JP4479698B2 - Content provision system - Google Patents

Description

The present invention relates to a content providing system , and more particularly to a content providing system that can reliably prevent unauthorized use of content .

  In recent years, various broadband environments are being developed, and distribution services for various contents such as music data and video data have begun to be started in earnest.

  For example, a subscription-type music distribution service such as “PressPlay (trademark)” is provided. In this music distribution service, the user is set in advance by paying a monthly fixed fee. (For example, up to 1000 songs can be played in streaming playback, up to 100 songs can be downloaded and saved on the hard disk of a personal computer, and written (copied) to a CD (Compact Disk) -R. In any case, the music content can be used under any condition that allows copying up to 20 songs.

  By the way, as a system for managing the right information of a user who receives content provided by such a distribution service, for example, in Japanese Patent Laid-Open No. 2001-352321, nodes corresponding to a plurality of services are arranged in a tree shape. Valid including key information (DNK (Device Node Key)) set in the node that exists on the path from the node corresponding to a given service to the node (device) of each leaf belonging to that service in the system It is disclosed to use an enabling key block (EKB).

  In this system, EKB is added to the content distributed in a certain service, and by using the DNK given to each device, the updated key information included in EKB is acquired, You manage the devices that can use the service. In this case, a device that cannot obtain updated key information from the EKB using the DNK cannot subsequently receive a service.

  As a result, the use of content in each device can be managed without performing authentication processing or the like between the server that provides the content and the device each time.

  However, in the system using this EKB, when the information described in the EKB is read, all the contents distributed from a certain service (all contents with the same EKB added) based on the information There was a problem that could be used.

  For example, when data 1 and data 2 are provided from service A in the format shown in FIG. 1, device A that has acquired the contents described in EKB of data 1 uses the acquired key information. As a result, not only the content 1 included in the data 1 but also the content 2 included in the data 2 can be used.

  That is, as shown in FIG. 1, data 1 includes EKB, a content key 1 (Kc1) encrypted by a root key (a key corresponding to a node at the root of the system) included in EKB (Kroot), and a content When the device A acquires the root key from the EKB, the device A decrypts the content key 1 with the root key, and the content key 1 with the acquired content key 1 is composed of the content 1 (Content1) encrypted with the key 1. Can be decrypted.

  Further, the device A can acquire the content key 2 (Kc2) included in the data 2 having the same format as the data 1 by using the root key acquired from the EKB of the data 1, and the acquired content With key 2, content 2 (Content2) can be decrypted.

  Therefore, in the device from which the root key is obtained from the data 1, for example, the data 2 is obtained without any right, such as that provided by being recorded on a recording medium from another device. Even if it exists, it can be used, and such illegal use hinders the proper distribution of the content and loses the profit of the provider providing the content.

  The present invention has been made in view of such a situation, and makes it possible to reliably prevent unauthorized use of content.

  The content providing system according to the present invention includes a content server that provides content, a license server that provides a right to use the content, and information between the content server and the license server via a network. In the content providing system including the information processing device that transmits and receives the information, the information processing device includes a device node key corresponding to the information processing device and an individual key unique to the information processing device with respect to the license server. Request means for requesting transmission of service data, receiving means for receiving the service data transmitted from the license server in response to a request by the request means, and storage for storing the service data received by the receiving means Means and the content server Receiving the encrypted content data and the encrypted first key, and obtaining an encrypted second key corresponding to the content obtained in response to an instruction to use the content from the license server. Using the receiving means for receiving the usage right including the device node key included in the service data stored in the storage means, and decrypting and extracting the encrypted first key, Decrypting and extracting the encrypted second key from the received usage right using a key, and performing a predetermined calculation with the extracted first key and second key The calculation means for generating the decryption key of the encrypted content data in the above, the decryption means for decrypting the encrypted content data using the decryption key, and the content data decrypted by the decryption means The content server includes the decryption key, the second key transmitted from the service server to the information processing apparatus in the usage right, and the second key. Generating means for generating the first key used for generating the decryption key by performing the predetermined operation, and the first key generated by the generating means by means of the device node key An encryption means for encrypting the content data using a decryption key, the first key encrypted by the encryption means, and the content data Transmitting means for transmitting to the device and transmitting the second key to the license server, wherein the license server receives the second key transmitted from the content server. Means, an encryption means for encrypting the second key received by the receiving means using a public key corresponding to the individual key of the information processing apparatus, the device node key, and the information processing apparatus Transmitting the service data including the individual key to the information processing apparatus and transmitting the usage right including the second key encrypted by the encryption means to the information processing apparatus. Prepare.

  In the content providing system of the present invention, the information processing apparatus requests the license server to transmit service data including a device node key corresponding to the information processing apparatus and an individual key unique to the information processing apparatus. The service data transmitted from the license server in response to the request is received, and the received service data is stored. In addition, the encrypted content data and the encrypted first key are received from the content server, and the content is acquired in response to an instruction to use the content from the license server. A usage right including the encrypted second key is received. Using the device node key included in the service data, the encrypted first key is decrypted and extracted, and from the received usage right, the encrypted key is encrypted using the individual key. A second key is decrypted and extracted, and a decryption key for the encrypted content data is generated by performing a predetermined operation on the extracted first key and second key. The encrypted content data is decrypted using the decryption key, and the decrypted content data is reproduced. Further, the content server performs the predetermined calculation using the decryption key, the second key included in the usage right and transmitted from the service server to the information processing apparatus, and the second key. The first key used for generating the decryption key is generated, the generated first key is encrypted in a form that can be decrypted by the device node key, and the content data is And encrypted using the decryption key. Further, the encrypted first key and the content data are transmitted to the information processing apparatus, and the second key is transmitted to the license server. Further, the license server receives the second key transmitted from the content server, and the received second key is encrypted using a public key corresponding to the individual key of the information processing apparatus. The service data including the device node key and the individual key of the information processing apparatus is transmitted to the information processing apparatus, and the usage right including the encrypted second key is the information processing apparatus. Sent to.

  According to the present invention, content can be provided. Also, unauthorized use of content can be prevented.

