JP4168679B2 - Content usage management system, information processing apparatus or method for using or providing content, and computer program - Google Patents

Description

[0001]
BACKGROUND OF THE INVENTION
The present invention provides rich content such as music data and image data distributed over a broadband communication network (xDSL: x Digital Subscriber Line, CATV (Cable TV), wireless network), digital data such as electronic publications, and moving images. Content usage management system, information processing apparatus or information processing method for using or providing content, and computer program, and in particular, management of content usage based on some contract or usage conditions such as license The present invention relates to a content usage management system, an information processing apparatus or information processing method that uses or provides content, and a computer program.
[0002]
More specifically, the present invention relates to a content use management system that controls the use of content by giving a license to the content user and protects the content, an information processing apparatus or information processing method that uses or provides the content, and The present invention relates to a computer program, and more particularly, to a content usage management system that grants a license to a content user while preventing unauthorized use of a content key, an information processing apparatus or information processing method that uses or provides content, and a computer program. .
[0003]
[Prior art]
Distribution of rich content such as digital data such as music data, image data, electronic publications, and moving images with the spread of broadband communication networks (xDSL: x Digital Subscriber Line, CATV (Cable TV), wireless network, etc.) in recent years However, a mechanism for transmitting data to users without stress is being prepared.
[0004]
On the other hand, the distributed content is digital data, and operations such as copying and tampering can be performed relatively easily. Currently, fraudulent acts such as copying and falsification of these contents are frequently performed, and this is a major factor that hinders the profits of digital content vendors. As a result, the price of the content has to be increased, and a vicious cycle has occurred, which becomes a barrier to popularization.
[0005]
By using encryption technology, it is possible to protect content flowing on a communication path from a malicious third party. However, not only the content distribution process, but also illegal copying and unauthorized use performed after the content is provided to legitimate users is a serious problem.
[0006]
Recently, a method called rights management method (DRM: Digital Rights Management) has been adopted as a countermeasure for this type of problem related to digital contents. Below, the outline | summary of this DRM and its problem are demonstrated.
[0007]
DRM ( Digital Right Management ):
A right information management system (DRM) realizes a mechanism in which content cannot be used unless the user obtains permission (license) to use the content. Examples of such a system include a system called “Windows Media Right Manager” by Microsoft Corporation and “Electronic Media Management System (EMMS)” by IBM Corporation.
[0008]
  A DRM system is typically composed of a content provider, a license manager, and a user. The user possesses a content reproduction apparatus and uses the content by using it. License administratorIsIssue a license to the user. The content provider provides content to the user.
[0009]
The content (Cont) is a key (content key K) that is different for each content depending on the content provider._c) Format E (K_c, Cont). In the present specification, this is called encrypted content.
[0010]
When using a certain content Cont, the user requests the license manager to issue a license. On the other hand, the license issuer issues a license after performing a charging process for the user.
[0011]
The issuance of the license here means that the content key K is actually assigned to the user's playback device._cIs to give. For this purpose, the license administrator makes a different encryption key K with each playback device._u(Encryption key K_uIs shared when the license is issued, or is shared in advance in the playback device), or the content key K_cEncryption key K_uData E (K encrypted with_u, K_c) To the playback device. This data is called a “license token”.
[0012]
The playback device of the licensed user receives the encryption key Ku and the received license token E (K_u, K_c) And encrypted content E (K_c, Cont) can be used to play the content. First, the license token E (K_u, K_c) To content key K_cAnd then the content key K_cEncrypted content E (K_c, Cont) is decrypted and reproduced from the content Cont. Therefore, the content can be used only when the combination of the playback device, the license token, and the encrypted content is correct, that is, only the licensed user.
[0013]
Here, in order to protect the right to use the content, the playback device side must prevent the decrypted content from leaking outside. For this purpose, the playback device uses the encryption key K_uAnd content key K_cAnd the decrypted content Cont must be processed so as not to leak outside. This is because once the decrypted content leaks to the outside, it can be copied and used without restriction. In other words, the playback device includes an encryption key K_uAnd content key K_cIn addition, the condition that the decrypted content Cont can be processed without leaking to the outside is necessary. In the present specification, a playback apparatus having such a condition is referred to as “valid”.
[0014]
In DRM, giving a content license (use permission) to a user is a content key K_cIs provided to the playback device of the user. At the time of licensing, the content key K_cIt is essential that the playback device that receives is valid. Therefore, a license issuer who issues a license must specify a reproduction apparatus as an issuance partner and give a content key only to a valid reproduction apparatus. For this reason, the license issuer has a database relating to a valid reproduction apparatus, and the license issue needs to be performed based on the database.
[0015]
However, considering the case where there are a large number of playback devices, such a database search is a time-consuming or costly process. In particular, when a license is frequently issued due to a mechanism such as downloading contents each time, the load on the server where the database is placed becomes excessive. That is, license issuance with DRM is a process that does not scale with respect to an increase in the number of playback devices.
[0016]
For example, considering the case where content is provided to a specific user, user authentication is performed before the content is provided.
[0017]
If the DRM method is used, in addition to user authentication, it is necessary to specify a content playback device for the user and generate a dedicated license for the playback device. This reduces the processing speed of content provision.
[0018]
[Problems to be solved by the invention]
An object of the present invention is to provide an excellent content usage management system, an information processing apparatus or an information processing method for using or providing content, which can suitably manage the usage of content based on some contract such as a license or usage conditions And providing a computer program.
[0019]
A further object of the present invention is to provide an excellent content use management system, an information processing apparatus that uses or provides content, which can control the use of content by protecting the content by giving a license to the content user, or It is to provide an information processing method and a computer program.
[0020]
A further object of the present invention is to provide an excellent content use management system, an information processing apparatus or an information processing method for using or providing content, capable of giving a license to the content user while preventing unauthorized use of the content key, And providing a computer program.
[0021]
[Means and Actions for Solving the Problems]
The present invention has been made in consideration of the above problems, and a first aspect of the present invention is a content usage management system that manages usage of content by distributing licenses,
Using data including at least authentication information regarding the nonce consisting of a one-time random number generated by a legitimate device that uses the content and the authorized user of the content as a license token,
The legitimate device that uses the content verifies the validity of the license token by verifying that the license token contains a nonce generated by the license token and the authentication processing of the authentication information related to the authorized user of the content usage.・ When the token is valid, let the user use the corresponding content.
This is a content usage management system.
[0022]
However, “system” here refers to a logical collection of a plurality of devices (or functional modules that realize specific functions), and each device or functional module is in a single housing. It does not matter whether or not.
[0023]
A second aspect of the present invention is an information processing apparatus or information processing method for managing the use of content by distributing a license,
A nonce receiving means or step for receiving a nonce that is a one-time random number from a user of the content;
A license token issuing means or step for distributing a license token including at least the received nonce and its authentication information to content users;
An information processing apparatus or an information processing method.
[0024]
The third aspect of the present invention is an information processing apparatus or information processing method for safely providing content,
An enable key issuing means or step for issuing an enable key to a device that properly uses content;
Content encryption means or step for encrypting content with a unique content key for each content;
A content token generating means or step for generating a content token formed by encrypting data including a content key with an enable key;
A content providing means or step for distributing encrypted content together with a content token;
An information processing apparatus or an information processing method.
[0025]
According to a fourth aspect of the present invention, there is provided an information processing apparatus or information processing method for performing legitimate use of content by acquiring a license,
Content acquisition means or step for acquiring content;
Nonce issuing means or step for issuing a nonce that is a one-time random number;
By receiving a license token related to the content and authenticating whether or not the nonce issued by the nonce issuing means or step is included and obtained from the authorized authority to use the content A license token verification means or step for verifying the validity of the license token;
In response to the validity of the license token, a content using means or step for using the corresponding content;
An information processing apparatus or an information processing method.
[0026]
In the present invention, content usage such as a content provider or a system administrator is added to the nonce (one-time random number) generated by the playback device, the content identification number, and the usage conditions (for example, the number of usage permission and the period). An authorized person uses an electronic signature or a message authentication code added as a license token.
[0027]
The playback device that has received the license token knows that the license token is addressed by the fact that the nonce generated by itself is included, and the content provider or the system administrator uses the electronic signature or message authentication code. Is added, it can be determined that the license token is valid.
[0028]
In the present invention, instead of distributing the content key as a license, the content key is distributed as a content token simultaneously with the content distribution. This content token is data obtained by encrypting a content key with an enable key. The enable key is a key that can be used only by a legitimate playback device, independent of the presence or absence of a license.
[0029]
Since the content identification information is included as part of the encrypted content or content token and encrypted with the content key or enable key, the content identification information is distributed in a format that can be judged by a legitimate playback device and authorized to use the content Intentional alterations cannot be made from outside. Therefore, the content key for decrypting the encrypted content is not given to the playback device, but in a format that can be determined from the playback device, the content authority authorized to use the content specifies the identification information of the content that is allowed to be used for playback. The device can be allowed to use the content.
[0030]
Then, only when it is determined that the license has been acquired, the playback device decrypts the content token including the content identification number specified by the license with the enable key held by itself, extracts the content key, and then the content key. The user is allowed to use the content obtained by decrypting the encrypted content. Therefore, a legitimate playback device can use the content without leaking the decrypted content itself outside the device.
