JP3987874B2 - Digital content distribution system - Google Patents

Description

  The present invention relates to a system in which a digital content such as video and music and a license permitting use of the digital content are distributed from a server device using a network, and a user uses the digital content in a terminal device. The present invention relates to a system and apparatus that prevent licenses from being lost or duplicated even when communication disconnection occurs while preventing unauthorized duplication or falsification of licenses in communication between the apparatus and the terminal device.

  In recent years, digital content (hereinafter referred to as content) such as music, video, and games can be distributed from a server device to a terminal device through communication such as the Internet or digital broadcasting, and the content can be used in the terminal device. A system called a content distribution system has entered a practical stage. In a general content distribution system, copyright protection technology is used to protect the copyright of the content and prevent unauthorized use of the content by a malicious user or the like. Specifically, the copyright protection technology is a technology for securely controlling use of content such as a user playing back the content or copying it to a recording medium by using an encryption technology or the like.

  For example, in Patent Document 1, as an example of a content distribution system, after a terminal device receives encrypted content, a use condition, and a content decryption key from a server device and detects falsification, A system that performs conformity verification and decrypts and outputs content only when all the verifications are satisfied is described.

  As described above, in a conventional content distribution system, a license (a general term for use conditions and a content decryption key; also referred to as a usage right) is distributed from a server device to a terminal device, and the distribution route is generally a public line such as the Internet. Therefore, it is necessary to prevent eavesdropping and tampering with the license. In other words, it is necessary to prevent unauthorized alteration of usage conditions and leakage of content keys. Further, the server device needs to authenticate the license distribution destination. That is, it is necessary to prevent the license from being distributed to a terminal device that is not intended by the server device. A protocol for performing eavesdropping / falsification prevention and authentication of a communication partner is called a SAC (Secure Authenticated Channel) protocol, for example, SSL (Secure Socket Layer) is well known (Non-patent Document 1).

In addition, if a communication disconnection due to a communication device / communication line failure or power interruption occurs during license distribution, the license may be lost. In such a case, a disadvantage that the purchased content cannot be reproduced occurs to the user. For example, Patent Document 2 and Patent Document 3 describe a protocol for avoiding loss of communication data due to communication disconnection by data retransmission.
Japanese Patent No. 3276021 JP 2002-251524 A JP 2003-16041 A A.Frier, P.Karlton, and P.Kocher, "The SSL 3.0 Protocol", [online], NetScape Communications Corp., Nov. 18, 1996, [searched January 17, 2003], Internet <URL: http://wp.netscape.com/eng/ssl3/draft302.txt>

However, the SAC protocol and the communication disconnection countermeasure protocol have been proposed independently with an emphasis on versatility in order to expand the application range. By using both protocols, the number of round trips required for both protocols is required to realize all functions of license eavesdropping / falsification, communication partner authentication, and communication disconnection countermeasures. It becomes.

  In addition, when transactions such as license acquisition and license return are continuously performed, if the SAC protocol and the communication disconnection countermeasure protocol are simply repeated for each transaction, communication is performed by a multiple of the number of communication round trips for one transaction process. The number of round trips will increase. For example, if the number of communication round-trips for one transaction process is four, 4n round-trip communication is required when processing n transactions.

  Therefore, there is a problem that a communication delay occurs until the terminal device completes the transaction processing, and a waiting time occurs after the user issues a request until a response is obtained.

  An object of the present invention is to solve these conventional problems, in the case of realizing all functions of license eavesdropping / falsification prevention, communication partner authentication, communication disconnection countermeasures, and when performing multiple transaction processing. It is to provide a system and a device that realizes a protocol that reduces the number of communication round trips between a server device and a terminal device, and further manages and holds information between the server device and the terminal device in order to realize the above functions. . Accordingly, it is an object of the present invention to provide a content distribution system that can shorten a waiting time from when a user issues a request until a response is obtained.

  The terminal device that achieves the above object obtains information on the use of content from the server device based on transaction processing including transmission of a request message, reception of a response message, and transmission of a commit message for confirming completion of one transaction. , A terminal device that controls the use of the content based on the information and performs mutual authentication with the server device immediately before the first transaction processing in a plurality of transaction processing, wherein the request message includes: Response reception for receiving each response message transmitted from the server device in a plurality of transaction processes, including a transaction flag (also referred to as a transaction identification flag) that is associated with the transaction currently being processed and takes a value of 0 or 1. hand When a response message from the server apparatus is normally received in the second and subsequent transaction processes in a plurality of consecutive transaction processes, the transaction flag included in the request message transmitted last time is received. An authentication request for transmitting a request message including a transaction flag with an inverted value and transmitting a commit message in the final transaction processing; and first authentication information for the server device to authenticate the terminal device Provided to the transmitting means, and received by the response receiving means as a response to the first authentication information, the terminal device verifies the second authentication information for authenticating the server device, and the verification results in mutual authentication. Confirmation message to confirm The a certification means for providing to said transmission means, said transmitting means, said confirmation message is sent with the request message of the transaction process of the first time.

  In addition, the terminal device that achieves the above object obtains a license for use of content from the server device based on transaction processing including transmission of a request message, reception of a response message, and transmission of a commit message for confirming completion of one transaction. A terminal device for acquiring and controlling use of the content based on the license, and holding means for holding a 1-bit transaction identification flag indicating whether the current transaction processing is being processed or has been processed; The transaction identification flag is transmitted instead of the commit message when the request message is transmitted for the second and subsequent times without transmitting the commit message in each transaction processing except the final time in a plurality of consecutive transaction processing. And transmitting means.

  The server device that achieves the above object provides information on the use of content to the terminal device based on transaction processing including reception of a request message, transmission of a response message, and reception of a commit message for confirming completion of one transaction. The server device performs processing for mutual authentication with the terminal device immediately before the first transaction processing of a plurality of transaction processing, wherein the request message is associated with the transaction currently being processed and is 0 or 1 A receiving means for receiving a transaction flag included in the second and subsequent request messages in a plurality of consecutive transaction processes, and a value of the transaction flag when receiving the second and subsequent request messages, Last time A determination unit for determining that the completion of the previous transaction is confirmed when the value is inverted with respect to the value of the received transaction flag, and a second unit for authenticating the terminal device received by the reception unit as an authentication request. And authenticating means for providing second authentication information for the terminal device to authenticate the server device when the authentication information is verified as valid, and the receiving means includes the request message for the first transaction processing The confirmation message for confirming mutual authentication is received.

  The server device that achieves the above object licenses the terminal device to use the content based on transaction processing including reception of a request message, transmission of a response message, and reception of a commit message for confirming completion of one transaction. A server device to provide, is a 1-bit flag transmitted in place of the commit message together with the second and subsequent request messages in a plurality of consecutive transaction processing, and whether the terminal device is processing a transaction. Receiving means for receiving a transaction identification flag indicating whether processing has been completed, and determining means for determining whether or not to confirm completion of one transaction based on the received transaction identification flag.

  According to this configuration, when performing a plurality of transaction processes in a content distribution system including a terminal device and a server device, a transaction identification flag is transmitted as a substitute for a commit message simultaneously with a request message. In other words, the commit message and request message of two transaction processes that are transmitted before and after are transmitted separately in the past are transmitted in a single message in the above configuration. Thus, since the commit message is not transmitted, the number of message round trips between the server device and the terminal device can be reduced. Further, the server device and the terminal device can reduce the number of message round-trips and simultaneously perform communication disconnection measures with a small amount of information such as a 1-bit transaction identification flag. Thereby, it is possible to shorten the waiting time from when the user issues a content use request until a response is obtained.

  Here, the terminal device receives a response reception unit that receives each response message transmitted from the server device in the plurality of transaction processes, and sets a transaction identification flag held in the holding unit according to a reception result by the response reception unit. It is good also as a structure provided with the update means to update. Further, the updating means sets the same value as the transaction identification flag held in the server device as an initial value of the transaction identification flag held in the holding means, and when a response message is received by the response receiving means, The transaction identification flag value of the holding means may be reversed.

  Here, in the server device, the transaction identification flag has a value inverted every time a transaction is processed by a terminal device, and the server device further includes a previous request message in the plurality of transaction processing. Holding means for holding a first flag that is a copy of the transmitted transaction identification flag; and the determination means includes a transaction identification flag in the current transaction process received by the receiving means, and a first held in the holding means. When the flags do not match, it may be determined that the completion of the previous transaction is confirmed.

  According to this configuration, the determination unit in the server device compares the first flag, which is a copy of the previous transaction identification flag, with the received current transaction identification flag, so that the previous transaction processing is performed in the terminal device. It can be determined whether or not.

  Here, in the terminal device, the initial value of the transaction identification flag is included in an initial response message transmitted from the server device in the plurality of transaction processes, and the update unit receives the initial response message by the response receiving unit. When the message is received, the transaction identification flag of the holding unit may be set to an initial value, and when the response message is normally received by the response receiving unit, the value of the transaction identification flag of the holding unit may be reversed.

  Here, the server device may include a response transmission unit that transmits the initial value of the first flag as the initial value of the transaction identification flag to the terminal device together with the initial response message in the plurality of transaction processes. .

