JP4599657B2 - Data providing system, content providing apparatus, and content processing apparatus - Google Patents

Description

[0001]
BACKGROUND OF THE INVENTION
  The present invention provides a data providing system for providing content data., Content providing apparatus, and content processing apparatusAbout.
[0002]
[Prior art]
There is a data providing system that distributes encrypted content data to a data processing device of a user who has a predetermined contract, and decrypts and reproduces and records the content data in the data processing device.
One such data providing system is a conventional EMD (Electronic Music Distribution) system that distributes music data.
[0003]
FIG. 100 is a configuration diagram of a conventional EMD system 700.
In the EMD system 700 shown in FIG. 100, the content providers 701a and 701b send the content data 704a, 704b, and 704c and the copyright information 705a, 705b, and 705c to the service provider 710 after mutual authentication. Data is encrypted and supplied online, or supplied offline. Here, the copyright information 705a, 705b, and 705c includes, for example, SCMS (Serial Copy Management System) information, digital watermark information that is requested to be embedded in content data, and work that is requested to be embedded in the transmission protocol of the service provider 710. There is information about rights.
[0004]
The service provider 710 decrypts the received content data 704a, 704b, 704c and the copyright information 705a, 705b, 705c using the session key data.
Then, the service provider 710 embeds the copyright information 705a, 705b, 705c in the decrypted or offline received content data 704a, 704b, 704c to generate content data 707a, 707b, 707c. At this time, for example, the service provider 710 embeds the digital watermark information among the copyright information 705a, 705b, and 705c in the content data 704a, 704b, and 704c by changing the predetermined frequency region, and transmits the content data to the user. The SCMS information is embedded in the network protocol used at the time.
Furthermore, the service provider 710 encrypts the content data 707a, 707b, and 707c using the content key data Kca, Kcb, and Kcc read from the key database 706, respectively. Thereafter, the service provider 710 encrypts the secure container 722 storing the encrypted content data 707a, 707b, and 707c with the session key data obtained after mutual authentication, and presents the CA (Conditional Access) existing in the user terminal device 709. ) Transmit to module 711.
[0005]
The CA module 711 decrypts the secure container 722 using the session key data. Further, the CA module 711 receives content key data Kca, Kcb, Kcc from the key database 706 of the service provider 710 by using an accounting function such as electronic payment or CA, and decrypts it using the session key data. As a result, the content data 707a, 707b, and 707c can be decrypted using the content key data Kca, Kcb, and Kcc, respectively, in the terminal device 709.
At this time, the CA module 711 performs charging processing for each content, generates charging information 721 corresponding to the result, encrypts it with the session key data, and transmits it to the right processing module 720 of the service provider 710. .
In this case, the CA module 711 collects network rents such as user contract (update) information and monthly basic charges, which are items that the service provider 710 wants to manage with respect to services provided by the service provider 710, and charging processing for each content unit. And securing the security of the physical layer of the network.
[0006]
Upon receiving the billing information 721 from the CA module 711, the service provider 710 distributes profits between the service provider 710 and the content providers 701a, 701b, and 701c.
At this time, the profit distribution from the service provider 710 to the content providers 701a, 701b, and 701c is performed through, for example, JASRAC (Japanese Society for Rights of Authors, Composers and Publishers). JASRAC distributes the profits of the content provider to the copyright holder, artist, songwriter / composer, affiliated production, and the like of the content data.
[0007]
Further, in the terminal device 709, when the content data 707a, 707b, 707c decrypted using the content key data Kca, Kcb, Kcc is recorded on the RAM type recording medium 723 or the like, the copyright information 705a, 705b, 705c is recorded. The SCMS bit is rewritten and copy control is performed. That is, on the user side, copy control is performed based on the SCMS bits embedded in the content data 707a, 707b, and 707c, thereby protecting the copyright.
[0008]
[Problems to be solved by the invention]
By the way, SCMS is defined to prevent recording from a CD (Compact Disc) to a DAT (Digital Audio Tape) and can be duplicated between the DAT and the DAT. In addition, even when digital watermark information is embedded in content data, when a problem occurs, it is only possible to specify the content provider that provided the target content data, and technically prevent illegal copying. Absent.
Therefore, the EMD system 700 shown in FIG. 100 described above has a problem that the rights (benefits) of the content provider are not sufficiently protected.
[0009]
In the EMD system 700 described above, since the service provider embeds the copyright information of the content provider in the content data, the content provider needs to audit whether the embedding is performed as requested. Further, the content provider needs to audit whether the service provider distributes the content data as contracted. Therefore, there is a problem that the burden for auditing is large.
[0010]
Further, in the EMD system 700 described above, since the billing information 721 from the user terminal device 709 is processed by the right processing module 720 of the service provider 710, the profit that the content provider should receive according to the use of the content data by the user is obtained. There is concern about whether content providers can receive it properly.
[0011]
  The present invention has been made in view of the above-described problems of the prior art, and is a data providing system capable of appropriately protecting the interests of the content provider's right holder (related party)., Content providing apparatus, and content processing apparatusThe purpose is to provide.
  The present invention also provides a data providing system capable of reducing the burden of auditing for protecting the interests of content provider rights holders., Content providing apparatus, and content processing apparatusThe purpose is to provide.
[0012]
[Means for Solving the Problems]
  In order to solve the above-described problems of the prior art and achieve the above-described object, a data providing system according to a first aspect of the present invention includes a content providing apparatus, a content processing apparatus, and a purchase processing apparatus connected to a network. Content data is transmitted from the content providing device to the content processing device, and sent to the purchase processing device.PurchasedDepending on the purchase periodPrevious to content processing deviceIn order to use the content data, the purchase processing deviceThrough, A plurality of distribution key data valid for each predetermined usage period of the content data is transmitted to the content providing device, and the distribution key data valid for the purchase period among the plurality of distribution key data The aboveContent processing deviceThe content providing device is connected to the network, a storage unit that stores the content data, a content encryption unit that encrypts the content data stored in the storage unit with content key data, A communication unit for a content providing device that receives the plurality of distribution key data from the purchase processing device, and encrypts the content key data using each of the received distribution key data, and encrypts the plurality of content key data A content key encryption unit that generates encrypted data, and a secure container data generation unit that generates secure container data including encrypted content data and encrypted data of the plurality of content key data, The communication unit for the content providing apparatus performs content processing on the secure container data. The content data and the plurality of content key data are transmitted to a content processing device by transmitting to the device, and the content processing device is connected to the network and is effective for distribution from the purchase processing device during the purchase period. Using the communication unit for the content processing device that receives the key data and receives the secure container data from the communication unit for the content providing device, and the received distribution key data that is valid during the purchase period A content key decrypting unit for decrypting encrypted data of the content key data encrypted by the distribution key data among the encrypted data of the plurality of content key data included in the secure container data; and during the purchase period Using the content key data decrypted using valid delivery key data, And a content decoder which decodes the content data Interview A container data.
[0013]
  A content providing apparatus according to a second aspect of the present invention is connected to a network, a storage unit that stores content data, a content encryption unit that encrypts the content data stored in the storage unit with content key data, and a network. A communication unit that receives a plurality of distribution key data effective for each predetermined usage period of the content data from the network, and encrypts the content key data using each of the received distribution key data. Content key encryption unit for generating encrypted data of content key data, and secure container data generation unit for generating secure container data having the encrypted content data and encrypted data of the plurality of content key data And the communication unit transmits the secure container to the network. By transmitting over data, transmitting the content data and the plurality of content key data to the content processing apparatus.
[0016]
  A data providing system according to a third aspect of the present invention is a data providing system comprising the content providing apparatus and the purchase processing apparatus according to claim 2 connected to a network, wherein the purchase processing apparatus is configured to transmit the content through the network. The plurality of distribution key data effective for each predetermined usage period of the content data is transmitted to the providing device.