[0031]
Also, there are two possible methods for making the enable key available to a legitimate playback device, assuming that the enable key is generated by the system administrator. One method is a method in which an enable key is distributed in advance to a valid playback device.
[0032]
  As such a method, for example,IETF ( Internet Engineering TaskForce )Any of the methods for sharing the encryption key with the user group described in RFC (Request for Comment) 2627 may be used. In the simplest case, when the system administrator distributes the enable key for each playback device, it takes time to distribute the enable key in proportion to the number N of playback devices. However, RFC2627 shows a management system based on a hierarchical key structure (hierarchical key tree) in which each playback device has data whose size is proportional to the logarithm of the number N of playback devices. The enable key can be distributed by broadcasting data having a size proportional to the logarithm of N.
[0033]
Another method of distributing the enable key is a method of distributing the enable key together with the encrypted content in a format that can be acquired only by a valid playback device. As disclosed in Japanese Patent Laid-Open No. 2001-352321 (title of the invention: information system, information processing method, information recording medium, and program providing medium) already assigned to the present applicant, By providing the playback device with data having a size proportional to the logarithm of the number N, the enable key can be distributed by distributing data having a size proportional to the logarithm of the number N of playback devices together with the encrypted content. .
[0034]
In addition, when a playback device in which tamper resistance is destroyed occurs, the enable key may be updated. Included in the playback device whose tamper resistance has been destroyed by updating the enable key and distributing the content as if the content was encrypted with the new content key and the content key was encrypted with the new enable key Even if the information to be used is used, the encrypted content cannot be decrypted again.
[0035]
The important point in the present invention is that the license is not a content key, so that even if a license is given to an arbitrary device, the content can actually be decrypted only to a legitimate playback device that shares an enable key in advance. ,That's what it means. Therefore, according to the present invention, it is not necessary to specify a playback device to be issued when issuing a license and issue a dedicated license to each playback device. As a result, it is possible to process license issuance at high speed, and it is possible to realize a license issuance process with good scalability with respect to an increase in the number of playback devices.
[0036]
  According to a fifth aspect of the present invention, there is provided a computer program written in a computer-readable format so that processing for managing the use of content by distributing a license is executed on a computer system.For the computer system:
  Nonce reception that receives a nonce that is a one-time random number from the content userprocedureWhen,
  Issuing a license token that distributes a license token containing at least the received nonce and its authentication information to content usersprocedureWhen,
TheExecuteThis is a computer program characterized by the above.
[0037]
  According to a sixth aspect of the present invention, there is provided a computer program written in a computer-readable format so as to execute a process for safely providing content on a computer system.For the computer system:
  Issuing an enable key to issue an enable key to devices that properly use contentprocedureWhen,
  Content encryption that encrypts content with a unique content key for each contentprocedureWhen,
  Content token generation that generates a content token by encrypting data including a content key with an enable keyprocedureWhen,
  Provision of content that distributes encrypted content with content tokensprocedureWhen,
TheExecuteThis is a computer program characterized by the above.
[0038]
  According to a seventh aspect of the present invention, there is provided a computer program written in a computer-readable format so as to execute processing for performing proper use of content by acquiring a license on a computer system,For the computer system:
  Content acquisition to acquire contentprocedureWhen,
  Nonce issuing that nonce is a one-time random numberprocedureWhen,
  The license token related to the content is received, and it is verified whether the nonce issued in the nonce issuing step is included and whether it is obtained from an authorized person authorized to use the content. License token verification to verify token validityprocedureWhen,
  Content usage that uses the corresponding content in response to the validity of the license tokenprocedureWhen,
TheExecuteThis is a computer program characterized by the above.
[0039]
The computer program according to each of the fifth to seventh aspects of the present invention defines a computer program described in a computer-readable format so as to realize predetermined processing on a computer system. In other words, by installing the computer program according to the fifth to seventh aspects of the present invention in the computer system, a cooperative action is exhibited on the computer system, and the second to the second aspects of the present invention. The same effect as the information processing apparatus or the information processing method according to each of the four aspects can be obtained.
[0040]
Other objects, features, and advantages of the present invention will become apparent from more detailed description based on embodiments of the present invention described later and the accompanying drawings.
[0041]
DETAILED DESCRIPTION OF THE INVENTION
In the following, as an embodiment of the present invention, when an enable key is shared in advance by a legitimate playback device (first embodiment), the enable key is distributed together with encrypted content in a format that can be acquired only by the legitimate playback device. The case (Embodiment 2) will be described in detail with reference to the drawings. Before that, first, the encryption technique used in the present invention will be briefly described.
[0042]
A. Cryptography
In the present specification, E (K, M) means encryption of data M using the encryption key K. MAC (K, M) represents a message authentication code generated for the data M using the key K.
[0043]
A message authentication code (MAC) is a method that makes it possible to discover data falsification and identify a message generator using common key cryptography. Assume that only the creator of data M and the destination of M share the key K of the common key encryption. At this time, the message authentication code of data M uses the key K and MAC (K, M) = E ( K, h (M)) (encrypted data of h (M) using the key K). Here, h () is a one-way function shared by the data sending side and the receiving side. Examples of the unidirectional function include those called MD5 and SHA-1 (for example, see ISO / IEC10118 and FIPS180-1 for details).
[0044]
When sending data M in combination with a message authentication code and sending it in the form of (M, MAC (K, M)), the data receiving side applies a one-way function to data M, and h ( By checking whether M) = E (K, h (M)) is satisfied, the data M has not been tampered with and the message authentication code MAC (K, M) is added by the owner of the key K Can be confirmed.
[0045]
In the following description, an electronic signature can be used instead of the message authentication code at a place where the message authentication code is used. In that case, the side that confirms the message authentication code in the following description may hold the public key for signature verification instead of the encryption key of the common key encryption.
[0046]
Electronic signature is a kind of application of public key cryptography. Here, the public key cryptosystem is a key (public key) P used for encrypting data._kAnd a key (secret key) S used for decryption_kAre different encryption algorithms, and it is very difficult to calculate the other from one key. That is, r's P_kEncryption with R = E (P_k, R), the secret key S of the encrypted data R_kDecryption D (S_k, R) matches r). As for public key cryptography, for example, IEEE-P1363 summarizes standard techniques.
[0047]
The electronic signature is such that when the data M exists, the creator of M has his private key S_kData SG (M) = D (S_k, H (M)). When sending data M in combination with an electronic signature in the form of (M, SG (M)), the receiving side applies a one-way function to the received data M, and h (M) = E (P_k, SG (M)) is satisfied by confirming that M has not been tampered with and that SG (M) has the private key S_kIt can be confirmed that it was added by the owner. Such a procedure is called verification of an electronic signature. For electronic signatures, for example, standard methods are summarized in IEEE-P1363.
[0048]
B. First embodiment
B-1. overall structure
FIG. 1 shows participants of the system according to the first embodiment of the present invention. As shown in the figure, the participants include a content provider 30, a system administrator 20, and a playback device 40. There may be a plurality of content providers and playback devices.
[0049]
The playback device 40 is distributed from the system administrator 20 to users who use the system.
[0050]
In order to provide content (for example, music or image data, electronic document, software, etc.) to the user, the content provider 30 makes a contract with the system administrator 20 and provides the content to the playback device 40 of each user.
[0051]
B-2. System Administrator
FIG. 2 schematically shows a functional configuration of the system administrator 20. As shown in the figure, the system administrator 20 includes an encryption processing unit 21, a data storage unit 22, a random number generator 23, a clock 24, and a communication processing unit 25. The system administrator 20 is actually configured by operating a predetermined server application on a computer system connected to a wide area network.
[0052]
It is assumed that the system administrator 20 can communicate with the content provider and the playback device by the communication processing unit 25. All data held by the system administrator 20 described below is held in the data storage unit 22.
[0053]
3 to 5 schematically show the data configuration held by the system administrator 20.
[0054]
The system administrator 20 includes a playback device table 211 for managing playback device unique numbers, playback device unique keys a, and playback device unique keys b for all playback devices 40 participating in the system (FIG. 3). checking). In this playback device table 211, a playback device unique number, a playback device unique key a, and a playback device unique key b for each valid playback device are set in one column of the table (hereinafter referred to as 1 “record”). Can be implemented as a database that can be searched by the playback device unique number.
[0055]
The system administrator 20 also manages content provider unique numbers, content provider unique keys a, content provider unique keys b, and content provider addresses of all content providers 30 participating in the system. A provider table 212 is provided (see FIG. 4). The content provider table 212 represents a content provider unique number, a content provider unique key a, a content provider unique key b, and a content provider address for each content by one record, and each record is represented by a content provider unique number. It can be implemented as a searchable database.
[0056]
The enable key information 213 includes the version number IVER of the current enable key and the enable key K._r(See FIG. 5).
[0057]
B-3. Content provider
FIG. 6 schematically shows the functional configuration of the content provider 30. As shown in the figure, the content provider 30 includes a tamper resistant encryption processing unit 31, a tamper resistant data storage unit 32, a data storage unit 33, a random number generator 34, a communication processing unit 35, a watch 36. It is assumed that the communication processing unit 35 can communicate with the system administrator and the playback device. The content provider 30 is actually configured by operating a predetermined server application on a computer system connected to a wide area network.