  According to this configuration, when the first flag and the received current transaction identification flag match, the determination means in the server device does not change the transaction processing state in the terminal device. Is not completed, and if they do not match, it is determined that the transaction processing is completed because the state of the transaction processing in the terminal device has changed. In this way, the server device can easily determine the transaction processing state (whether or not it has been completed) in the terminal device based on the transaction identification flag without receiving a commit message.

  Here, when the response message is not normally received by the signal response receiving unit, the request transmitting unit in the terminal device transmits again the transaction identification flag that is not inverted together with the request message of the current transaction process. You may comprise.

  Here, the response transmission means may be configured to transmit the response message of the previous transaction process again when it is determined by the determination means that the completion of the previous transaction is not confirmed.

According to this configuration, for example, when the terminal device cannot normally receive the response message due to an accident of communication disconnection, the transaction processing can be resumed. Furthermore, the server device can take measures for communication disconnection such as preventing erroneous billing.

  Here, the terminal device performs a process of mutual authentication with the server device immediately before the first transaction process in a plurality of transaction processes, and the terminal device is further used for the server device to authenticate the terminal device. The first authentication information is provided to the transmitting means as an authentication request, and the terminal apparatus verifies the second authentication information for authenticating the server apparatus received as a response to the first authentication information by the response receiving means, and the verification result The authentication unit may provide a transmission unit with a confirmation message for confirming mutual authentication, and the transmission unit may transmit the confirmation message together with the request message for the first transaction process. Further, the server device performs a process of performing mutual authentication between the terminal device and immediately before the first transaction processing in the plurality of transaction processings, and the server device is further received as an authentication request by a receiving unit. In addition, the server device verifies the first authentication information for authenticating the terminal device, and when the server device is verified as valid, the terminal device includes authentication means for providing second authentication information for authenticating the server device, the request The receiving means may be configured to receive a confirmation message for confirming mutual authentication together with the initial request message.

  According to this configuration, since the server device and the terminal device perform a plurality of transaction processes via the secure communication path established by the authentication, in addition to the countermeasure for the communication disconnection, the server device and the terminal device impersonate a legitimate terminal device. It is also possible to prevent message tampering and message tapping.

  Here, the terminal device may be configured to perform the plurality of transaction processes on the same session as the session for which mutual authentication has been performed.

  According to this configuration, when n transaction processes are performed, a communication round-trip count of about 4n is conventionally required, but the communication round-trip count can be reduced to n + 2.

  As described above, according to the terminal device and the server device of the present invention, all functions of license eavesdropping / falsification prevention, communication partner authentication, communication disconnection countermeasures are realized, and even when performing multiple transaction processing, The number of communication round trips between the server device and the terminal device can be reduced. Furthermore, it is possible to realize a protocol with less information managed and held by the server device and the terminal device in order to realize the above function. Thereby, it is possible to reduce the waiting time from when the user issues a request until the user obtains a response.

(Embodiment 1)
FIG. 1 is a block diagram showing a configuration of a content distribution system according to an embodiment of the present invention. In FIG. 1, a content distribution system according to an embodiment of the present invention has a configuration in which a content distribution apparatus 1 on the service provider side and a user terminal 3 on the user side are connected via a transmission line such as a network. is there.

  The content distribution apparatus 1 includes a content purchase processing unit 11, a user registration unit 12, a user right registration unit 13, a user right creation unit 14, a content encryption unit 15, a content management unit 16, a security management / communication. A section 17, a user database 18, a content right database 19, a user ownership right database 20, and a content database 21 are provided. In addition, the user terminal 3 includes a user instruction processing unit 31, a terminal information storage unit 32, a content storage unit 33, a usage right management unit 34, a usage right database 35, a security management / communication unit 36, and an output unit. 37.

  First, an outline of the content distribution device 1 and the user terminal 3 constituting the content distribution system will be described below.

  In the content distribution apparatus 1, the content purchase processing unit 11 transmits information such as the contents, usage conditions, and charges stored in the content right database 19 to the user terminal 3 when the content purchase processing is executed. To present. The content purchase processing unit 11 acquires user information (user ID, terminal ID, user name, telephone number, etc.) from the user terminal 3 when content is purchased by the user, and performs necessary accounting processing. Do. The content rights database 19 includes one or more pieces of information regarding content use for each content (moving images such as movies and TV broadcasts, still images such as books and printed materials, audio and music such as radio broadcasting and reading, and games). Is stored.

  The user registration unit 12 stores the user information acquired by the content purchase processing unit 11 in the user database 18 and registers it. In the user database 18, information of users who have purchased content is accumulated.

  The user right registration unit 13 stores and registers, in the user ownership right database 20, information regarding the content purchased by the user, which is given from the content purchase processing unit 11 via the user registration unit 12, as a right owned by the user. The user ownership database 20 stores usage rights of content purchased by the user.

  In response to a content usage request received from the user terminal 3, the user right creation unit 14 generates a usage right (use condition, content decryption key) to be transmitted to the user terminal 3.

  The content encryption unit 15 encrypts content to be transmitted to the user terminal 3 and registers the encrypted content in the content database 21.

  The content management unit 16 searches the content database 21 for encrypted content to be transmitted to the user terminal 3 and passes it to the security management / communication unit 17.

  The security management / communication unit 17 performs authentication of the user terminal 3, confidential communication between the content distribution apparatus 1 and the user terminal 3 (communication for preventing eavesdropping / falsification and authentication of the communication partner), and measures for disconnecting communication. . Details of the configuration and communication protocol of the security management / communication unit 17 will be described later.

  In the user terminal 3, the user instruction processing unit 31 processes an instruction (instruction such as a content purchase request or a content use request) input by the user.

  The terminal information storage unit 32 stores the above-described user information (user ID, terminal ID, user name, telephone number, etc.).

The content storage unit 33 stores encrypted content acquired by purchase.
The usage right management unit 34 receives the usage right transmitted from the content distribution apparatus 1 in response to the content usage request, and processes the corresponding content (decryption, reproduction based on usage conditions, etc.) according to the content. Execute. This usage right is stored and managed in the usage right database 35.

  The output unit 37 is a display device such as a display, for example, and outputs content according to processing executed by the usage right management unit 34.

  The security management / communication unit 36 performs authentication of the content distribution device 1, confidential communication between the content distribution device 1 and the user terminal 3 (communication for preventing eavesdropping / falsification and authentication of the communication partner), and measures for disconnecting communication. Do. Details of the configuration of the security management / communication unit 36 and the communication protocol will be described later.

Next, details of the configuration of the security management / communication unit 17 in the content distribution apparatus 1 will be described with reference to FIG. The unique key information storage unit 201 includes a server public key certificate including a public key KDs unique to the content distribution apparatus 1 in the public key cryptosystem, a secret key KEs unique to the content distribution apparatus 1, a certificate authority public key certificate, and the like. Remember. The server public key certificate is obtained by signing the public key KDs of the content distribution apparatus 1 with the certificate authority. The format of the public key certificate includes general X. 509 certificate format shall be used. Public key cryptography and X.I. For the 509 certificate format, the ITU-T document X. 509 "The Directory: Public-key and attribute certificate frameworks".

The random number generation unit 202 generates a random number. The generated random number is passed to the control unit 204.
The encryption processing unit 203 performs data encryption, decryption, signature generation, signature verification, session key generation parameter generation, and session key generation. An AES (Advanced Encryption Standard) is used as a data encryption and decryption algorithm, and an EC-DSA (Elliptic Curve Digital Algorithm) is used as a signature generation and signature verification algorithm. For AES, National Institute of Standards and Technology (NIST), FIPS Publication 197, and for EC-DSA, IEEE 1363 Standard is detailed.

  When data encryption / decryption is performed, the encryption processing unit 203 receives the AES key and plaintext / encrypted data as inputs, and outputs data encrypted / decrypted with the input AES key. When signature generation / verification is performed, signature target data / signature verification data and a private key / public key are input, and signature data / verification results are output. Furthermore, when generating a session key generation parameter, a random number is input and a Diffie-Hellman parameter is output. When generating a session key, a random number and a Diffie-Hellman parameter are input and a session key is output. Here, EC-DH (Elliptic Curve Diffie-Hellman) is used for the generation of the session key. The above-mentioned IEEE 1363 Standard is detailed for the algorithm of EC-DH.

  The control unit 204 performs authentication processing of the user terminal 3, encryption / decryption of data transmitted / received to / from the user terminal 3, and tampering check. Further, the control unit 204 assigns a transaction identification bit of 1 bit to the transaction, and saves the transaction identification bit and communication step information in the communication log database 206, thereby performing communication disconnection countermeasure processing. Here, the transaction represents a processing unit such as “acquisition of usage right” or “return of usage right”.

The communication unit 205 communicates with the security management / communication unit 36 of the user terminal 3.
Next, details of the configuration of the security management / communication unit 36 in the user terminal 3 will be described with reference to FIG. The unique key information storage unit 301 stores a terminal public key certificate including a public key KDc unique to the user terminal 3 in the public key cryptosystem, a secret key KEc unique to the user terminal 3, and a CA public key certificate. . The terminal public key certificate is obtained by signing the public key KDc of the user terminal 3 with the certificate authority. The format of the public key certificate includes X. Use the 509 certificate format.

