sends them to the mobile phone 110. The setup program running on the mobile phone 110 stores the encrypted encrypted serial NO 30 a and the encrypted encrypted content decryption key 40 a in the authentication information area 102. By this processing, the SD memory card 100 stores the copy-protected content 70.

  Note that the process for encrypting the content decryption key 40 and the serial number 30 using the telephone number 20 as an encryption key may be executed by a setup program transmitted to the mobile phone 110. It goes without saying that encryption is executed on either the server 120 side or the mobile phone 110 side and is included in this embodiment.

  In this embodiment, the password 50 is manually input by the user. However, the setup program automatically transmits the password stored in another SD memory card or the password stored protected in the mobile phone 110. A transmission method may be used.

  Further, although not shown, in the rental of the removable storage medium 1, the SD memory card 100 is set up again in the same manner as the transfer, but at this time, the rental period may be set.

  In addition, when the owner transmits the password 50 from his / her mobile phone 110 and informs the server 120 of the rental mobile phone number, the setup program is sent to the renter who has the SD memory card 100 attached to his / her mobile phone. A method of transmitting from 120 may be used. This setup program does not require the input of a password, and it is sufficient to verify the serial number 30 of the loaded SD memory card 100. With this method, the possibility that the rental person knows the password is eliminated.

  Further, at the time of transfer, a new valid owner (user) may change the password. When the match between the old password and the changed password is confirmed, it is only necessary to change the old password 50.

  FIG. 2 is a resource relation diagram for realizing download reservations for content and its viewer program. The main feature of the present invention is to sell an SD memory card to which an authentication function is added while the content is empty. The consumer knows the content by looking at the packages arranged in the store. Buy if you are interested in the content. At this point, the final consumer performs the payment to the store. Settlement with the manufacturer through a store or wholesale is simplified. Furthermore, the content to be viewed and the viewer must match the purchaser's model. It is a burden for both the producer and the store who have all the variations. In this respect, the business method in which the purchaser selects a variation according to the model after purchase by the download function reduces the burden on the sales side. Moreover, the purchase side can be given the merit of availability improvement that the range of selection is expanded, which is convenient for both. In the present embodiment, the variation is exemplified according to the model of the mobile phone, but there may be variations according to language and viewer function. In this case, another information as a choice between the content and the viewer program is also required. Although the present invention is not illustrated, these variations are also included.

  Based on FIG. 2, a method for manufacturing and selling a commercially available SD memory card with copy guard for which the content / viewer is reserved and a method for downloading the purchased content / viewer will be described.

  First, at the beginning of the procedure, for the SD memory card 100 that stores copy-guarded content, a password verification database 121 is designed in which a unique password 50 is associated with each SD memory card 100 corresponding to the production serial NO30. Also included are a content code 72 associated with the content to be distributed and a design for encryption / decryption of the content. The content code 72 associates the content information record 125 related to the content stored in the password verification database 121 with the viewer program information record 123 related to the viewer program for viewing the content.

  The content information record 125 includes an item of content location information 71 indicating where the content is. There may be a plurality of locations because the content differs depending on the model of the mobile phone, and there are variations such as an English version and a Japanese version that are not included in this embodiment. The location may be a server installed at a remote location. It may also be a business partner with whom you have partnered. These locations are indicated by the content location information 71, and further variations are set by the model 80 and the content file name 70b. Since it is safe that the content is encrypted and stored, an item of the content decryption key 40 for decrypting the content is also set.

  Similarly, the viewer program information record 123 includes an item of viewer location information 61 indicating where the viewer program is located. The presence of the model 80 and the viewer file name 60b according to the content variation is the same as the content information record 125.