[0058]
The term “tamper resistance” as used herein refers to the property that internal processing and data cannot be acquired or altered by external observation or analysis. Further, communication with tamper resistance is possible between the tamper resistant encryption processing unit 31 and the tamper resistant data storage unit 32.
[0059]
Of the data held by the content provider 30 described below, the content table is held in the data storage unit 33, and the content provider specific information and enable key information are held in the tamper resistant data storage unit 32. Further, processing using an enable key (acquisition of an enable key described later and content token generation) is performed by the tamper resistant encryption processing unit 31.
[0060]
7 to 9 schematically show data structures held in the content provider 30. FIG.
[0061]
The content provider 30 includes a content table 311 for managing the provided content Cont (see FIG. 7). Content key K with content identification number CID_cThe content table 311 has a content identification number CID, a content key Kc, and an encrypted content E (K_c, Cont), content token IVER || E (K_r, K_c|| CID) is prepared. The content table 311 may be implemented as a database that can search each record by the content identification number CID.
[0062]
In the above example, the content key K is the content identification number CID._cFor content Cont, the encrypted content and content token are E (K_c, Cont) and IVER || E (K_r, K_c|| CID). However, since the content identification number may be in a format that can be acquired by the playback device 40 from the encrypted content or the content token, for example, the encrypted content and the content token are E (K_c, Cont || CID) and IVER || E (K_r, K_c). When the latter format is handled, the necessary changes in the embodiment described below are obvious, and the description thereof is omitted. In addition to encrypting the content, it is conceivable to add a message authentication code (described above) in order to prevent modification, but in this case as well, the necessary changes are obvious and description thereof will be omitted.
[0063]
The content provider unique information 312 includes a content provider unique number, a content provider unique key a, and a content provider unique key b (see FIG. 8). These are determined by the system administrator 20 when the content provider 30 concludes a contract for use of the system, and a record in which the address of the content provider 30 is added to the same data is a content provider table of the system administrator 20. 212 is also registered.
[0064]
The enable key information 313 includes the current enable key version number IVER and the enable key K._r(See FIG. 9), and these are acquired from the system administrator in the enable key acquisition procedure (described later).
[0065]
B-4. Playback device
FIG. 10 schematically shows the functional configuration of the playback device 40. As shown in the figure, the playback device 40 includes an encryption processing unit 41, a data storage unit 42, a random number generator 43, a communication processing unit 44, and a clock 45. The entire playback device 40 has tamper resistance. It is assumed that the communication processing unit 44 can communicate with the system administrator and the content provider. The playback device 40 is actually configured by operating a content playback / application on a computer system connected to a wide area network. All data held by the playback apparatus described below is held in the data storage unit 42.
[0066]
Note that the clock 45 is necessary only when the later-described license information given to the playback device 40 includes an expiration date as a (content) usage condition. Therefore, when the expiration date is not used as the usage condition, it is not essential that the playback device 40 includes the clock 45. Even if the expiration date is used as a usage condition, the absolute value of the clock 45 is not specified when the expiration date is specified as an elapsed time (period) since the license is received, rather than as the time. It is not necessary to use a device that maintains the time (in this case, the clock 45 of the playback device 40 does not require time adjustment).
[0067]
FIGS. 11 to 13 schematically show the data configuration held in the playback device 40. The playback device 40 includes playback device specific information 411, enable key information 412, and license information 413.
[0068]
The playback device unique information 411 holds a playback device unique number, a playback device unique key a, and a playback device unique key b (see FIG. 11). These are input when the playback device 40 is shipped, and are also registered in the playback device table 211 of the system administrator 20.
[0069]
The enable key information 412 includes the current enable key version number IVER and the enable key K._r(See FIG. 12), and these are obtained from the system administrator 40 in the procedure for obtaining the enable key (described later).
[0070]
The license information 413 includes a content identification number and license conditions (see FIG. 13), and records license information acquired when using the content.
[0071]
B-5. Overview of operation
The operation of the system of the present invention comprising the content provider 30, the system administrator 20, and the playback device 40 will be described below.
[0072]
The operation of the system consists of initialization, content use, and enable key update. Each participant first performs initialization, then adds / deletes content, uses content, and updates the enable key.
[0073]
Initialization is first performed by the system administrator 20. The content provider 30 and the playback device 40 are initialized when they newly join the system.
[0074]
Content addition / deletion is processing performed when content provided by the content provider 30 is added or deleted.
[0075]
Content use is processing when a user receives content from the content provider 30 to his / her playback device 40 and uses the content. In the following explanation, a case where encrypted content, content token, and license are acquired at the same time when content is used will be described. However, license acquisition is performed at a timing different from acquisition of encrypted content and content token. Of course it may be done.
[0076]
When acquiring a license, the user is generally authenticated in order to charge the user and confirm that the user has the right to use the content. As such a user authentication method, for example, a method called Kerberos or PKI may be used. However, since these are not directly related to the gist of the present invention, the description is omitted here, and thereafter, the user who has confirmed the usage right has used the content once or a plurality of times for the playback device 40. A case where a license (= use permission) is given will be described.
[0077]
When the tamper resistance of any playback device 40 participating in the system is broken and the data held in the data storage unit 42 of the playback device 40 is leaked, the enable key update uses that information. Thus, the encrypted content cannot be decrypted. That is, the enable key is updated so that only a valid playback device 40 whose tamper resistance is not broken is shared with the new enable key. By providing the content provider 30 with a new enable key, re-encrypting the content with the new content key, and replacing the content token with a new content key encrypted with the new enable key, Even if an enable key included in the playback device 40 whose tamper resistance is broken is used, the encrypted content cannot be decrypted.
[0078]
The enable key update is performed by the system administrator, the playback device, and the content provider.
[0079]
Hereinafter, initialization, content addition / deletion, content use, and enable key update for the playback device 40, the content provider 30, and the system administrator 20 will be described in order.
[0080]
B-6. Initialization
In initialization of the system administrator 20, a new enable key is generated using the random number generator 23, and the enable key version number 0 and the enable key are held as enable key information 213. Further, the playback device table 211 and the content provider table 212 are set to have no record.
[0081]
The content provider 30 concludes a usage contract for the content usage right management system before initialization. At that time, a unique content provider unique number PID and a content provider unique key K with the system administrator 20_pa, K_pbAre stored as content provider specific information 312. At this time, the content provider unique number PID and the content provider unique key K are also stored in the content provider table 212 of the system administrator 20._pa, K_pb, And a new record consisting of the content provider address is added. After the above registration procedure is completed, the content provider 30 is initialized so that there is no record in the content table 311 and an enable key is acquired.
[0082]
Here, a processing procedure for the content provider 30 to obtain an enable key from the system administrator 20 will be described with reference to FIG.
[0083]
First, an enable key acquisition request is sent from the content provider 30 to the system administrator (step S1). The enable key acquisition request includes a content provider unique number PID and a content provider unique key K._pa, K_pbPID || nonce || MAC (K_pb, Nonce || PID). Here, nonce is a nonce (a random number used only once) generated by the content provider.
[0084]
On the other hand, the system administrator 20 searches the content provider table 212 using the content provider specific number PID from the received enable key acquisition request. If the search is successful, the corresponding content provider unique key K_pa, K_pbTo confirm that the enable key acquisition request is correct (the message authentication code included in the enable key acquisition request is correct).
[0085]
If the confirmation of the enable key acquisition request is successful, the enable token PID || nonce || IVER || E (K_pa, K_r) || MAC (K_pb, PID || nonce || IVER || E (K_pa, K_r)) Is generated (step S3).
[0086]
FIG. 15 shows the data structure of the enable token in this case. In the figure, K_rIs the enable key, K_pa, K_pbIs the content provider unique key, and nonce is the nonce received from the content provider 30 in step S2.
[0087]
The system administrator 20 sends an enable token to the content provider (step S4). On the other hand, the content provider 30 confirms that the enable token is correct (the message authentication code included in the enable token is correct and that the nonce matches that sent by itself in step S1). If the content provider 30 succeeds in the confirmation, the content provider 30 uses the enable key K from the received enable token._rIs extracted (step S6) and held as enable key information 313.
[0088]
When the playback device 40 is shipped, the playback device unique number UID and the playback device unique key K_ua, K_ubIs determined and registered with the system administrator 20. As a result, the playback device table 211 of the system administrator 20 has a playback device unique number UID and a playback device unique key K._ua, K_ubA new record consisting of is added. Initialization of the playback device 40 is acquisition of an enable key. A processing procedure for the playback device 40 to acquire the enable key will be described with reference to FIG.
[0089]
First, an enable key acquisition request is sent from the playback device 40 to the system administrator 20 (step S1). In response to the enable key acquisition request, the playback device 40 receives the playback device unique number UID and the playback device unique key K_ua, K_ubUID || nonce || MAC (K_ub, Nonce || UID). The nonce is a nonce generated by the playback device 40.