The random number generator 302 generates a random number. The generated random number is passed to the control unit 304.
The encryption processing unit 303 performs data encryption, decryption, signature generation, signature verification, session key generation parameter generation, and session key generation. Input / output of the cryptographic processing unit 303 is the same as that of the cryptographic processing unit 203 of the content distribution apparatus 1.

The control unit 304 performs authentication processing of the content distribution device 1, encryption / decryption of data transmitted / received to / from the content distribution device 1, and tampering check. Further, the control unit 304 stores the transaction identification bit and communication step information generated by the content distribution device 1 in the communication log database 306 to perform communication disconnection countermeasure processing.

The communication unit 305 communicates with the security management / communication unit 17 on the user terminal 3 side.
Next, a content distribution method performed by the content distribution system according to the embodiment of the present invention will be specifically described with reference to FIGS.

  FIG. 4 is a flowchart illustrating processing related to content purchase performed in the content distribution system according to the embodiment of the present invention. FIG. 5 is a diagram conceptually illustrating an example of information related to content stored in the content right database 19. FIG. 6 is a diagram conceptually illustrating an example of user information stored in the user database 18. FIG. 7 is a diagram conceptually illustrating an example of the right information owned by the user stored in the user ownership right database 20. FIG. 8 is a diagram conceptually illustrating an example of content information stored in the content database 21. FIG. 9 is a flowchart for explaining processing related to content use performed in the content distribution system according to the embodiment of the present invention. 10A to 10C, 11, and 12 are flowcharts for explaining the secret communication and the communication disconnection countermeasure process performed in the content distribution system according to the embodiment of the present invention.

(1) Content Purchase Processing With reference to FIG. 4, processing performed in the content distribution system when a user purchases content provided by the content distribution device 1 will be described.

  In the user terminal 3, the user outputs an instruction regarding content purchase to the user instruction processing unit 31. The user instruction processing unit 31 issues a content purchase request corresponding to the instruction to the content distribution apparatus 1 via the security management / communication unit 36 (step S41).

  In the content distribution device 1, the content purchase request issued from the user terminal 3 is received by the content purchase processing unit 11 via the security management / communication unit 17. When the content purchase processing unit 11 receives the content purchase request, the content purchase processing unit 11 acquires information about all the content stored from the content right database 19 and transmits it to the user terminal 3 via the security management / communication unit 17 (step S42). ).

  Here, the content right database 19 stores information as shown in FIG. 5, for example. In FIG. 5, the content name is the name of the content, and the content ID is a unique number assigned to identify the content. The use condition indicates a specific condition for using the content in a predetermined data format that is normally used. The usage condition and the amount of money set for each content may be one or plural. In this example, a usage condition based on the number of times of reproduction is set for the content of movie A, and it shows that movie A can be viewed twice if 400 yen is paid.

  In addition to the above-mentioned usage count and usage time, it is possible to use various conditions such as a usage period, whether to copy to a recording medium, and whether to print on a document.

  Referring again to FIG. 4, when the user terminal 3 confirms the information (FIG. 5) related to the content transmitted from the content purchase processing unit 11 and the user decides to purchase any content (step S43, Yes). The user instruction processing unit 31 sends the user information stored in the terminal information storage unit 32 to the security management / communication unit 36 together with the content purchase decision notification (including the purchased content and the selected usage condition information). Then, the content is transmitted to the content distribution apparatus 1 (step S44).

In the content distribution apparatus 1, the content purchase determination notification and user information transmitted from the user terminal 3 are received by the content purchase processing unit 11 via the security management / communication unit 17. Then, the content purchase processing unit 11 performs necessary billing processing, and sends the purchased content information and user information to the user registration unit 12 (step S45). Note that the billing process is not the main point of the present invention, so the description is omitted.

  The user registration unit 12 transfers the purchased content information and user information sent from the content purchase processing unit 11 to the user right registration unit 13 and stores and registers the user information in the user database 18 (step). S47). At this time, if the same content as the user information transmitted from the content purchase processing unit 11 is already registered in the user database 18, the above-described user registration is not performed (Yes in step S46).

  For example, information as shown in FIG. 6 is stored in the user database 18. In FIG. 6, the user ID is a unique number assigned to identify the user. The user name is the name of the user. The terminal ID is a unique number assigned to identify the terminal, and is used when one user owns a plurality of terminals. The telephone number is used to identify the user. In the example of FIG. 6, the content that “a user named“ Ichiro ”who has a user ID“ 0001 ”uses a terminal having an ID number“ 1234567 ”” ”is registered as user information.

  The user right registration unit 13 stores, in the user ownership right database 20, the right to use the content that the user owns by purchase based on the purchased content information and user information given from the user registration unit 12. And register (step S48).

  For example, information as shown in FIG. 7 is stored in the user ownership database 20. In FIG. 7, the user ID is information registered in the user database 18. The content ID and usage conditions are information registered in the content right database 19.

  Through the above process, the purchase of the content and the registration of the ownership rights of the user accompanying the purchase are completed.

(2) Content Usage Processing Next, with reference to FIG. 9, after the user ownership rights are registered in the user ownership rights database 20 by the above-described processing, the content distribution system executes the content purchased by the user. Will be described.

  In the user terminal 3, the user outputs an instruction regarding content use to the user instruction processing unit 31. At this time, the user gives an instruction on how to use the content. For example, if the usage condition of the purchased content is the number of times, an instruction is given as to how many times the user wants to use the content and how many minutes the user wants to use the time. The user instruction processing unit 31 transmits a content use request corresponding to the instruction to the content distribution apparatus 1 via the security management / communication unit 36 (step S91). Note that the content use request is not necessarily created in accordance with a user instruction, and may be automatically created in the user terminal 3. For example, when the usage conditions of the content supported by the terminal 3 are fixed, the content usage request can be created in the user terminal 3 without the user giving an instruction. Specifically, this is a case where the user terminal 3 is a terminal that can acquire and process only one usage right for each time due to storage capacity limitations. In this case, the user instruction processing unit sends a content usage request according to the terminal. It is automatically created at 31 and issued to the content distribution apparatus 1. This content use request includes the content of the instruction, the user ID, the terminal ID, and the content ID.

  In the content distribution apparatus 1, the content usage request transmitted from the user terminal 3 is received by the user right creation unit 14 via the security management / communication unit 17. When receiving the content use request, the user right creation unit 14 checks whether or not the contents corresponding to the request are registered with reference to the user database 18 and the user possession right database 20 (step S92). Specifically, the user right creation unit 14 first checks whether or not the user ID and terminal ID included in the content use request are registered in the user database 18 and determines that the user ID and terminal ID are registered. In the ID, it is confirmed whether or not the content ID included in the content usage request and the usage conditions corresponding to the instruction are registered in the user ownership database 20.

  As a result of the confirmation in step S92, if it is determined that the content corresponding to the content usage request is registered (step S93, Yes), the user right creation unit 14 creates a usage right corresponding to the content usage request, It transmits to the user terminal 3 via the security management / communication unit 17 (step S94). In addition, the user right creation unit 14 notifies the content management unit 16 of the content ID included in the content use request. The content management unit 16 extracts the content corresponding to the content ID from the content database 21, and transmits it to the user terminal 3 via the security management / communication unit 17 (step S95).

  On the other hand, as a result of the confirmation in step S92, if it is determined that the content corresponding to the content use request is not registered (No in step S93), the user right creation unit 14 indicates that the content use request is rejected. The user terminal 3 is notified via the management / communication unit 17 (step S97).

  Here, the use right generation performed in step S94 is performed as follows. As a premise, it is assumed that the user with the user ID “0001” has purchased the content in advance with the registered content shown in the user ownership database 20 of FIG.

  Further, consider a case where the user has transmitted a content use request that the user wishes to use the content with the content ID “112233” once. In this case, since the usage condition registered in the user possession right database 20 is twice, the user right creation unit 14 creates the usage right including the information that gives the number of times of reproduction = 1 and the decryption key of the corresponding content as requested. To do. In addition, the user right creation unit 14 updates the registration contents by reducing the number of use conditions registered in the user ownership right database 20 by one at the same time as the creation of the use right (in the example of FIG. 7, 2 → 1). However, in the communication disconnection countermeasure process, when the security management / communication unit 17 instructs the restart transaction, the registration content is not updated. The communication disconnection countermeasure process will be described later.

  Note that the user right creation unit 14 may store the created user right assuming that a restart transaction is issued by the communication disconnection countermeasure process. As a result, it is possible to save the trouble of recreating the user right when the restart transaction is issued.

  It should be noted that each time a usage right is issued to the user terminal 3, if the usage conditions given by the purchase of the content disappear as a result of updating the contents registered in the user ownership right database 20, the user ownership rights database The user-owned right registered in No. 20 may be deleted or may be left as it is. In the case where it is left, it becomes easy to deal with processing when the same user purchases the same content again or returns without exercising the usage right acquired by the user.