  There are variations in content and its viewers, and there are a variety of cases where the content can be produced. Therefore, the content and viewer program library is connected to a computer system such as a server to transmit and distribute the content. In FIG. 2, the content libraries 125a and 125b are connected to the server 120a, the viewer program libraries 124a and 124b are connected to the server 120b, and the content library 125c and the viewer program library 124c are connected to the server 120c. A schematic diagram is shown. Specifically, as shown in FIG. 6, the servers 120, 120a, 120b, and 120c are connected to the content information providing network 131, and the desired content and viewer program are once collected in the server 120, and processing such as encryption is performed. And a method of downloading from the server 120 to the mobile phone 110 via the network 130 is illustrated. In the content location information 71 and the viewer location information 61, a directory representing the location is coded, but the representation may be the Internet URL type or the personal computer OS type. It may be expressed in a hierarchy such as “server name / library name / folder name /.. ./Folder name / file name”.

  In this embodiment of the present invention, content encryption uses a common key scheme. Therefore, the encryption key is the same as the decryption key. The content 70 filed to the content file name 70b is encrypted in the SD memory card and stored as the content 70a. The time of encryption may be encrypted in the content library when transmitting from the server 120 to the mobile phone 110.

  Next, a description will be given of a procedure for producing an SD memory card with a notation for reserving storage of contents. In the manufactured SD memory card 100, serial NO30 is stored in the SD memory card 110 as manufacturing information at the time of manufacturing. If this automatic setting is not performed, a unique code must be stored in the SD memory card as described above, although not shown in FIG. A password 50 (which may be a product number) is assigned to this serial NO30. This password 50 is also a unique code for each SD memory card 110. That is, the SD memory card 110 is associated with the unique serial number 30 and the unique password 50. At the time of authentication, both codes are shown in pairs, and if both do not match, it is not authenticated.

  Further, for each SD memory card 100, a password setting document 50a is printed (or carded) and attached to each SD memory card 100 for sale. Thus, the SD memory card 100 for sale in which the password setting document 50a and the SD memory card 100 are set is completed. In the password setting document 50a, there is described an explanation for realizing content storage by attaching the purchased SD memory card 100 to the mobile phone 110 and then notifying the server 120 of the password 50. Further, it is explained that the password 50 is used once when content is stored, and at the time of transfer, the SD memory card 100 is transferred together with the password setting document 50a, and the transferer can also view the content by the same operation. ing. In this embodiment, the password 50 is notified to the server 120 by performing an input operation from the screen 112 of the mobile phone 110. A bar code or QR code is attached to the password setting document 50a, and this is sent to the mobile phone. There are also means for reading and transmitting by 110 readers, and it goes without saying that this is also included in the present invention.

  FIG. 3 is a processing flow of the browsing / viewing terminal device 2 when initializing, transferring, or renting the removable storage medium 1. In other words, this is a processing flow in which a user purchases an SD memory card 100 for sale, attaches it to his / her mobile phone 110, and requests setup from the server 120. Note that a new owner (user) performs the same operation when the SD memory card 100 is transferred. Further, at the time of rental, the owner attaches the SD memory card 100 to the renter's mobile phone 110 and resets the setting, and then rents. However, a more preferable rental method will be described with reference to FIG. It is.

  As shown in FIG. 3, first, the user requests the server 120 to set up the SD memory card 100 from the mobile phone 110 (S300). In S <b> 301, the server 120 transmits a setup program including a setup screen to the mobile phone 110 via the network 130. The mobile phone 110 executes the received setup program (S302). By executing the setup program by the CPU 7 of the mobile phone 110, the mobile phone 110 functions as a media authentication unit. Note that the media manufacturing information encryption means and the decryption key encryption means can also be executed on the mobile phone 110 side, but in the present invention, the server 120 executes the form. The setup program issues a command requesting manufacturing information of a CID register for storing card identification information to the controller of the SD memory card 100, and acquires the serial NO30 of the SD memory card 100 (S304). In S305, the controller of the SD memory card 100 gives the serial NO30. If the controller does not manage the serial NO30, as described above, a code unique to the SD memory card 100 that replaces the SD memory card is generated when the SD memory card is manufactured, and stored in the SD memory card 100 as the serial NO30. To do.