[0090]
Next, the system administrator 20 searches the playback device table 211 using the playback device unique number UID from the received enable key acquisition request. If the search is successful, the corresponding playback device unique key K_ua, K_ubIs used to confirm that the enable key acquisition request is correct (step S2). This is to confirm that the message authentication code included in the enable key acquisition request is correct.
[0091]
When the confirmation of the enable key acquisition request is successful, the enable token UID || nonce || IVER || E (K_ua, Kr) || MAC (K_ub, UID || nonce || IVER || E (K_ua, Kr)) is generated (step S3).
[0092]
FIG. 16 shows the data structure of the enable token in this case. Where IVER is the version number of the enable key, K_rIs the enable key, K_ua, K_ubIs the reproduction device unique key, and nonce is the nonce received from the reproduction device 40 in step S2.
[0093]
Next, the system administrator 20 sends the generated enable token to the playback device 40 (step S4).
[0094]
On the playback device 40 side, it is confirmed that the enable token is correct (that is, the message authentication code included in the enable token is correct and that the nonce matches that sent in step S1) (step S5).
[0095]
If the verification is successful, the playback device 40 uses the received enable token from the enable key version number IVER and the enable key K._rAre stored as enable key information 412.
[0096]
B-7. Content addition / deletion
The content provider 30 performs processing when adding or deleting content to be provided. FIG. 17 shows a processing operation when adding or deleting content in the content provider 30 in the form of a flowchart.
[0097]
First, the content provider 30 determines whether content is added or deleted (step S11).
[0098]
If adding content Cont, content key K for the content to be added_cIs newly generated by the random number generator 34, and the content identification number CID is generated as a concatenation of a unique number for each content handled by the content provider 30 and a content provider unique number (step S12).
[0099]
Next, the content key K generated in step S12_cTo encrypt the additional content Cont with the encrypted content E (K_c, Cont) is obtained (step S13). Next, the content key K_cContent token IVER || E (K_r, K_c|| CID) is generated (step S14).
[0100]
The content identification number CID and the content key K_cAnd encrypted content E (K_c, Cont) and content token IVER || E (K_r, K_c|| CID) is added as a new record in the contents table 311 (step S15), and the entire processing routine is terminated.
[0101]
On the other hand, if it is determined in step S11 that the content is to be deleted, the content table 311 is searched for a record of the content to be deleted (step S16), the record is deleted (step S17), and the entire processing routine is terminated. To do.
[0102]
B-8. Content usage
Content use is processing when content is sent from the content provider 30 to the user's playback device 40 and used on the user side. FIG. 18 shows a processing procedure for using content acquired by the user's playback device 40 from the content provider 30 in the form of a flowchart.
[0103]
First, when a user selects content to be used on his / her playback device 40 (step S21), in response to this, the identification number CID of the selected content is notified to the content provider 30.
[0104]
In this content selection operation, for example, a general web browser or the like displays a content content (for example, a song name if the content is music) and a button for which the user wants to use the user, and the user presses the button with a mouse or the like. It can be implemented by a GUI operation such as clicking with the button. However, since the configuration of such a user interface is general and is not directly related to the gist of the present invention, it will not be described further here.
[0105]
At this time, the user is generally authenticated for the purpose of purchasing the right to use the selected content or confirming that the user already has the right. However, since this is not directly related to the gist of the present invention as described above, the description is omitted here. Therefore, in the following, the description regarding this embodiment will be made on the assumption that the content used by the user has been selected and the usage rights for the content have been confirmed.
[0106]
When the content provider 30 receives a notification of the identification number of the content desired to be used from the user, the content provider 30 searches the content table 311 for a record corresponding to the identification number (step S22). Then, the encrypted content E (K_c, Cont) and content token IVER || E (K_r, K_c|| CID) is sent to the playback device 40 of the requesting user (step S23). FIG. 19 shows a data structure of a content distribution format sent from the content providing device 30 to the playback device 40.
[0107]
On the playback device 40 side, the encrypted content E (K_c1, Cont) and content token IVER || E (K_r, K_c|| CID), the version number of the enable key included in the content token is compared with the version number of the own enable key (step S24). If the version number of the enable key included in the content token is newer, the enable key is acquired (step S31). The acquisition of the enable key has already been described with reference to FIG. 14 as the process of acquiring the enable key from the system administrator 20 at the time of initialization of the playback device 40, and thus the description thereof is omitted here.
[0108]
Subsequently, the playback device 40 sends a nonce (a one-time random number) to the content provider 30 (step S25). In response to this, the content provider 30 generates a license token (step S26). The license token is CID || CND || nonce || MAC (K_c, CID || CND || nonce).
[0109]
FIG. 20 shows the data structure of the license token. Here, CID is the identification number of the content to be permitted for use, CND is the condition for permission for use, and nonce is the nonce sent from the playback device 40 in step S25.
[0110]
The license token may be any data that can be confirmed by the playback device 40 by the authority (generally the content provider 30) who gives permission to use the content._cEncrypted data E (K_c, CID || CND || nonce). Further, if the authorized person who gives permission to use the content is a third party other than the content provider 30 or the system administrator 20, the content key K_cInstead of this, it is also possible to use an encryption key (for example, enable key Kr) shared in advance between these and the playback device 40.
[0111]
In step S27, the content provider 30 sends the license token to the playback device 40. On the other hand, the playback device 40 confirms the received license token (step S28). That is, it is confirmed whether or not the nonce included in the license token is the same as that sent in step S25 and the message authentication code is correct.
[0112]
If it is confirmed in step S28 that the license token is correct, the playback device 40 uses the license identification information 413 in the playback device 40 for the content identification number CID and usage permission condition CND included in the license token. Hold as.
[0113]
Next, the playback device 40 confirms that the content identification number CID of the license information 413 matches the content identification number CID held in the license information storage area, and further confirms that the use permission condition CND is satisfied. (Step S29).
[0114]
Here, the use condition CND is, for example, the number of times of use and the expiration date. It is assumed that the condition is satisfied as long as it is greater than 0 by subtracting 1 at each confirmation if the number is available. If it is the expiration date, it is determined that the condition is satisfied in comparison with the actual time measured by the clock 45 in the playback device 40. However, as described above, when the expiration date is not used as the use condition CND, the playback device 40 does not need the clock 45. Even when the expiration date is used, the absolute time is held as the clock 45 when the expiration date is not specified by the time but is specified by the elapsed time (period) after receiving the license. You don't have to use what you do.
[0115]
If it is determined in step S29 that the usage conditions are satisfied, the playback device 40 determines that the content key K_cThe content obtained by decrypting the encrypted content using is used for the user (step S30). When the use of the content ends, the process returns to the condition determination in step S29, and the content use can be repeated as long as the condition is satisfied.
[0116]
B-9. Enable key update
The enable key update is a process of updating the enable key when the tamper resistance is broken in any of the playback devices 40 participating in the system. After updating the enable key, the content held by the content provider 30 is encrypted with the new content key, and the content token including the new content key is also encrypted with the new enable key. As a result, it is possible to make it impossible to play back content using information included in the playback device 40 whose tamper resistance is broken.
[0117]
In order to realize the use restriction of the content accompanying such update of the enable key, it is necessary to share a new enable key with an authorized playback device 40 whose tamper resistance is not broken. For this reason, the processing for updating the enable key is roughly divided into two parts. The first is to allow a valid playback device 40 other than the one whose tamper resistance is broken to share a new enable key. Second, the content provider 30 updates the content key for all the records in the content table 311 and replaces the encrypted content with a new content key and re-encrypts the content token. It is to replace it with a key that has been regenerated to include a new content key.
[0118]
If the above-mentioned second processing is performed and the version of the enable key is updated, when the content is used in the playback device 40, the enable held by the playback device 40 by checking the version of the enable key (step S31: above) Since the key is known to be old, a new enable key is obtained from the system administrator 20. Therefore, in the present embodiment, only the second process needs to be performed as the enable key update.
[0119]
FIG. 21 shows a processing procedure for updating the enable key in the system administrator 20 in the form of a flowchart.
[0120]
When the system administrator 20 finds a device whose tamper resistance is broken, the system administrator 20 first uses the random number generator 23 to create a new enable key K._r'Is generated (step S41), the enable key in the enable key information 213 of the system administrator 20 is updated, and the enable key version number is incremented by one.
[0121]
Next, the first record in the content provider table 212 is selected (step S42), and an enable key update notification is sent to the content provider address of the selected record (step S43).
[0122]
The enable key update notification indicates that the new enable key is K_r'As PID || time || nonce || E (K_pa, IVER '|| K_r') || MAC (K_pb, PID || time || nonce || E (K_pa, IVER '|| K_r')). Here, PID is the content provider specific number of the content provider that should receive this enable key update notification, time is the generation time of the enable key update notification, nonce is the nonce generated by the system administrator, K_paAnd K_pbIs the content provider's unique key, IVER 'and K_r'Is the new enable key version number and the enable key.
[0123]
When receiving the enable key update notification, the content provider 30 confirms that it is correct (step S44). Here, the content provider specific number included in the enable key update notification is its own, the time time is within an appropriate standard range (for example, 1 minute) from the current time, and the message authentication code is Confirmed to be correct.