  FIG. 2 shows a configuration of a content providing system to which the present invention is applied. Connected to the Internet 2 are clients 1-1 and 1-2 (hereinafter simply referred to as client 1 when these clients do not need to be individually distinguished). Although only two clients are shown in this example, an arbitrary number of clients are connected to the Internet 2.

  The Internet 2 includes a content server 3 that provides content to the client 1, a license server 4 that grants a usage right necessary for using the content provided by the content server 3, and the client When 1 receives a usage right, a charging server 5 is connected to perform charging processing for the client 1.

  An arbitrary number of these content servers 3, license servers 4, and billing servers 5 are also connected to the Internet 2.

  FIG. 3 shows the configuration of the client 1.

  In FIG. 3, a CPU (Central Processing Unit) 21 executes various processes according to a program stored in a ROM (Read Only Memory) 22 or a program loaded from a storage unit 28 to a RAM (Random Access Memory) 23. To do. The timer 20 performs a time measuring operation and supplies time information to the CPU 21. The RAM 23 also appropriately stores data necessary for the CPU 21 to execute various processes.

  The encryption / decryption unit 24 performs a process of encrypting the content and decrypting the already encrypted content. The codec unit 25 encodes content by, for example, ATRAC (Adaptive Transform Acoustic Coding) 3 method, and supplies the encoded content to the semiconductor memory 44 connected to the drive 30 via the input / output interface 32 for recording. Alternatively, the codec unit 25 decodes the encoded data read from the semiconductor memory 44 via the drive 30. The semiconductor memory 44 is configured by, for example, a Memory Stick (trademark).

  The CPU 21, ROM 22, RAM 23, encryption / decryption unit 24, and codec unit 25 are connected to each other via a bus 31. An input / output interface 32 is also connected to the bus 31.

  The input / output interface 32 includes an input unit 26 including a keyboard and a mouse, a display including a CRT (Cathode Ray Tube) and an LCD (Liquid Crystal Display), an output unit 27 including a speaker, a hard disk, and the like. A communication unit 29 including a storage unit 28, a modem, a terminal adapter, and the like is connected. The communication unit 29 performs communication processing via the Internet 2. The communication unit 29 also performs communication processing of analog signals or digital signals with other clients.

  A drive 30 is connected to the input / output interface 32 as necessary, and a magnetic disk 41, an optical disk 42, a magneto-optical disk 43, a semiconductor memory 44, or the like is appropriately mounted, and a computer program read from these is loaded. Installed in the storage unit 28 as necessary.

  Although illustration is omitted, the content server 3, the license server 4, and the billing server 5 are also configured by a computer having basically the same configuration as the client 1 shown in FIG. Therefore, in the following description, the configuration of FIG. 3 is also referred to as the configuration of the content server 3, the license server 4, the billing server 5, and the like.

  In the present invention, as shown in FIG. 4, devices and keys are managed based on the principle of the broadcast encryption method. The keys have a hierarchical tree structure, and the bottom leaf corresponds to a key unique to each device. Hierarchical tree structure key management used in the system of the present invention is described in Japanese Patent Laid-Open No. 2001-352321. In the case of the example in FIG. 4, keys corresponding to 16 devices from number 0 to number 15 are generated.

  Each key is defined corresponding to each node of the tree structure indicated by a circle in the figure. In this example, a root key KR (also referred to as Kroot as appropriate) is defined corresponding to the uppermost root node, and keys K0 and K1 are defined corresponding to the second node. Keys K00 to K11 are defined corresponding to the third level nodes, and keys K000 to K111 are defined corresponding to the fourth level nodes. The keys K0000 to K1111 correspond to the leaves (device nodes) as the lowermost nodes.

  Because of the hierarchical structure, for example, the upper key of the key K0010 and the key K0011 is K001, and the upper key of the key K000 and the key K001 is K00. Similarly, the upper key of the keys K00 and K01 is K0, and the upper key of the keys K0 and K1 is KR.

  Keys that use content are managed by keys corresponding to the nodes of one path from the lowest device node (leaf) to the highest root node. For example, in the device corresponding to the leaf of number 3, the key for using the content is managed by each key of the path including the keys K0011, K001, K00, K0, and KR.

  In the system of the present invention, as shown in FIG. 5, a key system configured based on the principle of FIG. 4 manages device keys and content keys. In the example of FIG. 5, nodes of 8 + 24 + 32 levels have a tree structure, and categories correspond to the nodes from the root node to the lower 8 levels. The category here means a category such as a category of a device that uses a semiconductor memory such as a memory stick or a category of a device that receives a digital broadcast. This system (appropriately referred to as the T system) corresponds to one of the category nodes as a system for managing the usage rights.

That is, a service provider or a service provided by a service provider is associated with a key corresponding to a node of 24 levels in a lower hierarchy than the node of the T system. Therefore, in the example of FIG. 5, 2 ²⁴ (about 16 mega) service providers or services can be defined. Further, 2 ³² (about 4 Giga) users (client 1) can be defined by the lowest 32 levels. The key corresponding to each node on the path from the lowest 32 nodes to the T system node constitutes a DNK (Device Node Key), and the ID corresponding to the lowest leaf is the leaf ID.

  The content key obtained by encrypting the content is encrypted by the updated root key KR ′, and the update node key of the upper hierarchy is encrypted using the update node key of the immediately lower hierarchy, and EKB (Enabling Key Block: (Activation key block) (described later with reference to FIG. 7).

  The update node key one level above the end in the EKB is encrypted by the node key or leaf key at the end of the EKB, and placed in the EKB. The client 1 uses the DNK key described in the service data to decrypt the update node key of the latest higher hierarchy described in the EKB distributed with the content, and the node key obtained by decoding Is used to decrypt the update node key of the hierarchy further described in the EKB. By sequentially performing the same processing, the client 1 can obtain the updated root key KR ′. The service data is supplied from the license server 4 when information about the client 1 is registered, and a license for a combination of the service data and a usage right that is information that permits the use of specific content, which will be described later, is licensed. Call it.

  FIG. 6 is a diagram illustrating a specific example of classification of categories in a hierarchical tree structure.