[0017]
  BookInvention No.4Point of viewThe content processing apparatus is connected to a network, and from the network, the content data encrypted with content key data and a plurality of distribution key data encrypted with a plurality of distribution key data effective for each predetermined use period of the content data A communication unit that receives secure container data having encrypted data of content key data and a distribution key data that is valid during the purchase period among the plurality of distribution key data, and valid during the received purchase period Using the distribution key data, the encrypted data of the content key data encrypted by the distribution key data among the encrypted data of the plurality of content key data included in the received secure container data Decryption using content key decryption unit for decryption and distribution key data effective for the purchase period The using content key data, and a content decoder which decodes the content data of the secure container data.
[0018]
  First of the present invention5Point of viewThe content processing apparatus stores content data encrypted with content key data and encrypted data of a plurality of content key data encrypted with a plurality of distribution key data effective for each predetermined usage period of the content data. A storage unit that can store the secure container data, a communication unit that receives distribution key data that is valid during the purchase period among the plurality of distribution key data, and a distribution key that is valid during the received purchase period Using the data, decrypt the encrypted data of the content key data encrypted by the distribution key data among the encrypted data of the plurality of content key data included in the stored secure container data Content key data decrypted using a content key decryption unit and distribution key data valid during the purchase period Used, and a content decoder which decodes the content data of the secure container data.
[0020]
  BookInvention No.6Point of viewThe content processing apparatus stores content data encrypted with content key data and encrypted data of a plurality of content key data encrypted with a plurality of distribution key data effective for each predetermined usage period of the content data. A reading unit capable of reading a recording medium on which secure container data is recorded; a communication unit that receives distribution key data that is valid for a purchase period out of the plurality of distribution key data; and the received purchase period The content key data encrypted by the distribution key data out of the encrypted data of the plurality of content key data included in the secure container data to be read using the distribution key data effective for Decrypted using a content key decrypting unit that decrypts the data and the distribution key data that is valid during the purchase period Content key data using, and a content decoder which decodes the content data of the secure container data.
[0027]
DETAILED DESCRIPTION OF THE INVENTION
Hereinafter, an EMD (Electronic Music Distribution) system according to an embodiment of the present invention will be described.
In the present embodiment, content data distributed to a user refers to digital data whose information itself is valuable, such as music data, video data, and programs, and will be described below using music data as an example.
[0028]
  First embodiment
  FIG. 1 is a configuration diagram of an EMD system 100 of the present embodiment. As shown in FIG. 1, the EMD system 100 includes a content provider 101, an EMD service center (clearing house, hereinafter also referred to as ESC) 102, and a user home network 103. here,With content provider 101SAMs 1051-1054Claim 1 etc.Related toData providing device and data processing deviceIt corresponds to.The EMD service center 102 is a management device.First, an outline of the EMD system 100 will be described. In the EMD system 100, the content provider 101 uses the UCP (Usage Control Policy) data 106 indicating the content of rights such as the license agreement of the content data C of the content that the content provider 101 intends to provide as a highly reliable authority. It transmits to the EMD service center 102 which is an organization. The rights document data 106 is authorized (authenticated) by the EMD service center 102.
[0029]
In addition, the content provider 101 encrypts the content data C with the content key data Kc to generate a content file CF, and also distributes the content key data Kc for the corresponding period distributed from the EMD service center 102.₁~ KD5₆Encrypt with Then, the content provider 101 stores a secure container (module of the present invention) 104 storing (encapsulating) the encrypted content key data Kc and content file CF and its signature data into a network such as the Internet, digital broadcasting, etc. Alternatively, it is distributed to the user home network 103 using a recording medium or the like.
As described above, in the present embodiment, by providing digital content data C in an encapsulated manner, the digital content that is in close contact with the conventional recording medium is separated from the recording medium, and the digital content alone has a presence value. Can do.
Here, the secure container is the most basic product capsule when selling the content data C (product) regardless of the distribution channel (delivery channel). Specifically, the secure antenna verifies the encryption information for charging, the validity of the content data C, the validity of the person who created the content data, and the validity of the distributor of the content data. This is a product capsule containing copyright information such as signature data and information on digital watermark information embedded in content data.
[0030]
The user home network 103 is, for example, a network device 160.₁And AV equipment 160₂~ 160_FourHave
Network device 160₁SAM (Secure Application Module) 105₁Built in.
AV equipment 160₂~ 160_FourRespectively, SAM105₂~ 105_FourBuilt in. SAM105₁~ 105_FourThe two are connected via a bus 191 such as an IEEE (Institute of Electrical and Electronics Engineers) 1394 serial interface bus.
[0031]
SAM105₁~ 105_FourThe network device 160₁The secure container 104 received online from the content provider 101 via a network and / or the AV device 160 from the content provider 101₂~ 160_FourDistribution key data KD for the corresponding period of the secure container 104 supplied offline via the recording medium₁~ KD_ThreeThe signature data is verified after decryption using.
SAM105₁~ 105_FourThe secure container 104 supplied to the network device 160₁And AV equipment 160₂~ 160_FourIn this case, after the purchase / use form is determined according to the user's operation, it becomes a target for reproduction or recording on a recording medium.
SAM105₁~ 105_FourRecords the above-described purchase / use history of the secure container 104 as usage log data 108.
The usage history data 108 is transmitted from the user home network 103 to the EMD service center 102 in response to a request from the EMD service center 102, for example.
[0032]
The EMD service center 102 determines (calculates) billing contents based on the usage history data 108, and performs settlement with a settlement organization 91 such as a bank via the payment gateway 90 based on the result. Thereby, the money paid by the user of the user home network 103 to the payment organization 91 is paid to the content provider 101 by the payment processing by the EMD service center 102.
Further, the EMD service center 102 transmits the settlement report data 107 to the content provider 101 at regular intervals.
[0033]
In the present embodiment, the EMD service center 102 has an authentication function, a key data management function, and a right processing (profit sharing) function.
That is, the EMD service center 102 plays a role as a second certificate authority (located below the root certificate authority 92) with respect to the root certificate authority 92, which is the highest authority in a neutral position. The content provider 101 and the SAM 105₁~ 105_FourThe signature of the public key data of the public key data used for the verification process of the signature data is signed with the secret key data of the EMD service center 102, thereby authenticating the validity of the public key data. As described above, the EMD service center 102 also registers one of the rights document data 106 of the content provider 101 to make it authoritative, which is one of the authentication functions of the EMD service center 102.
In addition, the EMD service center 102 can, for example, distribute key data KD.₁~ KD₆And a key data management function for managing key data.
In addition, the EMD service center 102 includes a standard retail price SRP (Suggested Retailer 'Price) described in the authoritative rights document data 106 and a SAM 105.₁~ SAM105_FourBased on the usage history data 108 input from the user, it has a right processing (profit distribution) function for performing payment for content purchase / use by the user and distributing money paid by the user to the content provider 101.
[0034]
Hereinafter, each component of the content provider 101 will be described in detail.
[Content provider 101]
FIG. 2 is a functional block diagram of the content provider 101, and the SAM 105 of the user home network 103.₁~ 105_FourA flow of data related to data transmitted to and received from is shown.
FIG. 3 shows a data flow related to data transmitted and received between the content provider 101 and the EMD service center 102.
In FIG. 3 and subsequent drawings, the signature data processing unit and the session key data K_SESThe flow of data input / output to / from the encryption / decryption unit using is omitted.
[0035]
2 and 3, the content provider 101 includes a content master source server 111, a digital watermark information adding unit 112, a compression unit 113, an encryption unit 114, a random number generation unit 115, an encryption unit 116, and a signature processing unit. 117, a secure container creation unit 118, a secure container database 118a, a storage unit 119, a mutual authentication unit 120, an encryption / decryption unit 121, a rights document data creation unit 122, a SAM management unit 124, and an EMD service center management unit 125.
