JP3276021B2 - Digital information protection method and its processing device - Google Patents

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION The present invention relates to a method for receiving copyrighted information such as music, video, pictures, computer graphics, etc., as digital information via a communication line such as ISDN.
When converting and using analog data, falsification of information after reception,
The present invention relates to a digital information protection method for protecting the rights of copyright holders and information providers by preventing unauthorized copying, unauthorized use, and the like, and a processing device therefor.

[0002]

2. Description of the Related Art In recent years, digital information compression technologies (eg, MPEG, JPEG, etc.) for audio, still images, moving images, etc., and IS
With the development of digital communication technology represented by DN, it has become feasible to convert copyrighted works such as music, video, paintings, computer graphics, and the like into digital information, compress and encode them, and transmit them using a communication line. Was. With computer software having a smaller data amount than digital information such as video, there is an example in which a delivery service using personal computer communication or the like has already been implemented.

[0003] When purchasing digital information using a communication line, a method of paying a fee in advance and using the same,
There is a method in which digital information is received first and then paid later according to the degree of use.

[0004] In the meantime, even in the method of paying a fee in advance,
Depending on the contents of the contract, a method of using the acquired information with restriction conditions such as the number of times of use and a period of use, and a method of using the information without restriction conditions are considered.

[0005]

As described above, when information is acquired and used after paying a fee in advance, the acquired information is illegally copied in a digital format and used by another device. Unauthorized activities, such as rewriting the usage conditions and usage period and other limiting conditions and using them beyond the limits, may infringe on the rights and interests of the copyright owner / information provider.

In conventional computer software delivery using personal computer communication, when connecting to a center serving as an information provider, it is only necessary to confirm a partner with a user ID and a password, and to prevent illegal acts such as unauthorized copying or falsification of received data. No preventive measures were taken.

SUMMARY OF THE INVENTION In view of the above problems, it is an object of the present invention to provide a digital information protection method for protecting information against illegal acts such as unauthorized copying or falsification of data after reception, and a processing apparatus therefor.

[0008]

According to the present invention, in order to achieve the above object, according to the present invention, a communication encryption key different for each communication encrypted with a common key stored in a common key storage unit is provided. Receiving, via a communication line, digital information composed of an information identification number encrypted with the communication encryption key, an information body, usage condition information, and a first authenticator, and Simultaneously with storing the information in the information storage unit, the information identification number and the use condition information are transferred to the confidential processing unit, and the confidential processing unit calculates a second authenticator from the information identification number and the use condition information, and 2
Authenticator, the information identification number, and use condition information are stored in a use condition information storage unit, and when information is used, digital information to be used is transferred from the digital information storage unit to the confidential processing unit. Using the common key stored in the common key storage unit, verifying the contents of the digital information for falsification, and using the usage condition information stored in the usage condition storage unit based on the first and second authenticators. In addition to verifying the falsification of the contents, verifying the conformity of the usage conditions such as the number of times of use and the period of use, and decrypting the information body only when all the above verifications are satisfied, After outputting the information converted to a form that can be sensed by the user, the information content and the authenticator stored in the usage condition information storage unit are updated or the usage condition is updated. If we no longer Tasa to propose a digital information protection method that you want to delete.

According to another aspect of the present invention, a communication control unit for receiving, via a communication line, digital information including an information body and usage condition information encrypted with a common key, and a digital information received by the communication control unit. A digital information storage unit for storing information; a confidential processing unit; a confidential processing unit for storing usage condition information of digital information; a common key storage unit for storing the common key; A verification unit that performs falsification verification of the digital information input from the digital information storage unit by using a common key stored in the common key storage unit; and a verification unit that performs verification on the common key storage unit based on a verification result of the verification unit. A decryption unit for decrypting the digital information input from the digital information storage unit using the stored common key, and converting the decrypted digital information into analog information; Suggest composed digital information processing apparatus from an analog conversion unit for force.