  Referring to FIG. 9 again, in the user terminal 3, the encrypted content transmitted from the content distribution apparatus 1 is stored in the content storage unit 33, and the usage right is input to the usage right management unit 34. The usage right management unit 34 decrypts the encryption applied to the corresponding content using the decryption key included in the acquired usage right, and executes the reproduction processing of the decrypted content according to the usage conditions through the output unit 37 ( Step S96). The acquired usage right is stored in the usage right database 35 and used for managing the number of times the content has been reproduced, the accumulated time, and the like.

  By the above process, the content corresponding to the requested usage condition can be distributed.

(3) Secret Communication / Communication Disconnect Process First, referring to FIG. 10A, in the content use process described above, a content use request (step S91 in FIG. 9) and a use right and content transmission (step in FIG. 9). An outline of authentication processing, usage right tapping / falsification prevention processing, and communication disconnection countermeasure processing performed by the security management / communication units 17 and 36 when S94 and S95) are performed multiple times will be described.

  All communication between the user terminal 3 and the content distribution apparatus 1 includes a request message started from the user terminal 3 and a response message returned from the content distribution apparatus 1 in response to the request message. A pair of a request and a response is called a phase, and the secret communication / communication disconnection process includes four types of phases as shown in FIG.

  The initial phase P1 is a phase for mutual authentication that is performed only once at the beginning after a session is established between the user terminal 3 and the content distribution apparatus 1. Regarding the initial phase P1, the initial phase P1 will be described by dividing into a case where the transaction before the initial phase P1 is normally completed and a case where the transaction is abnormally terminated due to communication disconnection or the like.

When the previous transaction has ended normally, in the initial phase P1, the user terminal 3 transmits authentication information A for the content distribution apparatus 1 to authenticate the user terminal 3 to the content distribution apparatus 1 as an initial request message. . After verifying the authentication information A, the content distribution device 1 transmits the authentication information B for the user terminal 3 to authenticate the content distribution device 1. At this time, the initial value (for example, 0) of the transaction identification bit T is transmitted from the content distribution apparatus 1 to the user terminal 3 together with the authentication information B. After the user terminal 3 verifies the authentication information B, the authentication information C for confirming mutual authentication is not transmitted alone, but is transmitted together with the request message in the next initial command communication phase P2. Also, if the previous transaction has ended abnormally due to communication disconnection or the like, the transaction identification bit T value and transaction transmitted from the content distribution device 1 are compared with the above processing for normal termination. It is different from the point to resume. That is, the content distribution apparatus 1 transmits the value of the transaction identification bit used in the transaction that has not been normally terminated as it is (that is, without being inverted). Further, the content distribution apparatus 1 regards the next request message as a request for a resume transaction of a previous transaction that ended abnormally.

  The initial command communication phase P2 is a phase that is performed only once following the initial phase P1. The first transaction is processed by the initial command communication phase P2. In the initial command communication phase P2, the user terminal 3 transmits the authentication information C and the transaction identification bit T together with the request message. The value of the transaction identification bit T transmitted here is a value obtained by inverting the transaction identification bit transmitted from the content distribution apparatus 1 when the previous transaction processing is normally completed. This is the value used in the transaction (which has been suspended). When the transaction identification bit is inverted, the content distribution apparatus 1 determines that a new transaction is started, and transmits a response message to the request message to the user terminal 3. In addition, when the transaction identification bit is not inverted, the content distribution apparatus 1 determines that the transaction is a resume transaction and transmits the same response message to the user terminal 3 as the previous time. The user terminal 3 that has normally received the response message shifts to the commit phase P4 by transmitting a commit message when the transaction processing is not continuously performed. In addition, when the user terminal 3 normally receives the response message, when performing transaction processing continuously, the user terminal 3 transmits the transaction identification bit T together with the request message in the next command communication phase P3a without transmitting the commit message.

  The command communication phase (P3a or the like) is a phase that occurs when two or more transactions are processed in the same session. That is, the command communication phase P3a is used when a content use request, a use right, and content are transmitted a plurality of times. The command communication phase P3 is not performed when the content usage request, the usage right, and the content are transmitted only once. The command communication phase P3 is repeated for the number of transactions following the first transaction. In this command communication phase P3a, the commit message is not transmitted, and instead of the commit message, the transaction identification bit T is transmitted together with the request message in the next command communication phase (P3b).

  The commit phase is a phase for determining completion of transaction processing in the content distribution apparatus 1 after all transaction processing is completed.

  FIG. 10B shows the transition of the transaction identification bit T when a plurality of transaction processes are normally executed between the content distribution apparatus 1 and the user terminal 3 without disconnection in the four communication phases shown in FIG. 10A. It is explanatory drawing shown.

  The initial value (for example, T = 0) of the transaction identification bit T is transmitted from the content distribution apparatus 1 to the user terminal 3 together with the response of the initial phase P1. Each of the content distribution device 1 and the user terminal 3 holds an initial value. This transaction identification bit T is inverted when the transaction processing is completed in the user terminal 3.

  When receiving the transaction identification bit T and the authentication information C as a response of the initial phase P1, the user terminal 3 inverts the transaction identification bit T (T = 1). The reason for the inversion is that there is no particularly abnormal transaction.

  In the next initial command communication phase P2, when the user terminal 3 normally receives the response, the user terminal 3 inverts the transaction identification bit T assuming that the transaction processing is completed (T = 0). In the next command communication phase P3a, when the user terminal 3 normally receives the response, the user terminal 3 inverts the transaction identification bit T assuming that the transaction processing is completed (T = 1). In this way, the user terminal 3 inverts the transaction identification bit T when the response is normally received.

  Since the inverted transaction identification bit T is transmitted together with the request message for the next command communication phase, the content distribution apparatus 1 is notified that the transaction processing in the user terminal 3 has been completed.

  In the first command communication phase P2, the content distribution apparatus 1 compares the transaction identification bit T (= 1) received together with the request message with the initial value T (= 0) held, and if it does not match (received) If the transaction identification bit is inverted), it is determined that the transaction processing of the user terminal 3 in the previous interrupted transaction is completed, and the received transaction identification bit T (1) is held. As a result, the transaction identification bit T held in the content distribution apparatus 1 is also updated.

  Similarly, in the command communication phase P3a, the content distribution apparatus 1 compares the transaction identification bit T (= 0) received together with the request message with the held initial value T (= 1), and if they do not match ( If the received transaction identification bit is inverted), it is determined that the transaction processing of the user terminal 3 in the initial command communication phase P2 has been completed, and the received transaction identification bit T (= 0) is held. As a result, the transaction identification bit T held in the content distribution apparatus 1 is also updated. The same applies to the case where the command communication phase continues thereafter.

  After completion of the last command communication phase, a commit message is transmitted from the user terminal 3 to the content distribution apparatus 1. As a result, the commit phase P4 starts. When receiving the commit message, the content distribution apparatus 1 deletes the held transaction identification bit T. When the user terminal 3 receives the response message to the commit message, the user terminal 3 deletes the transaction identification bit T. In this way, continuous transaction processing is performed on one session.

  FIG. 10C is an explanatory diagram illustrating a transition of transaction identification bits when a plurality of transaction processes are not normally executed between the content distribution apparatus 1 and the user terminal 3. This figure shows a case in which the user terminal 3 cannot normally receive the response message transmitted by the content distribution device 1 in the initial command communication phase P2 due to communication disconnection or the like.

  When the user terminal 3 cannot normally receive the response message, the user terminal 3 resumes communication from the initial phase again in order to resume the interrupted transaction.

  At the start of the initial phase P11 in the figure, the content distribution device 1 and the user terminal 3 each have a transaction identification bit T = 1. In the initial phase P11, the content distribution apparatus 1 that has received the authentication information A stores the transaction identification bit T (= 1) and the authentication information B in the user since the transaction identification bit T (= 1) is stored therein. Transmit to terminal 3. The user terminal 3 that has received the message transmits the previous transaction in the suspended transaction because the received transaction identification bit T (= 1) matches the held transaction identification bit T (= 1). However, it is determined that the response message has not arrived at the user terminal 3 although the request message has arrived at the content distribution apparatus 1. In this case, since the previously transmitted request message has arrived, the content distribution apparatus 1 also determines that the transaction has been interrupted. Further, the user terminal 3 stores the received transaction identification bit without inversion because the previous transaction is interrupted.

  In the next initial command communication phase P12, the user terminal 3 transmits again a request message having the same content as the previously transmitted request message together with the transaction identification bit T (= 1). The content distribution apparatus 1 that has received the message matches the received transaction identification bit T (= 1) and the transaction identification bit T (= 1) held therein, so that it is a resume transaction of the interrupted transaction. to decide. In this case, since the transaction is incomplete, the content distribution apparatus 1 does not invert the transaction identification bit stored therein. Furthermore, the content distribution device 1 transmits a response message corresponding to the request message again.

The subsequent command communication phases are the same as in FIG. 10B.
FIG. 10D is an explanatory diagram showing a transition of a transaction identification bit when a transaction process is not normally executed between the content distribution apparatus 1 and the user terminal 3. In the same figure, unlike FIG. 10C, the case where the content delivery apparatus 1 was not able to normally receive the request message before the response message in the initial command communication phase P2 is shown.