Before communicating with the EMD service center 102, the content provider 101, for example, uses the EMD service for offline public key data generated by itself, its own identification card, and bank account number (account number for settlement) offline. It registers in the center 102 and obtains its own identifier (identification number) CP_ID. Further, the content provider 101 receives from the EMD service center 102 the public key data of the EMD service center 102 and the public key data of the root certificate authority 92.
Hereinafter, each functional block of the content provider 101 illustrated in FIGS. 2 and 3 will be described.
[0036]
The content master source server 111 stores content data that is a master source of content to be provided to the user home network 103, and outputs the content data S111 to be provided to the digital watermark information adding unit 112.
[0037]
The watermark information adding unit 112 embeds source watermark information (Source Watermark) Ws, copy management watermark information (Copy Control Watermark) Wc, user watermark information (User Watermark) Wu, and the like in the content data S111. Content data S112 is generated, and the content data S112 is output to the compression unit 113.
[0038]
The source digital watermark information Ws is information related to copyrights such as the copyright holder name of content data, ISRC code, authoring date, authoring device ID (Identification Data), and content distribution destination. The copy management digital watermark information Wc is information including a copy prohibition bit for preventing copy via an analog interface. The user digital watermark information Wu includes, for example, the identifier CP_ID of the content provider 101 for specifying the distribution source and distribution destination of the secure container 104, and the SAM 105 of the user home network 103.₁~ 105_FourIdentifier SAM_ID₁~ SAM_ID_FourIs included.
Further, if necessary, the digital watermark information adding unit 112 embeds, in the content data S111, a link ID for searching for content data by a search engine as digital watermark information.
In the present embodiment, preferably, the information content and the embedding position of each digital watermark information are defined as digital watermark information management data, and the EMD service center 102 manages the digital watermark information management data. The digital watermark information management data is, for example, the network device 160 in the user home network 103.₁And AV equipment 160₂~ 160_FourIs used when verifying the validity of the digital watermark information.
For example, the user home network 103 determines that the digital watermark information is valid based on the digital watermark information management data when both the embedded position of the digital watermark information and the contents of the embedded digital watermark information match. Thus, embedding of false digital watermark information can be detected with high probability.
[0039]
The compression unit 113 compresses the content data S112 by an audio compression method such as ATRAC3 (Adaptive Transform Acoustic Coding 3) (trademark), and outputs the compressed content data S113 to the encryption unit 114.
[0040]
The encryption unit 114 uses the content key data Kc as a common key, encrypts the content data S113 using a common key encryption method such as DES (Data Encryption Standard) or Triple DES, and generates content data C. The data is output to the secure container creation unit 118.
The encryption unit 114 encrypts the A / V decompression software Soft and metadata Meta using the content key data Kc as a common key, and then outputs the encrypted software to the secure container creation unit 117.
[0041]
DES is an encryption method that uses a 56-bit common key and processes 64 bits of plain text as one block. The DES process consists of a part that stirs plaintext and converts it into ciphertext (data stirring part), and a part that generates key (expanded key) data used in the data stirring part from the common key data (key processing part). Become. Since all DES algorithms are open to the public, the basic processing of the data agitation unit will be briefly described here.
[0042]
First, the 64 bits of plaintext are the upper 32 bits of H₀And lower 32 bits L₀And divided. 48-bit extended key data K supplied from the key processing unit₁And lower 32 bits L₀, And the lower 32 bits of L₀The output of the F function obtained by stirring is calculated. The F function is composed of two types of basic transformations: “substitution” in which numerical values are replaced by a predetermined rule and “transposition” in which bit positions are replaced by a predetermined rule. Next, the upper 32 bits of H₀And the output of the F function are calculated, and the result is L₁It is said. L₀Is H₁It is said.
And the upper 32 bits of H₀And lower 32 bits L₀Based on the above, the above process is repeated 16 times, and the obtained upper 32 bits of H₁₆And lower 32 bits L₁₆Is output as ciphertext. Decryption is realized by following the above procedure in reverse using the common key data used for encryption.
[0043]
The random number generation unit 115 generates a random number having a predetermined number of bits, and outputs the random number to the encryption unit 114 and the encryption unit 116 as content key data Kc.
Note that the content key data Kc may be generated from information related to the music provided by the content data. The content key data Kc is updated every predetermined time, for example.
[0044]
The encryption unit 116 receives the distribution key data KD received from the EMD service center 102 and stored in the storage unit 119 as described later.₁~ KD₆Key data KD for the corresponding period₁~ KD₆And the content key data Kc, the rights document data 106, the SAM program download container SDC shown in FIG. 4B by a common encryption method such as DES using the distribution key data as a common key.₁~ SDC_ThreeAnd signature / certificate module Mod₁Is encrypted and then output to the secure container creation unit 117.
Signature / Certificate Module Mod₁Includes signature data SIG as shown in FIG._{2, CP}~ SIG_{4, CP}, Public key data K of content provider 101_{CP, P}Public key certificate CER_CPAnd the public key certificate CER_CPSignature data SIG of EMD service center 102 for_{1, ESC}Is stored.
SAM program download container SDC₁~ SDC_ThreeSAM105₁~ 105_FourUCP-L (Label), which indicates the syntax of the download driver used when downloading the program in the U.S. and the rights document data (UCP) U106. R (Reader) and SAM105₁~ 105_FourAnd lock key data for setting a lock state / unlock state in units of blocks for rewriting and erasing of a storage unit (flash-ROM) incorporated in the memory.
[0045]
The storage unit 119 includes, for example, a database that stores public key certificate data, and distribution key data KD.₁~ KD₆And various databases such as a database for storing the key file KF.
[0046]
The signature processing unit 117 takes the hash value of the data to be signed, and the secret key data K of the content provider 101_{CP, S}Is used to create the signature data SIG.
[0047]
The hash value is generated using a hash function. The hash function is a function that receives target data, compresses the input data into data having a predetermined bit length, and outputs the data as a hash value. In the hash function, it is difficult to predict the input from the hash value (output). When one bit of the data input to the hash function changes, many bits of the hash value change, and the same hash value is changed. It has the feature that it is difficult to find the input data it has.
[0048]
As shown in FIG. 4A, the secure container creation unit 118 includes header data, content data C encrypted with the content key data Kc input from the encryption unit 114, A / V decompression software Soft, A content file CF storing metadata Meta is generated.
Here, the A / V decompression software Soft is the network device 160 of the user home network 103.₁And AV equipment 160₂~ 160_FourThe software used when decompressing the content file CF, for example, ATRAC3 decompression software.
[0049]
Further, as shown in FIG. 4B, the secure container creation unit 118 sends the distribution key data KD for the corresponding period input from the encryption unit 116.₁~ KD₆Content key data Kc, right document data (UCP) 106 and SAM program download container SDC encrypted with₁~ SDC_ThreeAnd signature / certificate module Mod₁Is generated.
Then, the secure container creation unit 118 performs the content file CF and key file KF shown in FIGS. 4A and 4B and the public key data K of the content provider 101 shown in FIG._CPAnd signature data SIG_{1, ESC}Are stored in the secure container database 118a, and then output to the SAM management unit 124 in response to a request from the user.
Thus, in this embodiment, the public key data K of the content provider 101_{CP, P}Public key certificate CER_CPAn in-band method is used in which the data is stored in the secure container 104 and transmitted to the user home network 103. Therefore, the user home network 103 is responsible for the public key certificate CER._CPIt is not necessary to perform communication with the EMD service center 102 for obtaining data.