  In FIG. 6, a root key KR2301 is set at the top level of the hierarchical tree structure, a node key 2302 is set at the intermediate level below, and a leaf key 2303 is set at the bottom level. Each device has an individual leaf key, a series of node keys from the leaf key to the root key, and a device node key (DNK) consisting of the root key.

  A predetermined node from the top level to the M-th level (M = 8 in the example of FIG. 5) is set as the category node 2304. That is, each of the M-th level nodes is a device setting node of a specific category. Nodes and leaves of the M + 1th stage and below with one node of the Mth stage as a vertex are nodes and leaves related to devices included in the category.

  For example, a category [Memory Stick (trademark)] is set in one node 2305 in the M-th row in FIG. 6, and nodes and leaves connected to this node are dedicated to the category including various devices using memory sticks. Set as a node or leaf. That is, nodes 2305 and below are defined as a set of related nodes and leaves of devices defined in the memory stick category.

  A stage that is several stages lower than the M stage can be set as the subcategory node 2306. In the example of FIG. 6, a node 2306 of “reproduction-only device” is set as a subcategory node included in the category of the device using the memory stick in a node two stages below the category [memory stick] node 2305. In addition, the node 2307 of the telephone with music playback function included in the category of the playback-only device is set below the node 2306 of the playback-only device that is a subcategory node, and further below that is included in the category of the telephone with music playback function. [PHS] node 2308 and [mobile phone] node 2309 are set.

  Categories and subcategories are not only the types of devices, but also arbitrary units such as nodes managed uniquely by a certain manufacturer, content provider, settlement organization, etc., that is, processing units, jurisdiction units, service units provided, etc. And hereinafter referred to as an entity).

  For example, by setting one category node as a vertex node dedicated to the game device XYZ sold by the game device manufacturer, the game device XYZ sold by the manufacturer stores the lower node key and leaf key below the vertex node for sale. After that, by generating and distributing EKB composed of node keys and leaf keys below that vertex node key, encrypted content distribution processing, various key distribution processing, update processing, etc. This can be done only for other devices (game machine XYZ).

  That is, the key update or the like can be executed without affecting the devices belonging to nodes of other categories that do not belong to the vertex node.

  Further, at a certain time t, when it is discovered that the keys K0011, K001, K00, K0, KR owned by the device 3 are analyzed and exposed by an attacker (hacker), the system (devices 0, 1, In order to protect the data transmitted and received in (a few groups), it is necessary to disconnect the device 3 from the system. For this purpose, the node keys K001, K00, K0, KR are updated to new keys K (t) 001, K (t) 00, K (t) 0, K (t) R, respectively, and devices 0, 1, 2 must be notified of the update key. Here, K (t) aaa indicates an update key of generation t of key Kaaa.

  The update key distribution process will be described. The key update is executed by, for example, storing the table configured by EKB shown in FIG. 7 via the network or storing it in a predetermined recording medium and supplying it to the devices 0, 1, and 2. The EKB is composed of an encryption key for distributing a newly updated key to devices corresponding to the leaves (bottom node) constituting the tree structure as shown in FIG.

  The EKB shown in FIG. 7 is configured as block data having a data configuration that can be updated only by a device that requires updating of the node key. The example of FIG. 7 is block data formed for the purpose of distributing generation t update node keys in the devices 0, 1, and 2 in the tree structure shown in FIG.

  As is apparent from FIG. 4, it is necessary to provide K (t) 00, K (t) 0, and K (t) R as update node keys for the devices 0 and 1, and for the device 2 Therefore, it is necessary to provide K (t) 001, K (t) 00, K (t) 0, and K (t) R as update node keys.

  As shown in EKB in FIG. 7, the EKB includes a plurality of encryption keys. For example, the lowest encryption key in FIG. 7 is Enc (K0010, K (t) 001). This is an update node key K (t) 001 encrypted with the leaf key K0010 of the device 2, and the device 2 decrypts the encryption key with the leaf key K0010 of the device 2 and updates the update node key K (t) 001. Can be obtained.

  Further, the device 2 decrypts the encryption key Enc (K (t) 001, K (t) 00) in the second stage from the bottom of FIG. 7 using the updated node key K (t) 001 obtained by decryption. The update node key K (t) 00 can be acquired.

  Similarly, the device 2 can obtain the updated node key K (t) 0 by decrypting the encryption key Enc (K (t) 00, K (t) 0) in the second row from the top in FIG. By using this, the update root key K (t) R can be acquired by decrypting the encryption key Enc (K (t) 0, K (t) R) in the first stage from the top in FIG.

  On the other hand, the node key K000 is not included in the key to be updated, and the nodes 0 and 1 are K (t) 00, K (t) 0, and K (t) R that are required as the update node keys.

  The nodes 0 and 1 use the device keys K0000 and K0001 to decrypt the encryption key Enc (K000, K (t) 00) in the third row from the top of FIG. 7 to obtain the updated node key K (t) 00. Similarly, the update node key K (t) 0 is obtained by sequentially decrypting the encryption key Enc (K (t) 00, K (t) 0) in the second row from the top in FIG. Further, the update root key K (t) R is obtained by decrypting the encryption key Enc (K (t) 0, K (t) R) in the first stage from the top in FIG. In this way, the devices 0, 1, and 2 can obtain the updated key K (t) R.

  7 indicates the absolute addresses of node keys and leaf keys used as decryption keys for decrypting the encryption keys shown on the right side of the figure.

  When the update of the node keys K (t) 0 and K (t) R in the upper level of the tree structure shown in FIG. 4 is unnecessary and only the node key K00 needs to be updated, the EKB of FIG. 8 is used. Thus, the updated node key K (t) 00 can be distributed to the devices 0, 1, and 2.

  The EKB shown in FIG. 8 can be used when, for example, a new content key shared in a specific group is distributed.