[0010]

According to the first aspect of the present invention, the digital information is encrypted with the communication encryption key that is different for each communication encrypted with the common key stored in the common key storage unit and the communication encryption key. The information identification number, the information body, the usage condition information, and the first authenticator. When the digital information is received via the communication line, the digital information is stored in the digital information storage unit, and at the same time, the information identification number and the use condition information are transferred to the confidential processing unit.
Thereafter, the confidential information processing unit calculates a second authenticator from the information identification number and the use condition information, and stores the second authenticator and the information identification number and the use condition information in a use condition information storage unit. Is accumulated in In using the information, digital information to be used is transferred from the digital information storage unit to the confidential processing unit, and the confidential processing unit uses the common key to verify tampering of the contents of the digital information, The falsification verification of the usage condition information content stored in the usage condition storage unit is performed based on the second authenticator, and the conformity verification of the usage conditions such as the number of usages and the usage period is performed. Only when the verification is satisfied, the information main body is decoded by the decoding unit and converted into a form that can be sensed by a human sense by the analog conversion unit, for example, into a form such as an image or a sound displayed on a CRT monitor. Is output. Thereafter, the information content and the authenticator stored in the usage condition information storage unit are updated or deleted when the usage condition is no longer satisfied.

According to the second aspect, the communication control unit receives digital information including the information body and usage condition information encrypted with the common key via the communication line, and receives the digital information including the usage condition information. The stored digital information is stored in a digital information storage unit. Further, the use condition information is stored in a use condition information storage unit in the confidential processing unit. The common key is stored in a common key storage unit, and the verification unit performs falsification verification of the digital information input from the digital information storage unit to the confidential processing unit, and decrypts the digital information based on the verification result of the verification unit. The digital information input from the digital information storage unit to the confidential processing unit is decrypted by the unit using the common key stored in the common key storage unit. Further, the decoded digital information is converted into analog information by an analog converter and output. Accordingly, the digital information including the information body and the use condition information encrypted with the common key can be decrypted only when the digital information is verified and matched in the confidential processing unit when used. The data is converted into an analog signal and becomes usable.

[0012]

An embodiment of the present invention will be described below with reference to the drawings. FIG. 1 is a diagram showing a configuration of a digital information protection processing device according to one embodiment of the present invention. In the figure, reference numeral 1 denotes a digital information protection processing device, a communication control unit 2 for receiving digital information via a communication line, a digital information storage unit 3 for storing digital information received by the communication control unit 2, a confidential processing unit 4, And a central control unit 6 which is connected to an input interface unit 5 including a keyboard and the like and controls the operation of each unit.

The confidential processing unit 4 is concealed from an operator who operates the digital information protection processing apparatus 1 and stores usage condition information in which the number of usages and the usage period included in the digital information are described. Condition information storage unit 41,
A common key storage unit 42 for storing a common key unique to each device; a verification unit 43 for performing falsification verification of digital information, verification of contents of use condition information; a decryption unit 44 for decrypting digital information and an encryption key for communication; An analog converter 45 converts the digital information into analog information.

Next, the operation of this embodiment will be described. First,
The operation of receiving digital information by the digital information protection processing device (hereinafter, referred to as an information processing device) 1 and storing the digital information will be described with reference to FIGS. The operator uses the information processing device 1 to access an information center that provides digital information such as music, video, paintings, and computer graphics via a communication line (S1).
Search for desired digital information (S2).

The digital information received via the communication control unit 1 is stored in the digital information storage unit 3 (S
3). At this time, a plurality of pieces of digital information are simultaneously stored in the digital information storage unit 3 according to the storage capacity.

FIG. 3 shows the format of digital information to be processed in this embodiment. In the figure, Ka is a common key, which is a key unique to each information processing apparatus, and is stored in the common key storage unit 42 in advance. Ks is a communication encryption key for encrypting digital information itself and the like, and is variable for each communication. Ka (Ks) is the communication encryption key Ks
Is encrypted with the common key Ka. Ks (information identification number), Ks (information body), Ks (usage condition information)
Is information obtained by encrypting each of the information identification number, the information body, and the use condition information with the communication encryption key Ks, and Na is an authenticator.

The value of the common key Ka is obtained when the digital information protection processing device 1 is obtained by contract with an information provider.
Although the information provider has already been written in the common key storage unit 42 and the information provider is known, it is hidden in the confidential processing unit 4, so that the value is unknown to the user of the device 1.

The information identification number is a number for uniquely identifying each piece of received digital information, and is assigned by an information center that is an information provider. The information body is the actual part of digital information obtained by compressing and encoding music, video, painting, computer graphics, and the like. The use condition information is information describing a use restriction condition set according to the purchase price of digital information at the time of contract with the information provider.

