JP3788572B2 - Rental content distribution system and method - Google Patents

Description

[0001]
BACKGROUND OF THE INVENTION
The present invention relates to a playback device, a playback information storage device, a management center, and a content distribution system, a content playback time limit management, a method of limiting a playback device that plays back content, and a method for safely changing the model of a playback device that plays back content. .
[0002]
[Prior art]
As a first prior art, there is a method for renting digital contents, in which a DVD or CD is lent and returned within a rental period, like a video tape.
[0003]
As a second conventional technology, content data is encrypted and recorded on a medium in order to prevent unauthorized copying of the content, and key data for decrypting the encrypted content data is also recorded on the medium.
[0004]
As a third conventional technique, there is a method in which encrypted content data is recorded on a DVD medium, and key data to be decrypted is downloaded from a telephone line or the like to a playback device via the Internet.
[0005]
[Problems to be solved by the invention]
However, in the method according to the first prior art, the rented DVD or CD has to be returned to the store within the rental period, which is very troublesome.
[0006]
Even if the rental period was accidentally exceeded, additional fees were collected.
[0007]
In addition, a rental store has been lost due to a so-called look-around act of reproducing content by a person other than the rented person.
[0008]
In the second prior art method, since the key data for decrypting the encrypted content data is recorded on the medium, it is impossible to prevent an illegal decryption act by a hacker and it is always decrypted. Exposed to threats.
[0009]
Recently, even companies that have received a license for DVD have leaked secrets due to inadequateness, and the encrypted data has been decrypted, causing a problem in the management method of confidential information.
[0010]
The method according to the third prior art is complicated because it is necessary for the user to make a provider contract or difficult setting for connection in order to reproduce the content.
[0011]
The present invention has been made in view of the above-described conventional problems, and provides a distribution system and distribution method for improving user convenience, eliminating profit loss in a store, and protecting content safely in the distribution of digital contents. The purpose is to do.
[0012]
[Means for Solving the Problems]
The rental content distribution method according to the present invention is performed while transmitting a playback device public key certificate including a playback device public key from the playback device to the IC card, and transmitting an IC card public key from the IC card to the playback device. Performing the mutual authentication between the playback device and the IC card, and transmitting the IC card public key certificate including the IC card public key from the IC card to the management center. Performing mutual authentication via a terminal, transmitting the playback device public key certificate from the IC card to the management center via the terminal, and the management center including the playback device public key A step of authenticating a certificate; a step in which the terminal inputs contract information from an operator; and a terminal sends the contract information to the IC card. The IC card adds a signature to the contract information with an IC card private key, and the IC card sends the contract information signed with the IC card private key via the terminal. Transmitting to the management center, the management center checking the contract information with a signature attached to the contract information by the IC card private key, and the management center in the contract information. Signing a content encryption key corresponding to a content title with a management center private key, and the management center including the content encryption key signed with the management center private key in the playback device public key certificate Encrypting with the playback device public key before the management center is signed with the management center private key. Signing the content encryption key and contract information encrypted with the playback device public key with the management center private key, and the management center signing with the management center private key and making the playback device public The content encryption key encrypted with a key, the contract information, and the management center private key signed with the management center private key and encrypted with the playback device public key, and the contract information with the management center private key Encrypting the attached signature with the IC card public key; and the content encryption key signed by the management center private key and encrypted by the playback device public key by the management center, the contract information And the computer signed with the management center private key and encrypted with the playback device public key. Transmitting the Tents encryption key and the contract information signed by the management center private key and encrypted by the IC card public key to the IC card via the terminal; The IC card is signed by the management center private key and encrypted by the playback device public key, the content encryption key encrypted by the playback device public key, the contract information, and the signature by the management center private key and encrypted by the playback device public key. A signature attached with the management center private key from the encrypted content encryption key and the contract information with the management center private key encrypted with the IC card public key. Using the content encryption key encrypted with the playback device public key, the contract information, and the management center private key Decrypting with the IC card private key the content encryption key and the signature encrypted with the playback device public key and the signature attached to the contract information with the management center private key; The content encryption key signed with the management center private key and encrypted with the playback device public key and the contract information are signed with the management center private key and encrypted with the playback device public key. Verifying the content encryption key and the contract information with a signature attached with the management center private key, and the IC card is signed with the management center private key and encrypted with the playback device public key Storing the content encryption key; and the IC card is signed with the management center private key. The content encryption key and the contract information encrypted with the playback device public key are added to the content encryption key and the contract information signed with the management center private key and encrypted with the playback device public key. When the result of the step of verifying with the signature attached by the management center private key is normal, a step of transmitting a normal end to the terminal; and the terminal indicating the normal end from the IC card Receiving the content data corresponding to the content title, which is encrypted with the content encryption key, on a recording medium, and the playback device stores the content encryption key on the IC card. Transmitting the request; and when the IC card receives the request for the content encryption key from the playback device. A step of adding a signature with the IC card private key to the content encryption key signed with the management center private key and encrypted with the playback device public key; and The IC card private key is added to the content encryption key signed with a key and encrypted with the playback device public key and the content encryption key signed with the management center private key and encrypted with the playback device public key. Transmitting the signature attached to the playback device to the playback device, and the playback device sends the content encryption key signed with the management center secret key and encrypted with the playback device public key to the management center secret The IC card private key is added to the content encryption key signed with the key and encrypted with the playback device public key. A step of collating with the attached signature, and the playback device uses the content encryption key and the content encryption key from the content encryption key that is named by the management center private key and encrypted by the playback device public key. Decrypting the signature by the management center private key attached to the key with the playback device private key, and the playback device using the content encryption key as the signature by the management center private key attached to the content encryption key; Collating, the playback device storing the content encryption key, and the playback device using the content encryption key to store the content data from the encrypted content data recorded on the recording medium. And a step of decoding.
[0013]
In the rental content described above, the contract information includes a contract period, the IC card sets a contract term in the contract information in a timer of the IC card, and the IC card is from the playback device. A timer value is read from a timer of the IC card when the request for the content encryption key is received, and the IC card is signed with the management center private key and Instead of signing the encrypted content encryption key with the IC card private key, the content encryption key and the IC card signed with the management center private key and encrypted with the playback device public key The timer value read from the timer is signed with the IC card private key, and the IC card The content encryption key signed by the management center private key and encrypted by the playback device public key and the content encryption key signed by the management center private key and encrypted by the playback device public key are added to the IC. Instead of transmitting the signature attached by the card private key to the playback device, the content encryption key signed by the management center private key and encrypted by the playback device public key is read from the timer of the IC card. The IC card private key is attached to the content encryption key and the timer value read from the timer of the IC card, which are signed by the timer value and the management center private key and encrypted by the playback device public key. The received signature is transmitted to the playback device, and the playback device receives the timer value received by the timer of the playback device. The IC card, a step of erasing the content encryption key stored in the IC card when the value of the timer of the IC card reaches a predetermined value, and the playback device, the timer of the playback device The content encryption key stored in the playback device may be deleted when the value becomes a predetermined value.
[0014]
The playback device according to the present invention transmits a playback device public key certificate including a playback device public key from the playback device to the IC card, and receives the IC card public key from the IC card, while performing mutual authentication between the IC cards. Means for transmitting a request for a content encryption key to the IC card, and a content encryption key signed with a management center private key and encrypted with the playback device public key, using the management center private key Means for verifying the content encryption key, which has been signed and encrypted by the playback device public key, with the signature attached by the IC card private key, and is signed by the management center private key and by the playback device public key Signature of the content encryption key and the management center private key attached to the content encryption key from the encrypted content encryption key Means for decrypting with a reproduction apparatus private key; means for verifying the content encryption key with a signature of the management center private key attached to the content encryption key; means for storing the content encryption key; Means for decrypting the content data with the content encryption key from the encrypted content data recorded.
[0015]
In the above playback device, the contract information includes a contract period, a timer in which the received timer value is set, and a means for erasing the stored content encryption key when the timer value reaches a predetermined value; May be provided.