[0124]
When it is confirmed that the enable key update notification is correct, the content provider 30 uses the enable key information 313 as the new enable key version number IVER ′ and the enable key K._rReplace with '. Also, the enable key update notification PID || nonce || MAC (K_pb, PID || nonce) is generated and transmitted to the system administrator 20 (step S45). Here, PID is the content provider unique number of the content provider, and nonce is the nonce received in step S44.
[0125]
Next, the content provider 30 updates the content table 311 (step S46). FIG. 22 shows a processing procedure for updating the content table 311 in the form of a flowchart.
[0126]
The content provider 30 first selects the first record in the content table 311 (step S51).
[0127]
Next, the content key K is selected by the random number generator 34 for the selected record._c'Is regenerated (step S52). And the encrypted content E (K) of the selected record_c, Cont) with the content key Kc included in the record, and then the new content key K_cRe-encrypt with 'E (K_c', Cont) is obtained (step S53).
[0128]
Next, a new content key K_c'Content token for IVER' || E (K_r', K_c') Is generated (step S54), and a new content key K is generated._c', Encrypted content E (K_c', Cont), content token IVER' || E (K_r', K_c') Updates the current record (step S55).
[0129]
Next, it is confirmed whether or not the current record is the last record in the content table 311 (step S56). If so, the entire process is terminated. If not, the next record in the content table 311 is selected as the current record. (Step S57), the process returns to Step S52, and the update process is repeated for the next record.
[0130]
Returning to FIG. 21 again, the update process of the enable key will be described. The system administrator 20 sends an enable key update notification PID || nonce || MAC (K_pb, PID || nonce) is received (step S47), it is determined whether the PID and nonce were sent by themselves in step S43 and whether the message authentication code is correct.
[0131]
If the determination result is affirmative, it is confirmed whether or not the current record is the last record in the content provider table 212 (step S48). If it is the last record, the entire processing routine is terminated. Otherwise, the next record in the content provider table 212 is selected as the current record (step S49), and the process returns to step S43 to enable the next record. Repeat the key update process.
[0132]
If the enable key update notification cannot be received on the basis of waiting for an appropriate time in step S47, the process returns to step S43 to re-send the enable update notification.
[0133]
C. Second embodiment
C-1. overall structure
Also in the second embodiment of the present invention, as shown in FIG. 1, the participants include a content provider 30, a system administrator 20, and a playback device 40. A plurality of content providers 30 and playback devices 20 may exist. It is assumed that the playback device 40 is distributed from the system administrator 20 to users who use the system of the present invention. Further, the content provider 30 concludes a contract with the system administrator 20 to provide content (for example, music or image data, electronic documents, software, etc.) to the user, and provides the content to the playback device 40 of the user. .
[0134]
C-2. System Administrator
Since the configuration of the system administrator 20 is substantially the same as that of the first embodiment described above, description thereof is omitted here. All data held by the system administrator 20 is held in the data storage unit 22.
[0135]
23 to 25 schematically show the data configuration held by the system administrator 20.
[0136]
The system administrator 20 includes a playback device table 221 (see FIG. 23) for managing playback device unique numbers, exclusion flags, and playback device unique key sets of all playback devices participating in the system. This playback device table 221 is implemented as a database in which the playback device unique number, the exclusion flag, and the playback device unique key set (described later) for the legitimate playback device 40 can be searched as a table record by the playback device unique number. That's fine.
[0137]
The system administrator 20 is a content provider who manages the content provider unique numbers, content provider unique keys a, content provider unique keys b, and content provider addresses of all content providers 30 participating in the system. Table 222 (see FIG. 24) is provided. The content provider table 221 represents a content provider unique number, a content provider unique key a, a content provider unique key b, and a content provider address as one record, and is a database that can search each record with a content provider unique number. Just implement it.
[0138]
  The enable key information 223 isEnable keyHold the enable key block (see FIG. 25).
[0139]
C-3. Content provider
Since the configuration of the content provider 30 is substantially the same as that of the first embodiment described above, description thereof is omitted here. Of the data held by the content provider 30, the content table is held in the data storage unit 33, and the content provider specific information and enable key information are held in the tamper resistant data storage unit 32. Further, processing using an enable key (acquisition of an enable key described later and content token generation) is performed by the tamper resistant encryption processing unit 31.
[0140]
26 to 28 schematically show the data configuration held in the content provider 30. FIG.
[0141]
The content provider 30 includes a content table 321 (see FIG. 26) for managing the content to be provided. The content table 321 includes one record for each content, and each record includes a content identification number CID, a content key K_c, Content key K_cEncrypted content E (K_c, Cont), content token E (K_r(T), K_c|| CID). The content table 321 may be implemented as a database that can search each record by the content identification number CID. The content identification number CID may be in a format that can be acquired from the encrypted content or content token by the playback device, and may be realized in other formats (same as above).
[0142]
The content provider unique information 322 includes a content provider unique number, a content provider unique key a, and a content provider unique key b (see FIG. 27), which are used by the content provider 30 to use the system. A record determined by the system administrator when the contract is concluded, and a record in which the address of the content provider is added to the same data is also registered in the content provider table 222 of the system administrator 20.
[0143]
  The enable key information 323 indicates the current enable keyVersion numberAnd enable keys (see FIG. 28), and these are acquired from the system administrator 20 in the enable key acquisition procedure (described later).
[0144]
C-4. Playback device
Since the configuration of the playback device 40 is substantially the same as that of the above-described first embodiment, description thereof is omitted here. The playback device 40 has tamper resistance, and all of the following data is held in the data storage unit 42.
[0145]
29 to 30 schematically show the data configuration held in the playback device 40. FIG.
[0146]
The playback device 40 includes playback device specific information 421 and license information 423. The playback device unique information 421 holds a playback device unique number and a playback device unique key set (described later) (see FIG. 29). These are input when the playback device 40 is shipped, and are also registered in the playback device table 221 of the system administrator at the same time.
[0147]
The license information 423 includes a content identification number and a license condition (see FIG. 30), and records license information acquired when the content is used.
[0148]
C-5. Playback device unique key set, enable key block
In the present embodiment, all the playback devices 40 belong to a virtual tree structure. FIG. 31 shows an example of this virtual tree structure. The bottom of the tree structure is called “leaf”. Each playback device corresponds to one leaf. A branch point in the middle of the tree structure is called a “node”. The only node in the top layer is called the “root”. An encryption key is assigned to each leaf and node. This encryption key is generated based on a random number.
[0149]
FIG. 31 shows a case of 16 leaves in a symmetric 4-stage tree structure. However, when there are more leaves and a large number of stages, a non-symmetric tree structure, or the number of branches is 2. You can also consider the case of more than one. See RFC 2627 for such generalizations, for example.
[0150]
  It is assumed that the playback device unique key set of each playback device 40 is a key of a corresponding leaf and a key allocated to a node from the corresponding leaf to the root. For example, the playback device unique key set of the playback device corresponding to leaf 1 in FIG.₀₀₀₁, K₀₀₀, K₀₀, K₀, K_root}. Therefore, if the tamper resistance of the playback device is perfect, K_rootIs shared by all playback devices. Therefore, enable key K_rOn the other hand, the enable key block is {(“root”, E (K_root, K_r))}. However, {a, (b, c)} is element a and (b,c)), And (b,c) Is an elementbWhencRepresents an ordered set of Further, “root” is a character string “root” or a symbol that can identify root (“root”, E (K_root, K_r)) Is the key K of the node whose root is the element following “root”_rootIndicates that it is encrypted with.
[0151]
Next, considering the case where the tamper resistance of the playback device corresponding to a certain leaf is broken, the playback device unique key set possessed by the playback device is leaked._rootIs no longer shared only with legitimate playback devices. However, if a playback device whose tamper resistance is broken can be identified, the unique key set of the playback device can be known. Therefore, using a proper enable key block, only a playback device whose tamper resistance is not broken is newly added. Can acquire a common enable key.
[0152]
As an example, assume that the tamper resistance of the reproducing apparatus corresponding to leaf 1 in FIG. 31 is broken. In this case, {K₀₀₀₁, K₀₀₀, K₀₀, K₀, K_root} Key is leaked. Therefore, the new enable key K_r'{K₀₀₀₁, K₀₀₀, K₀₀, K₀, K_root} May be encrypted using a key not included in} and distributed to each playback device.
[0153]
Also, the playback devices corresponding to leaf 8 to leaf 15 in FIG.₀₀₀₁, K₀₀₀, K₀₀, K₀, K_root} Keys not included in}₁E (K₁, K_r').
[0154]
Similarly, playback devices corresponding to leaf 4 to leaf 7 are {K₀₀₀₁, K₀₀₀, K₀₀, K₀, K_root} Keys not included in}₀₁E (K₀₁, K_r').
[0155]
The playback devices corresponding to leaf 2 and leaf 3 are {K₀₀₀₁, K₀₀₀, K₀₀, K₀, K_root} Keys not included in}₀₀₁E (K₀₀₁, K_r').
[0156]
Finally, leaf 0 is {K₀₀₀₁, K₀₀₀, K₀₀, K₀, K_root} Keys not included in}₀₀₀₀E (K₀₀₀₀, K_r').