FIG. 4 is a diagram showing an example of the contents of the use condition information described above. In the example shown in FIG. 4, the number of times of use / trial and the period of use / trial are defined by a start date and a stop date. Here, trial means that only a part of the information content can be decoded and converted into analog. For example, in the case of a music work, it is not possible to listen to all songs in trial use, but to reproduce and listen to only the beginning part. The usage condition information may be described only in part of the contents shown in FIG. For example, the usage condition information when only trial use is possible and use is not possible is as follows: use count = 0 trial count = n (n> 0) trial start date = “yy1 mm1 dd1” trial stop date = “yy2” mm2dd2 ", and the date of starting use and the date of stopping use are omitted.

In the case of a contract in which the number of uses or the use period is not limited, for example, the contract is described as follows. Number of uses = −1 Date of suspension of use = “000000” The authenticator Na shown in FIG. 3 is check data for detecting falsification of the content of the received digital information.
The information identification number, the information body, and the usage condition information encrypted with the communication encryption key Ks are, for example, MAC (for details, see IS
The data center is assigned and calculated by an information center using a data tampering detection authenticator creating method such as that described in US Pat. At this time,
Since the common key Ka is used as a key for generating the authenticator Na, it is difficult for the operator of the present apparatus 1 to make a change so that falsification is not detected by fraud.

At the same time that the digital information is stored in the digital information storage unit 3, the information identification number and the use condition information encrypted with the communication encryption key Ks are stored in the confidential processing unit 4.
(S4), and the authenticator N in the digital information
The authenticator Na ′ calculated for the information identification number and the usage condition information is calculated in the same manner as in a (S5), and the authenticator Na ′ is written into the usage condition information storage unit 41 (S5).
6).

FIG. 5 shows an information format stored in the use condition information storage section 41. As shown in the figure, the use condition information storage unit 41 stores an information identification number and use condition information encrypted with the communication encryption key Ks, and an authenticator Na ′.

Next, a use procedure after receiving and storing digital information in the above-described procedure will be described with reference to a flowchart of FIG. First, the operator of the information processing apparatus 1 selects digital information that he / she wants to use (want to see / hear) from a plurality of digital information stored in the digital information storage unit 3 (SP1), and then uses the information. The user designates whether to use or try (SP2). The digital information thus selected is transferred from the digital information storage unit 3 to the confidential processing unit 4 (SP3).

The digital information transferred to the confidential processing unit 4 is verified by the verification unit 43 for falsification of data contents. The first verification performed here is detection of tampering of the received digital information content. That is, the communication encryption key K
Authenticator data (hereinafter, referred to as MAC1 ′) is created using the common key Ka in the common key storage unit 42 for the information identification number, the information body, and the usage condition information encrypted in s. 'And an authenticator Na (hereinafter referred to as MAC1) described in the received digital information (SP4). As a result of this collation, MAC1 @ MA
In the case of C1 ', it is determined that the received digital information has been falsified, the operator is notified that the digital information cannot be used, and the subsequent processing is interrupted (SP5).

Also, as a result of the first verification, MAC1 = MA
In the case of C1 ', a second verification is performed (SP6). Second
Verification is the detection of falsification of the usage condition information content. That is, a set having the same information identification number as the selected digital information is searched for from a set of a plurality of information identification numbers, usage condition information, and authenticators transferred / stored in the usage condition information storage unit 41 at the time of reception. Then, authenticator data (hereinafter, referred to as MAC2 ′) is created using the common key Ka in the common key storage unit 42, and the MAC2 ′ and the authenticator Na ′ stored in the usage condition information storage unit 32 are created. (Hereafter, MAC2
(SP6). As a result of this match,
If MAC2 ≠ MAC2 ', it is determined that the use condition information has been falsified, and the operator is notified that the use condition information cannot be used (SP5).

As a result of the search, if the usage condition information having the same information identification number as the digital information desired to be used does not exist in the usage condition information storage unit 41, the usage by unauthorized copying from another person is performed. Alternatively, it is determined that the use condition has not been satisfied due to the number of times of use or the use period has been exceeded, the operator is notified that the use is not possible, and the subsequent processing is interrupted (SP5).

When the verification of SP4 and SP6 is satisfied, that is, MAC1 = MAC1 'and MAC2 = MAC
When it is 2 ', the usage condition information having the same information identification number as the information identification number in the corresponding digital information is extracted from the usage condition information storage unit 41, and the common key Ka stored in the common key storage unit 42 is extracted. The extracted use condition information is decrypted with the communication encryption key Ks decrypted using the information, and the contents of the use condition are verified (SP7).