[0016]
The IC card according to the present invention receives a playback device public key certificate including a playback device public key from the playback device, and performs mutual authentication with the playback device while transmitting the IC card public key to the playback device. Means for performing mutual authentication with the management center via a terminal while transmitting an IC card public key certificate including the IC card public key to the management center, and the playback device public key via the terminal Means for transmitting a certificate to the management center; means for receiving contract information from the terminal; means for signing the contract information with an IC card private key; and a signature attached with the IC card private key Means for transmitting the contract information to the management center via the terminal, a content encryption key signed with a management center private key and encrypted with the playback device public key, the contract information The content encryption key signed with the management center private key and encrypted with the playback device public key and the signature attached to the contract information with the management center private key and encrypted with the IC card public key Means for receiving the converted information from the management center via the terminal, the content encryption key signed with the management center private key and encrypted with the playback device public key, the contract information, and The content encryption key signed with the management center private key and encrypted with the playback device public key and the signature attached to the contract information with the management center private key and encrypted with the IC card public key From these, the signature is given by the management center private key and encrypted by the playback device public key. The content encryption key, the contract information, and the management center private key signed with the content encryption key encrypted with the playback device public key and the signature attached to the contract information with the management center private key Means for decrypting with the IC card private key, and the content encryption key signed with the management center private key and encrypted with the playback device public key and the contract information are signed with the management center private key. Means for verifying the content encryption key encrypted by the playback device public key and the signature attached to the contract information by the management center private key; and the playback device public key signed by the management center private key Means for storing the content encryption key encrypted by the method and the management center private key. The content encryption key and the contract information encrypted with the playback device public key are added to the content encryption key and the contract information signed with the management center private key and encrypted with the playback device public key. Means for transmitting, to the terminal, a notice of normal termination when the result of the step of verifying with the signature attached by the management center private key is normal, and means for receiving the request for the content encryption key from the playback device And when the content encryption key request is received from the playback device, the content encryption key signed by the management center private key and encrypted by the playback device public key is signed by the IC card private key. And the content encryption encrypted with the playback device public key and signed with the management center private key. Means for transmitting the signature attached by the IC card private key to the content encryption key signed by the key and the management center private key and encrypted by the playback device public key, to the playback device. Features.
[0017]
In the above IC card, the contract information includes a contract period, a timer in which the contract term in the contract information is set, and the timer when the request for the content encryption key is received from the playback device. Means for reading a timer value, and means for erasing the content encryption key to be stored when the timer value reaches a predetermined value, and is signed with the management center private key and encrypted with the playback device public key Instead of means for signing the content encryption key with the IC card private key, the content encryption key signed with the management center private key and encrypted with the playback device public key and the IC card Means for signing the timer value read from the timer with the IC card private key, and with the management center private key. The content encryption key is signed with the content encryption key and the management center private key encrypted with the playback device public key and the content encryption key encrypted with the playback device public key is attached with the IC card private key. Instead of means for transmitting the signed signature to the playback device, the content encryption key signed with the management center private key and encrypted with the playback device public key is read from the timer of the IC card. Signature attached with the IC card private key to the content encryption key encrypted with the playback device public key and the timer value read from the timer of the IC card signed with the timer value and the management center private key May be provided for transmitting to the playback device.
[0018]
The terminal according to the present invention includes means for mediating mutual authentication between the IC card and the management center performed while transmitting the IC card public key certificate including the IC card public key from the IC card to the management center; Means for mediating transmission of the playback device public key certificate from an IC card to the management center; means for inputting contract information from an operator; means for transmitting the contract information to the IC card; Means for mediating transmission of the contract information signed by the IC card private key from the management center to the management center, and by means of the playback device public key signed by the management center private key from the management center to the IC card The encrypted content encryption key, the contract information, and the management center private key are added to the signature and the playback device public key is encrypted. Means for mediating the transmission of the content encryption key and the contract information signed by the management center private key and encrypted by the IC card public key, and the signature is attached by the management center private key. The content encryption key and the contract information encrypted with the playback device public key are added to the content encryption key and the contract information signed with the management center private key and encrypted with the playback device public key. When the result of collation with the signature attached by the management center private key is normal, means for receiving from the IC card a normal end, and when receiving the normal end from the IC card, Content data corresponding to the content title, which is encrypted with the content encryption key, is recorded on a recording medium. Characterized in that it comprises a means for recording.
[0019]
The management center according to the present invention receives a IC card public key certificate including an IC card public key from an IC card and performs mutual authentication with the IC card via a terminal, Means for receiving a playback device public key certificate including a playback device public key from the IC card; means for authenticating the playback device public key certificate; and a contract signed by the IC card private key from the IC card. Means for receiving information via the terminal; means for verifying the contract information with a signature attached to the contract information by the IC card private key; and a content encryption corresponding to the content title in the contract information Means for signing a key with a management center private key and the content encryption key signed with the management center private key in the playback device public key certificate A means for encrypting with the playback device public key, and a signature with the management center private key and a signature with the management center private key signed to the content encryption key and the contract information encrypted with the playback device public key. And the content encryption key signed by the management center private key and encrypted by the playback device public key, the contract information, and the signature signed by the management center private key and encrypted by the playback device public key. Means for encrypting a signature attached to the content encryption key and the contract information with the management center private key with the IC card public key, and a signature attached with the management center private key The encrypted content encryption key, the contract information, and the management center private key are used to sign the The content encryption key encrypted with the device public key and the signature attached to the contract information with the management center private key and encrypted with the IC card public key via the terminal Means for transmitting to an IC card.
[0020]
A rental content distribution system according to the present invention includes the above playback device, the above IC card, the above terminal, and the above management center.
[0021]
DETAILED DESCRIPTION OF THE INVENTION
In order to clarify the above and other objects, features, and advantages of the present invention, embodiments of the present invention will be described in detail with reference to the accompanying drawings.
[0022]
Referring to FIG. 1, a configuration example of a system and a distribution method in rental content distribution as one embodiment of the present invention is shown.
[0023]
In FIG. 1, the rental content distribution system is installed in a management center 101, a terminal 103 installed in a store, a network 102 connecting the management center 101 and the terminal 103, an IC card 104, a content recording medium 105, and a user. The playback device 106 is configured.
[0024]
In FIG. 1, a management center 101 is installed at a remote location and is connected to a terminal 103 installed in a store via a network 102 such as the Internet. Although omitted in the figure, there may be a plurality of stores, and there may be a plurality of terminals 103 in one store.
[0025]
An IC card 104 and a content recording medium 105 brought by the user are connected to the terminal 103.
[0026]
The playback device 106 is owned by the user, and the IC card 104 owned by the user and the content recording medium 105 are connected.
[0027]
The management center 101 stores a plurality of content encryption keys, public key certificates of all IC cards, public key certificates of all playback devices, and pair information of all IC cards and all playback devices. The IC card 104 receives the IC card public key certificate and the playback device public key certificate, and confirms the validity. The content encryption key is different for each content, and each content is encrypted by each content encryption key.
[0028]
Also, after mutual authentication with the IC card 104 via the terminal 103, the content encryption key and rental period information are distributed to the IC card 104 by a predetermined procedure from the terminal.
[0029]
The terminal 103 stores the content encrypted with the content encryption key stored in the management center 101, and the user performs an operation for rent purchase of the content using the terminal 103.
[0030]
The terminal 103 downloads the encrypted content to the content recording medium 105 by a predetermined procedure between the management center 101 and the IC card 104.
[0031]
The IC card 104 downloads the content encryption key and the rental time limit information obtained by encrypting the content via the terminal 103, stores the content encryption key during the rental period, and deletes the content encryption key when the rental period expires.
[0032]
The IC card performs mutual authentication with the playback device 106 owned by the user, and distributes the content encryption key to the playback device 106 during the rental period according to a predetermined procedure.
[0033]
The content recording medium 105 records the encrypted content recorded on the terminal 103 by a predetermined procedure of the management center 101 and the IC card 104. Further, after a predetermined procedure is performed on the content recording medium 105 to the playback device 106 owned by the user, content data is read out under the control of the playback device 106.
[0034]
The playback device 106 owned by the user stores the content encryption key transmitted from the IC card 104 by a predetermined procedure after the authentication process with the IC card 104 until the rental period, and the rental period has passed or the power source is turned off. Hold until disconnected.
[0035]
Also, the playback device 106 reads the encrypted content from the content storage medium 105 by a predetermined procedure, decrypts the encrypted content data with the content encryption key read from the IC card 104, and plays back the content during the rental period. .
[0036]
In the case of the example in FIG.
[0037]
First, the IC card 101 is connected to the playback device 106 in advance, and mutual authentication is performed between the IC card 104 and the playback device 106. If the mutual authentication result is normal, the IC card 104 stores the certificate of the playback device public key.
[0038]
Next, the user brings the IC card 104 and the content recording medium 105 to the store and connects to the terminal 103.
[0039]
When the IC card 104 is connected, the terminal 103 reads the public key certificate of the IC card 104 from the IC card 104 and requests mutual authentication together with the read public key certificate of the IC card 104 to the management center 101.