In the present invention, the public key certificate CER_CPIs stored in the secure container 104, and the user home network 103 receives the public key certificate CER from the EMD service center 102._CPAn out-of-band method for obtaining
[0050]
The mutual authentication unit 120 performs mutual authentication between the EMD service center 102 and the user home network 103, respectively, when the content provider 101 transmits and receives data online between the EMD service center 102 and the user home network 103. Session key data (shared key) K_SESIs generated. Session key data K_SESIs newly generated every time mutual authentication is performed.
[0051]
The encryption / decryption unit 121 transmits the data that the content provider 101 transmits online to the EMD service center 102 and the user home network 103 using the session key data K_SESEncrypt using.
Also, the encryption / decryption unit 121 converts the data received by the content provider 101 from the EMD service center 102 and the user home network 103 online into session key data K_SESDecode using
[0052]
The rights document data creation unit 122 creates the rights document data 106 and outputs it to the encryption unit 116.
The rights document data 106 is a descriptor that defines an operation rule for the content data C. For example, the standard retail price SRP (Suggested Retailer 'Price) desired by the operator of the content provider 101 or the content data C Duplication rules are described.
[0053]
The SAM management unit 124 supplies the secure container 104 to the user home network 103 offline and / or online.
When distributing the secure container 104 to the user home network 103 offline using a ROM-type recording medium (media) such as a CD-ROM or DVD (Digital Versatile Disc), the SAM management unit 124 uses distribution key data. KD₁~ KD₆For example, the secure container 104 is encrypted and recorded on a recording medium. This recording medium is supplied off-line to the user home network 103 by sales or the like.
[0054]
In the present embodiment, the secure container (product capsule) 104 is defined in the application layer in the OSI layer layer as shown in FIG. Further, capsules corresponding to the presentation layer and the transport layer are defined separately from the secure container 104 as a delivery protocol for delivering the secure container. Therefore, the secure container 104 can be defined without depending on the delivery protocol. That is, even when the secure container 104 is supplied to the user home network 103 in any form, for example online or offline, it can be defined and generated according to a common rule.
For example, when the secure container 104 is supplied using a network, the secure container 104 is defined in the area of the content provider 101, and the presentation layer and the transport layer are transported to transport the secure container 104 to the user home network 103. Think of it as a tool.
Further, in the case of offline, the ROM type recording medium is considered as a transport carrier that transports the secure container 104 to the user home network 103.
[0055]
FIG. 6 is a diagram for explaining the ROM type recording medium 130.
As shown in FIG. 6, the ROM type recording medium 130 has a ROM area 131, a RAM area 132, and a medium SAM 133.
The ROM area 131 stores the content file CF shown in FIG.
In the RAM area 132, the key file KF and the public key certificate data CER shown in FIGS._CPAnd recording key data K having a unique value depending on the type of device_STRAnd the signature data, the key file KF and the public key certificate data CER generated using the MAC (Message Authentication Code) function_CPAnd media key data K having a value specific to the recording medium_MEDThe data encrypted using is stored.
Further, the RAM area 132 includes, for example, the content provider 101 and the SAM 105 that have become invalid due to fraud.₁~ 105_FivePublic key certificate revocation data (revocation list) for identifying
Further, the RAM area 132 has a SAM 105 of the user home network 103 as will be described later.₁~ 105_FourThe usage control state (UCS) data 166 generated when the purchase / usage mode of the content data C is determined in FIG. As a result, the usage control state data 166 is stored in the RAM area 132, so that the ROM type recording medium 130 whose purchase / use mode is determined is obtained.
The media SAM 133 includes, for example, a media ID that is an identifier of the ROM type recording medium 130 and media key data K._MEDIs stored.
The media SAM 133 has, for example, a mutual authentication function.
[0056]
When the secure container 104 is distributed online to the user home network 103 using a network or digital broadcasting, the SAM management unit 124 uses the session key data K in the encryption / decryption unit 121._SESAfter the secure container 104 is encrypted using, it is distributed to the user home network 103 via the network.
In the present embodiment, as the SAM management unit, EMD service center management unit, content provider management unit, and service provider management unit, which will be described later, for example, internal processing contents cannot be monitored (monitored) and tamper resistant. A communication gateway having the following structure is used.
[0057]
Here, the distribution of the content data C from the content provider 101 to the user home network 103 is performed by using the rights document data 106 both when using the recording medium 130 and when using the network online as described above. A stored common type secure container 104 is used. Therefore, the SAM 105 of the user home network 103₁~ 105_FourThen, the rights processing based on the common rights document data 106 can be performed in both cases of offline and online.
[0058]
As described above, in the present embodiment, in-band that encloses the content data C encrypted with the content key data Kc and the content key data Kc for decrypting the encryption in the secure container 104. The (In-Band) method is adopted. The in-band method is advantageous in that it is not necessary to separately distribute the content key data Kc when the device of the user home network 103 tries to reproduce the content data C, and the load of network communication can be reduced. The content key data Kc is the distribution key data KD.₁~ KD₆Is encrypted with the key data for distribution KD₁~ KD₆Are managed by the EMD service center 102 and the SAM 105 of the user home network 103 is managed.₁~ 105_FiveIn advance (SAM105₁~ 105_FourIs distributed when the EMD service center 102 is accessed for the first time), the user home network 103 can use the content data C offline without connecting to the EMD service center 102 online. become.
Note that the present invention has the flexibility to adopt an out-of-band method in which the content data C and the content key data Kc are separately supplied to the user home network 103.
[0059]
The EMD service center management unit 125 sends the distribution key data KD for six months from the EMD service center 102.₁~ KD₆And signature data SIG corresponding to each_{KD1, ESC}~ SIG_{KD6, ESC}And public key data K of the content provider 101_{CP, P}Public key certificate CER including_CPAnd its signature data SIG_{1, ESC}And the settlement report data 107 are received by the encryption / decryption unit 121 in the session key data K_SESIs stored in the storage unit 119.
The settlement report data 107 describes, for example, the contents of settlement related to the content provider 101 performed by the EMD service center 102 to the settlement organization 91 shown in FIG.
[0060]
The EMD service center management unit 125 also provides a globally unique identifier Content_ID, public key data K of the content data C to be provided._{CP, P}And their signature data SIG_{9, CP}Is transmitted to the EMD service center 102 from the EMD service center 102._{CP, P}Public key certificate data CER_CPEnter.
When the EMD service center management unit 125 registers the rights document data 106 in the EMD service center 102, as shown in FIG. 7A, the globally unique identifier Content_ID, content key data of the content data C to be provided Module Mod storing Kc and rights document data 106_ThreeAnd its signature data SIG_{5, CP}Module for requesting registration of rights₂, And the encryption / decryption unit 121 stores the session key data K_SESIs transmitted to the EMD service center 102 via the network.
As the EMD service center management unit 125, as described above, for example, a communication gateway having a tamper-resistant structure in which internal processing contents cannot be monitored (monitored) and cannot be tampered with.
[0061]
Hereinafter, the flow of processing in the content provider 101 will be described with reference to FIGS. 2 and 3.
In addition, as a premise for performing the processing shown below, the parties related to the content provider 101 perform registration processing with the EMD service center 102 offline using, for example, their identification card and a bank account for performing settlement processing. The globally unique identifier CP_ID is obtained. The identifier CP_ID is stored in the storage unit 119.
[0062]
Thereafter, the content provider 101 sends its private key data K to the EMD service center 102._{CP, S}Public key data K corresponding to_{CP, S}Public key certificate data CER certifying the validity of_CPThe processing when requesting is requested will be described with reference to FIGS.
FIG. 8 is a flowchart of the process.
Step SA1: The content provider 101 generates a random number by using a random number generator 115 composed of, for example, a true random number generator and generates secret key data K_{CP, S}Is generated.
Step SA2: The content provider 101 uses the secret key data K_{CP, S}Public key data K corresponding to_{CP, P}Is stored in the storage unit 119.