First, when using information, it is verified whether or not the following conditions are satisfied with the use condition information shown in FIG.
"Number of uses 0 (-1 or positive integer)" and "Use start date ≤ current date ≤ use stop date or stop date =" 000000 "(no period limit)".

Next, when the information is used as a trial, it is verified whether or not the following conditions are satisfied with the use condition information shown in FIG.
"Trial count 0 (-1 or positive integer)" and "Trial start date ≤ current date ≤ trial stop date or trial stop date =" 000000 "(no period limit)".

When the above condition is satisfied, the information body in the digital information shown in FIG. 3 is decrypted by the decryption unit 44 using the communication encryption key Ks (SP8). Thereafter, the analog conversion unit 35 converts the analog information into a form that can be sensed by human senses, that is, a form in which music can be listened to or a video can be seen (SP9). If
Part of the information).

Here, since the communication encryption key Ks is encrypted with the common key Ka, only the digital information that has been properly received using the information processing apparatus 1 is correctly decrypted and received by another information processing apparatus. The decoded digital information is not correctly decoded.

Finally, the use condition information in the use condition information storage unit 41 corresponding to the used or trial digital information is updated (SP10). That is, the number of times of use and the number of times of trial are set to 1 depending on the case of information use or information trial, respectively.
After the subtraction, the authenticator Na ′ is newly calculated and rewritten for the information identification number and the changed use condition information shown in FIG. In addition, the number of uses and trials is unlimited (the number of uses and trials =-
In the case of 1), no change operation is required. At this point, if the usage conditions are no longer satisfied, specifically, “use count = 0 or current date ≧ stop date” and “trial count = 0 or current date ≧ trial stop date” Day"
In this case, the corresponding information identification number, use condition information, and authenticator Na ′ are deleted from the use condition information storage unit 41.

By repeating the above procedure,
It becomes possible to receive and use a plurality of digital information.

Thus, even if the received digital information is directly copied, decoded by another device or the like, and converted to analog, the originally intended information is not restored, and illegal copying can be prevented. Also, since the received digital information and usage condition information are provided with an authenticator, if the received information and the usage condition information are falsified, the falsification is detected in the verification at the time of use unless the common key Ka is known, and the information is detected. Decrypts the
Analog conversion cannot be performed and falsification can be prevented.

The information processing apparatus 1 of the present embodiment is partly included in a method for protecting a copyrighted work after delivery of a copyrighted work that needs to be used in a digital form such as computer software (development during program execution). Except for preventing execution of files on memory).

Further, in the present embodiment, the authenticator creation and the information encryption are all performed by the common key encryption method. However, when the information processing apparatus 1 is distributed in a large amount, the authentication having a sufficient decryption speed is possible. Needless to say, the same effect can be obtained by decrypting the communication encryption key using a public key cryptosystem that is easy to manage and distribute.

[0037]

As described above, according to the digital information protection method according to the first aspect of the present invention, digital information with an authenticator and usage condition information is received by encryption communication using a common key encryption method. Only when the authenticator and the usage condition information are verified and matched in the confidential processing unit at the time of use and after the information itself is decrypted and converted to analog, the usage condition information is rewritten together with the authenticator, so that the received digital information is copied as it is. Even if the common key is not known, the intended information is not restored as a result of decoding and analog conversion of the information using another device or the like, so that illegal copying can be prevented. Also, even if the received information and the usage condition information are tampered with by attaching an authenticator to the received information and the usage condition information, unless the common key is known, the tampering is detected by verification at the time of use, and the information itself is detected. Since decoding and analog conversion are not performed, unauthorized use due to tampering can be prevented. In addition, the received information stored in the digital information storage unit is copied and stored as it is, and when used, returned to the digital information storage unit of the same digital information protection processor, and then the information body is decoded and converted to analog. Since it can be used, even if it receives more than the storage capacity limit of the digital information storage unit, it can be stored in an external storage device and used as needed. Further, this has a great effect that the file of the digital information storage unit can be used as a backup copy in case of unintentional physical destruction or the like.