[0040]
The management center 101 confirms the validity of the public key certificate of the IC card 104 and performs mutual authentication with the IC card 104.
[0041]
Next, the terminal 103 reads the public key certificate of the playback device 106 and transfers the read public key certificate of the playback device 106 to the management center 101.
[0042]
The management center 101 confirms the validity of the public key certificate of the playback device 106.
[0043]
Next, when the user inputs the title of the content to be rented to the terminal 103 and the rental period, the terminal 103 transmits contract information including the title of the content and the rental period to the IC card. Read the signature with the IC card private key.
[0044]
The terminal 103 transmits contract information and signature data to the contract information as data for requesting a content encryption key to the management center 101.
[0045]
Next, the management center 101 verifies the contract information from the terminal 103 and the signature of the contract information, and if the validity of the data is confirmed, the content encryption key corresponding to the content title is used as the public key of the playback device 106. The encrypted content encryption key or the like and the signature data with the secret key of the management center for the content encryption key or the like are transmitted to the IC card 104 via the terminal 103.
[0046]
The IC card 104 verifies the content encryption key encrypted with the public key of the playback device 106 and the signature data. If the validity is confirmed, the IC card 104 uses the content encryption key encrypted with the public key of the playback device 106 for the rental period. Store only inside.
[0047]
Next, the terminal 103 transfers the content already encrypted with the content encryption key corresponding to the content title to the content recording medium 105 according to a predetermined procedure, and after the user pays the rental fee to the store, the terminal 103 The content recording medium 105 is received.
[0048]
Next, the user connects the IC card 104 and the content recording medium 105 to the playback device 106 owned by the user.
[0049]
The playback apparatus 106 performs mutual authentication with the IC card 104, and when the validity can be confirmed, reads the signature to the content encryption key, the content encryption key, the contract information, and the contract information from the IC card 104.
[0050]
When the playback device 106 verifies the content encryption key, the contract information, and the signature data and confirms the validity of the data, the playback device 106 decrypts the content encryption key encrypted with the public key of the playback device 106 with the private key of the playback device 106. The decrypted content encryption key is stored until the rental period or the power is turned off.
[0051]
The playback device 106 reads the encrypted content from the content storage medium 105, decrypts it with the content encryption key, and plays back the content during the rental period or until the power is turned off.
[0052]
Referring to FIG. 2, a detailed configuration example of the management center 101 shown in FIG. 1 is shown.
[0053]
The management center includes a control unit 201, a decryption unit 202, an encryption unit 203, a compression unit 204, a random number generation unit 205, an authentication unit 206, a communication unit 207, a management center private key storage unit 208, a management center public key storage unit 209, a content encryption A key storage unit 210, a public key database 211, and an accounting information database 212 are provided.
[0054]
In the management center private key storage unit 208, a management center private key owned only by the management center 101 is recorded.
[0055]
In the management center public key storage unit 209, a management center public key paired with the management center private key by a predetermined method is recorded.
[0056]
The content encryption key storage unit 210 stores each content encryption key used for encrypting each content. Each content encryption key is a common key.
[0057]
In the public key database 211, public key certificates of all IC cards and all reproducing devices and pair information (information consisting of a secret key and a public key) of all IC cards and all reproducing devices are recorded.
[0058]
In the charging information database 212, a title, a rental period, and a rental fee regarding the content rented by the user are recorded.
[0059]
When the decryption unit 202 receives the encrypted data from the terminal 103 of the store via the communication unit 207, the control unit 101 controls the management center private key stored in the management center private key storage unit 208 or the public key database. The encrypted data is decrypted using the public key of the IC card recorded in 210 and the public key of the playback device.
[0060]
When transmitting data to the terminal 103 of the store via the communication unit 207, the encryption unit 203 records the data in the management center private key or public key database stored in the management center private key storage unit 208 under the control of the control unit 201. The data is encrypted using the public key of the IC card and the public key of the playback device.
[0061]
The compression unit 204 compresses arbitrary data under the control of the control unit 201 using a hash function.
[0062]
The random number generation unit 205 generates a random number under the control of the control unit 201.
[0063]
The authentication unit 206 collates the random number transmitted at the time of mutual authentication with the received random number, and collates the received data with the signature data.
[0064]
Referring to FIG. 3, a detailed configuration example of the terminal 103 shown in FIG. 1 is shown.
[0065]
The terminal 103 includes a control unit 301, a communication unit 302, an IC card input / output unit 303, a content recording medium output unit 304, an input unit 305, a display unit 306, and a content storage unit 307.
[0066]
The communication unit 302 communicates with the management center 101 via the network 102 such as the Internet under the control of the control unit 301.
[0067]
The IC card input / output unit 303 communicates with the IC card 104 under the control of the control unit 301.
[0068]
The content recording medium output unit 304 outputs the content data in the content storage unit 307 to the content recording medium 105 under the control of the control unit 301.
[0069]
An input unit 305 is a user interface for the user to operate and input the selection of the content to be rented and the rental period.
[0070]
A display unit 306 is a user interface that displays the title display and rental period of the content to be rented.
[0071]
The content storage unit 307 stores encrypted content.
[0072]
Referring to FIG. 4, a detailed configuration example of the IC card 104 shown in FIG. 1 is shown.
[0073]
The IC card includes a control unit 401, an input / output unit 402, a decryption unit 403, an encryption unit 404, a compression unit 405, a random number generation unit 406, an authentication unit 407, an IC card private key storage unit 408, a management center public key storage unit 409, an IC card. A card public key certificate storage unit 410, a playback device public key certificate storage unit 411, a content encryption key storage unit 412, a timer 413, and a battery 414 are included.
[0074]
The IC card secret key storage unit 408 stores an IC card secret key.
[0075]
The management center public key storage unit 409 stores the public key of the management center.
[0076]
The IC card public key certificate storage unit 410 stores an IC card public key certificate issued by the management center 101.
[0077]
The playback device public key certificate storage unit 411 stores a playback device public key certificate issued by the management center 101 and read from the playback device 106.
[0078]
The content encryption key storage unit 412 is backed up by the battery 414, and stores the encrypted content encryption key received from the management center 101 until the timer 413 changes to a predetermined value.
[0079]
The timer 413 is backed up by a battery 414, and changes with time from the initial value of the timer distributed from the management center 101. When a predetermined value is reached, the content encryption key stored in the content encryption key storage unit 412 is deleted.
[0080]
When the decryption unit 403 receives encrypted data from the store terminal 103 or the playback device 106 owned by the user via the input / output unit 402, the decryption unit 403 uses the IC card private key or the management center public key under the control of the control unit 401. To decrypt the encrypted data.
[0081]
When the encryption unit 404 transmits data to the terminal 103 of the store or the playback device 106 owned by the user via the input / output unit 402, the encryption unit 404 uses the IC card private key or the playback device public key to control the data. Is encrypted.
[0082]
The compression unit 405 compresses arbitrary data under the control of the control unit 401 using a hash function.
[0083]
The random number generation unit 406 generates a random number under the control of the control unit 401.
[0084]
The authentication unit 407 collates the random number transmitted at the time of mutual authentication with the received random number, and collates the received data with the signature data.
[0085]
Referring to FIG. 5, a detailed configuration example of the playback device 106 shown in FIG. 1 is shown.
[0086]
The playback device 106 includes a control unit 501, an IC card input / output unit 502, a decryption unit 503, an encryption unit 504, a compression unit 505, a random number generation unit 506, an authentication unit 507, an operation input unit 508, a content Recording medium input / output unit 509, playback device private key storage unit 510, management center public key storage unit 511, playback device public key certificate storage unit 512, timer 513, content encryption key storage unit 514, content The encryption key decryption unit 515 and the content reproduction unit 516 are configured.
[0087]
The playback device private key storage unit 510 stores the private key of the playback device 106.
[0088]
The management center public key storage unit 511 stores a management center public key.
[0089]
The playback device public key certificate storage unit 512 stores a playback device public key certificate issued by the management center 101.
[0090]
A predetermined timer value indicating the rental period read from the IC card 104 via the IC card input / output unit 502 is written into the timer 513 by the control unit 501. The timer value of the timer 513 changes with time, and the timer 513 clears the content encryption key stored in the content encryption key storage unit 514 when the timer value of the timer 513 reaches a predetermined value at which the rental period ends.
[0091]
The content encryption key storage unit 514 stores the encrypted content encryption key read from the IC card 104 by the control unit 501 via the IC card input / output unit 502.
[0092]
When the decryption unit 503 receives encrypted data or digital signature data from the IC card 104 via the IC card input / output unit 502, the decryption unit 503 uses the playback device private key or the management center public key to control the encrypted data under the control of the control unit 501. And decrypt digital signature data.