  When the user terminal 3 cannot normally receive the response message, the user terminal 3 resumes communication from the initial phase again in order to resume the interrupted transaction.

At the start of the initial phase P12 in the figure, the content distribution device 1 and the user terminal 3 have transaction identification bits T = 0 and T = 1, respectively. In the initial phase P12, the content distribution apparatus 1 that has received the authentication information A stores the transaction identification bit T (= 0) and the authentication information B in the user since the transaction identification bit T (= 0) is stored therein. Transmit to terminal 3. The user terminal 3 that has received the message transmitted before in the suspended transaction because the received transaction identification bit T (= 0) does not match the held transaction identification bit T (= 1). It is determined that the request message has not reached the content distribution apparatus 1. In this case, since the previously transmitted request message has not arrived, the content distribution apparatus 1 does not determine that the transaction has been interrupted. On the other hand, the user terminal 3 can determine that the cause of the transaction interruption is non-delivery of the request message. Further, the user terminal 3 stores the received transaction identification bit without inversion because the previous transaction is interrupted.

  In the next initial command communication phase P12, the user terminal 3 may transmit a request message having the same content as the previously transmitted request message together with the transaction identification bit T (= 1), or transmit a new request message. May be. This is because the user terminal 3 determines that the cause of the transaction interruption is non-delivery of the request message. That is, the content distribution apparatus 1 treats any request message as a new transaction. When the request message from the user terminal 3 is retransmitted or a new message is transmitted, the content distribution apparatus 1 matches the received transaction identification bit T (= 1) with the held transaction identification bit T (= 0). Therefore, it is determined that the transaction is a new transaction, and the received transaction identification bit T (= 1) is stored (inverted). Furthermore, the content distribution apparatus 1 transmits a response message corresponding to the request message.

The subsequent communication phases are the same as in FIG. 10B.
Next, referring to FIGS. 11 to 15, in the above-described content use processing, a content use request (step S91 in FIG. 9) and a use right and content transmission (steps S94 and S95 in FIG. 9) are received. Processing in each phase when it is performed a plurality of times will be described.

  FIG. 11 describes a process performed in the initial phase between the user terminal 3 and the content distribution apparatus 1 in the content use process. FIG. 12 describes processing performed in the user terminal 3 after the initial phase and before starting the initial command communication phase. FIG. 13 describes the processing performed in the initial command communication phase. FIG. 14 describes processing performed in the command communication phase. Further, FIG. 15 describes processing performed in the commit phase.

  First, the process performed in the initial phase between the user terminal 3 and the content distribution device 1 will be described with reference to FIG. The control unit 304 included in the security management / communication unit 36 of the user terminal 3 receives the random number Rc generated by the random number generation unit 302 and the unique information storage unit when instructed by the user instruction processing unit 31 to transmit a content use request. The terminal public key certificate stored in 301 is transmitted to the content distribution apparatus 1 via the communication unit 305 (step S1101).

  When the control unit 204 included in the security management / communication unit 17 of the content distribution apparatus 1 receives the random number Rc and the terminal public key certificate from the user terminal 3 via the communication unit 205, first, the control unit 204 stores the random number Rc and the terminal public key certificate in the unique information storage unit 201. The stored certificate authority public key certificate and the terminal public key certificate are given to the encryption processing unit 203 to verify the signature of the terminal public key certificate (step S1102).

  When the verification fails as a result of the signature verification in step S1102 (step S1103, No), the control unit 204 notifies the user terminal 3 that the request is rejected via the communication unit 205 (step S1104). .

  On the other hand, if the verification is successful as a result of the signature verification in step S1102 (step S1103, Yes), the control unit 204 generates the random numbers Rs and Rs2 in the random number generation unit 202, and the random number Rs2 in the encryption processing unit 203. The Diffie-Hellman parameter DHs is generated as an input (step S1105).

  Further, the control unit 204 searches the communication log database 206 to check whether the transaction identification bit is stored. As a result, if the transaction identification bit is not stored (that is, deleted in the previous commit phase and completed normally), the transaction identification bit T is set to the initial value 0. Otherwise, the transaction identification bit T is stored. Set to the value of the transaction identification bit. Thereafter, the cryptographic processing unit 203 generates a signature (Formula 2) of data (Formula 1) obtained by concatenating the random number Rc received from the user terminal 3, the transaction identification bit T, and the DHs generated in Step S1105 (Step S1106). Here, the transaction identification bit T is a bit associated with the content request transaction processed in the initial command communication phase following this initial phase. If a communication disconnection occurs in the future, this transaction identification bit T Is used to resume the suspended transaction.

Rc || T || DHs (Formula 1)
S (s, Rc || T || DHs) (Formula 2)

  The control unit 204 uses the random number Rs and Diffie-Hellman parameter DHs generated in step S1105, the transaction identification bit T, the server public key certificate stored in the unique key information storage unit 201, and the signature generated in step S1106. (Expression 2) is transmitted to the user terminal 3 via the communication unit 205 (step S1107).

  Next, processing performed in the user terminal 3 after the initial phase and before starting the initial command communication phase will be described with reference to FIG.

  The control unit 304 included in the security management / communication unit 36 of the user terminal 3 receives a random number Rs, a transaction identification bit T, a Diffie-Hellman parameter DHs, a server public key certificate, from the content distribution device 1 via the communication unit 305. When the signature data is received, first, the server public key certificate is provided by giving the certificate authority public key certificate stored in the unique information storage unit 301 and the server public key certificate to the encryption processing unit 303. The signature of the certificate is verified (step S1201).

  When the verification fails as a result of the signature verification in step S1201 (step S1202, No), the control unit 304 notifies the user instruction processing unit 31 that the content use request is rejected (step S1203).

  On the other hand, if the verification is successful as a result of the signature verification in step S1201 (step S1202, Yes), the control unit 304 uses the random number Rc created in step S1101 and the transaction identification bit T received from the content distribution apparatus 1 in step S1107. And DHs are generated (expression 3), the data (expression 3), the signature data (expression 2) received from the content distribution apparatus 1 in step S1107, and the server public key certificate are encrypted. And the signature data (formula 2) is verified (step S1204).

        Rc || T || DHs (Formula 3)

  When the verification fails as a result of the signature verification in step S1204 (step S1205, No), the control unit 304 notifies the user instruction processing unit 31 that the content use request is rejected (step S1203).

On the other hand, if the verification is successful as a result of the signature verification in step S1204 (step S1205, Yes), the user terminal 3 knows that the communication partner is indeed the content distribution apparatus 1 (authentication of the communication partner). The control unit 304 generates a random number Rc2 in the random number generation unit 302, and generates a Diffie-Hellman parameter DHc using the generated random number Rc2 as an input to the encryption processing unit 303 (step S1206).

  Further, the control unit 304 generates a session key KS in the encryption processing unit 303 from the DHs received from the content distribution device 1 in step S1107 and Rc2 generated in step S1206 (step S1207).

  Thereafter, the control unit 304 stores the transaction identification bit T received from the content distribution apparatus 1 in step S1107 in the communication log database 306 (step S1208). As a result, the content use request transaction corresponding to the transaction communication bit T is started, and the response waiting state is stored in the database.

  The control unit 304 generates a signature (Formula 5) of the data (Formula 4) obtained by concatenating the random number Rs received from the content distribution apparatus 1 in Step S1107 and the DHc generated in Step S1206 using the cryptographic processing unit 303, and in Step S1207. With the generated session key KS, the transaction identification bit stored in step S1108 is inverted, and the inverted transaction identification bit T and the content use request message M are encrypted (step S1209). The content use request message includes at least a content identifier of the content to be used. A sequence number Seq and a hash value h are added to the encrypted data (Formula 6). The hash target data is a sequence number Seq and a content use request message M. The sequence number is a serial number that is reset to 0 when a session is started, that is, when an initial phase is started, and is incremented by 1 each time a message is transmitted and received.

Rs || DHc (Formula 4)
S (c, Rs || DHc) (Formula 5)
E (KS, Seq || T || M || h) (Formula 6)

  The control unit 304 transmits the DHc generated in Step S1206, the signature (Formula 5) and the encrypted data (Formula 6) generated in Step S1209 to the content distribution apparatus 1 via the communication unit 305 (Step S1210).

  Next, processing performed in the initial command communication phase will be described with reference to FIG.

  When the control unit 204 included in the security management / communication unit 17 of the content distribution device 1 receives the Diffie-Hellman parameter DHc, signature data, and encrypted data from the user terminal 3 via the communication unit 205, in step S1105 Data (formula 7) is generated by combining the generated random number Rs and the DHc received from the user terminal 3 in step S1210, the generated data (formula 7), the signature data received from the user terminal 3 in step S1210, and the terminal disclosure The key certificate is input to the encryption processing unit 203, and signature data is verified (step S1301).

        Rs || DHc (Formula 7)

  If the verification fails as a result of the signature verification in step S1301 (step S1302, No), the control unit 204 notifies the user terminal 3 that the content use request is rejected via the communication unit 205 (step S1302). S1303).