  For example, devices 0, 1, 2, and 3 in the group indicated by the one-dot chain line in FIG. 4 use a recording medium, and a new common content key K (t) con is set for these devices. Suppose that it is necessary to do. At this time, data Enc (K (t) in which a new common updated content key K (t) con is encrypted by K (t) 00 that updates the common node key K00 of the devices 0, 1, 2, and 3 00, K (t) con) is distributed together with the EKB shown in FIG. This distribution enables distribution as data that cannot be decrypted by other groups of devices such as the device 4.

  That is, the devices 0, 1, and 2 can obtain the content key K (t) con at time t by decrypting the encrypted data using the key K (t) 00 obtained by processing the EKB.

  FIG. 9 shows, as an example of processing for obtaining a content key K (t) con at time t, data Enc (K (t (K)) in which a new common content key K (t) con is encrypted by K (t) 00. ) 00, K (t) con) and EKB shown in FIG. 8 are diagrams schematically showing processing of the device 0 provided via a predetermined recording medium. That is, the example of FIG. 9 is an example in which the encrypted message data by EKB is used as the content key K (t) con.

  As shown in FIG. 9, the device 0 uses the EKB at the generation t stored in the recording medium and the node key K000 prepared in advance for itself as described above for the EKB processing (sequentially the keys). The node key K (t) 00 is generated by the solving process. Further, the device 0 decrypts the update content key K (t) con using the decrypted update node key K (t) 00, and uses the update content key with the leaf key K0000 that only the device 0 has to use it later. K (t) con is encrypted and stored.

  FIG. 10 is a diagram showing an example of the EKB format, and the EKB including such various information is included in the header of the content data.

  Version 61 is an identifier indicating the version of EKB. This version 61 has a function for identifying the latest EKB and a function for indicating a correspondence relationship with the content. The depth 62 indicates the number of hierarchies of the hierarchical tree for the device to which the EKB is distributed. The data pointer 63 is a pointer indicating the position of the data part 66 in the EKB, and the tag pointer 64 and the signature pointer 65 are pointers indicating the positions of the tag part 67 and the signature 68, respectively.

  The data unit 66 stores, for example, data obtained by encrypting the node key to be updated. For example, each encryption key related to the updated node key as shown in FIG.

  The tag unit 67 is a tag indicating the positional relationship between the encrypted node key and leaf key stored in the data unit 66. The tag assignment rule will be described with reference to FIG.

  In the example of FIG. 11, the sent data is the encryption key of FIG. 7, as shown in FIG. 11B. The top node address included in the encryption key is the top node address.

  In this example, since the root key update key K (t) R is included, the top node address is KR. At this time, for example, the uppermost data Enc (K (t) 0, K (t) R) corresponds to the position P0 shown in the hierarchical tree shown in FIG. 11A. The data of the next stage is Enc (K (t) 00, K (t) 0), and on the tree, at the lower left position P00 of the previous data Enc (K (t) 0, K (t) R). Correspond.

  That is, when there is data below the predetermined position in the tree structure, the tag is set to 0, and when there is no data, the tag is set to 1. The tags are set as {left (L) tag, right (R) tag}.

  Since there is data at the position P00 at the lower left of the position P0 corresponding to the uppermost data Enc (K (t) 0, K (t) R) in FIG. 11B, L tag = 0, and at the lower right of the position P0. Since there is no data, R tag = 1. Hereinafter, tags are set for all data, and a data string and a tag string shown in FIG. 11C are configured.

The tag is set to indicate where in the tree structure the corresponding data Enc (Kxxx, Kyyy) is located. The key data Enc (Kxxx, Kyyy)... Stored in the data section 66 is merely a list of encrypted keys, but the tree of encryption keys stored as data by the above-described tags. The upper position can be determined. Without using a tag, as shown in FIG. 7 or FIG. 8, using a node index corresponding to encrypted data, for example,
0: Enc (K (t) 0, K (t) R)
00: Enc (K (t) 00, K (t) 0)
000: Enc (K ((t) 000, K (t) 00)
...
However, when such a configuration using an index is used, the amount of data increases, which is not preferable in distribution via a network. On the other hand, by using the tag as described above as index data indicating the key position, the key position can be determined with a smaller amount of data.

  Returning to the description of FIG. 10, the signature 68 is an electronic that is issued by the key management center (license server 4), content provider (content server 3), settlement organization (billing server 5), etc. that issued the EKB. It is a signature. The device that has received the EKB verifies the signature included in the EKB, thereby determining whether or not the acquired EKB is an EKB issued by a valid issuer.

  FIG. 12 is a diagram schematically showing processing until the content key Kc for decrypting content is acquired by the client 1 in the key management system as described above.

  The DNK shown at the left end of FIG. 12 is included in the service data generated at the time of registration and is provided from the license server 4 to the client 1. As will be described later, the service data includes an individual key Kpri unique to the client 1, and the key information is also provided (the right end in FIG. 12).

  When the client 1 obtains a usage right describing a certain content and conditions for using the content, and uses the content according to the user's instruction, first, the client 1 obtains the DNK obtained from the service data. To obtain the EKB key Kekb included in the EKB of the content. Further, the client 1 uses the individual key Kpri acquired from the service data to acquire the subkey Ksub included in the usage right corresponding to the EKB key Kekb. In FIG. 12, EKB (Kekb) represents that the EKB key Kekb is encrypted by the root key Kroot included in the EKB.

  When the client 1 acquires the EKB key Kekb and the subkey Ksub, the client 1 generates a content key Kc for decrypting the content based on the key information by an exclusive OR operation, and uses the generated content key Kc. The content (content data) is decrypted.

  In this way, by using the content key Kc generated based on the EKB key Kekb included in the EKB and the subkey Ksub included in the usage right, the content can be used (the key information is divided and the client 1 is divided). Even if the content of the EKB is read, the content cannot be used only with the key information described therein. That is, in order to use the content, EKB (content), a usage right to use the content, and service data are required.

  Hereinafter, processing of the client 1, the content server 3, and the license server 4 until the content is used based on the divided and provided key information will be described with reference to flowcharts.

  First, the processing of the client 1 that acquires service data will be described with reference to the flowchart of FIG.