[0093]
When the encryption unit 504 transmits data to the IC card 104 via the IC card input / output unit 502, the encryption unit 504 encrypts the data using the playback device private key under the control of the control unit 101.
[0094]
The compression unit 505 compresses arbitrary data under the control of the control unit 501 using a hash function.
[0095]
The random number generation unit 506 generates a random number under the control of the control unit 501.
[0096]
The authentication unit 507 collates the random number transmitted during mutual authentication with the received random number, and collates the received data with the signature data.
[0097]
Next, the mutual authentication operation of the playback device 106 and the IC card 104 in FIG. 1 will be described in order using the time chart shown in FIG.
[0098]
This mutual authentication is performed before the factory shipment of the IC card 104 and the playback device 106, when the user uses the system for the first time, when the model of the playback device 106 is changed, and when the content is played back.
[0099]
First, the IC card 104 is connected to the playback device 106 (S101).
[0100]
The control unit 501 of the playback device 106 confirms the connection of the IC card 104 via the IC card input / output unit 502 and repeats the process until it is recognized (S102).
[0101]
When the control unit 501 of the playback device 106 confirms the connection of the IC card 104 via the IC card input / output unit 502, the playback device public key stored in the playback device public key certificate storage unit 512 for the IC card 104. A request for mutual authentication is made through the IC card input / output unit 502 together with the certificate (PKpl, S1) (S103).
[0102]
Next, when the control unit 401 of the IC card 104 receives a request for mutual authentication together with the playback device public key certificate PKpl, S1 via the input / output unit 402, the management center stored in the management center public key storage unit 409 is received. The decryption unit 403 decrypts the signature S1 of the playback device public key certificate using the public key PKcnt, generates PKcnt (S1), the compression unit 405 compresses the playback device public key PKpl using the hash function, and H (PKpl) is generated, and PKcnt (S1) and H (PKpl) are collated by the authentication unit 407 (S104).
[0103]
When PKcnt (S1) and H (PKpl) do not match in S105, the control unit 401 of the IC card 104 is an unauthorized playback device for which the management center 101 has not issued the playback device public key certificate received from the playback device 106. It is determined that the certificate is a public key certificate, and an error notification is sent to the playback device 106 via the input / output unit 402 (S106).
[0104]
When the control unit 501 of the playback device 106 receives the error notification via the IC card input / output unit 502 (S107), the mutual authentication is stopped (S130).
[0105]
When PKcnt (S1) and H (PKpl) match in S105, the control unit 401 of the IC card 104 issues a valid reproduction device public key certificate issued by the management center 101 to the reproduction device public key certificate received from the reproduction device 106. The IC card public key certificate (PKic, S2) stored in the IC card public key certificate storage unit 410 is transmitted to the playback device 106 via the input / output unit 402 (S108).
[0106]
When the control unit 501 of the playback device 106 receives the IC card public key certificate (PKic, S2) via the IC card input / output unit 502, the control unit public key PKcnt stored in the management center public key storage unit 511 is obtained. The signature S2 is decrypted by the decryption unit 503 to generate PKcnt (S2), and the compression unit 505 compresses the IC card public key PKic using the hash function to generate H (PKic), and the authentication unit 507 PKcnt (S2) and H (PKic) are collated (S109).
[0107]
If PKcnt (S2) and H (PKic) do not match in S110, the control unit 501 of the playback device 106 determines that the IC card public key certificate received from the IC card 104 has not been issued by the management center 101. The IC card public key certificate is determined and the mutual authentication is canceled (S130).
[0108]
In S110, when PKcnt (S2) and H (PKic) match, the control unit 501 of the playback device 106 releases the IC card public key certificate received from the IC card 104 by the management center 101. It is determined that the certificate is a key certificate, and then the random number generator 506 generates a random number Rpl (S111).
[0109]
The control unit 501 of the playback device 106 encrypts the random number Rpl with the encryption unit 504 using the IC card public key PKic to generate PKic (Rpl) (S112), and inputs and outputs PKic (Rpl) to the IC card 104. The data is transmitted via the unit 502 (S113).
[0110]
When the control unit 401 of the IC card 104 receives the PKic (Rpl) via the input / output unit 402, the control unit 401 decrypts the PKic (Rpl) using the IC card secret key SKic stored in the IC card secret key storage unit 408. Decoding is performed at 403 to generate DRpl (S114).
[0111]
Next, the random number generation unit 406 generates a random number Ric (S115), and the reproduction unit public key PKpl is used to encrypt the random number Ric by the encryption unit 404 to generate PKpl (Ric) (S116), and PKpl (Ric) DRpl is transmitted to the playback device 106 via the input / output unit 402 (S117).
[0112]
When the control unit 501 of the playback device 106 receives PKpl (Ric) and DRpl from the IC card input / output unit 502 (S118), the random number Rpl generated by the playback device 106 in step S111 and the DRpl that the IC card 104 decrypted in step S114. Are verified by the authentication unit 507 (S119).
[0113]
In S119, when Rpl and DRpl do not match, the control unit 501 of the playback device 106 uses the IC card 104 that has received an IC card private key that is not paired with the IC card public key received from the IC card 104. It is determined that the card is an IC card, and mutual authentication is stopped (S130).
[0114]
If Rpl and DRpl match in S119, the control unit 501 of the playback device 106 determines that the IC card 104 has a valid IC card that holds the IC card private key paired with the IC card public key received from the IC card 104. The decryption unit 503 decrypts the PKpl (Ric) received in S118 using the playback device private key SKpl stored in the playback device private key storage unit 510 to generate a DRic (S120). Then, DRic is transmitted to the IC card 104 via the IC card input / output unit 502 (S121).
[0115]
When the control unit 401 of the IC card 104 receives DRic from the input / output unit 402 (S122), the authentication unit 407 collates the random number Ric generated by the IC card 104 in step S115 with the DRic decrypted by the playback device 106 in step S120. (S123).
[0116]
If Ric and DRic do not match in S123, the control unit 401 of the IC card 104 notifies the playback apparatus 106 of an error via the input / output unit 402 (S124).
[0117]
When receiving the error notification from the IC card input / output unit 502 (S125), the control unit 501 of the playback device 106 stops the mutual authentication (S130).
[0118]
When Ric and DRic match in S123, the control unit 401 of the IC card 104 compares the contents of the playback device public key certificate storage unit 411 with the playback device public key certificate (PKpl, S) received in S104. (S126).
[0119]
In S126, if the contents of the playback device public key certificate storage unit 411 and the playback device public key certificate (PKpl, S) received in S104 are different, the public key certificate (PKpl, S) of the playback device 106 received in S104. S) is stored in the playback device public key certificate storage unit 411 (S127).
[0120]
In S126, when the content of the playback device public key certificate storage unit 411 is equal to the playback device public key certificate (PKpl, S) received in S104, the process proceeds to S128.
[0121]
Next, the control unit 401 of the IC card 104 notifies the reproduction device 106 of the normal end of the mutual authentication via the input / output unit 402 (S128), and the control unit 501 of the reproduction device 106 passes through the IC card input / output unit 502. When the normal end of mutual authentication is received, the mutual authentication ends (S129).
[0122]
Next, the mutual authentication operation of the IC card 104 and the management center 101 shown in FIG. 1 will be described using the time chart shown in FIG.
[0123]
The user brings the IC card 104 and the content recording medium 105 to the terminal 103 of the store, and connects the IC card 104 and the content recording medium 105 to the terminal 103 (S201).
[0124]
When the control unit 301 of the terminal 103 confirms the connection of the IC card 104 via the IC card input / output unit 303 (S202), the control unit 301 performs mutual authentication of the IC card 104. A read request is notified to the IC card 104 via the IC card input / output unit 303 (S203).
[0125]
When the control unit 401 of the IC card 104 receives a read request for the public key certificate of the IC card 104 from the input / output unit 402, the IC card public key certificate (PKic) stored in the IC card public key certificate storage unit 410 is received. , S2) is transmitted to the terminal 103 via the input / output unit 402 (S204).
[0126]
Next, when the control unit 301 of the terminal 103 receives the IC card public key certificate (PKic, S2) from the IC card input / output unit 303, the IC card public key certificate is transmitted from the communication unit 302 to the management center 101 via the network 102. A mutual authentication is requested together with the certificate (PKic, S2) (S205).