On the other hand, if the verification is successful as a result of the signature verification in step S1301 (step S1302, Yes), the content distribution apparatus 1 knows that the communication partner is indeed the user terminal 3 (authentication of the communication partner). The control unit 204 generates a session key KS in the encryption processing unit 203 from the DHc received from the user terminal 3 in step S1210 and the Rs2 generated in step S1105. Thereafter, the encrypted data received in step 1210 and the generated KS are input to the encryption processing unit 203, the encrypted data is decrypted, and the sequence number and hash value are checked (step S1304).

  Furthermore, the control unit 204 searches the communication log database and acquires a transaction identification bit. As a result, if the transaction identification bit does not exist or the value does not match the transaction identification bit T received in step S1210 (step S1305, No), the content distribution apparatus 1 determines that the request message is for a new transaction. The control unit 204 stores the transaction identification bit T received from the user terminal 3 in step S1301 in the communication log database 206 (step S1306). As a result, the transaction identification bit T is inverted. In addition, it is stored in the database that the content use request transaction has been completed up to this step.

  Thereafter, the control unit 204 notifies the user right generation unit 14 of the content use request received from the user terminal 3 in step S1210 as a new transaction (step S1307).

  On the other hand, if the transaction identification bit already exists and its value matches the transaction identification bit T received in step S1210 (step S1305, Yes), the control unit 204 determines that the transaction has been interrupted due to communication disconnection or the like. The user right generation unit 14 is notified of the content use request received from the user terminal 3 in step S1210 as a restart transaction (step S1308).

  The control unit 204 encrypts the sequence number, the usage rights created by the user right creation unit 14 and their hash values using the session key KS generated in step S1304 by the encryption processing unit 203, and passes through the communication unit 205. To the user terminal 3 (step S1309). Here, since the usage right to be transmitted is encrypted with a session key KS that can be generated only by the content distribution apparatus 1 and the user terminal 3, a third party cannot eavesdrop on it.

  When the control unit 304 included in the security management / communication unit 36 of the user terminal 3 receives the encrypted data from the content distribution apparatus 1 via the communication unit 305, first, the encryption processing unit 303 uses the session key KS. Decrypt the encrypted data to restore the sequence number, usage rights, and hash value. Thereafter, the sequence number and the hash value are checked, and the usage condition is notified to the user instruction processing unit 31. Further, the transaction identification bit stored in the communication log database 306 is inverted. (Step S1310). As a result, the transaction corresponding to the transaction identification bit T is completed.

  Thereafter, if there is a transaction, the process proceeds to step S1401, and if not, the process proceeds to step S1501.

Next, processing performed in the command communication phase will be described with reference to FIG.
The control unit 304 encrypts the transaction identification bit T and the content use request message M stored in the communication log database 306 with the session key KS generated in the initialization phase (step S1401). The content use request message includes at least a content identifier of the content to be used. A sequence number Seq and a hash value h are added to the encrypted data. The hash target data is a sequence number Seq and a content use request message M.

  The control unit 304 transmits the encrypted data generated in step S1401 to the content distribution apparatus 1 via the communication unit 305 (step S1402).

When receiving the encrypted data from the user terminal 3 via the communication unit 205, the control unit 204 included in the security management / communication unit 17 of the content distribution apparatus 1 generates the encrypted data and the generated KS generated in the initial command communication phase. Is input to the encryption processing unit 203, the encrypted data is decrypted, and the sequence number and hash value are checked (step S1403).

  Further, the control unit 204 searches the communication log database, and checks whether the transaction identification bit T received from the user terminal 3 in step S1402 matches the transaction identification bit held in the communication log database. As a result, if they do not match (step S1404, No), the control unit 204 changes the contents of the communication log database 206 to T received from the user terminal 3 in step S1402 (step S1405). As a result, the transaction identification bit T is inverted. In addition, it is stored in the database that the content use request transaction has been completed up to this step.

  Thereafter, the control unit 204 notifies the user right generation unit 14 of the content use request received from the user terminal 3 in step S1402 as a new transaction (step S1406).

  On the other hand, when the transaction identification bit T matches the transaction identification bit held in the communication log database 206 (step S1404, Yes), the control unit 204 determines that the transaction is interrupted due to communication disconnection or the like, and generates a user right. The content use request received from the user terminal 3 in step S1402 is notified to the unit 14 as a restart transaction (step S1407).

The control unit 204 encrypts the sequence number, the usage rights created by the user right creation unit 14 and their hash values using the session key KS generated in the initial command communication phase, by the encryption processing unit 203, and the communication unit 205. To the user terminal 3 (step S1).
408). Here, since the usage right to be transmitted is encrypted with a session key KS that can be generated only by the content distribution apparatus 1 and the user terminal 3, a third party cannot eavesdrop on it.

  When the control unit 304 included in the security management / communication unit 36 of the user terminal 3 receives the encrypted data from the content distribution apparatus 1 via the communication unit 305, first, the encryption processing unit 303 uses the session key KS. Decrypt the encrypted data to restore the sequence number, usage rights, and hash value. Thereafter, the sequence number and the hash value are checked, and the usage condition is notified to the user instruction processing unit 31. Further, the transaction identification bit T stored in the communication log database 306 is inverted. (Step S1409). As a result, the transaction corresponding to the transaction identification bit T is completed.

  Thereafter, if there is a transaction, the process proceeds to step S1401, and if not, the process proceeds to step S1501.

Finally, processing performed in the commit phase will be described with reference to FIG.
The control unit 304 encrypts the commit message with the session key KS generated in the initialization phase (step S1501).

  The control unit 304 transmits the encrypted data generated in step S1501 to the content distribution apparatus 1 via the communication unit 305 (step S1502).

  When receiving the encrypted data from the user terminal 3 via the communication unit 205, the control unit 204 included in the security management / communication unit 17 of the content distribution apparatus 1 generates the encrypted data and the generated KS generated in the initial command communication phase. Is input to the encryption processing unit 203 to decrypt the encrypted data (step S1503).

  Further, the control unit 204 deletes the transaction identification bit stored in the communication log database 206 (step S1504).

  The control unit 204 encrypts the ACK message by the encryption processing unit 203 using the session key KS generated in the initial command communication phase, and transmits the ACK message to the user terminal 3 via the communication unit 205 (step S1505).

  When the control unit 304 included in the security management / communication unit 36 of the user terminal 3 receives the encrypted data from the content distribution apparatus 1 via the communication unit 305, first, the encryption processing unit 303 uses the session key KS. The encrypted data is decrypted, the ACK message is restored, and the user instruction processing unit 31 is notified that the commit process has been completed. Thereafter, the transaction identification bit T stored in the communication log database 306 is deleted. (Step S1506).

  The transaction resumption process after the communication disconnection is started by a transaction resumption process request from the user instruction processing unit 31, and after processing the initial phase, the transaction identification bit (communication log) corresponding to the transaction suspended by the communication disconnection is processed. The transaction is resumed by the initial command communication phase using the transaction identification bit (T) stored in the database. The content use request message transmitted in the initial command communication phase may be delivered again to the control unit 304 by the user instruction processing unit 31, or the content when the control unit 304 stores the transaction identification bit in the communication log database. The usage request message may also be saved, and the saved message may be used.

  With the above processing, it is possible to perform authentication processing of the user terminal 3, wiretapping / falsification prevention processing of usage rights, and communication disconnection countermeasure processing.

  In the communication protocol shown in this embodiment, the number of communication round trips when processing n transactions is 1 round trip in the initial phase, 1 round trip in the initial command communication phase, n-1 round trip in the command communication phase, and commit phase 1 round trip, totaling n + 2 rounds.

  Note that the encryption algorithm, session key sharing algorithm, certificate format, and the like used in the present embodiment are not necessarily used as long as they have equivalent functions. For example, TripleDES may be used as the data encryption algorithm. Further, a checksum value such as CRC may be used as the hash value assigned to the encrypted data. Furthermore, a common key cryptosystem may be used for the SAC protocol instead of the public key cryptosystem.

  In the present embodiment, the terminal public key certificate from the user terminal 3 is transmitted in the initialization phase (step S1101 in FIG. 11), but is transmitted in the initial command communication phase (step S1210 in FIG. 12). Also good. This eliminates the need for the content distribution apparatus 1 to hold the data in the apparatus. In this case, the signature verification process (step S1102 in FIG. 11) of the terminal public key certificate in the content distribution apparatus 1 is performed at the beginning of the initial command communication phase (immediately before step S1301 in FIG. 13).

  In step S1107, the random number Rc received from the user terminal 3 may be included in the data transmitted from the content distribution apparatus 1 to the user terminal 3. That is, the data transmitted from the content distribution apparatus 1 is a random number Rc, a random number Rs, a transaction identification bit T, a parameter DHs, and signature data. This eliminates the need for the user terminal 3 to store the random number Rc in the terminal. Similarly, in step S1210, the random number Rs received from the content distribution device 1 may be included in the data transmitted from the user terminal 3 to the content distribution device 1. That is, the data transmitted from the content distribution apparatus 1 is the random number Rs, the parameter DHc, the signature data, and the encrypted data.

  In addition, in this Embodiment, although the process in which the user terminal 3 authenticates the content delivery apparatus 1 is also included, you may exclude an authentication process, when there is no need in particular.