  When the input unit 26 is operated and access to the license server 4 is instructed by the user, the CPU 21 of the client 1 controls the communication unit 29 and accesses the license server 4 via the Internet 2 in step S1. In step S2, when the input unit 26 is operated and the service to be provided is designated by the user, the CPU 21 receives this designation information, and the service data for using the designated service to the license server 4 Request.

  As will be described later with reference to the flowchart of FIG. 15, since the license server 4 that has received this notification transmits service data, the CPU 21 receives the service data transmitted from the license server 4 in step S3. In step S4, the service data is stored in the storage unit 28 including a hard disk.

  FIG. 14 is a diagram illustrating an example of service data provided to the client 1.

  As shown in FIG. 14, the service data includes a leaf ID for identifying the client 1, a DNK for decrypting key information described in the EKB, an individual key Kpri given to the client 1 individually, A public key Kpub corresponding to the key Kpri is included. Further, the service data includes the public key of the license server 4 corresponding to the individual key held by the license server 4 and the certificate of the service data.

  Next, the service data providing process of the license server 4 executed in correspondence with the process shown in FIG. 13 will be described with reference to the flowchart of FIG.

  In step S11, the CPU 21 of the license server 4 determines whether access has been received from the client 1, and waits until it is determined that access has been received. If the CPU 21 of the license server 4 determines in step S11 that access has been received from the client 1, the process proceeds to step S12, and various information as shown in FIG. 14 for using the service requested by the client 1 is obtained. Service data in which is described is generated.

  In step S <b> 13, the CPU 21 of the license server 4 controls the communication unit 29 and transmits the service data generated in step S <b> 12 to the client 1 together with information indicating the default use condition of the service.

  Through the processing as described above, the service data is acquired by the client 1. Note that the service data is not provided to the client 1 by the processing as described above, but is stored in the client 1 in a state (embedded at the stage of manufacturing the client 1), and to the user of the client 1 It may be provided.

  Next, processing of the content server 3 that generates content to be provided to the client 1 will be described with reference to the flowchart of FIG. Note that the content data, which is the music data and video data included in the content provided from the content server 3 itself, is provided by a content holder (not shown).

  In step S21, the CPU 21 of the content server 3 generates a content key Kc for encrypting content (content data) to be provided to the client 1. In step S22, the CPU 21 generates a sub key Ksub necessary for generating the content key Kc in the client 1. As described above, the subkey Ksub is provided from the license server 4 to the client 1 in a form included in the usage right.

  In step S23, the CPU 21 generates the EKB key Kekb so that the client 1 can generate the content key Kc based on the sub key Ksub and the EKB key Kekb. Specifically, the CPU 21 performs an exclusive OR operation (Exclusive OR) of the content key Kc generated in step S21 and the subkey Ksub generated in step S22, and sets the operation result as the EKB key Kekb.

  In step S24, the CPU 21 encrypts the EKB key Kekb generated in step S23 with the root key Kroot included in the EKB, and obtains E (Kroot, Kekb). In step S25, the CPU 21 encrypts the content (Content) provided to the client 1 using the content key Kc generated in step S21, and obtains E (Kc, Cont).

  In step S26, the CPU 21 generates content in a format including E (Kroot, Kekb) acquired in step S24 and E (Kc, Cont) acquired in step S25, and stores it in the storage unit 28.

  FIG. 17 is a diagram illustrating an example of a format of content generated by the content server 3.

  As shown in FIG. 17, the content basically includes a header and data (content data).

  The header includes content information (Content information), URL (Uniform Resource Locator), license ID (License ID), EKB including Kroot encrypted by DNK provided to client 1, and key Kroot obtained from EKB. E (Kroot, Kekb) obtained by encrypting the EKB key Kekb, attribute information (Attribute) representing the attribute of the content, and signature (Signatures) of the header are described.

  The content information includes a content ID (CID) for identifying content stored as data, information representing a content codec system, and the like.

  The URL represents the address of the license server 4 that is accessed when a usage right necessary for using the content is acquired. The content attributes include a content ID, a record company ID as identification information for identifying a content provider, an artist ID as identification information for identifying an artist, a unique ID, and the like. In this embodiment, the attribute is used to specify the content that is the subject of the usage right.

  The data is composed of an arbitrary number of encryption blocks. Each encrypted block includes an initial vector (IV (Initial Vector)), a seed (Seed), and data EK′c (data) obtained by encrypting the content with a key K′c.

  As shown by the following equation, the key K′c includes a content key Kc and a value calculated by applying a value Seed set by a random number to a hash function.

  K'c = Hash (Kc, Seed)

  Different values are set in the initial vector IV and the seed Seed for each encrypted block.

  For example, content encryption is performed for each division of content data in units of 8 bytes. The subsequent 8-byte encryption is performed in a CBC (Cipher Block Chaining) mode that is performed using the result of the previous 8-byte encryption.

  In CBC mode, when encrypting the first 8-byte content, there is no previous 8-byte encryption result. Therefore, when encrypting the first 8-byte content, the initial vector IV is the initial value. Encryption is performed as follows.

  By performing encryption in the CBC mode, even if one encrypted block is decrypted, the influence is suppressed from affecting other encrypted blocks. Note that the content may be encrypted by another encryption method.

  By configuring the content in the format as described above, the client 1 that has acquired the content decrypts the root key Kroot using the DNK given in advance by the service data, and uses the acquired root key Kroot to provide the EKB key Kekb. Can be decrypted. Further, the client 1 can generate the content key Kc based on the EKB key Kekb and the subkey Ksub included in the usage right, and can decrypt the content using the content key Kc.

  Returning to the description of FIG. 16, in step S27, the CPU 21 of the content server 3 provides the subkey Ksub generated in step S22 to the license server 4 via the Internet 2 or via a predetermined recording medium.

  In response to provision of the sub key Ksub by the content server 3, the license server 4 performs the processing shown in the flowchart of FIG.

  In step S <b> 41, the CPU 21 of the license server 4 determines whether the sub key Ksub has been acquired from the content server 3. The CPU 21 waits until it is determined that the subkey Ksub has been acquired. For example, when it is determined that information representing the subkey Ksub has been transmitted via the Internet 2, the CPU 21 proceeds to step S42 and acquires it. The acquired subkey Ksub is stored in the storage unit 28, and when the usage right is requested from the client 1, it is included in the usage right and provided to the client 1.