[0127]
When the control unit 201 of the management center 101 receives the mutual authentication request and the IC card public key certificate (PKic, S2) from the terminal 103 via the communication unit 207 (S206), the IC card public key certificate is received from the public key database 211. The IC card public key identical to the IC card public key PKic in the certificate (PKic, S2) is searched to check whether the IC card public key PKic is valid (S207).
[0128]
If the IC card public key PKic is invalid or invalid in S207, the control unit 201 of the management center 101 transmits an error notification from the communication unit 207 to the terminal 103 via the network 102 as a response to the mutual authentication request (S208). ) When receiving the error notification of S208 via the communication unit 302, the control unit 301 of the terminal 103 stops the mutual authentication process (S230).
[0129]
When it is determined in S207 that the IC card public key PKic is valid, the management center public key storage unit 209 stores the signature S2 of the IC card public key certificate (PKic, S2) received in S206. Decryption unit 203 uses key PKcnt to generate PKcnt (S2), PKic is compressed using a hash function using compression unit 204 to generate H (PKic), and then authentication unit 206 generates PKcnt It is checked whether (S2) and H (PKic) are equal (S208).
[0130]
In S209, when PKcnt (S2) and H (PKic) do not match, the control unit 201 of the management center 101 discloses the public key certificate (PKic, S2) received in step S206 that has not been issued by the management center 101. If it is determined that the certificate is a key certificate, an error is notified from the communication unit 207 to the terminal 103 via the network 102 (S210), and the control unit 301 of the terminal 103 receives the error notification from the S210 via the communication unit 302. Authentication is canceled (S230).
[0131]
If PKcnt (S2) and H (PKic) match in S209, the control unit 201 of the management center 101 uses the public key issued by the management center 101 for the IC card public key certificate (PKic, S2) received in S206. The random number generation unit 205 generates a random number Rcnt by determining that it is a certificate (S211), and the encryption unit 203 encrypts the random number Rcnt using the IC card public key PKic to generate PKic (Rcnt) (S212). Then, PKic (Rcnt) is transmitted as response data of the mutual authentication request from the communication unit 207 to the terminal 103 via the network 102 (S213).
[0132]
When receiving the encrypted data PKic (Rcnt) from the communication unit 302, the control unit 301 of the terminal 103 transmits PKic (Rcnt) to the IC card 104 via the IC card input / output unit 303 (S214).
[0133]
When receiving the PKic (Rcnt) from the input / output unit 402, the control unit 401 of the IC card 104 uses the IC card private key SKic stored in the IC card private key storage unit 408 by the decryption unit 403 to use the PKic ( Rcnt) is decoded by the decoding unit 403 to generate DRcnt (S215).
[0134]
Next, the control unit 401 of the IC card 104 generates a random number Ric at the random number generation unit 406 (S216), and uses the management center public key PKcnt stored in the management center public key storage unit 409 at the encryption unit 404. PKcnt (Ric) is encrypted by the encryption unit 404 (S217), and PKcnt (Ric) and DRcnt are transmitted from the input / output unit 402 to the terminal 103 as response data of the mutual authentication request (S218).
[0135]
When receiving the PKcnt (Ric) and DRcnt from the IC card input / output unit 303, the control unit 301 of the terminal 103 receives PKcnt (Ric) and DRcnt from the communication unit 302 via the network 102 as response data of a mutual authentication request to the management center 101. Is transmitted (S219).
[0136]
When the control unit 201 of the management center 101 receives PKcnt (Ric) and DRcnt from the communication unit 207 (S220), the authentication unit 206 collates the decrypted data DRcnt with the random number data Rcnt generated in step 211 (S221).
[0137]
In S221, if DRcnt and Rcnt do not match, the control unit 201 of the management center 101 determines that the IC card 104 is an unauthorized IC card that does not hold an IC card private key that is a pair of the IC card public key PKic. Then, an error notification is sent from the communication unit 207 to the terminal 103 via the network 102 (S222), and when the control unit 301 of the terminal 103 receives the error notification from the communication unit 302, the mutual authentication is stopped (S230).
[0138]
In S221, if DRcnt and Rcnt match, the control unit 201 of the management center 101 determines that the IC card 104 is a legitimate IC card holding an IC card private key that is a pair of the IC card public key PKic. Then, the decryption unit 202 decrypts PKcnt (Ric) using the management center secret key SKcnt stored in the management center secret key storage unit 208 to generate DRic, and transmits the DRic from the communication unit 207 to the terminal 103 via the network 102. DRic is transmitted (S223).
[0139]
When receiving the DRic from the communication unit 302, the control unit 301 of the terminal 103 transmits the DRic to the IC card 104 via the IC card input / output unit 303 (S224).
[0140]
Next, when the control unit 401 of the IC card 104 receives DRic from the terminal 103 via the input / output unit 402 (S225), the authentication unit 407 collates the random number Ric generated in step S216 with the DRic (S226).
[0141]
If the random numbers Ric and DRic do not match in S226, the control unit 401 of the IC card 104 determines that the management center 101 is an unauthorized partner who does not hold the management center secret key SKcnt, and the input / output unit 402 to the terminal 103 (S227), the control unit 301 of the terminal 103 stops mutual authentication when receiving an error notification from the IC card input / output unit 303.
[0142]
In S226, if Ric and decrypted data DRic match, the control unit 401 of the IC card 104 determines that the management center 101 is a valid management center holding the management center secret key SKcnt, and the input / output unit 402 A normal end notification is transmitted from the terminal 103 to the terminal 103 (S228). When the control unit 301 of the terminal 103 receives the normal end notification from the IC card input / output unit 303, the mutual authentication ends normally (S229).
[0143]
FIG. 8 shows the transfer process of the reproduction apparatus public key certificate from the IC card 104 to the management center 101 after the mutual authentication between the IC card 104 and the management center 101 is completed.
[0144]
First, the control unit 301 of the terminal 103 requests the IC card 104 to read out the playback device public key certificate from the IC card input / output unit 303 (S301).
[0145]
When the control unit 401 of the IC card 104 receives a read request for the playback device public key certificate from the terminal 103 via the input / output unit 402, the playback device public key certificate stored in the playback device public certificate storage unit 411. (PKpl, S1) is transmitted from the input / output unit 402 to the terminal 103 (S302).
[0146]
When receiving the playback device public key certificate (PKpl, S1) from the IC card input / output unit 303, the control unit 301 of the terminal 103 receives the playback device public key certificate (PKpl) from the communication unit 302 to the management center 101 via the network 102. , S1) is transmitted (S304).
[0147]
When the control unit 201 of the management center 101 receives the playback device public key certificate (PKpl, S1) from the terminal 103 via the communication unit 207 (S305), the public key in the playback device public key certificate (PKpl, S1). A public key identical to PKpl is searched from the public key database 211, and it is verified whether the public key is a valid public key (S306).
[0148]
In S306, when the playback device public key certificate received in S305 is invalid or invalid, the control unit 201 of the management center 101 notifies the terminal 103 of an error from the communication unit 207 via the network (S307). When receiving the error notification from the communication unit 302, the control unit 301 of 103 stops the playback device public key certificate transfer process (S313).
[0149]
If it is determined in S306 that the playback device public key certificate received in S305 is valid, the playback device public key certificate (PKpl) is used by using the management center public key PKcnt stored in the management center public key storage unit 209. , S1) is decrypted by the decryption unit 202 to generate PKcnt (S1), the PKpl in the playback device public key certificate (PKpl, S1) is compressed by the compression unit 204 using the hash function, and H ( PKpl) is generated, and PKcnt (S1) and H (PKpl) are collated by the authentication unit 206 (S308).
[0150]
If PKcnt (S1) and H (PKpl) do not match in S309, the control unit 201 of the management center 101 determines that the playback device 106 does not hold the playback device private key SKpl paired with the playback device public key PKpl. When the communication unit 207 determines that it is a playback device, transmits an error notification from the communication unit 207 to the terminal 103 via the network 102 (S310), and when the control unit 301 of the terminal 103 receives the error notification from the communication unit 302, the playback device public key certificate The document transfer process is stopped (S313).
[0151]
When PKcnt (S1) and H (PKpl) match in S309, the control unit 201 of the management center 101 determines that the playback device 106 is a valid player with the playback device public key PKpl paired with the playback device private key SKpl. The communication unit 202 notifies the terminal 103 via the network 102 of the normal end (S311), and when the control unit 301 of the terminal 103 receives the normal end notification from the communication unit 302, the playback device public key certificate The document transfer process ends normally (S312).
[0152]
FIG. 9 shows a time chart of information download processing required for content playback performed after the playback device public key certificate transfer processing described above.