Step SA3: The EMD service center management unit 125 of the content provider 101 determines the identifier CP_ID and the public key data K of the content provider 101._{CP, P}Is read from the storage unit 119.
Then, the EMD service center management unit 125 determines the identifier CP_ID and the public key data K_{CP, P}Is sent to the EMD service center 102.
Step SA4: The EMD service center management unit 125 responds to the issue request with the public key certificate data CER._CPAnd its signature data SIG_{1, ESC}Is input from the EMD service center 102 and written in the storage unit 119.
[0063]
Hereinafter, a process in which the content provider 101 receives distribution key data from the EMD service center 102 will be described with reference to FIG.
As a premise for performing the following processing, the content provider 101 has already received the public key certificate data CER from the EMD service center 102._CPIt is necessary to have obtained.
The EMD service center management unit 125 distributes key data KD for six months from the EMD service center 102.₁~ KD_ThreeAnd its signature data SIG_{KD1, ESC}~ SIG_{KD6, ESC}Is stored in a predetermined database in the storage unit 119.
Then, in the signature processing unit 117, the signature data SIG stored in the storage unit 119 is stored._{KD1, ESC}~ SIG_{KD6, ESC}Is confirmed, and the distribution key data KD stored in the storage unit 119 is confirmed.₁~ KD₆Is treated as valid.
[0064]
Hereinafter, the content provider 101 uses the SAM 105 of the user home network 103.₁A process for transmitting the secure container 104 will be described with reference to FIGS.
FIG. 9 is a flowchart of the process.
In the following example, the content provider 101 to the SAM 105₁The secure container 104 is transmitted to the SAM 105 as an example.₂~ 105_FourEven when transmitting to SAM105₁SAM105 via₂~ 105_FourIs the same except that
[0065]
Step SB1: The content data S111 is read from the content master source server 111 and output to the digital watermark information adding unit 112.
The digital watermark information adding unit 112 embeds digital watermark information in the content data S111 to generate the content data S112, and outputs this to the compression unit 113.
Step SB2: The compression unit 113 compresses the content data S112 by, for example, the ATRAC3 method to create content data S113, and outputs this to the encryption unit 114.
[0066]
Step SB3: The random number generation unit 115 generates a random number to generate content key data Kc, and outputs this to the encryption unit 114.
[0067]
Step SB4: The encryption unit 114 encrypts the content data S113, the metadata Meta and the A / V decompression software Soft read from the storage unit 119 using the content key data Kc, and creates a secure container creation unit It outputs to 118. In this case, the metadata Meta need not be encrypted.
Then, the secure container creation unit 118 creates the content file CF shown in FIG. In addition, the signature processing unit 117 obtains the hash value of the content file CF, and the secret key data K_{CP, S}Using the signature data SIG_{6, CP}Is generated.
[0068]
Step SB5: The signature processing unit 117 takes a hash value for each of the content data C, the content key data Kc, and the rights document data 106, and the secret key data K_{CP, S}The signature data SIG indicating the validity of the creator (provider) of each data using_{2, CP}, SIG_{3, CP}, SIG_{4, CP}Create
The encryption unit 116 also includes the content key data Kc, the rights document data 106, the SAM program download container SD shown in FIG.₁~ SD_ThreeAnd signature / certificate module Mod₁, Distribution key data KD for the corresponding period₁~ KD_ThreeIs encrypted and output to the secure container creation unit 118.
Then, the secure container creation unit 118 creates the key file KF shown in FIG.
In addition, the signature processing unit 117 takes the hash value of the key file KF and uses the secret key data K_{CP, S}Using the signature data SIG_{7, CP}Create
[0069]
Step SB6: The secure container creation unit 118 displays the content file CF and its signature data SIG shown in FIG._{6, CP}And the key file KF and its signature data SIG shown in FIG._{7, CP}And public key certificate data CER shown in FIG._CPAnd its signature data SIG_{1, ESC}Are stored in the secure container database 118a.
Step SB7: The secure container creation unit 118 reads, for example, the secure container 104 to be provided to the user home network 103 in response to a request from the user from the secure container database 118a, and the mutual authentication unit 120 and the SAM 105₁Key data K obtained by mutual authentication with_SESIs encrypted in the encryption / decryption unit 121 and then the SAM 105 of the user home network 103 via the SAM management unit 124.₁Send to.
[0070]
Hereinafter, processing when the content provider 101 requests the EMD service center 102 to register and authorize the rights document data 106 and the content key data Kc will be described with reference to FIG.
The authority request processing for the rights document data 106 and the content key data Kc is performed for each content data C.
[0071]
In this case, in the signature processing unit 117, a module Mod composed of the globally unique identifier Content_ID of the content data C read from the storage unit 119, the content key data Kc, and the title data 106 input from the title data creation unit 122._ThreeHash value of the private key data K_{CP, S}Using the signature data SIG_{5, CP}Is generated.
The right registration request module Mod shown in FIG.₂Session key data K obtained by mutual authentication between the mutual authentication unit 120 and the EMD service center 102._SESIs encrypted in the encryption / decryption unit 121, and then transmitted from the EMD service center management unit 125 to the EMD service center 102.
[0072]
In the present embodiment, after authorizing the rights document data 106 and the content key data Kc in the EMD service center 102, the authorizing certificate module for certifying that the content provider 101 has been authorized from the EMD service center 102 is not received. Case, that is, distribution key data KD in the content provider 101₁~ KD₆An example in which the key file KF is created by performing encryption using, will be described.
However, in the present invention, for example, after the EMD service center 102 authorizes the rights document data 106 and the content key data Kc, the EMD service center 102 sends the content key data KD to the content provider 101.₁~ KD₆The authority certificate module Mod shown in FIG._2aMay be sent.
Authoritative certificate module Mod_2aIs a module Mod that stores the globally unique identifier Content_ID of the content data C, the content key data Kc, and the rights document data 106 input from the rights data creation unit 122._3aAnd secret key data K_{ESC, S}Module Mod using_3aSignature data SIG_{5a, ESC}And store.
In this case, the content provider 101, for example, includes the authority certificate module Mod in the secure container 104._2aSAM105₁~ 105_FourTo be distributed.
The EMD service center 102 provides the distribution key data KD corresponding to different months.₁~ KD₆6 months authoritative certificate module Mod encrypted using_2aMay be generated and sent to the content provider 101 together.
[0073]
[EMD service center 102]
The EMD service center 102 has an authentication (CA: Certificate Authority) function, a key management function, and a rights processing (profit sharing) function.
FIG. 10 is a functional configuration diagram of the EMD service center 102.
As shown in FIG. 10, the EMD service center 102 includes a key server 141, a key database 141a, a settlement processing unit 142, a signature processing unit 143, a settlement organization management unit 144, a certificate / rights certificate management unit 145, a CER database 145a, The content provider management unit 148, the CP database 148a, the SAM management unit 149, the SAM database 149a, the mutual authentication unit 150, and the encryption / decryption unit 151 are included.
FIG. 10 shows a data flow related to data transmitted to and received from the content provider 101 among the data flows between the functional blocks in the EMD service center 102.
FIG. 11 shows the SAM 105 out of the data flow between the functional blocks in the EMD service center 102.₁~ 105_FourThe flow of data related to data transmitted to and received from the clearing house 91 shown in FIG. 1 is shown.
[0074]
The key server 141 reads the distribution key data stored in the key database 141a and each has a validity period of one month in response to a request, and outputs it to the content provider management unit 148 and the SAM management unit 149.
In addition to the key database 141a distribution key data KD, the recording key data K_STR, Media key data K_MEDAnd MAC key data K_MACIt consists of a series of key data that stores key data.