  In step S <b> 306, the setup program accesses the telephone number 20 of the mobile phone 110 from the built-in nonvolatile memory 8 of the mobile phone 110.

  In S303, the user refers to the password setting document 50a and inputs the password 50 and the model of the mobile phone 110 on the screen. Then, the setup program transmits the serial number 30 obtained in S304, the telephone number 20 obtained in S306, the password 50 on the screen, and the model 80 to the server 120 as setup confirmation information (S307). Needless to say, when there is a choice between content and viewer program other than the model 80, information for the determination is also necessary for the screen input information.

  In S308, the server 120 receives the serial number 30, the telephone number 20, the password 50, and the model 80, and accesses the password verification DB 121 using the serial number 30 as a key (S309). The received serial number 30 is collated with the serial number 30b (key item) of the serial number information record 122 on the read database, and when these are matched, that is, the received password is included in the plurality of passwords 50 of the record item. If there is a password 50 identical to 50, it means that a legitimate user has requested setup. This collation is performed in S310. If there is no matched password, an error message (for example, the SD memory card is not correct) is returned to the mobile phone 110 in S311, and the process ends (not shown, but re-input may be prompted). That is, it is authenticated by the media authenticating means whether or not the owner of the SD memory card 100 is a valid right holder such as a valid purchaser or acquirer. For verification, the password 50 may be used as a key, or the presence / absence of a record may be used for verification using both the serial number 30 and the password 50 as a key.

  If this authentication is valid, the content code 72 associated with the matched password 50 is extracted from the serial NO information record 122 of the password verification DB 121. The viewer information record 123 is accessed using the content code 72 as a key, and the viewer location information 61 is obtained based on the viewer file name 60b on the viewer information record 123 suitable for the model 80. The viewer program library 124 is searched based on the viewer location information 61. If the library is in another server, the viewer program library 124 connected to the server is accessed via the content information providing network 131. As a result, the viewer file 60a is accessed from the viewer program library 124, is taken into the server 120 (S312), and is downloaded to the mobile phone 110 (S311). It is downloaded to the mobile phone 110 together with the content decryption key 40 (S313). The viewer program 60 in the viewer file 60a is executed by the CPU 7 of the mobile phone 110, thereby functioning as browsing / viewing means.

  The setup program of the mobile phone 110 writes the viewer file 60a cataloging the viewer program 60 in the SD memory card 100 in S313. The controller of the SD memory card 100 stores the viewer file 60a in the user area 101 (S314).

  Next, the server 120 accesses the content information record 125 using the content code 72 as a key, and obtains the content location information 71 based on the content file name 70b on the content information record 125 suitable for the model 80. The content library 126 is searched based on the content location information 71. If the library is in another server, the content library 126 connected to the server is accessed via the content information providing network 131. As a result, the file indicated by the content file name 70b is accessed from the content library 126 and taken into the server 120 (S315). At this time, in this embodiment, since the content 70 stored in the file indicated by the content file name 70b is treated as not encrypted, it is encrypted with the content decryption key 40 in the content information record (S316). ). However, the encryption process is not performed when the encryption has already been performed. In this embodiment, the content encryption key and the decryption key are the same, but in the case of the public key method, the encryption key needs to be prepared as information separately. The encrypted content 70 is downloaded to the mobile phone 110 (S317), and the setup program is stored in the SD memory card 100 (S318).

  Next, the server 120 uses the telephone number 20 transmitted from the setup program as the encryption key as the media manufacturing information encryption means and the decryption key decryption means, and receives the serial number 30 of the received SD memory card 100 and the contents of the content information record 125. The decryption key 40 is encrypted with the telephone number 20, the encrypted serial NO 30a and the encrypted content decryption key 40a are generated (S319), and transmitted to the mobile phone 110 as authentication information (S320). The setup program stores the encrypted serial NO 30a and the encrypted content decryption key 40a in the authentication information area 102 in the controller (S321). If the authentication information area 102 is a protected area, the controller must be instructed to execute it by a storage area storage command. In step S322, the setup program notifies the user that the setup has been completed normally on the screen. Thereafter, the setup program disappears from the mobile phone 110. As described above, the serial number 30 and the content decryption key 40 in S319, that is, the media manufacturing information encryption unit and the decryption key decryption unit may be performed by the mobile phone 100.