  Next, processing of the client 1 that receives content from the content server 3 will be described with reference to the flowchart of FIG.

  When the CPU 21 of the client 1 is instructed by the user to access the content server 3, the CPU 21 accesses the content server 3 in step S51. In step S52, when the user operates the input unit 26 to specify the content to be provided, the CPU 21 receives the specification information and notifies the content server 3 of the content ID of the specified content.

  As will be described later with reference to the flowchart of FIG. 20, since the content server 3 that has received this notification transmits the content, in step S53, the CPU 21 receives the transmitted content, and in step S54. The content is stored in the storage unit 28.

  Next, content providing processing of the content server 3 executed in response to the processing of FIG. 19 by the client 1 will be described with reference to the flowchart of FIG.

  In step S61, the CPU 21 of the content server 3 stands by until access is received from the client 1. When it is determined that access has been received, the CPU 21 proceeds to step S62 and takes in the content ID transmitted from the client 1. This content ID is information that the client 1 has notified in step S52 of FIG.

  In step S63, the CPU 21 of the content server 3 reads the content data specified by the content ID fetched in step S62 from the content data stored in the storage unit 28. In step S64, the CPU 21 controls the communication unit 29 to transmit the content including the read content data to the client 1 that has requested the content.

  Next, processing of the client 1 that reproduces content will be described with reference to the flowchart of FIG.

  In step S <b> 71, the CPU 21 of the client 1 acquires content identification information (CID) instructed by the user operating the input unit 26. The CID is composed of, for example, a content title, a number assigned to each stored content, and the like. When the content is instructed, the CPU 21 reads the attribute of the content. This attribute is described in the header of the content as shown in FIG.

  In step S72, the CPU 21 determines whether or not a usage right that satisfies the content condition that the attribute read in step S71 is included in each usage right has already been acquired by the client 1 and stored in the storage unit 28. Determine. If the usage right has not yet been acquired, the process proceeds to step S73, and the CPU 21 executes the usage right acquisition process. Details of this usage right acquisition processing will be described later with reference to the flowchart of FIG.

  If it is determined in step S72 that the usage right has already been acquired, or if the usage right acquisition process is executed and the usage right is acquired in step S73, the process proceeds to step S74, and the CPU 21 is acquired. It is determined whether the right to use is within the expiration date. Whether or not the usage right is within the expiration date is determined by comparing the expiration date (see FIG. 24) as the description content of the usage right and the current date and time counted by the timer 20.

  When it is determined that the expiration date of the usage right has already expired, the CPU 21 proceeds to step S75 and executes the usage right update process. The usage right update process executed in step S75 is basically the same process as the usage right acquisition process executed in step S73.

  If it is determined in step S74 that the usage right is within the expiration date, or if the usage right is updated in step S75, the process proceeds to step S76, and the CPU 21 is stored in the storage unit 28. The usage conditions and usage status included in the usage right are read out, and it is determined whether or not the playback conditions are satisfied.

  If it is determined in step S76 that playback is permitted based on the usage conditions and usage status included in the usage right, the process proceeds to step S77, and the CPU 21 reads the content from the storage unit 28 and stores it in the RAM 23. Let In step S78, the CPU 21 executes a process for decrypting the content stored in the RAM 23. The content decrypting process performed in step S78 will be described later with reference to the flowchart of FIG.

  In step S79, the CPU 21 supplies the content decrypted by the encryption / decryption unit 24 to the codec unit 25 to be decoded. Then, the CPU 21 supplies the data decoded by the codec unit 25 to the output unit 27 via the input / output interface 32, performs digital / analog conversion, and outputs the data from the speaker.

  Next, details of the usage right acquisition process performed in step S73 in FIG. 21 will be described with reference to the flowchart in FIG.

  In step S81, the CPU 21 of the client 1 acquires a URL described in the content header. As described above, this URL represents the address of the license server 4 that is accessed when a usage right necessary for using the content is acquired. In step S82, the CPU 21 controls the communication unit 29 to access the URL acquired in step S81, that is, the license server 4.

  In response to this access, the license server 4 requests the client 1 to input usage right designation information, a user ID, and a password for designating usage rights (usage rights necessary for using the content). (Step S102 in FIG. 23 described later). The CPU 21 displays this request on the display unit of the output unit 27. Based on this display, the user operates the input unit 26 to input usage right designation information, a user ID, and a password. The user ID and password are obtained in advance by the user of the client 1 accessing the license server 4 via the Internet 2.

  In step S83, the CPU 21 captures the usage right designation information input from the input unit 26, and in step S84, captures the user ID and password. In step S85, the CPU 21 controls the communication unit 29 to transmit the usage right request including the input user ID and password, the usage right designation information, and the leaf ID included in the service data to the license server 4.

  As will be described later with reference to FIG. 23, the license server 4 transmits the user ID and the password, and the usage right generated based on the usage right designation information (step S111), or the condition is not satisfied. In this case, the usage right is not transmitted (step S114).

  In step S86, the CPU 21 determines whether or not the usage right has been transmitted from the license server 4. If it is determined that the usage right has been transmitted, the CPU 21 proceeds to step S87 and stores the received usage right in the storage unit 28. Let

  If it is determined in step S86 that the usage right has not been transmitted, the CPU 21 proceeds to step S88 and executes error processing such as prohibiting the content reproduction processing.

  Note that the usage right acquisition process shown in FIG. 22 can be performed in advance by each user before acquiring the content.

  Next, with reference to the flowchart of FIG. 23, the usage right providing process of the license server 4 executed in response to the usage right acquisition process of the client 1 of FIG. 22 will be described.

  In step S101, the CPU 21 of the license server 4 stands by until access is received from the client 1. When access is received, the process proceeds to step S102, and the access right including information on each use right is given to the accessing client 1. And a request for transmission of user ID, password, and usage right designation information. When a user ID, password, leaf ID, and usage right designation information (which may be a usage right ID) are transmitted from the client 1 (processing in step S85 in FIG. 22), the CPU 21 of the license server 4 performs communication. This is taken in via the part 29.