[0075]
The settlement processing unit 142 is SAM105₁~ 105_FourThe settlement processing is performed based on the usage history data 108 input from, the standard retail price data SRP and the sales price input from the certificate / rights document management unit 145, and the settlement report data 107 and the settlement claim data 152 are generated. The settlement report data 107 is output to the content provider management unit 148, and the settlement request data 152 is output to the settlement organization management unit 144.
The settlement processing unit 142 monitors whether an illegal dumping price transaction has been performed based on the sales price.
Here, the usage history data 108 indicates the history of purchase and usage (playback, recording, transfer, etc.) of the secure container 104 in the user home network 103, and payment of a license fee related to the secure container 104 in the settlement processing unit 142. Used when determining the amount.
[0076]
The usage history data 108 includes, for example, the identifier Content_ID of the content data C stored in the secure container 104, the identifier CP_ID of the content provider 101 that has distributed the secure container 104, the compression method of the content data C in the secure container 104, the secure container SAM 105 that has received the distribution of the identifier Media_ID of the recording medium 104 and the secure container 104₁~ 105_FourIdentifier SAM_ID of the SAM 105₁~ 105_FourUSER_ID of the user is described. Therefore, when the EMD service center 102 needs to distribute money paid by the user of the user home network 103 to the license owner such as the compression method or the recording medium in addition to the owner of the content provider 101. Determines an amount to be paid to each partner based on a predetermined distribution rate table, and creates settlement report data 107 and settlement claim data 152 according to the determination. The distribution ratio table is created for each content data stored in the secure container 104, for example.
Further, the payment request right data 152 is authoritative data that can request payment of money from the payment agency 91 based on the data. For example, when the money paid by the user is distributed to a plurality of right holders. Is created for each individual right holder.
When the settlement is completed, the settlement organization 91 sends a usage statement of the settlement organization to the EMD service center 102. The EMD service center 102 notifies the corresponding right holder of the contents of the usage statement.
[0077]
The settlement organization management unit 144 transmits the settlement request right data 152 generated by the settlement processing unit 142 to the settlement organization 91 via the payment gateway 90 shown in FIG.
As will be described later, the account settlement organization management unit 144 transmits the settlement claim data 152 to the right holder such as the content provider 101, and the right holder himself uses the settlement claim right data 152 received. You may make a payment.
In addition, the settlement organization management unit 144 takes the hash value of the settlement claim data 152 in the signature processing unit 143, and uses the secret key data K_{ESC, S}Signature data SIG generated using₉₉Is transmitted to the settlement institution 91 together with the settlement claim data 152.
[0078]
The certificate / rights certificate management unit 145 stores the authorized public key certificate data CER registered in the CER database 145a._CPAnd public key certificate data CER_SAM1~ CER_SAM4And the rights document data 106 and the content key data Kc of the content provider 101 are registered in the CER database 145a to be authoritative.
Public key certificate data CER_SAM1~ CER_SAM4, A right document data 106 and content key data Kc may be provided separately.
At this time, the certificate / rights management unit 145 takes, for example, hash values of the rights data 106 and the contents key data Kc, and the secret key data K_{ESC, S}Create each authorized certificate data with signature data using.
[0079]
The content provider management unit 148 has a function of communicating with the content provider 101, and can access the CP database 148a that manages the identifier CP_ID and the like of the registered content provider 101.
[0080]
The SAM management unit 149 is a SAM 105 in the user home network 103.₁~ 105_FourThe SAM database 149a in which the registered SAM identifier SAM_ID, the SAM registration list, and the like are recorded can be accessed.
[0081]
Hereinafter, the flow of processing in the EMD service center 102 will be described.
First, the SAM 105 in the content provider 101 and the user home network 103 is sent from the EMD service center 102.₁~ 105_FourThe flow of processing when transmitting the distribution key data to will be described with reference to FIGS.
As shown in FIG. 10, the key server 141, for example, for six months of distribution key data KD every predetermined period.₁~ KD₆Is read from the key database 141 a and output to the content provider management unit 148.
In addition, the signature processing unit 143 receives the distribution key data KD.₁~ KD₆And the secret key data K of the EMD service center 102_{ESC, S}And corresponding signature data SIG_{KD1, ESC}~ SIG_{KD6, ESC}Is output to the content provider management unit 148.
The content provider management unit 148 sends the distribution key data KD for 6 months.₁~ KD₆And their signature data SIG_{KD1, ESC}~ SIG_{KD6, ESC}Session key data K obtained by mutual authentication between the mutual authentication unit 150 and the mutual authentication unit 120 shown in FIG._SESIs transmitted to the content provider 101.
[0082]
Also, as shown in FIG. 11, the key server 141 is, for example, three months worth of distribution key data KD every predetermined period.₁~ KD_ThreeIs read from the key database 141 a and output to the SAM management unit 149.
In addition, the signature processing unit 143 receives the distribution key data KD.₁~ KD_ThreeAnd the secret key data K of the EMD service center 102_{ESC, S}And corresponding signature data SIG_{KD1, ESC}~ SIG_{KD3, ESC}Is output to the SAM management unit 149.
The SAM management unit 149 sends the distribution key data KD for three months.₁~ KD_ThreeAnd their signature data SIG_{KD1, ESC}~ SIG_{KD3, ESC}The mutual authentication unit 150 and the SAM 105₁~ 105_FourKey data K obtained by mutual authentication_SESAfter encrypting using SAM105₁~ 105_FourSend to.
[0083]
Hereinafter, the EMD service center 102 receives the public key certificate data CER from the content provider 101._CPThe processing in the case where the issuance request is received will be described with reference to FIGS.
FIG. 12 is a flowchart of the process.
Step SC1: The content provider management unit 148 determines the identifier CP_ID of the content provider 101, the public key data K_{CP, P}And signature data SIG_{9, CP}When the public key certificate data issuance request including the content key is received from the content provider 101, the session key data K obtained by the mutual authentication between the mutual authentication unit 150 and the mutual authentication unit 120 shown in FIG._SESDecode using
Step SC2: The decrypted signature data SIG_{9, CP}After the signature processing unit 143 confirms the validity of the identifier CP_ID and the public key data K_{CP, P}Based on the above, it is confirmed whether or not the content provider 101 that issued the public key certificate data issuance request is registered in the CP database 148a.
[0084]
Step SC3: The certificate / rights certificate management unit 145 sets the public key certificate data CER of the content provider 101_CPIs read from the CER database 145a and output to the content provider management unit 148.
[0085]
Step SC4: The signature processing unit 143 performs public key certificate data CER_CPAnd the secret key data K of the EMD service center 102_{ESC, S}Using the signature data SIG_{1, ESC}Is output to the content provider management unit 148.
Step SC5: The content provider management unit 148 sets the public key certificate data CER_CPAnd its signature data SIG_{1, ESC}Session key data K obtained by mutual authentication between the mutual authentication unit 150 and the mutual authentication unit 120 shown in FIG._SESIs transmitted to the content provider 101.
[0086]
Hereinafter, the EMD service center 102 is connected to the SAM 105.₁To public key certificate data CER_SAM1The processing when receiving the issuance request will be described with reference to FIGS.
FIG. 13 is a flowchart of the process.
Step SD1: The SAM management unit 149₁Identifier SAM₁_ID, public key data K_{SAM1, P}And signature data SIG_{8, SAM1}A public key certificate data issuance request including SAM105₁Are received from the mutual authentication unit 150 and the SAM 105.₁Key data K obtained by mutual authentication_SESDecode using
[0087]
Step SD2: The decrypted signature data SIG_{8, SAM1}After the signature processing unit 143 confirms the validity of the identifier SAM₁_ID and public key data K_{SAM1, P}The SAM 105 that issued the public key certificate data issue request based on the₁Is registered in the SAM database 149a.