  FIG. 4 is a processing flow of the browsing / viewing terminal apparatus 2 when the removable storage medium 1 according to the present invention is used for browsing / viewing. This is a processing flow in which the user attaches the SD memory card 100 to his / her mobile phone 110 and browses / views the content 70.

  In S400, first, the user selects to browse the content 70 on the mobile phone 110 from the menu. The mobile phone 110 loads the viewer program 60 from the viewer file 60a in the user area 101 of the SD memory card 100 in S401 (S402) and executes it. The viewer program 60 acquires its own telephone number 20 in S403. Next, a command for accessing manufacturing information in the CID register is issued and requested (S404), and the controller of the SD memory card 100 grants serial NO30 of manufacturing information (S405). As described above, when the serial number 30 of the manufacturing information is not generated in advance at the time of manufacturing, a code unique to the SD memory card 100 is created and stored in the user area or the like of the SD memory card. In the present embodiment, a method is described that is generated at the time of manufacture and accessed by a command to the controller. Next, the viewer program 60 acquires the encrypted serial NO 30a stored in the authentication information area 102 (S406). In S407, the encrypted serial NO 30a is extracted from the controller. This encrypted serial NO 30a is encrypted with the telephone number 20 of the mobile phone 110 whose valid combination is authenticated. Therefore, first, the encrypted serial NO 30a is decrypted using the telephone number 20 as a decryption key, and decrypted into the serial NO 30 (S408).

  The serial number of the encrypted serial number 30a is the authenticated serial number of the valid SD memory card 100. Compared with the serial number in the manufacturing information of the currently installed SD memory card 100, if both serial numbers 30 match, it becomes a legitimate use. In S409, both serial NO30 are compared. If they do not match, the combination is not valid and an error is displayed on the screen (S410). If they match, the combination of the valid SD memory card 100 and mobile phone 110 is authenticated. That is, the validity of the combination of the removable storage medium 1 and the mobile phone 110 is authenticated by the combination authentication means. In S411, the encrypted content decryption key 40a stored in the authentication information area 102 is acquired in order to access the content next. The encrypted content decryption key 40a is read from the authentication information area 102 (S412). The viewer program 60 decrypts the encrypted content decryption key 40a with the telephone number 20, and obtains the content decryption key 40 (S413). As described above, if the authentication information area 102 is a protected area specification, the protected information must be issued by issuing an access command to the controller. In this embodiment, the authentication information area 102 is not set as a protect area. Since the authentication information is hidden by encryption, the method of this embodiment may be used.

  The encrypted content 70 a stored in the user area 101 of the SD memory card 100 is encrypted with the content decryption key 40. Therefore, if the encrypted content 70a is decrypted with the content decryption key 40 generated in S412, the content 70 that can be viewed and viewed can be obtained. Thereafter, this decryption process is repeated, but one block of the encrypted content 70a is read from the user area 101 in S414 (S415), and the block is decrypted with the content decryption key 40 in S416. By repeating this, information that can be processed by the viewer program 60 can be formed. In other words, the encrypted content decryption key is decrypted by the telephone number of the mobile phone 110 by the viewing and browsing means, and the encrypted content is decrypted by this decryption key, and is played back by the mobile phone 110 and viewed and viewed by the user. Thereafter, application processing is performed by the viewer program 60 and the content 70 (S417). This process is taken over by the viewer application.

  In the above embodiment, the content is stored in the removable storage medium 1 (SD memory card 100) in advance. However, it can be supplied together with the viewer at the time of setup. However, you have to be prepared that it takes a long time to download via the network.