[0157]
From this, the enable key block is {("1", E (K₁, K_r')), ("01", E (K₀₁, K_r')), ("001", E (K₀₀₁, K_r')), ("0000", E (K₀₀₀₀, K_r'))}And it is sufficient. FIG. 32 schematically shows the data structure of the enable key block (EBLK).
[0158]
Even when there are a plurality of playback devices to be excluded, the enable key block can be generated in the same manner as described above. In general, when a tree structure with a depth of d and k branches at each node is used, the number of elements of the enable key block required for sharing the enable key excluding m playback devices is at most (k− 1) xdxm (see RFC 2627). By constructing the tree structure with as much symmetry as possible, the depth d is about a logarithm with the number of playback devices N as the base, so that it is much smaller than N and the data size of the enable key block can be reduced. Is possible. Regarding a data structure for efficiently generating an enable key block, Japanese Patent Laid-Open No. 2001-352321 (Title of Invention: Information System, Information Processing Method, Information Recording Medium, and Program Provisional Already Assigned to the Applicant) Medium).
[0159]
C-6. Overview of operation
The operation of the system according to this embodiment including the content provider 30, the system administrator 20, and the playback device 40 will be described below. The system operation consists of initialization, content usage, and enable key update. Each participant in the system first performs initialization, then adds / deletes content, uses content, and updates the enable key.
[0160]
Initialization is first performed by the system administrator 20. The content provider 30 and the playback device 40 are initialized when they newly join the system.
[0161]
Content addition / deletion is processing performed when content provided by the content provider 30 is added or deleted.
[0162]
Content use is processing that is performed when a user receives content from the content provider side to his / her playback device 40 and uses the content. In the following, a case will be described in which a content use license (= use permission) is given to the playback apparatus 40 that has requested use of the content once or multiple times. However, it is assumed that encrypted content, content token, and license are acquired at the same time when content is used, but license acquisition is performed at a different timing from acquisition of encrypted content and content token. Also good. In addition, when a license is acquired, user authentication is generally performed for billing processing or confirmation of content usage rights. However, since it is not directly related to the gist of the present invention, description thereof is omitted here. To do.
[0163]
In the enable key update, the tamper resistance of one of the playback devices 40 participating in the system is broken, and the data (the playback device unique key set) held in the data storage unit 42 in the playback device 40 is leaked. Sometimes, it is a process for making it impossible to decrypt the encrypted content even if such information is used. In this case, the system administrator 20 updates the enable key and generates a new enable key block so that only a valid playback device whose tamper resistance is not broken can obtain the updated enable key. . The content provider 30 is provided with a new enable key and an enable key block from the system administrator 20, re-encrypts the content with the new content key, and regenerates the content token with the new enable key. The encrypted content cannot be decrypted even if the data included in the playback device whose tamper resistance is broken is used. The enable key update is a process performed by the system administrator 20 and the content provider 30.
[0164]
In the following, description will be made in the order of initialization of the playback device 40, the content provider 30, and the system administrator 20, content addition / deletion, content usage, and enable key update.
[0165]
C-7. Initialization
In initialization of the system administrator 20, the enable key K is used by using the random number generator 23._rIs generated. Since it is not necessary to exclude unauthorized persons at this point, the enable key block is {("root", E (K_root, K_r))}, And the enable key and the enable key block are held as enable key information 213. Further, the playback device table 221 and the content provider table 222 are set to have no records.
[0166]
The content provider 30 concludes a usage contract for the content usage right management system before initialization. At that time, a unique content provider unique number PID and a content provider unique key K with the system administrator 20_pa, K_pbIs stored in the content provider specific information 312. At this time, the content provider unique number PID and the content provider unique key K are also stored in the content provider table 222 of the system administrator 20._pa, K_pbA new record consisting of the content provider address is added. This procedure is preferably performed off-line. After the above registration procedure is completed, the content provider 30 initializes the content table 321 with no records and obtains an enable key and an enable key block.
[0167]
In the system according to the present embodiment, the content provider 30 acquires the enable key and the enable key block in accordance with the processing procedure shown in the form of a flowchart in FIG.
[0168]
First, an enable key acquisition request is sent from the content provider 30 to the system administrator 20 (step S1). The enable key acquisition request includes a content provider unique number PID and a content provider unique key K._pa, K_pbPID || nonce || MAC (K_pb, Nonce || PID). Nonce is a nonce (a random number used only once) generated by the content provider 30.
[0169]
The system administrator 20 searches the content provider table 222 using the content provider specific number PID from the received enable key acquisition request. If the search is successful, the corresponding content provider unique key K_pa, K_pbIs used to confirm that the enable key acquisition request is correct (the message authentication code included in the enable key acquisition request is correct) (step S2).
[0170]
If the confirmation of the enable key acquisition request is successful, the system administrator 20 enables the enable token PID || nonce || E (K_pa, K_r) || EBLK || MAC (K_pb, PID || nonce || E (K_pa, K_r) || EBLK). FIG. 33 schematically shows the data structure of the enable token. Where K_rIs the enable key, K_pa, K_pbIs a content provider unique key, nonce is a nonce received from the content provider in step S2, and EBLK is an enable key block.
[0171]
The system administrator 20 sends the generated enable token to the content provider 40. In response to this, the content provider 30 confirms that the enable token is correct, that is, that the message authentication code included in the enable token is correct, and that the nonce matches with the one sent in step S1 (step S5). ).
[0172]
Then, if the content provider succeeds in confirming, the enable key K to the enable key K_rThe enable key block EBLK is extracted (step S6) and held as enable key information 323.
[0173]
When the playback device 40 is shipped, the playback device unique number UID and the playback device unique key set {K_root, K_x, K_xx, K_xxx,... Are determined and registered with the system administrator 20. As a result, the playback device table 221 of the system administrator 20 stores the playback device unique number UID, the exclusion flag value OFF, and the playback device unique key set {K_root, K_x, K_xx, K_xxx, ...} is added.
[0174]
C-8. Content addition / deletion
A process for adding or deleting content provided by the content provider will be described. FIG. 17 shows a processing operation when adding or deleting content in the content provider 30 in the form of a flowchart.
[0175]
First, the content provider 30 determines whether content is added or deleted (step S11).
[0176]
If adding content Cont, content key K for the content to be added_cIs newly generated by the random number generator 34, and the content identification number CID is generated as a concatenation of a unique number for each content handled by the content provider 30 and a content provider unique number (step S12).
[0177]
Next, the content key K generated in step S12_cTo encrypt the additional content Cont with the encrypted content E (K_c, Cont) is obtained (step S13). Next, the content key K_cContent token IVER || E (K_r, K_c|| CID) is generated (step S14).
[0178]
The content identification number CID and the content key K_cAnd encrypted content E (K_c, Cont) and content token IVER || E (K_r, K_c|| CID) is added as a new record in the content table 321 (step S15), and the entire processing routine is terminated.
[0179]
On the other hand, if it is determined in step S11 that the content is to be deleted, a record of the content to be deleted is searched from the content table 321 (step S16), the record is deleted (step S17), and the entire processing routine is performed. Exit.
[0180]
C-9. Content usage
Content use is processing when content is sent from the content provider 30 to the user's playback device 40 and used on the user side. FIG. 34 shows a processing procedure for using the content acquired by the user's playback device 40 from the content provider 30 in the form of a flowchart.
[0181]
First, when a user selects content to be used on his / her playback device 40 (step S61), in response to this, the identification number CID of the selected content is notified to the content provider 30.
[0182]
In this content selection operation, for example, a general web browser or the like displays a content content (for example, a song name if the content is music) and a button for which the user wants to use the user, and the user presses the button with a mouse or the like. It can be implemented by a GUI operation such as clicking with the button. However, since the configuration of such a user interface is general and is not directly related to the gist of the present invention, it will not be described further here.
[0183]
At this time, the user is generally authenticated for the purpose of purchasing the right to use the selected content or confirming that the user already has the right. However, since this is not directly related to the gist of the present invention as described above, the description thereof is omitted here. Therefore, hereinafter, the description of the present embodiment will be made on the assumption that the user has selected an item to be used and the usage right for the content has been confirmed.
[0184]
When the content provider 30 receives a notification of the identification number of the content desired to be used from the user, the content provider 30 searches the content table 321 for a record corresponding to the identification number (step S62). Then, the encrypted content E (K_c, Cont) and content token E (K_r, K_c|| CID) and the enable key block EBLK of the enable key information 323 are sent to the playback device 40 of the requesting user (step S63). FIG. 35 schematically shows the data structure of the content distribution format sent at this time.
[0185]
The playback device 40 uses the encrypted content E (K_c1, Cont), content token E (K_r, K_c|| CID) and the set of the enable key block EBLK, the enable key is subsequently acquired from the enable key block EBLK (step S64).
[0186]
On the other hand, if acquisition of the enable key has failed (that is, the key that encrypted the enable key is not included in the playback device unique key set that the player owns), the content use fails and the entire processing routine is finish.
[0187]
When acquiring the enable key, the playback device 40 sends a nonce (one-time random number) to the content provider 30 (step S65). In response to this, the content provider 30 generates a license token (step S66). Then, the content provider 30 sends the generated license token to the playback device 40 (step S67).