Step SD3: The certificate / rights management unit 145 sends the SAM 105₁Public key certificate data CER_SAM1Is read from the CER database 145a and output to the SAM management unit 149.
[0088]
Step SD4: The signature processing unit 143 uses the public key certificate data CER._SAM1And the secret key data K of the EMD service center 102_{ESC, S}Using the signature data SIG_{50, ESC}Is output to the SAM management unit 149.
Step SD5: The SAM management unit 149 uses the public key certificate data CER_SAM1And its signature data SIG_{50, ESC}The mutual authentication unit 150 and the SAM 105₁Key data K obtained by mutual authentication_SESAfter encrypting using SAM105₁Send to.
SAM105₂~ 105_FourHowever, when the public key certificate data is requested, the target is the SAM 105₂~ 105_FourBasically, the SAM105 described above is simply replaced.₁Is the same as
In the present invention, the EMD service center 102 is, for example, the SAM 105.₁SAM105 at the time of shipment₁Secret key data K_{SAM1, S}And public key data K_{SAM1, P}SAM105₁The public key data K at the time of shipment._{SAM1, P}Public key certificate data CER_SAM1May be created.
At this time, at the time of shipment, the public key certificate data CER_SAM1SAM105₁You may memorize | store in the memory | storage part.
[0089]
Hereinafter, processing when the EMD service center 102 receives a registration request for the rights document data 106 and the content key data Kc from the content provider 101 will be described with reference to FIGS. 10 and 14.
FIG. 14 is a flowchart of the process.
Step SE1: The content provider management unit 148 sends the rights document registration request module Mod shown in FIG.₂Is received, the session key data K obtained by the mutual authentication between the mutual authentication unit 150 and the mutual authentication unit 120 shown in FIG._SESUsing the rights document registration request module Mod₂Is decrypted.
[0090]
Step SE2: Public key data K read from the key database 141a in the signature processing unit 143_cpUsing the signature data SIG_{5, CP}Verify the validity of.
Step SE3: The certificate / rights certificate management unit 145 reads the rights document registration request module Mod.₂The rights document data 106 and content key data Kc stored in the CER database 145a are registered.
[0091]
In the following, processing when the EMD service center 102 performs settlement processing will be described with reference to FIGS. 11 and 15.
FIG. 15 is a flowchart of the process.
Step SF1: The SAM management unit 149, for example, the SAM 105 of the user home network 103₁Usage history data 108 and its signature data SIG_{200, SAM1}Is entered, the usage history data 108 and the signature data SIG_{200, SAM1}The mutual authentication unit 150 and the SAM 105₁Key data K obtained by mutual authentication with_SESSAM105₁Public key data K_SAM1Signature data by SIG_{200, SAM1}Is then output to the settlement processing unit 142.
[0092]
Step SF2: The settlement processing unit 142 uses the usage history data 108 input from the SAM management unit 149 and the standard retail price data included in the certificate of rights data 106 read from the CER database 145a via the certificate / certificate certificate management unit 145. Payment processing is performed based on the SRP and the sales price, and payment request data 152 and payment report data 107 are generated. The payment request data 152 and the payment report data 107 may be generated every time the usage history data 108 is input from the SAM, or may be generated every predetermined period.
Step SF3: The settlement processing unit 142 outputs the settlement claim data 152 to the settlement organization management unit 144.
The settlement organization management unit 144 sets the settlement claim data 152 and its signature data SIG.₉₉, Mutual authentication and session key data K_SESAfter decryption, the data is transmitted to the settlement institution 91 via the payment gateway 90 shown in FIG.
As a result, the amount of money indicated in the settlement claim data 152 is paid to the content provider 101.
The EMD service center 102 may transmit the payment request right data 152 to the content provider 101, and the content provider 101 may charge the payment description 91 using the payment request right data 152.
[0093]
Step SF4: The settlement processing unit 142 outputs the settlement report data 107 to the content provider management unit 148.
As described above, the settlement report data 107 describes, for example, the contents of settlement related to the content provider 101 performed by the EMD service center 102 to the settlement organization 91 shown in FIG.
The content provider management unit 148 uses the session key data K obtained by mutual authentication between the mutual authentication unit 150 and the mutual authentication unit 120 shown in FIG._SESIs transmitted to the content provider 101.
[0094]
Further, as described above, the EMD service center 102 registers (authorizes) the rights document data 106 and then sends the authority certificate module Mod shown in FIG. 7B from the EMD service center 102 to the content provider 101._2aKey data for distribution KD₁~ KD₆You may encrypt and send with.
[0095]
In addition, the EMD service center 102 includes a SAM 105₁~ 105_FourThe process at the time of shipment and the registration process of the SAM registration list are performed, which will be described later.
[0096]
[User home network 103]
As shown in FIG. 1, the user home network 103 includes a network device 160.₁And A / V equipment 160₂~ 160_Fourhave.
Network device 160₁SAM105₁Built in. Also, AV equipment 160₂~ 160_FourRespectively, SAM105₂~ 105_FourBuilt in.
SAM105₁~ 105_FourAre connected via a bus 191 such as an IEEE1394 serial interface bus.
AV equipment 160₂~ 160_FourMay have a network communication function, or may not have a network communication function, and the network device 160 via the bus 191.₁The network communication function may be used.
Further, the user home network 103 may have only AV devices that do not have a network function.
[0097]
Hereinafter, the network device 160₁Will be described.
FIG. 16 Network device 160₁FIG.
As shown in FIG. 16, the network device 160₁SAM105₁, A communication module 162, a decryption / decompression module 163, a purchase / use form determination operation unit 165, a download memory 167, a playback module 169, and an external memory 201.
[0098]
SAM105₁~ 105_FourIs a module that performs charging processing in units of content, and performs communication with the EMD service center 102.
SAM105₁~ 105_FourFor example, specifications and versions are managed by the EMD service center 102, and a license is transferred to a household equipment manufacturer as a black box charging module that charges for each content if desired to be installed. For example, a manufacturer of home appliances uses SAM105₁~ 105_FourThe internal specifications of the IC (Integrated Circuit) cannot be known, and the EMD service center 102 unifies the interface of the IC, and the network device 160 according to it.₁And AV equipment 160₂~ 160_FourMounted on.
[0099]
SAM105₁~ 105_FourThe processing contents are completely shielded from the outside, the processing contents cannot be monitored and tampered from the outside, and the data stored in advance and the data being processed cannot be monitored and tampered from the outside. This is a hardware module (such as an IC module) having tamper resistance.
SAM105₁~ 105_FourWhen the above function is realized in the form of an IC, a secret memory is provided in the IC, and a secret program and secret data are stored therein. The SAM may be defined as a SAM as long as the function can be incorporated into any part of the device without being limited to the physical form of IC.
[0100]
Hereinafter, SAM105₁The function of will be described in detail.
SAM105₂~ 105_FourSAM105₁And has basically the same function.
FIG. 17 shows the SAM 105₁It is a block diagram of the function.
FIG. 17 shows the flow of data related to the process of inputting the secure container 104 from the content provider 101 and decrypting the key file KF in the secure container 104.
As shown in FIG.₁Includes a mutual authentication unit 170, encryption / decryption units 171, 172, 173, content provider management unit 180, error correction unit 181, download memory management unit 182, secure container decryption unit 183, decryption / decompression module management unit 184, EMD The service center management unit 185, the usage monitoring unit 186, the accounting processing unit 187, the signature processing unit 189, the SAM management unit 190, the media SAM management unit 197, the stack (work) memory 200, and the external memory management unit 811.
AV equipment 160₂~ 160_FourDoes not have a download memory 167, so SAM105₂~ 105_FourDoes not have a download memory management unit 182.
[0101]
Note that the SAM 105 shown in FIG.₁The predetermined function is realized, for example, by executing a secret program in a CPU (not shown).