  In step S103, the CPU 21 of the license server 4 accesses the accounting server 5 from the communication unit 29, and requests a user credit process corresponding to the user ID and password. When the billing server 5 receives a request for credit processing from the license server 4 via the Internet 2, the billing server 5 investigates the past payment history of the user corresponding to the user ID and the password, and the user has received the usage right in the past. Check whether or not there is a record of non-payment of the consideration, and if there is no such record, send a credit result that allows the granting of usage rights. If there is a record of non-payment, grant usage rights Send unauthorized credit result of. Note that the user of the client 1 registers his / her user ID, password, billing destination information, and the like in the billing server 5 in advance.

  In step S104, the CPU 21 of the license server 4 determines whether or not the credit result from the accounting server 5 allows the usage right to be granted, and if the usage right is allowed to be granted. In step S105, the usage right corresponding to the usage right designation information acquired in step S102 is extracted from the usage rights stored in the storage unit 28. In the usage right stored in the storage unit 28, information such as a usage right ID, version, creation date and time, and expiration date is described.

  In step S106, the CPU 21 adds the leaf ID notified from the client 1 to the usage right. In step S107, the CPU 21 selects a use condition associated with the usage right selected in step S105. Note that when a use condition is designated by the user in the process of step S102, the use condition is added to the use condition prepared in advance. The CPU 21 adds the selected use condition to the usage right. The use condition may be added to the usage right in advance.

  In step S108, the CPU 21 signs the usage right with the individual key of the license server 4.

  In step S109, the CPU 21 encrypts the subkey Ksub notified from the content server 3 using the public key Kpub of the license server 4 corresponding to the individual key Kpri of the client 1 (FIG. 14), and E (Kpub, Ksub ) To get. In step S110, the CPU 21 adds E (Kpub, Ksub) acquired in step S109 to the usage right selected in step S105.

  FIG. 24 is a diagram illustrating an example of the usage right generated by the processing as described above.

  The version is information describing the version of the usage right by separating the major version and the minor version with dots. The profile is described from a decimal integer value, and is information that defines restrictions on the usage right description method. The usage right ID is identification information described by a hexadecimal constant for identifying the usage right. The creation date / time indicates the date / time when the usage right was created. The expiration date indicates the expiration date of the usage right. An expiration date of 23:59:59 of 9999 indicates that there is no limit on the expiration date. The usage conditions include an expiration date for using the content based on the usage right, a playback expiration date for reproducing the content based on the usage right, a maximum number of times the content can be played, and the usage right. Based on the number of times that the content can be copied (allowable number of copies), the maximum number of checkouts, and whether or not the content can be recorded on the CD-R based on the usage rights, PD (Portable Device) includes information indicating the number of times that copying can be performed, whether usage rights can be transferred, whether or not there is an obligation to take a usage log, and the like. The electronic signature of the use condition is an electronic signature corresponding to the use condition.

  The constant is a constant referred to in the use condition or use state. The leaf ID is identification information for identifying the client. The electronic signature is an electronic signature corresponding to the entire usage right. The certificate is a certificate including the public key of the license server 4.

  The storage unit 28 of the client 1 stores a usage state (content condition) that is information indicating the state of the content and the usage right together with the usage right usage condition. The usage status includes the number of times the content has been played based on the corresponding usage rights, the number of times the content has been copied, the number of times the content has been checked out, the date and time the content was first played, the number of times the content has been recorded on the CD-R, and other content Or the information which shows the historical information etc. regarding a use right is contained. The content reproduction condition is determined based on the usage conditions included in the usage right and the usage state stored in the storage unit 28 together with the usage right. For example, when the number of times content stored in the usage state is reproduced is less than the maximum content reproduction number included in the usage condition, it is determined that the reproduction condition is satisfied.

  The usage right includes E (Kpub, Ksub) generated by the process of step S109.

  Returning to the description of FIG. 23, in step S111, the CPU 21 causes the communication unit 29 to transmit the usage right generated as described above to the client 1.

  In step S112, the CPU 21 of the license server 4 stores the contents of the usage right transmitted in step S111 in the storage unit 28 in association with the user ID and password captured in step S102. In step S113, the CPU 21 executes billing processing.

  Specifically, the CPU 21 requests the accounting server 5 from the communication unit 29 to perform accounting processing for the user corresponding to the user ID and password. The billing server 5 executes billing processing for the user based on the billing request. As described above, if the user does not make payment for this billing process, the user will not be able to receive the usage right even if the user requests the usage right. Become.

  That is, in this case, the charging server 5 sends a credit result that denies the grant of the usage right, so that the process proceeds from step S104 to step S114, and the CPU 21 grants the usage right to the client 1. Execute error handling such as outputting a message indicating that it cannot be performed.

  Next, with reference to the flowchart of FIG. 25, the details of the processing of the client 1 that reproduces the content performed in step S78 of FIG.

  In step S121, the CPU 21 of the client 1 decrypts the key information included in the EKB (FIG. 17) of the content using the DNK provided in advance by the service data, and acquires the root key Kroot.

  In step S122, the CPU 21 decrypts E (Kroot, Kekb) using the root key Kroot acquired in step S121, and acquires the EKB key Kekb.

  In step S123, the CPU 21 uses E (Kpub, Ksub) included in the usage right using the individual key Kpri (an individual key acquired in advance by the service data) corresponding to the public key Kpub of the license server 4. Decrypt and obtain subkey Ksub.

  In step S124, the CPU 21 generates a content key Kc based on the EKB key Kekb acquired in step S122 and the subkey Ksub acquired in step S123. Specifically, the CPU 21 performs an exclusive OR operation on the EKB key Kekb and the subkey Ksub, and acquires the operation result as the content key Kc.

  In step S125, the CPU 21 uses the content key Kc acquired in step S124 to decrypt E (Kc, Cont) and acquire the content. Thereafter, the acquired content is reproduced under the control of the CPU 21 and output from the output unit 27 in step S79 of FIG.