[0188]
FIG. 36 schematically shows the data structure of the license token. The license token is CID || CND || nonce || MAC (K_c, CID || CND || nonce). CID is the identification number of the content to be used, CND is the use permission condition, and nonce is the nonce sent from the playback device 40 in step S65.
[0189]
The license token may be data that can be confirmed by the playback apparatus 40 by an authorized person (generally, the content provider 30) who gives permission to use the content. Therefore, instead of using the message authentication code as described above, the content key K_cEncrypted data E (K_c, CID || CND || nonce). Further, if the authorized person who gives permission to use the content is a third party other than the content provider 30 or the system administrator 20, the content key K_cInstead of the encryption key (for example, the enable key K) that can be used in common between these and the playback device 40._r) Can also be used.
[0190]
Next, on the playback device 40 side, the license token received from the content provider 30 is confirmed (step S68). That is, it is confirmed that the nonce included in the license token is the same as that sent in step S65 and that the message authentication code is correct. If it is confirmed that the license token is correct, the playback device 40 holds the content identification number CID and use permission condition CND included in the license token as license information 423 of the playback device 40. To do.
[0191]
Next, the playback device 40 confirms that the content identification number CID of the license information 423 matches the content identification number CID held in the license information storage area (step S68), and further confirms the license, ie, uses permission. It is confirmed that the condition CND is satisfied (step S69). CND is, for example, the number of times it can be used or an expiration date. If CND is available, the condition is satisfied as long as it is greater than 0 by subtracting 1 for each confirmation. If the CND is valid, it is determined that the condition is satisfied as compared with the actual time measured by the clock 45 of the playback device 40. As described above, when the expiration date is not used as the usage rule CND, the playback device 40 does not require the clock 45. Even when the expiration date is used, the absolute time is held as the clock 45 when the expiration date is not specified by the time but is specified by the elapsed time (period) after receiving the license. You don't have to use what you do.
[0192]
If it is determined in step S69 that the content usage conditions are satisfied, the playback device 40 determines that the content key K_cUse the content obtained by decrypting the encrypted content using. When the use of the content ends, the process returns to the condition determination in step S69, and the content use can be repeated as long as the content use condition is satisfied.
[0193]
C-10. Enable key update
The enable key update is a process for making it impossible to reproduce content using information included in the reproduction device 40 whose tamper resistance is broken. Specifically, when the tamper resistance of any of the playback devices 40 participating in the system is broken, the enable key is updated and the content held by the content provider 30 is encrypted. The content token including the new content key is encrypted with the new enable key.
[0194]
Further, in order to make it possible to use a new enable key for the legitimate playback device 40, an enable key block from which a new enable key can be obtained from a playback device other than the playback device whose tamper resistance is broken is provided in the system. The administrator 20 provides the content provider 30, and the content provider 30 distributes it to the playback device 40 when the content is used.
[0195]
FIG. 21 shows a processing procedure for updating the enable key in the system administrator 20 in the form of a flowchart.
[0196]
When the system administrator 20 finds a playback device whose tamper resistance is broken, the system administrator 20 turns on the exclusion flag of the record of the corresponding playback device in the playback device table 221 and uses the random number generator 23 to enable a new enable. Key K_r'And generate a new enable key block EBLK' from the new enable key and the information of the playback device whose tamper resistance is broken (the playback device unique key set of the record whose exclusion flag in the playback device table 221 is ON). Generate (step S41). Then, the system administrator 20 updates the enable key and the enable key block in the enable key information 223.
[0197]
Next, the first record in the content provider table 222 is selected (step S42), and an enable key update notification is sent to the content provider address of the selected record (step S43).
[0198]
Enable key renewal notification is a new enable key K_r'As PID || time || nonce || E (K_pa, K_r') || EBLK' || MAC (K_pb, PID || time || nonce || E (K_pa, Kr ′) || EBLK ′). Here, PID is the content provider specific number of the content provider 30 that should receive this enable key update notification, time is the generation time of the enable key update notification, nonce is the nonce generated by the system administrator 20, K_paAnd K_pbIs the content provider unique key, K_r'Is a new enable key, and EBLK' is a new enable key block.
[0199]
Upon receiving the enable key update notification, the content provider 30 confirms that it is correct (step S44). Specifically, the content provider unique number included in the enable key update notification is own, the time time is within an appropriate reference range (for example, 1 minute) from the current time, and message authentication. Make sure the code is correct.
[0200]
When it is confirmed that the enable key update notification is correct, the content provider 30 adds a new enable key K_r'And the enable key block EBLK' are extracted, and the enable key information 323 is updated. Also, the enable key update notification PID || nonce || MAC (K_pb, PID || nonce) is generated and transmitted to the system administrator 20 (step S45). Here, PID is the content provider unique number of the content provider, and nonce is the nonce received in step S44.
[0201]
Next, the content provider 30 updates the content table 321 (step S46). FIG. 22 shows a processing procedure for updating the content table 321 in the form of a flowchart.
[0202]
The content provider 30 first selects the first record in the content table 311 (step S51).
[0203]
Next, the content key K is selected by the random number generator 34 for the selected record._c'Is regenerated (step S52). And the encrypted content E (K) of the selected record_c, Cont) is a content key K included in the record._cDecrypted with the new content key K_cRe-encrypt with 'E (K_c', Cont) is obtained (step S53).
[0204]
Next, the content token E (K for the new content key Kc ′_r', K_c') Is generated (step S54), and a new content key K is generated._c', Encrypted content E (K_c', Cont), content token E (K_r', K_c') Updates the current record (step S55).
[0205]
Next, it is confirmed whether or not the current record is the last record in the content table 311 (step S56). If so, the entire process is terminated. If not, the next record in the content table 311 is selected as the current record. (Step S57), the process returns to Step S52, and the update process is repeated for the next record.
[0206]
Returning to FIG. 21 again, the update process of the enable key will be described. The system administrator 20 sends an enable key update notification PID || nonce || MAC (K_pb, PID || nonce) is received (step S47), it is determined whether the PID and nonce were sent by themselves in step S43 and whether the message authentication code is correct.
[0207]
If the determination result is affirmative, it is confirmed whether or not the current record is the last record in the content provider table 212 (step S48). If it is the last record, the entire processing routine is terminated. Otherwise, the next record in the content provider table 212 is selected as the current record (step S49), and the process returns to step S43 to enable the next record. Repeat the key update process.
[0208]
If the enable key update notification cannot be received on the basis of waiting for an appropriate time in step S47, the process returns to step S43 to re-send the enable update notification.
[0209]
[Supplement]
The present invention has been described in detail above with reference to specific embodiments. However, it is obvious that those skilled in the art can make modifications and substitutions of the embodiment without departing from the gist of the present invention. That is, the present invention has been disclosed in the form of exemplification, and the contents described in the present specification should not be interpreted in a limited manner. In order to determine the gist of the present invention, the claims section described at the beginning should be considered.
[0210]
【The invention's effect】
As described above in detail, according to the present invention, an excellent content use management system capable of controlling the use of content and protecting the content by giving a license to the content user, using the content, or An information processing apparatus or an information processing method to be provided, and a computer program can be provided.
[0211]
In addition, according to the present invention, an excellent content usage management system, an information processing apparatus or an information processing method for using or providing content, which can give a license to the content user while preventing unauthorized use of the content key As well as computer programs.
[0212]
According to the present invention, content usage permission is not a key for decrypting encrypted content (content key), but content usage permission in a format that allows the playback device to determine the identification number (license token) of the content permitted to be used. A license is given by the authorized person. Accordingly, it becomes possible to give the usage permission without confirming whether or not the destination to which the usage permission is given protects the right, and the processing at the time of giving the usage permission can be speeded up.
[0213]
In addition, according to the present invention, since only an authorized playback device does not have an enable key, even if an authorized user of content grants permission to an unauthorized playback device, the content can be decrypted by that device. The right to use the content is protected.
[0214]
Further, according to the present invention, since the content key is encrypted with an encryption key (enable key) that can be used only by a valid playback device and distributed together with the content, special processing is performed on the playback device side even if the content key is changed. Do not need.
[0215]
In addition, according to the present invention, when a playback device whose tamper resistance is broken occurs, the enable key is changed, and a new enable key is assigned to a valid playback device and content provider whose tamper resistance is not broken. By distributing the content, it is possible to make it impossible to use the content distributed thereafter even if the information included in the playback device whose tamper resistance is broken is used.
[0216]
The important point in the present invention is that the license is not a content key, so that even if a license is given to an arbitrary device, the content can actually be decrypted only to a legitimate playback device that shares an enable key in advance. ,That's what it means. Therefore, according to the present invention, it is not necessary to specify a playback device to be issued when issuing a license and issue a dedicated license to each playback device. As a result, it is possible to process license issuance at high speed, and it is possible to realize a license issuance process with good scalability with respect to an increase in the number of playback devices.
[Brief description of the drawings]
FIG. 1 is a diagram showing participants of a system according to a first embodiment of the present invention.