[0153]
First, the user selects content to be rented from the display unit 306 of the terminal 103, and inputs the content title C and the rental period T through the input unit 305 (S401).
[0154]
The contract content including the title C of the content and the rental period T is set as contract information CT, and the control unit 301 of the terminal 103 transmits a contract data creation request together with the contract information CT to the IC card 104 via the IC card input / output unit 303 ( S402).
[0155]
When the control unit 401 of the IC card 104 receives the contract data creation request and the contract information CT from the input / output unit 402, the control unit 401 compresses the contract information CT using the hash function in the compression unit 405 to generate H (CT), and the IC Using the IC card secret key SKic stored in the card secret key storage unit 408, H (CT) is encrypted by the encryption unit 404 to generate a signature S3 with the IC card secret key for the contract information (S403). .
[0156]
Next, the control unit 401 of the IC card 104 transmits the contract information CT and the signature S3 to the terminal 103 via the input / output unit 402 (S404).
[0157]
When the control unit 301 of the terminal 103 receives the contract information CT and the signature S3 from the IC card input / output unit 303, the request for downloading the content encryption key together with the contract information CT and the signature S3 is sent from the communication unit 302 to the management center 101 via the network 102. Is transmitted (S405).
[0158]
When receiving the content encryption key download request, the contract information CT, and the signature S3 from the communication unit 207 (S406), the control unit 201 of the management center 101 uses the public key PKic of the IC card confirmed to be normal by the above mutual authentication. S3 is decoded by the decoding unit 202 to generate PKic (S3), the compression unit 204 compresses the contract information CT using a hash function to generate H (CT), and the authentication unit 206 generates PKic (S3). H (CT) is collated (S407).
[0159]
In S408, if PKic (S3) and H (CT) do not match, the control unit 201 of the management center 101 determines that the IC card 104 is illegal or the contract information CT and / or the signature S3 has been tampered with, and the communication unit 207 notifies the terminal 103 of an error via the network 102 (S409), and upon receiving the error notification from the communication unit 302, the control unit 301 of the terminal 103 stops the content encryption key download process (S426).
[0160]
In S408, when PKic (S3) and H (CT) match, the control unit 201 of the management center 101 specifies that the issuer of the contract information CT is the IC card 104 and adds the contract information CT and / or signature S3. It is determined that no falsification has been made, and the charging database 212 is updated with the contract information CT (S410).
[0161]
Next, the control unit 201 of the management center 101 reads the content encryption key CK corresponding to the content title included in the contract information CT from the content encryption key storage unit 209, and the compression unit 204 performs a hash function on the content encryption key CK. To generate a content encryption key by using the management center secret key SKcnt stored in the management center secret key storage unit 208 to encrypt H (CK) by the encryption unit 203. A signature S4 using the management center private key is generated (S411).
[0162]
Next, the content encryption key CK and the signature S4 are encrypted by the encryption unit 203 using the playback device public key PKpl confirmed to be normal by the above playback device public key transfer process, and PKpl (CK, S4) is generated. (S412).
[0163]
Next, the compression unit 204 compresses PKpl (CK, S4) and the contract information CT using a hash function to generate H (PKpl (CK, S4), CT), and the encryption unit 203 manages the management center secret key SKcnt. Is used to encrypt H (PKpl (CK, S4), CT) and generate a signature S5 (S413).
[0164]
Next, the encrypted content encryption key PKpl (CK, S4), the contract information CT, and the signature S5 are encrypted by the encryption unit 203 using the IC card public key PKic, and PKic (PKpl (CK, S4), CT, S5) is generated (S414).
[0165]
Next, PKic (PKpl (CK, S4), CT, S5) is transmitted from the communication unit 207 to the terminal 103 via the network 102 as content encryption key data for the content encryption key download request (S415).
[0166]
When the control unit 301 of the terminal 103 receives the content encryption key data PKic (PKpl (CK, S4), CT, S5) from the communication unit 302, the content encryption key data PKic is sent to the IC card 104 via the IC card input / output unit 303. A content encryption key storage request is transmitted together with (PKpl (CK, S4), CT, S5) (S416).
[0167]
When the control unit 401 of the IC card 104 receives the content encryption key storage request and the content encryption key data PKic (PKpl (CK, S4), CT, S5) from the input / output unit 402, the decryption unit 403 stores the IC card private key. PKic (PKpl (CK, S4), CT, S5) is decrypted using the IC card private key SKic stored in the unit 408, and PKpl (CK, S4), contract information CT, and signature S5 are generated (S417). .
[0168]
Next, the decryption unit 403 decrypts the signature S5 using the management center public key PKcnt stored in the management center public key storage unit 409, generates PKcnt (S5), and the compression unit 405 uses the hash function. PKpl (CK, S4) and contract information CT are compressed to generate H (PKpl (CK, S4), CT), and PKcnt (S5) and H (PKpl (CK, S4), CT) are generated by the authentication unit 407. Collation is performed (S418).
[0169]
In S419, if PKcnt (S5) and H (PKpl (CK, S4), CT) do not match, the control unit 401 of the IC card 104 determines that the received data is invalid data from a device impersonating the management center 101. Or the tampered data is transmitted to the terminal 103 via the input / output unit 402 (S420), and the control unit 301 of the terminal 103 notifies the error notification from the IC card input / output unit 303. Is received, the content encryption key download process is stopped (S426).
[0170]
In S419, when PKcnt (S5) and H (PKpl (CK, S4), CT) match, the control unit 401 of the IC card 104 specifies that the issuer of the received data is the management center 101, and It is determined that the received data has not been tampered with, the contract expiration data T in the contract information CT is set in the timer 413 (S421), and the encrypted content encryption key PKpl (CK, S4) is stored in the content encryption key storage unit 412. Set (S422).
[0171]
Next, the control unit 401 of the IC card 104 transmits a normal response to the content encryption key storage request to the terminal 103 via the input / output unit 402 (S423), and the control unit 301 of the terminal 103 transmits the IC card input / output unit. When the normal end is received from 303, the content data is written from the content storage unit 307 to the content storage medium 105 (S424).
[0172]
When the writing of the content data to the content recording medium 105 is completed, the user takes back the IC card 104 and the content recording medium 105 (S425).
[0173]
FIG. 10 shows a time chart of a process of playing back content using the playback device 106, IC card 104, and content storage medium 105 of FIG.
[0174]
First, the user connects the IC card 104 to the playback device 106, and the playback device 106 and the IC card 104 perform mutual authentication (S501). Since mutual authentication between the IC card 104 and the playback device 103 has already been described, a description thereof is omitted here.
[0175]
The control unit 501 of the playback device 106 requests the IC card 104 to transmit the content encryption key via the IC card input / output unit 502 in response to a content playback instruction (S502) from the operation input unit 508 (S503).
[0176]
When receiving the content encryption key transmission request from the input / output unit 402 (S504), the control unit 401 of the IC card 104 checks whether the content encryption key exists in the content encryption key storage unit 412 (S505).
[0177]
If there is no content encryption key in the content encryption storage unit 412 in S505, the control unit 401 of the IC card 104 transmits a content encryption key deletion notification to the playback device 106 via the input / output unit 402 (S506). Upon receiving the content encryption key deletion notification, the control unit 501 106 determines that the content cannot be played back and ends the content playback processing (S520).
[0178]
In S505, when the content encryption storage unit 412 has a content encryption key, the control unit 401 of the IC card 104 receives the content encryption key PKpl (CK, S4) encrypted from the content encryption key storage unit 412 from the timer 413. The timer value t is read (S508), and the compression unit 405 compresses the content encryption key PKpl (CK, S4) and the timer value t using a hash function to generate H (PKpl (CK, S4), t). The encryption unit 404 generates a signature S6 by encrypting H (PKpl (CK, S4), t) using the IC card private key SKic stored in the IC card private key storage unit 408 (S509). .
[0179]
Next, the control unit 401 of the IC card 104 transmits the content encryption key PKpl (CK, S4) encrypted with the playback device public key, the timer value t, and the signature S6 to the playback device 106 via the input / output unit 402. (S510).
[0180]
When the control unit 501 of the playback device 106 receives the content encryption key PKpl (CK, S4), the timer value t, and the signature S6 encrypted with the playback device public key from the IC card input / output unit 502, the control unit 501 in the decryption unit 503 The signature S6 is decrypted using the IC card public key PKic confirmed to be normal by the above mutual authentication to generate PKic (S6), and the content encryption key PKpl (CK, S4) is generated by the compression unit 505 using the hash function. The timer value t is compressed to generate H (PKpl (CK, S4), t), and the authentication unit 507 compares PKic (S6) with H (PKpl (CK, S4), t) (S511).