  If the removable storage medium 1 is a medium with a built-in controller, such as the SD memory card 100, a function is set so that the controller can execute encryption and decryption of authentication information. In this way, the authentication method algorithm can be completely hidden. In the case of an SD memory card, if the viewer program and the controller exchange each other's secret code through the RCA register built in the controller, the validity of each other can be confirmed, and the validity of the use program itself. Can be authenticated, so it provides better copy operation protection.

  As for the encryption algorithm, the present embodiment assumes a common key method (secret key method), but an existing method can be used. For example, since there is a risk of being deciphered by exhaustive search, in particular, for content encryption, a method of shifting the bit by a specific 3 bits (1 to 7 bits) of serial NO, if the zero value continues, the original In order to avoid the case where a value remains, it is preferable to incorporate a method of subtracting 255 for each byte and an additional process such as calculating the XOR bit with the content key as one block length. If one block is 512 bytes, it becomes a 4096-bit key, and decryption by exhaustive search is virtually impossible by combining the above-described methods. Although the present embodiment has been described by using the common key method, an irreversible effect that cannot be decrypted can be achieved by using the above-described method. In addition, the adoption of an asymmetric key such as a public key method is an irreversible method from the beginning, which is preferable for the present invention.

  As described above, according to this embodiment, since a unique code and a password unique to the code are managed as a set in the commercially available memory card, storage of contents requiring copyright protection is reserved. Since downloading enables viewing, there is an advantage that no billing process is required. In addition, in the subsequent use, even when selling to mobile devices, it is possible to authenticate the validity with a combination of a commercially available memory card and a viewing terminal, and to encrypt the content in the commercially available memory card. By adding a copy guard function, it is possible to distribute safely after transfer after sale while protecting the copyright.

  In the above embodiment, the authenticity of the removable storage medium 1 is authenticated by the media authentication means, and the correctness of the combination of the valid removable storage medium 1 and the browsing / viewing terminal device 2 is authenticated by the combination authentication means. In this case, the case where the encrypted content of the removable storage medium 1 can be decrypted and browsed / viewed has been described. However, the present invention is not limited to this. For example, the validity of the removable storage medium 1 by the media authentication means When the password is authenticated, the composite key and viewer associated with the valid password are read from the password verification database 121 by the server 120 and transmitted to the browsing / viewing terminal device 2 for viewing / viewing. May be. In this case, the validity of the removable storage medium 1 is only authentication, and the validity of the browsing / viewing terminal device 2 is not authenticated. However, it is necessary to confirm the authentication by entering the password every time it is used.

  In addition, a method in which the content code column is a content group and a downloadable content category can be selected is also possible. Although not shown, specifications such as a confirmed content code recording item and menu selection information are required. Furthermore, if technologies that can update content are covered, fresh information and content (daily, weekly, monthly, etc.) can always be obtained. This technology can be expanded to a technology that enables an update service only to users who are permitted to update map information, an optimal route selection service for transportation, and car navigation information.

1 Removable Storage Media 2 Browsing / Viewing Terminal Device 3 Setup Information Supply Device 4 Memory Card Interface 5 ROM
6 RAM
7 CPU
8 Built-in nonvolatile memory 9 Operation unit 10 Network interface 11 Attached device interface 12 Display unit 13 Bus 20 Telephone number 30 Serial number
30a Encrypted serial number
30b Serial NO
40 content decryption key 40a encrypted content decryption key 50 password 50a password setting document 60 viewer program 60a viewer file 60b viewer file name 61 viewer location information 70 content 70a encrypted content 70b content file name 71 content location information 72 content code 80 model 100 SD memory card 101 User area 102 Authentication information area 103 Manufacturing information 110 Mobile phone 111 Address information 112 Mobile screen 113 Application execution area 120 Server 120a, 120b, 120c Server 121 Password verification DB
122 serial NO information record 123 viewer information record 124 viewer program library 124a, 124b, 124c viewer program library 125 content information record 126 content library 126a, 126b, 126c content library 130 network 131 content information providing network