According to the digital information protection processing device of the present invention, the digital information including the information body and the use condition information encrypted with the common key is verified in the confidential processing unit at the time of use. Only when the information matches, the information main body is decrypted and converted into an analog signal to make it usable, so that even if the received digital information is copied as it is, another device or the like in which the common key is not stored. The intended information cannot be restored as a result of decoding and analog conversion of the information by using. Therefore, illegal copying can be prevented by using the digital information protection processing device. Unless the common key is known, even if the received information and the usage condition information have been tampered with, the tampering will be detected by verification at the time of use and the information itself will not be decrypted / analog-converted, thus preventing unauthorized use due to tampering. Can be. In addition, the received information stored in the digital information storage unit is copied and stored in an external storage device as it is, and returned to the digital information storage unit of the same digital information protection processing device at the time of use, and then the information body is decrypted. Since it can be used after converting it to analog, even if it is received beyond the storage capacity limit of the digital information storage unit, it is stored in an external storage device,
It can be used as needed. Furthermore, this provides a very excellent effect that the file of the digital information storage unit can be used as a backup copy in preparation for an unintended physical destruction or the like.

[Brief description of the drawings]

FIG. 1 is a block diagram showing a digital information protection processing device according to an embodiment of the present invention.

FIG. 2 is a flowchart illustrating an information receiving and storing operation in one embodiment.

FIG. 3 is a diagram showing a format of digital information to be processed in one embodiment;

FIG. 4 is a diagram showing an example of contents of use condition information in digital information in one embodiment.

FIG. 5 is a diagram showing the contents of information stored in a use condition information storage unit in one embodiment.

FIG. 6 is a flowchart illustrating an operation at the time of using information in one embodiment.

[Explanation of symbols]

DESCRIPTION OF SYMBOLS 1 ... Digital information protection processing apparatus, 2 ... Communication control part, 3
... Digital information storage unit, 4 ... Confidential processing unit, 41 ... Usage condition information storage unit, 42 ... Common key storage unit, 43 ... Verification unit,
44: decoding unit, 45: analog conversion unit, 5: input interface unit, 6: central control unit.

Continuation of the front page (56) References JP-A-4-155658 (JP, A) JP-A-4-320181 (JP, A) Yoshiyoshi Yamanaka, Yoichi Takashima, Ikuo Koyanagi, Information on multimedia on-demand service Protection System, NTT R & D, Japan, September 10, 1995, Vol. 9, pp. 813-818 Manabu Yamada, new DAT digital copy of the principles of, electronics life, Japan, October 1, 1990, October 698, p. 50-57 (58) investigated the field (Int.Cl. ⁷ , DB name) H04L 9/08 G09C 1/00 G06F 9/06

Claims (2)

(57) [Claims] 1. A communication encryption key different for each communication encrypted with a common key stored in a common key storage unit, an information identification number encrypted with the communication encryption key, an information body, Digital information composed of the condition information and the first authenticator is received via a communication line, and the digital information is stored in the digital information storage unit, and at the same time, the information identification number and the use condition information are transmitted to the confidential processing unit. The confidential processing unit calculates a second authenticator from the information identification number and the use condition information, and stores the second authenticator, the information identification number, and the use condition information in a use condition information storage unit. When using information, digital information to be used is transferred from the digital information storage unit to the confidential processing unit, and the confidential processing unit uses a common key stored in the common key storage unit. Falsification verification of the content of the digital information and falsification verification of the usage condition information content stored in the usage condition storage unit based on the first and second authenticators are performed. After verifying the use conditions, only when all the verifications are satisfied, the information body is decoded by the decoding unit, and after the analog conversion unit outputs the information converted to a form that can be sensed by human senses, A digital information protection method, characterized in that the information content and the authenticator stored in the usage condition information storage unit are updated or deleted when the usage condition is no longer satisfied. 2. A communication control unit for receiving, via a communication line, digital information including an information body and usage condition information encrypted with a common key, and a digital information storage for storing the digital information received by the communication control unit. A confidential processing unit, wherein the confidential processing unit includes a use condition information storage unit that stores use condition information of digital information, a common key storage unit that stores the common key, and a confidential processing unit. A verification unit for performing tampering verification of the digital information input from the digital information storage unit using the stored common key; and a common unit stored in the common key storage unit based on the verification result of the verification unit. A decoding unit that decodes digital information input from the digital information storage unit using a key; and an analog unit that converts the decoded digital information into analog information and outputs the analog information. Digital information processing apparatus characterized by being composed of a conversion unit.