[0181]
In S512, when PKic (S6) and H (PKpl (CK, S4), t) do not match, the control unit 501 of the playback device 106 receives the data from the IC card pretending to be a legitimate IC card. Or the data received from the IC card 104 is determined to have been tampered with, and the reproduction process is terminated (S520).
[0182]
In S512, when PKic (S6) and H (PKpl (CK, S4), t) match, the control unit 501 of the playback device 106 sets the timer value t to the timer 513 (S513).
[0183]
Next, the control unit 501 of the playback device 106 uses the decryption unit 503 to use the playback device private key SKpl stored in the playback device private key storage unit 510 to use the content encryption key PKpl (encrypted with the playback device public key). CK and S4) are decrypted to generate CK and a signature S4 (S514).
[0184]
Next, the decryption unit 503 decrypts the signature S4 using the management center public key PKcnt stored in the management center public key storage unit 511, generates PKcnt (S4), and the compression unit 505 uses the hash function. CK is compressed to generate H (CK), and PKcnt (S4) and H (CK) are collated by the authentication unit 507 (S515).
[0185]
In S516, when PKcnt (S4) and H (CK) do not match, the control unit 501 of the playback device 106 determines that the received data is not the data issued by the management center 101 or that the data has been tampered with. Then, the reproduction process is terminated as reproduction impossible (S520).
[0186]
In S516, when PKcnt (S4) and H (CK) match, the control unit 501 of the playback device 106 sets the content encryption key CK in the content encryption key storage unit 514 (S517).
[0187]
Next, the control unit 501 of the playback device 106 reads content data from the content recording medium 105 via the content recording medium input / output unit 509, and the content encryption stored in the content encryption key storage unit 515 by the content playback unit 516. The content data is decrypted using the key CK (S518), and the content is reproduced (S519).
[0188]
【The invention's effect】
As described above, according to the present invention, the following effects can be obtained.
[0189]
First, it is possible to safely limit playback devices that can perform playback by storing the public key certificate of the playback device in the IC card.
[0190]
Second, by storing the public key certificate of the playback device in the IC card before renting the content, it is possible to change the model of the playback device safely and flexibly. It can be safely limited as a playback device capable of playback.
[0191]
Thirdly, since valid content encryption keys, reproduction time limit information, and public key certificates are limited to those issued by the management center, valid content encryption keys, reproduction time limit information, and public key certificates are based on a centralized management. Therefore, it is possible to distribute content safely.
[0192]
Fourthly, the reproduction deadline information can be stored in the IC card and the reproduction deadline can be reduced in real time, thereby preventing the reproduction deadline from being falsified.
[0193]
Fifth, tamper resistance can be improved by having a function of erasing the content encryption key necessary for content playback when the playback deadline has passed inside the IC card and the playback device.
[Brief description of the drawings]
FIG. 1 is a block diagram showing a rental content distribution system according to an embodiment of the present invention.
FIG. 2 is a block diagram showing a management center in the embodiment of the present invention.
FIG. 3 is a block diagram showing a terminal in the embodiment of the present invention.
FIG. 4 is a block diagram showing an IC card in an embodiment of the present invention.
FIG. 5 is a block diagram showing a playback apparatus in an embodiment of the present invention.
FIG. 6 is a time chart showing mutual authentication between the IC card and the playback device in the embodiment of the present invention.
FIG. 7 is a time chart showing mutual authentication between the IC card and the management center in the embodiment of the present invention.
FIG. 8 is a time chart showing transfer of the playback device public key certificate from the IC card to the management center in the embodiment of the present invention.
FIG. 9 is a time chart showing download of a content encryption key from the management center to the IC card in the embodiment of the present invention.
FIG. 10 is a time chart showing content reproduction in the embodiment of the present invention.
[Explanation of symbols]
101 Management Center
102 network
103 terminals
104 IC card
105 Content recording medium
106 Playback device
201 Control unit
202 Decoding unit
203 Cryptographic part
204 Compression unit
205 Random number generator
206 Authentication part
207 communication unit
208 Management Center Private Key Storage Unit
209 Management center public key storage unit
210 Content encryption key storage unit
211 public key database
212 Accounting information database
301 Control unit
302 Communication unit
303 IC card input / output section
304 Content recording medium input / output unit
305 Input section
306 display
307 Content storage unit
401 control unit
402 Input / output unit
403 Decoding unit
404 Cryptographic part
405 compression unit
406 random number generator
407 Authentication Department
408 IC card private key storage
409 Management Center Public Key Storage Unit
410 IC card public key certificate storage unit
411 Playback device public key certificate storage unit
412 Content encryption key storage unit
413 timer
414 battery
501 Control unit
502 IC card input / output unit
503 Decryption unit
504 Cryptographic part
505 Compression unit
506 Random number generator
507 Authentication Department
508 Operation input section
509 Content recording medium input / output unit
510 playback device private key storage unit
511 Management center public key storage unit
512 Playback device public key certificate
513 timer
514 Content encryption key storage unit
515 Content encryption key decryption unit
516 Content playback unit

Claims (10)

Between the playback device and the IC card, the playback device public key certificate including the playback device public key is transmitted from the playback device to the IC card, and the IC card public key is transmitted from the IC card to the playback device. To perform mutual authentication with
Performing mutual authentication between the IC card and the management center via a terminal, performed while transmitting an IC card public key certificate including the IC card public key from the IC card to the management center;
Transmitting the playback device public key certificate from the IC card to the management center via the terminal;
The management center authenticating the playback device public key certificate;
The terminal inputs contract information from an operator;
The terminal transmitting contract information to the IC card;
The IC card attaches a signature to the contract information with an IC card private key;
The IC card transmitting the contract information signed with the IC card private key to the management center via the terminal;
The management center collating the contract information with a signature attached to the contract information by the IC card private key;
The management center signing a content encryption key corresponding to a content title in the contract information with a management center private key;
The management center encrypting the content encryption key signed by the management center private key with the playback device public key in the playback device public key certificate;
The management center signing the content encryption key and the contract information signed with the management center private key and encrypted with the playback device public key with the management center private key;
The management center is signed by the management center private key and encrypted by the playback device public key, the content encryption key, the contract information, and the management center private key is signed by the playback device public key. Encrypting the encrypted content encryption key and the signature attached to the contract information with the management center private key with the IC card public key;
The management center is signed by the management center private key and encrypted by the playback device public key, the content encryption key, the contract information, and the management center private key is signed by the playback device public key. The encrypted content encryption key and the signature attached to the contract information with the management center private key and encrypted with the IC card public key are transmitted to the IC card via the terminal. And steps to
The IC card is signed with the management center private key and encrypted with the playback device public key, the content encryption key encrypted with the playback device public key, the contract information, and the signature with the management center private key and the playback device public key. From the encrypted content encryption key and the contract information signed by the management center private key and encrypted by the IC card public key, the signature is attached by the management center private key. The content encryption key encrypted with the playback device public key, the contract information, and the content encryption key signed with the management center private key and encrypted with the playback device public key and the contract information Decrypting the signature attached by the management center private key with the IC card private key;
The IC card is signed with the management center private key and encrypted with the playback device public key. The content encryption key and the contract information are signed with the management center private key and the playback device public key is signed. Verifying the content encryption key encrypted by the method and a signature attached to the contract information by the management center private key;
The IC card storing the content encryption key signed with the management center private key and encrypted with the playback device public key;
The IC card is signed with the management center private key and encrypted with the playback device public key, and the content encryption key and the contract information are signed with the management center private key and the playback device public key. Transmitting to the terminal a normal end when the result of the step of verifying the content encryption key and the contract information encrypted with the signature attached by the management center private key is normal. ,
Recording the content data corresponding to the content title, which is encrypted with the content encryption key, on a recording medium when the terminal receives the normal termination from the IC card;
The playback device transmitting a request for the content encryption key to the IC card;
When the IC card receives the request for the content encryption key from the playback device, the IC card secret is added to the content encryption key signed with the management center private key and encrypted with the playback device public key. Adding a signature with a key;
The IC card is signed with the management center private key and encrypted with the playback device public key, and the content encryption key signed with the management center private key and encrypted with the playback device public key Transmitting a signature attached to the content encryption key by the IC card private key to the playback device;
The playback device encrypts the content encryption key signed by the management center private key and encrypted by the playback device public key, and signed by the management center private key and encrypted by the playback device public key. Verifying the content encryption key with a signature attached by the IC card private key;
The playback device uses the content encryption key and the management center private key attached to the content encryption key from the content encryption key signed with the management center private key and encrypted with the playback device public key. Decrypting the signature with the playback device private key;
The playback device collating the content encryption key with a signature by the management center private key attached to the content encryption key;
The playback device storing the content encryption key;
The playback device decrypting the content data with the content encryption key from the encrypted content data recorded on the recording medium;
A rental content distribution method characterized by comprising: The rental content distribution method according to claim 1, wherein the contract information includes a contract period.