Claims (10)

A removable storage medium storing media-specific information and encrypted content;
A browsing / viewing terminal device that is attached to the removable storage medium and decrypts the encrypted content with a content decryption key for browsing / viewing,
A password uniquely assigned to each removable storage medium as a legitimate medium, the unique medium-specific information associated with the password, and identification information about the encrypted content reserved for storage in advance for each removable storage medium A structured information block registered in association with each other,
If the structured information block has a record with the password and the media unique information as a key when the media specific information and the password are input, the removable storage medium associated with the input password is authorized. Media authentication means to authenticate;
Encrypted media-specific information obtained by encrypting the media-specific information of the removable storage media whose validity has been authenticated by the media authentication means with the device-specific information unique to the browsing / viewing terminal device equipped with the removable storage media as a key Information and an encrypted content decryption key obtained by encrypting a decryption key of the encrypted content read from the structured information block based on the content code and using the device-specific information as a key are stored in the removable storage medium Authentication information storage means, and the encrypted content storage means for referring to the location of the encrypted content specified to be stored in the removable storage medium from the structured information block based on the content code and downloading to the removable storage medium When,
When the removable storage medium is attached to the browsing / viewing terminal device, the encrypted media unique information decrypted with the device unique information matches the media unique information stored in the removable storage media. A combination authentication means for authenticating the combination of the removable storage medium and the browsing / viewing terminal device as valid,
The encrypted content decryption key stored in the removable storage medium for which the validity of the combination is authenticated is decrypted in the removable storage medium by the content decryption key obtained by decrypting with the device-specific information of the browsing / viewing terminal device. A browsing / viewing means for decrypting the stored encrypted content for browsing / viewing;
A system for browsing and viewing removable storage media, comprising: The browsing / viewing means is adapted for viewing / viewing adapted to the model of the browsing / viewing terminal apparatus from the structured information block based on the content code on a removable storage medium that has been authenticated by the media authentication means. Viewer program storage means for accessing and downloading a library in which the viewer program is located,
Viewer program execution means for loading the viewer program into the browsing / viewing terminal device and browsing / viewing the encrypted content stored in the removable storage medium;
The system for browsing and viewing removable storage media according to claim 1, comprising:   3. The encrypted content storage unit includes a download for updating the encrypted content associated with the content code as long as the media authentication unit authenticates the authenticity. Removable storage media browsing and viewing system.   The authentication information storage means includes processing for processing target data as one process of encryption processing of the media unique information and the encrypted content decryption key. The browsing / viewing system for removable storage media as described in the above section. The media-specific information and the encrypted content decryption key are stored in a protected area of the removable storage medium, and data access means is kept secret in the protected area. The browsing / viewing system for removable storage media according to item 1. 6. The medium-specific information according to claim 1, wherein the medium-specific information is either medium-specific manufacturing information set at the time of manufacturing the removable storage medium or generated information for uniquely identifying the medium. The browsing / viewing system for removable storage media according to item 1. 7. The browsing / viewing terminal device is any one of a mobile phone, a portable information terminal, a tablet terminal, a personal computer, an educational information device, a car navigation device, and an information home appliance. The browsing / viewing system for a removable storage medium according to any one of the preceding claims. The device-specific information is device-specific manufacturing information, a telephone number, an e-mail address, information on a device accessory that can uniquely identify the device set when the browsing / viewing terminal device is manufactured, or a generation that uniquely identifies the device. The system for browsing / viewing a removable storage medium according to any one of claims 1 to 7, wherein the system is one of information. 9. The method for inputting / removing a removable storage medium according to claim 1, wherein the password input method is one of manual input, barcode reading, and two-dimensional barcode reading. Viewing system. 9. The structured information block is any one of a database, a spreadsheet, an indexed library, an indexed search file, or a directory type folder file. Removable storage media browsing / viewing system described in 1.