  In the present embodiment, the transaction identification bit match determination is performed in the command communication phase, but the determination process may be omitted if there is no particular need. In this case, the transaction processed in the command communication phase is always processed as a new transaction.

  In the present embodiment, the transaction identification bit is transmitted from the content distribution apparatus 1, but this may be omitted. That is, the information regarding the processing of the content distribution apparatus 1 in the initial phase and the transaction identification bit in the message in the initial phase is omitted.

  In the present embodiment, when creating a user right in steps S1308 and S1407, if the security management / communication unit 17 instructs the resumption transaction, the registration contents are not updated. However, the content use request may be evaluated again and the user right may be created again. As a result, it is possible to cope with a situation change that occurs between the issuance of a new transaction and the issuance of a resume transaction. For example, when a new transaction is issued, the usage right was created and sent because it was within the usage expiration date of the content, but when the request was made again as a resume transaction, the content usage expiration date would be exceeded. The case may be considered. In this case, usage rights are not created / issued for the restart transaction.

  Further, in the present embodiment, a transaction cancellation process in the middle of processing due to communication disconnection may be included. When cancel processing is performed, in the first command communication phase after communication disconnection, a cancel message including a transaction identification bit T (stored in the communication log database 306) corresponding to a transaction for which a response has not yet been received is designated by the user. It transmits from the user terminal 3 according to the instruction of the processing unit 31. The content distribution apparatus 1 that has received the cancel message notifies the user right creation unit 14 to that effect, and rolls back the transaction being processed to the state before the process. Thereafter, the content distribution apparatus 1 transmits an ACK message to the user terminal 3.

  In addition, when the two content use request processes between the content distribution apparatus 1 and the user terminal 3 are set as the process A and the process B, after the process A is finished, At the start of process B, the authentication process is performed again to create a new session key. However, if it is desired to reduce the response time of process B, the session key in process A is excluded to eliminate the authentication process in process B. May be stored in both the content distribution apparatus 1 and the user terminal 3 and reused.

  In the present embodiment, the content distribution apparatus 1 may provide session key usage restrictions. For example, if the number of session key reuses exceeds the specified upper limit, if the specified time has elapsed since the session key was first created, the specified communication data volume was exceeded after the session key was first created In this case, the content distribution apparatus 1 notifies the user terminal 3 that the session key cannot be reused when distributing a predetermined content or usage right, or when distributing to a predetermined user terminal 3. The user terminal 3 that has received the notification that the session key cannot be reused regenerates the session key. That is, communication is restarted from the initial phase.

In the present embodiment, the protocol between the content distribution apparatus 1 and the user terminal 3 has been described. However, the present invention can also be applied to license exchange between user terminals. For example, the present invention can be applied when transferring a license between user terminals in a home. In this case, it is assumed that a group identifier that is a user terminal in the same home is specified in advance or by setting after purchase. When the protocol shown in the present embodiment is applied when transferring a license between user terminals, the license source terminal may be regarded as the content distribution apparatus 1 and the license destination terminal as the user terminal 3. If the license transfer is limited to the same household, that is, those having the same group identifier, the group identifier is transmitted from the license distribution destination terminal to the license distribution source terminal, and the license distribution source terminal is the same group identifier. The license is transmitted only when they are the same. The group identifier may be transmitted by any method as long as it is a method for preventing eavesdropping, falsification, and impersonation. For example, it may be included in the encrypted data in the initial command communication phase. Alternatively, the hash value of the group identifier may be used without transmitting the group identifier itself. Further, a group identifier hash transmission phase may be separately provided after the initial phase, and the group identifier hash encrypted with the session key may be transmitted.

  Note that each component of the content distribution system shown in the present embodiment may be realized by hardware or software.

  As described above, according to the present invention, all the functions of license eavesdropping / falsification prevention, communication partner authentication, and communication disconnection countermeasures are realized, and even when multiple transaction processing is performed, between the server device and the terminal device. And a system and apparatus for realizing a protocol with less information managed and held by a server apparatus and a terminal apparatus in order to realize the above functions. Thereby, it is possible to provide a content distribution system capable of reducing the waiting time from when a user issues a request until a response is obtained.

  The present invention provides a server device that provides a terminal device with a license for use of content based on transaction processing including reception of a request message, transmission of a response message, and reception of a commit message for confirming transaction completion, and the server device And a terminal device that controls the use of the content based on the license acquired from the digital content distribution system. For example, the server apparatus is suitable for a service provider distribution server that distributes digital contents via the Internet, a broadcast apparatus that digitally broadcasts digital contents via broadcast, and the terminal apparatus receives digital broadcasts. This is suitable for a set-top box, a digital TV, a DVD recorder, a hard disk recorder, a content playback device such as a personal computer, a recording device, or a composite device thereof.

It is a block diagram which shows the structure of the content delivery system which concerns on one Embodiment of this invention. It is a block diagram which shows the detailed structure of the security management / communication part of the content delivery apparatus which concerns on one Embodiment of this invention. It is a block diagram which shows the detailed structure of the security management / communication part of the user terminal which concerns on one Embodiment of this invention. It is a flowchart explaining the process regarding the content purchase performed with the content delivery system which concerns on one Embodiment of this invention. It is a figure which shows notionally an example of the information regarding the content stored in the content right database. It is a figure which shows notionally an example of the user information stored in the user database. It is a figure which shows notionally an example of the information of the rights which the user stored in the user ownership rights database has. It is a figure which shows notionally an example of the content information stored in the content database. It is a flowchart explaining the process regarding content utilization performed with the content delivery system which concerns on one Embodiment of this invention. It is explanatory drawing which shows four types of communication phases which perform a some transaction process between a content delivery apparatus and a user terminal. It is explanatory drawing which shows transition of the transaction identification bit when a several transaction process is normally performed between the content delivery apparatus 1 and a user terminal. It is explanatory drawing which shows transition of the transaction identification bit when a response message does not reach between the content delivery apparatus 1 and a user terminal. It is explanatory drawing which shows transition of the transaction identification bit when a request message does not arrive between the content delivery apparatus 1 and a user terminal. It is a flowchart explaining the process performed in the initial phase of a user terminal and a content delivery apparatus in the content utilization process performed with the content delivery system which concerns on one Embodiment of this invention. The flowchart explaining the process performed in a user terminal before starting an initial command communication phase after the initial phase of a user terminal and a content distribution apparatus in the content utilization process performed with the content distribution system which concerns on one Embodiment of this invention. It is. It is a flowchart explaining the process performed in the first command communication phase of a user terminal and a content delivery apparatus in the content utilization process performed with the content delivery system which concerns on one Embodiment of this invention. It is a flowchart explaining the process performed in the command communication phase of a user terminal and a content delivery apparatus in the content utilization process performed with the content delivery system which concerns on one Embodiment of this invention. It is a flowchart explaining the process performed in the commit phase of a user terminal and a content delivery apparatus in the content utilization process performed with the content delivery system which concerns on one Embodiment of this invention.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Content delivery apparatus 3 User terminal 11 Content purchase process part 12 User registration part 13 User right registration part 14 User right creation part 15 Content encryption part 16 Content management part 17, 36 Security management / communication part 18 User database 19 Content right database 20 User Ownership Rights Database 21 Content Database 31 User Instruction Processing Unit 32 Terminal Information Storage Unit 33 Content Storage Unit 34 Usage Rights Management Unit 35 Usage Rights Database 37 Output Unit 201, 301 Unique Key Information Storage Unit 202, 302 Random Number Generation Unit 203, 303 Encryption processing unit 204, 304 Control unit 205, 305 Communication unit 206, 306 Communication log database

Claims (12)