  FIG. 26 is a diagram schematically illustrating the content reproduction process performed by the client 1 as described above. In FIG. 26, S121 to S125 correspond to the processes of steps S121 to S125 of FIG. Further, in FIG. 26, only main information is shown for the content.

  As shown in FIG. 26, in the client 1, the EKB arranged in the content acquired from the content server 3 is processed by the DNK given in advance to the client 1, and the root key Kroot is acquired. (Step S121).

  Further, E (Kroot, Kekb) arranged on the right side of EKB is decrypted with the root key Kroot, and the EKB key Kekb is obtained (step S122).

  On the other hand, E (Kpub, Ksub) included in the usage right provided from the license server 4 is decrypted with the individual key Kpri given in advance to the client by the service data, and the subkey Ksub is obtained (step S123).

  Then, an exclusive OR operation based on the sub key Ksub and the EKB key Kekb is performed, and a content key Kc as an output is generated (step S124), and is arranged at the right end of the content by the generated content key Kc. E (Kc, Cont) is decrypted, and the content is acquired (step S125).

  As described above, the combination of the offline authentication for obtaining the root key Kroot from the EKB based on the DNK and the offline authentication for decrypting the subkey Ksub encrypted with the public key Kpub with the individual key Kpri is the first. Even when the content of the EKB is illegally read, the use of the content requires the individual key Kpri, so that unauthorized use of the content can be prevented.

  Secondly, even if the user of the client 1 does not access the license server 4 for a predetermined period, it is possible to change the EKB information and distribute it to other clients belonging to the service. It is possible to invalidate the client 1 (to make it impossible to acquire the root key Kroot).

  Third, when the content is music content, the content for trial listening is encrypted only with DNK, and the content for purchase is encrypted with the content key Kc acquired by the EKB key Kekb and the subkey Ksub. Accordingly, it is possible to give a wide range of services such as downloading the contents only and using the contents for trial listening, and allowing the user to obtain the usage right only when actually purchasing the contents for purchase.

  In the above embodiment, the content attribute and the content condition of the usage right are used to specify the usage right necessary for using the content. However, the present invention is not limited to this. For example, the content may include a usage right ID of a usage right necessary to use the content. In this case, if the content is specified, the usage right necessary to use the content is uniquely determined. There is no need to perform a process for determining the matching between the two.

It is a schematic diagram which shows the decoding process of the conventional content. It is a figure which shows the structural example of the content provision system to which this invention is applied. FIG. 3 is a block diagram illustrating a configuration example of a client in FIG. 2. It is a figure which shows the structure of a key. It is a figure which shows a category node. It is a figure which shows the example of a response | compatibility of a node and a device. It is a figure which shows the structural example of an enabling key block. It is a figure which shows the other structural example of the validation key block. It is a schematic diagram of utilization of an enabling key block. It is a figure which shows the example of a format of an enabling key block. It is a figure explaining the structure of the tag of an enabling key block. It is a schematic diagram of the division | segmentation of the key information to which this invention is applied. It is a flowchart explaining the service data acquisition process of the client of FIG. It is a figure which shows the example of service data. It is a flowchart explaining the service data provision process of the license server of FIG. It is a flowchart explaining the content production | generation process of the content server of FIG. It is a figure which shows the example of the format of a content. 3 is a flowchart for explaining subkey acquisition processing of the license server of FIG. 2. FIG. 3 is a flowchart illustrating a client download process of FIG. 2. FIG. It is a flowchart explaining the content provision process of the content server of FIG. 3 is a flowchart for explaining a reproduction process of the client in FIG. 2. It is a flowchart explaining the detail of the usage right acquisition process in step S73 of FIG. It is a flowchart explaining the usage right provision process of the license server of FIG. It is a figure which shows the example of a usage right. It is a flowchart explaining the detail of the decoding process in FIG.21 S77. FIG. 26 is a diagram schematically illustrating the process of FIG. 25.

Explanation of symbols

  1-1, 1-2 client, 2 internet, 3 content server, 4 license server, 5 charging server, 20 timer, 21 CPU, 24 encryption / decryption unit, 25 codec unit, 26 input unit, 27 output unit, 28 storage , 29 Communication Department

Claims (1)

  A content server that provides content; a license server that provides usage rights necessary to use the content; and an information processing device that transmits and receives information between the content server and the license server via a network. In the content providing system
  The information processing apparatus includes:
    Request means for requesting the license server to transmit service data including a device node key corresponding to the information processing apparatus and an individual key unique to the information processing apparatus;
    Receiving means for receiving the service data transmitted from the license server in response to a request by the request means;
    Storage means for storing the service data received by the receiving means;
    The encryption corresponding to the content, which is acquired in response to an instruction to use the content from the license server, after receiving the encrypted content data and the encrypted first key from the content server Receiving means for receiving the right to use including the second key,
    The device node key included in the service data stored in the storage means is used to decrypt and extract the encrypted first key, and the received use using the individual key. The encrypted second key is decrypted and extracted from the right, and the encrypted content data is decrypted by performing a predetermined operation on the extracted first key and the second key. A computing means for generating a key;
    Decryption means for decrypting the encrypted content data using the decryption key;
    Reproducing means for reproducing the content data decrypted by the decrypting means;
  With
  The content server
    The decryption key is generated by performing the predetermined calculation with the decryption key, the second key included in the usage right and transmitted from the service server to the information processing apparatus, and the second key. Generating means for generating the first key used to do;
    Encryption means for encrypting the first key generated by the generation means in a form that can be decrypted by the device node key, and encrypting the content data using the decryption key;
    Transmitting means for transmitting the first key and the content data encrypted by the encryption means to the information processing apparatus, and transmitting the second key to the license server;
  With
  The license server
    Receiving means for receiving the second key transmitted from the content server;
    Encrypting means for encrypting the second key received by the receiving means using a public key corresponding to the individual key of the information processing apparatus;
    The service data including the device node key and the individual key of the information processing apparatus is transmitted to the information processing apparatus, and the usage right including the second key encrypted by the encryption unit is determined as the information. A transmission means for transmitting to the processing device;
  A content providing system comprising:

Images