The IC card sets a contract term in the contract information in a timer of the IC card;
A step of reading a timer value from a timer of the IC card when the IC card receives the request for the content encryption key from the playback device;
Have
The IC card is signed with the management center private key instead of signing with the IC card private key to the content encryption key signed with the management center private key and encrypted with the playback device public key. Is attached to the content encryption key encrypted with the playback device public key and the timer value read from the timer of the IC card with the IC card private key,
The IC card is signed with the management center private key and encrypted with the playback device public key, and the content encryption key signed with the management center private key and encrypted with the playback device public key Instead of transmitting a signature attached to the content encryption key by the IC card private key to the playback device, the content encryption key signed by the management center private key and encrypted by the playback device public key, The content encryption key signed by the timer value read from the IC card timer and the management center private key and encrypted by the playback device public key, and the timer value read from the IC card timer are added to the timer value. Sending the signature attached by the IC card private key to the playback device;
The playback device sets the received timer value to the timer of the playback device;
When the IC card timer value of the IC card reaches a predetermined value, erasing the content encryption key stored in the IC card;
The playback device erasing the content encryption key stored in the playback device when the timer value of the playback device reaches a predetermined value;
A rental content distribution method characterized by comprising: Means for transmitting a reproduction device public key certificate including a reproduction device public key from the reproduction device to the IC card, receiving the IC card public key from the IC card, and performing mutual authentication between the IC cards;
Means for transmitting a request for a content encryption key to the IC card;
A content encryption key signed by the management center private key and encrypted by the playback device public key is converted into an IC from the content encryption key signed by the management center private key and encrypted by the playback device public key. Means for verifying the signature attached by the card private key;
From the content encryption key signed with the management center private key and encrypted with the playback device public key, the playback device secret is signed with the content encryption key and the management center secret key attached to the content encryption key. Means for decryption with a key;
Means for verifying the content encryption key with a signature by the management center private key attached to the content encryption key;
Means for storing the content encryption key;
Means for decrypting content data with the content encryption key from the encrypted content data recorded on a recording medium;
A playback apparatus comprising: The playback device according to claim 3, wherein
The contract information includes a contract period,
A timer in which the received timer value is set;
Means for erasing the stored content encryption key when the timer value reaches a predetermined value;
A playback apparatus comprising: Means for receiving a reproduction device public key certificate including a reproduction device public key from the reproduction device and performing mutual authentication with the reproduction device while transmitting an IC card public key to the reproduction device;
Means for performing mutual authentication with the management center via a terminal while transmitting an IC card public key certificate including the IC card public key to the management center;
Means for transmitting the playback device public key certificate to the management center via the terminal;
Means for receiving contract information from the terminal;
Means for signing the contract information with an IC card private key;
Means for transmitting the contract information signed by the IC card private key to the management center via the terminal;
The content encryption key signed by the management center private key and encrypted by the reproduction device public key, the contract information, and the content encryption signed by the management center private key and encrypted by the reproduction device public key Means for receiving, from the management center via the terminal, a key and a signature attached to the contract information by the management center private key and encrypted by the IC card public key;
The content encryption key signed with the management center private key and encrypted with the playback device public key, the contract information, and the signature signed with the management center private key and encrypted with the playback device public key The content encryption key and the signature attached to the contract information with the management center private key, which are encrypted with the IC card public key, are signed with the management center private key and are made public to the playback device. The content encryption key encrypted with a key, the contract information, and the management center private key signed with the management center private key and encrypted with the playback device public key, and the contract information with the management center private key Means for decrypting the attached signature with the IC card private key;
The content encryption key signed with the management center private key and encrypted with the playback device public key and the contract information are signed with the management center private key and encrypted with the playback device public key. Means for verifying a signature attached to the content encryption key and the contract information by the management center private key;
Means for storing the content encryption key signed with the management center private key and encrypted with the playback device public key;
The content encryption key signed with the management center private key and encrypted with the playback device public key and the contract information are signed with the management center private key and encrypted with the playback device public key. Means for transmitting to the terminal that the content encryption key and the contract information are normally terminated when the result of the step of verifying with the signature attached to the contract information by the management center private key is normal;
Means for receiving a request for the content encryption key from the playback device;
When the request for the content encryption key is received from the playback device, the content encryption key signed with the management center private key and encrypted with the playback device public key is signed with the IC card private key. Means to
The content encryption key signed by the management center private key and encrypted by the playback device public key and the content encryption key signed by the management center private key and encrypted by the playback device public key are added to the content encryption key. Means for transmitting a signature attached by an IC card private key to the playback device;
An IC card comprising: The IC card according to claim 5,
The contract information includes a contract period,
A timer in which the contract deadline in the contract information is set;
Means for reading a timer value from the timer when the request for the content encryption key is received from the playback device;
Means for erasing the stored content encryption key when the timer value reaches a predetermined value;
With
Instead of means for signing with the IC card private key the content encryption key signed with the management center private key and encrypted with the playback device public key, the signature is attached with the management center private key. Means for attaching a signature with the IC card private key to the content encryption key encrypted with the playback device public key and the timer value read from the timer of the IC card;
The content encryption key signed with the management center private key and encrypted with the playback device public key and the content encryption key signed with the management center private key and encrypted with the playback device public key are added to the content encryption key. Instead of means for transmitting the signature attached by the IC card private key to the playback device, the content encryption key signed by the management center private key and encrypted by the playback device public key, the IC card The IC card secret is added to the content encryption key signed by the timer value read from the timer and the management center secret key and encrypted by the playback device public key, and the timer value read from the timer of the IC card. An IC card comprising means for transmitting a signature attached by a key to the reproduction apparatus. Means for mediating mutual authentication between the IC card and the management center performed while transmitting the IC card public key certificate including the IC card public key from the IC card to the management center;
Means for mediating transmission of the playback device public key certificate from the IC card to the management center;
Means for inputting contract information from the operator;
Means for transmitting the contract information to the IC card;
Means for mediating transmission of the contract information signed by an IC card private key from the IC card to the management center;
The content encryption key signed with the management center private key from the management center to the IC card and encrypted with the playback device public key, the contract information, and the playback device public key signed with the management center private key Means for mediating transmission of the content encryption key encrypted with a key and a signature attached to the contract information with the management center private key and encrypted with the IC card public key;
The content encryption key and the contract information signed by the management center private key and encrypted by the playback device public key are signed by the management center private key and encrypted by the playback device public key. Means for receiving from the IC card that the content encryption key and the contract information are normally terminated when a result of verification with a signature attached to the contract information is normal.
Means for recording, on a recording medium, content data corresponding to the content title and encrypted with the content encryption key when the normal termination is received from the IC card;
A terminal comprising: Means for performing mutual authentication with the IC card via a terminal while receiving an IC card public key certificate including the IC card public key from the IC card;
Means for receiving a playback device public key certificate including the playback device public key from the IC card via the terminal;
Means for authenticating the playback device public key certificate;
Means for receiving contract information signed by an IC card private key from the IC card via the terminal;
Means for verifying the contract information with a signature attached to the contract information by the IC card private key;
Means for signing a content encryption key corresponding to a content title in the contract information with a management center private key;
Means for encrypting the content encryption key signed by the management center private key with the playback device public key in the playback device public key certificate;
Means for signing the content encryption key signed by the management center private key and encrypted by the playback device public key and the contract information with the management center private key;
The content encryption key signed with the management center private key and encrypted with the playback device public key, the contract information, and the signature signed with the management center private key and encrypted with the playback device public key Means for encrypting a signature attached to the content encryption key and the contract information with the management center private key with the IC card public key;
The content encryption key signed with the management center private key and encrypted with the playback device public key, the contract information, and the signature signed with the management center private key and encrypted with the playback device public key Means for transmitting a content encryption key and a signature attached to the contract information with the management center private key, encrypted with the IC card public key, to the IC card via the terminal;
A management center comprising: A rental content distribution system comprising: the playback device according to claim 3; the IC card according to claim 5; the terminal according to claim 7; and the management center according to claim 8. A rental content distribution system comprising the playback device according to claim 4, the IC card according to claim 6, the terminal according to claim 7, and the management center according to claim 8.

Images