Information on the use of content is acquired from the server device based on transaction processing including transmission of a request message, reception of a response message, and transmission of a commit message for confirming completion of one transaction, and based on the information, A terminal device that controls processing and performs mutual authentication with the server device immediately before the first transaction processing in a plurality of transaction processing,
The request message includes a transaction flag associated with the transaction currently being processed and having a value of 0 or 1.
Response receiving means for receiving each response message transmitted from the server device in a plurality of transaction processes;
When the response message from the server device is normally received in the second and subsequent transaction processes in a plurality of consecutive transaction processes, the value of the transaction flag included in the request message transmitted last time is A transmission means for transmitting a request message including an inverted transaction flag and transmitting a commit message in the final transaction processing;
The server apparatus provides first authentication information for authenticating the terminal apparatus to the transmitting means as an authentication request, and the terminal apparatus is received as a response to the first authentication information by the response receiving means. Authenticating means for verifying second authentication information to authenticate the device, and providing a confirmation message to the transmitting means for confirming mutual authentication as a result of the verification;
The transmission unit is a terminal device that transmits the confirmation message together with a request message for the initial transaction process.   The terminal device according to claim 1, wherein the plurality of transaction processes are performed on the same session as a session for which mutual authentication has been performed. The transmission means includes
When the response message is successfully received by the response receiving means, the inverted transaction flag is included in the request message for the next transaction process and transmitted.
The terminal device according to claim 2, wherein when the response message is not normally received, the transaction flag that is not inverted is included in the request message of the current transaction process and transmitted again. Information on the use of content is provided to the terminal device based on transaction processing including reception of a request message, transmission of a response message, and reception of a commit message for confirming completion of one transaction. A server device that performs processing for mutual authentication with a terminal device immediately before processing,
The request message includes a transaction flag associated with the transaction currently being processed and having a value of 0 or 1.
Receiving means for receiving a transaction flag included in the second and subsequent request messages in a plurality of consecutive transaction processes;
A determination means for determining that the completion of the previous transaction is confirmed when the value of the transaction flag is inverted with respect to the value of the previously received transaction flag when the second and subsequent request messages are received;
The server device verifies the first authentication information for authenticating the terminal device received as an authentication request by the receiving means, and provides the second authentication information for the terminal device to authenticate the server device when it is verified as valid. Authentication means for
The server device receives the confirmation message for confirming mutual authentication together with the request message for the first transaction processing. The receiving means includes
Request receiving means for receiving the transaction flag included in the second and subsequent request messages;
The server apparatus according to claim 4, further comprising: a commit receiving unit that receives a commit message only in the last transaction process of the plurality of transaction processes. The server device further includes:
When it is determined by the determination means that the completion of the previous transaction is confirmed, a response message for the next transaction processing is transmitted. When the determination means determines that the completion of the previous transaction is not confirmed, the response of the previous transaction processing The server apparatus according to claim 5, comprising response transmission means for transmitting the message again. Obtaining from the server device a server device that provides information on content usage to the terminal device based on transaction processing including reception of a request message, transmission of a response message, and reception of a commit message for confirming completion of one transaction A digital content distribution system including a terminal device that controls the use of the content based on the information,
The request message includes a transaction flag associated with the transaction currently being processed and having a value of 0 or 1.
The terminal device
A process of performing mutual authentication with the server device immediately before the first transaction process in a plurality of transaction processes,
Response receiving means for receiving each response message transmitted from the server device in a plurality of transaction processes;
When the response message from the server device is normally received in the second and subsequent transaction processes in a plurality of consecutive transaction processes, the value of the transaction flag included in the request message transmitted last time is A transmission means for transmitting a request message including an inverted transaction flag and transmitting a commit message in the final transaction processing;
The server apparatus provides first authentication information for authenticating the terminal apparatus to the transmitting means as an authentication request, and the terminal apparatus is received as a response to the first authentication information by the response receiving means. Authenticating means for verifying second authentication information to authenticate the device, and providing a confirmation message to the transmitting means for confirming mutual authentication as a result of the verification;
The transmitting means transmits the confirmation message together with the request message for the initial transaction processing,
The server device
Performs mutual authentication with the terminal device immediately before the first transaction processing of multiple transaction processing,
Receiving means for receiving a transaction flag included in the second and subsequent request messages in a plurality of consecutive transaction processes;
A determination means for determining that the completion of the previous transaction is confirmed when the value of the transaction flag is inverted with respect to the value of the previously received transaction flag when the second and subsequent request messages are received;
The server device verifies the first authentication information for authenticating the terminal device received as an authentication request by the receiving means, and provides the second authentication information for the terminal device to authenticate the server device when it is verified as valid. Authentication means for
The content distribution system, wherein the receiving unit receives a confirmation message for confirming mutual authentication together with the request message for the initial transaction process. Information on the use of content is acquired from the server device based on transaction processing including transmission of a request message, reception of a response message, and transmission of a commit message for confirming completion of one transaction, and based on the information, A transaction processing method in a terminal device that controls processing and performs mutual authentication with the server device immediately before initial transaction processing in a plurality of transaction processing,
The request message includes a transaction flag associated with the transaction currently being processed and having a value of 0 or 1.
A response reception step of receiving each response message transmitted from the server device in a plurality of transaction processes;
When a response message from the server device is normally received in the second and subsequent transaction processes in a plurality of consecutive transaction processes, the value of the transaction flag included in the request message transmitted last time is A transmission step of transmitting a request message including an inverted transaction flag and transmitting a commit message in the final transaction processing;
The server apparatus provides first authentication information for authenticating the terminal apparatus as an authentication request to the transmission step, and the terminal apparatus is received as a response to the first authentication information by the response reception step. Verifying second authentication information to authenticate the device, and as a result of the verification, an authentication step for providing a confirmation message for confirming mutual authentication to the transmission step, and
The transmission step is a transaction processing method in which the confirmation message is transmitted together with a request message for the initial transaction processing. Information on the use of content is provided to the terminal device based on transaction processing including reception of a request message, transmission of a response message, and reception of a commit message for confirming completion of one transaction. A transaction processing method in a server device that performs processing for mutual authentication with a terminal device immediately before processing,
The request message includes a transaction flag associated with the transaction currently being processed and having a value of 0 or 1.
A reception step of receiving a transaction flag included in a second and subsequent request messages in a plurality of consecutive transaction processes;
A determination step for determining that the completion of the previous transaction is confirmed when the value of the transaction flag is inverted with respect to the value of the previously received transaction flag when the second or subsequent request message is received;
The server device verifies the first authentication information received as an authentication request by the receiving step for authenticating the terminal device, and when it is verified as valid, the terminal device provides the second authentication information for authenticating the server device. And an authentication step to
In the transaction processing method, the reception step receives a confirmation message for confirming mutual authentication together with the request message for the initial transaction process. Obtaining from the server device a server device that provides information on content usage to the terminal device based on transaction processing including reception of a request message, transmission of a response message, and reception of a commit message for confirming completion of one transaction A transaction processing method in a digital content distribution system including a terminal device that controls use of the content based on the information,
The request message includes a transaction flag associated with the transaction currently being processed and having a value of 0 or 1.
The terminal device
A process of performing mutual authentication with the server device immediately before the first transaction process in a plurality of transaction processes,
A response reception step of receiving each response message transmitted from the server device in a plurality of transaction processes;
When a response message from the server device is normally received in the second and subsequent transaction processes in a plurality of consecutive transaction processes, the value of the transaction flag included in the request message transmitted last time is A transmission step of transmitting a request message including an inverted transaction flag and transmitting a commit message in the final transaction processing;
The server apparatus provides first authentication information for authenticating the terminal apparatus as an authentication request to the transmission step, and the terminal apparatus is received as a response to the first authentication information by the response reception step. Verifying second authentication information to authenticate the device, and as a result of the verification, an authentication step for providing a confirmation message for confirming mutual authentication to the transmission step, and
The transmitting step transmits the confirmation message together with the request message for the initial transaction process,
The server device
Performs mutual authentication with the terminal device immediately before the first transaction processing of multiple transaction processing,
A reception step of receiving a transaction flag included in a second and subsequent request messages in a plurality of consecutive transaction processes;
A determination step for determining that the completion of the previous transaction is confirmed when the value of the transaction flag is inverted with respect to the value of the previously received transaction flag when the second or subsequent request message is received;
The server device verifies the first authentication information received as an authentication request by the receiving step for authenticating the terminal device, and when it is verified as valid, the terminal device provides the second authentication information for authenticating the server device. And an authentication step to
In the transaction processing method, the reception step receives a confirmation message for confirming mutual authentication together with the request message for the initial transaction process. Information on the use of content is obtained from the server device based on transaction processing including reception of a request message, transmission of a response message, and transmission of a commit message for confirming completion of one transaction, and based on the information, There is a program for controlling transaction and executing transaction processing in a terminal device that performs mutual authentication with the server device immediately before the first transaction processing in a plurality of transaction processing,
The request message includes a transaction flag associated with the transaction currently being processed and having a value of 0 or 1.
Response receiving means for receiving each response message transmitted from the server device in a plurality of transaction processes;
When the response message from the server device is normally received in the second and subsequent transaction processes in a plurality of consecutive transaction processes, the value of the transaction flag included in the request message transmitted last time is A transmission means for transmitting a request message including an inverted transaction flag and transmitting a commit message in the final transaction processing;
The server apparatus provides first authentication information for authenticating the terminal apparatus to the transmitting means as an authentication request, and the terminal apparatus is received as a response to the first authentication information by the response receiving means. Second authentication information is verified to authenticate the device, and as a result of the verification, an authentication unit that provides the transmission unit with a confirmation message for confirming mutual authentication is realized in a computer in the terminal device,
The transmission means transmits the confirmation message together with the request message for the initial transaction processing. Information on the use of content is provided to the terminal device based on transaction processing including reception of a request message, transmission of a response message, and reception of a commit message for confirming completion of one transaction. A program for executing transaction processing in a server device that performs processing for mutual authentication with a terminal device immediately before processing,
The request message includes a transaction flag associated with the transaction currently being processed and having a value of 0 or 1.
Receiving means for receiving a transaction flag included in the second and subsequent request messages in a plurality of consecutive transaction processes;
A determination means for determining that the completion of the previous transaction is confirmed when the value of the transaction flag is inverted with respect to the value of the previously received transaction flag when the second and subsequent request messages are received;
The server device verifies the first authentication information for authenticating the terminal device received as an authentication request by the receiving means, and provides the second authentication information for the terminal device to authenticate the server device when it is verified as valid. The authentication means to be executed by the computer in the server device,
The receiving means receives a confirmation message for confirming mutual authentication together with a request message for the initial transaction process.

Images