FIG. 2 is a diagram schematically showing the configuration of a system administrator 20;
FIG. 3 is a diagram schematically showing a data configuration held in the system administrator 20;
FIG. 4 is a diagram schematically showing a data configuration held in the system administrator 20;
FIG. 5 is a diagram schematically showing a data configuration held in the system administrator 20;
6 is a diagram schematically showing a functional configuration of a content provider 30. FIG.
7 is a diagram schematically showing a data configuration held in the content provider 30. FIG.
FIG. 8 is a diagram schematically showing a data configuration held in the content provider 30. FIG.
FIG. 9 is a diagram schematically showing a data configuration held in the content provider 30. FIG.
FIG. 10 is a diagram schematically illustrating a functional configuration of the playback device 40;
FIG. 11 is a diagram schematically showing a data configuration held in the playback device 40;
12 is a diagram schematically showing a data configuration held in the playback device 40. FIG.
13 is a diagram schematically showing a data configuration held in the playback device 40. FIG.
FIG. 14 is a flowchart showing a processing procedure for the content provider 30 or the playback apparatus to obtain an enable key from the system administrator 20;
FIG. 15 is a diagram showing a data structure of an enable token.
FIG. 16 is a diagram showing a data structure of an enable token.
FIG. 17 is a flowchart showing operation characteristics in the content provider 30;
FIG. 18 is a flowchart showing a processing procedure for the user's playback device 40 to use content acquired from the content provider 30;
FIG. 19 is a diagram showing a data structure of a content distribution format sent from the content providing apparatus 30 to the playback apparatus 40.
FIG. 20 is a diagram showing a data structure of a license token.
FIG. 21 is a flowchart showing a processing procedure for updating an enable key in the system administrator 20;
FIG. 22 is a flowchart showing a processing procedure for updating a content table.
FIG. 23 is a diagram schematically illustrating a data configuration held in the system administrator 20;
FIG. 24 is a diagram schematically illustrating a data configuration held in the system administrator 20;
FIG. 25 is a diagram schematically showing a data configuration held in the system administrator 20;
FIG. 26 is a diagram schematically showing a data configuration held in the content provider 30.
FIG. 27 is a diagram schematically showing a data configuration held in the content provider 30. FIG.
FIG. 28 is a diagram schematically showing a data configuration held in the content provider 30.
29 is a diagram schematically showing a data configuration held in the playback device 40. FIG.
30 is a diagram schematically showing a data configuration held in the playback device 40. FIG.
Fig. 31 is a diagram illustrating an example of a virtual tree structure to which all the playback devices belong.
FIG. 32 is a diagram schematically showing the data structure of an enable key block.
FIG. 33 is a diagram schematically showing the data structure of an enable token.
FIG. 34 is a flowchart showing a processing procedure for a user's playback device 40 to use content acquired from a content provider 30.
FIG. 35 is a diagram schematically showing a data configuration of a content distribution format sent to the playback device 40.
FIG. 36 is a diagram schematically showing the data structure of a license token.
[Explanation of symbols]
20 ... System administrator
21 ... Cryptographic processing unit, 22 ... Data storage unit
23 ... random number generator, 24 ... clock
25. Communication processing unit
30 ... Content provider
31 ... Tamper resistant encryption processing unit, 32 ... Tamper resistant data storage unit
33 ... Data storage unit, 34 ... Random number generator
35 ... Communication processing unit, 36 ... Clock
40. Playback device
41 ... Cryptographic processing unit, 42 ... Data storage unit
43 ... random number generator, 44 ... communication processor
45 ... clock

Claims (16)

A content usage management system that manages content usage by distributing licenses,
One or more playback devices using content, one or more content providing means for providing content to the playback device, and system management means for managing use of the content provided by the content providing means in the playback device,
The system management unit holds a reproduction device unique key for each reproduction device, a content provision unit unique key for each content provision unit, and an enable key,
Each of the content providing means includes the enable key acquired from the system management means, identification information for each content to be provided, a content key, encrypted content encrypted with the content key, and data including the content key. Holds a set of content tokens consisting of data encrypted with a key and the unique key of the content providing means itself,
Each of the playback devices holds a unique key of the playback device itself, an enable key acquired from the system management unit, and license information about the content provided from the content providing unit,
The system management means securely sends the enable key using the corresponding content providing means unique key to each of the content providing means, and assigns a corresponding reproducing apparatus unique key to each of the reproducing apparatuses. Use to securely send the enable key,
When content is sent from any of the content providing means to any of the playback devices and used by the playback device,
The content providing means sends the encrypted content and the corresponding content token to the playback device,
The playback device generates a nonce and sends it to the content providing means,
The content providing means generates a license token including information related to the nonce and the content in a format that allows the playback apparatus to confirm the content providing means, and sends the license token to the playback apparatus.
The playback device confirms that the source of the received license token is the content providing means and includes the nonce generated by itself, and then uses the enable key to obtain the content key from the content token. Decrypting and using the encrypted content using the content key;
A content use management system characterized by this. An information processing apparatus that operates as a content providing unit in the content use management system according to claim 1 and provides content safely by distributing a license,
Content encryption means for encrypting content with a unique content key for each content;
Content token generating means for generating a content token obtained by encrypting data including a content key with an enable key;
Content providing means for distributing encrypted content to the playback device together with a content token;
Nonce receiving means for receiving a nonce that is a one-time random number from the playback device;
A license token issuing means for distributing a license token including at least the received nonce and its authentication information to the playback device;
An information processing apparatus comprising: The license token issuing means issues a license token including usage conditions such as the number of times permitted to use the content and a period,
The information processing apparatus according to claim 2. The content encryption means encrypts with the content key including the identification information as part of the content, or the content token generation means encrypts with the enable key including the content identification information as part of the content key. ,
The information processing apparatus according to claim 2. An information processing apparatus that operates as system management means in the content usage management system according to claim 1 and manages usage of content,
  An enable key issuing means for issuing an enable key to a device that properly uses content;
An information processing apparatus comprising: The enable key issuing means distributes an enable key in advance to the playback device that properly uses the content;
The information processing apparatus according to claim 5. The enable key issuing means issues a unique enable key for each legitimate device that uses the content.
The information processing apparatus according to claim 5. The enable key issuing means issues an enable key having a hierarchical structure composed of data having a size proportional to the logarithm of the number of the devices to the playback device that properly uses the content.
The information processing apparatus according to claim 5. The enable key issuing means issues an enable key in a format that can be acquired only by the playback device that properly uses the content.
The information processing apparatus according to claim 5. The enable key is held in a tamper-resistant storage means in the playback device that properly uses the content,
The enable key issuing means updates the enable key in response to the occurrence of a device whose tamper resistance has been destroyed.
The information processing apparatus according to claim 5. An information processing apparatus that operates as a playback device in the content usage management system according to claim 1 and that performs legitimate use of content by acquiring a license,
Content acquisition means for acquiring content from the content providing means;
Nonce issuing means for issuing a nonce that is a one-time random number and sending it to the content providing means;
A license token related to content is received from the content providing means, and it is authenticated whether the nonce issued by the nonce issuing means is included and obtained from an authorized person authorized to use the content A license token verification means for verifying the validity of the license token,
In response to the validity of the license token, content using means for using the corresponding content;
An information processing apparatus comprising: An enable key holding means for holding an enable key acquired from the system management means;
The content acquisition means acquires encrypted content encrypted with a content key together with a content token in which data including the content key is encrypted with an enable key,
The content using means decrypts the content token of the content corresponding to the license token with the enable key to extract the content key, and causes the user to use the content obtained by decrypting the encrypted content with the content key.
The information processing apparatus according to claim 11. The license token contains the identification information of the corresponding content and the usage conditions of the content,
The content use means interrupts the use of the content if the license token is valid, but does not match the identification information of the content permitted to be used, or if the use conditions are not satisfied,
The information processing apparatus according to claim 11. 2. A computer program written in a computer-readable format so as to operate on a computer as a content providing means in the content use management system according to claim 1 and to safely execute a process for providing content by distributing a license. And the computer
Content encryption means for encrypting content with a unique content key for each content;
Content token generating means for generating a content token obtained by encrypting data including a content key with an enable key;
Content providing means for distributing encrypted content to the playback device together with a content token;
Nonce receiving means for receiving a nonce which is a one-time random number from the playback device;
A license token issuing means for distributing a license token including at least the received nonce and its authentication information to the playback device;
Computer program to function as A computer program written in a computer-readable format to operate on a computer as a system management means in the content usage management system according to claim 1, The computer,
An enable key issuing means for issuing an enable key to a device that properly uses content;
The computer program to function as. 2. A computer program written in a computer-readable format so as to operate on a computer as a playback device in the content usage management system according to claim 1 and to perform a legitimate use of content by acquiring a license. And the computer
Content acquisition means for acquiring content from the content providing means;
Nonce issuing means for issuing a nonce that is a one-time random number and sending it to the content providing means;
A license token related to content is received from the content providing means, and it is authenticated whether the nonce issued by the nonce issuing means is included and obtained from an authorized person authorized to use the content A license token verification means for verifying the validity of the license token,
In response to the validity of the license token, content use means for using the corresponding content;
Computer program to function as

Images