Further, the stack memory 200 stores the usage history data 108 and the SAM registration list as shown in FIG. 18 through the following processing.
Here, the memory space of the external memory 201 is SAM105.₁Cannot be seen from the outside (for example, the host CPU 810), and the SAM 105₁Only can manage access to the storage area of the external memory 201.
As the external memory 201, for example, a flash memory or a ferroelectric memory (FeRAM) is used.
As the stack memory 200, for example, SARAM is used. As shown in FIG. 19, the secure container 104, the content key data Kc, the right document data (UCP) 106, and the lock key data K of the storage unit 192 are used._LOC, Public key certificate CER of content provider 101_CP, Usage control status data (UCS) 166, and SAM program download container SDC₁~ SDC_ThreeEtc. are memorized.
[0102]
Hereinafter, SAM105₁Among these functions, processing contents of each functional block when the secure container 104 is input from the content provider 101 will be described with reference to FIG.
[0103]
The mutual authentication unit 170 is connected to the SAM 105₁Session data (shared key) K by performing mutual authentication between the content provider 101 and the EMD service center 102 when data is transmitted / received online between the content provider 101 and the EMD service center 102._SESIs output to the encryption / decryption unit 171. Session key data K_SESIs newly generated every time mutual authentication is performed.
[0104]
The encryption / decryption unit 171 uses the session key data K generated by the mutual authentication unit 170 to transmit and receive data between the content provider 101 and the EMD service center 102._SESEncrypt / decrypt using.
[0105]
The error correction unit 181 corrects the error of the secure container 104 and outputs it to the download memory management unit 182.
Note that the user home network 103 may have a function of detecting whether or not the secure container 104 has been tampered with.
In this embodiment, the error correction unit 181 is connected to the SAM 105.₁However, the function of the error correction unit 181 is not limited to the SAM 105 such as the host CPU 810, for example.₁You may have it outside.
[0106]
When the download memory 167 includes a media SAM 167a having a mutual authentication function as shown in FIG. 16, the download memory management unit 182 performs mutual authentication between the mutual authentication unit 170 and the media SAM 167a. , The session key data K obtained by mutual authentication using the secure container 104 after error correction._SESAnd is written into the download memory 167 shown in FIG. As the download memory 167, for example, a nonvolatile semiconductor memory such as a memory stick is used.
As shown in FIG. 20, when a memory that does not have a mutual authentication function such as an HDD (Hard Disk Drive) is used as the download memory 211, the download memory 211 is not secure, so the content file CF is downloaded. The key file KF with high confidentiality is downloaded to the memory 211, for example, to the stack memory 200 shown in FIG.
[0107]
The secure container decryption unit 183 reads the key file KF stored in the secure container 104 input from the download memory management unit 182 from the storage unit 192 and the distribution key data KD for the corresponding period.₁~ KD_ThreeThe signature processing unit 189 decrypts the signature data SIG_{2, CP}~ SIG_{4, CP}, I.e., the author of the content data C, the content key data Kc, and the copyright document data 106 is confirmed, and then written into the stack memory 200.
[0108]
The EMD service center management unit 185 manages communication with the EMD service center 102 shown in FIG.
[0109]
The signature processing unit 189 reads the public key data K of the EMD service center 102 read from the storage unit 192._{ESC, P}And public key data K of the content provider 101_{CP, P}Is used to verify the signature data in the secure container 104.
[0110]
The storage unit 192 includes the SAM 105₁As secret data that cannot be read and rewritten from outside, distribution key data KD as shown in FIG.₁~ KD_Three, SAM_ID, user ID, password, information reference ID, SAM registration list, recording key data K_STR, Root CA public key data K_{R-CA, P}, EMD service center 102 public key data K_{ESC, P}, Media key data K_MED, EMD service center 102 public key data K_{ESC, P}, SAM105₁Secret key data K_{SAM1, S}, SAM105₁Public key data K_{SAM1, P}Public key certificate CER containing_SAM1, EMD service center 102 private key data K_{ESC, S}Public key certificate CER using_EscSignature data SIG_{twenty two}The original key data for mutual authentication with the decryption / decompression module 163 and the original key data for mutual authentication with the media SAM are stored.
The storage unit 192 stores a secret program for realizing at least a part of the functions shown in FIG.
As the storage unit 192, for example, a flash-EEPROM (Electrically Erasable Programmable RAM) is used.
[0111]
Hereinafter, SAM105₁The flow of processing when the secure container 104 is input from the content provider 101 will be described.
First, the distribution key data KD received from the EMD service center 102₁~ KD_ThreeIs stored in the storage unit 192.₁The flow of the process will be described with reference to FIG.
In this case, first, mutual authentication is performed between the mutual authentication unit 170 and the mutual authentication unit 150 shown in FIG.
Next, the session key data K obtained by the mutual authentication_SESKey data KD for 3 months encrypted with₁~ KD_ThreeAnd its signature data SIG_{KD1, ESC}~ SIG_{KD3, ESC}Is written from the EMD service center 102 to the stack memory 811 via the EMD service center management unit 185.
Next, in the encryption / decryption unit 171, the session key data K_SESUsing the key data for distribution KD₁~ KD_ThreeAnd its signature data SIG_{KD1, ESC}~ SIG_{KD3, ESC}Is decrypted.
Next, in the signature processing unit 189, the signature data SIG stored in the stack memory 811 is stored._{KD1, ESC}~ SIG_{KD3, ESC}After confirming the validity of the distribution key data KD₁~ KD_ThreeIs written in the storage unit 192.
[0112]
Hereinafter, the SAM 105 when the secure container 104 is input from the content provider 101 and the key file KF in the secure container 104 is decrypted.₁The flow of the process will be described with reference to FIGS.
FIG. 22 is a flowchart of the process.
Step SG1: SAM105 shown in FIG.₁Mutual authentication is performed between the mutual authentication unit 170 and the mutual authentication unit 120 shown in FIG.
The encryption / decryption unit 171 uses the session key data K obtained by the mutual authentication._SESIs used to decrypt the secure container 104 received from the content provider 101 via the content provider management unit 180.
[0113]
Step SG2: The signature processing unit 189 performs signature data SIG shown in FIG._{1, ESC}After the verification of the public key certificate data CER shown in FIG._CPPublic key data K of content provider 101 stored in_{CP, P}Using the signature data SIG_{6, CP}, SIG_{7, CP}Check the validity of.
The content provider management unit 180 uses the signature data SIG_{6, CP}, SIG_{7, CP}Is confirmed, the secure container 104 is output to the error correction unit 181.
The error correction unit 181 corrects the error in the secure container 104 and then outputs the error to the download memory management unit 182.
[0114]
Step SG3: The download memory management unit 182 performs mutual authentication between the mutual authentication unit 170 and the media SAM 167a shown in FIG. 16, and then writes the secure container 104 into the download memory 167.
[0115]
Step SG4: The download memory management unit 182 performs mutual authentication between the mutual authentication unit 170 and the medium SAM 167a shown in FIG. 16, and then stores the key file KF shown in FIG. Read from the download memory 167 and output to the secure container decryption unit 183.
Then, the secure container decryption unit 183 receives the distribution key data KD for the corresponding period input from the storage unit 192.₁~ KD_ThreeIs used to decrypt the key file KF, and the signature / certificate module Mod shown in FIG.₁Signature data SIG stored in_{1, ESC}, SIG_{2, CP}~ SIG_{4, CP}Is output to the signature processing unit 189.
[0116]
Step SG5: The signature processing unit 189 performs signature data SIG shown in FIG._{1, ESC}After the verification of the public key certificate data CER shown in FIG._CPPublic key data K stored in_{ESC, P}Using the signature data SIG_{2, CP}~ SIG_{4, CP}Perform verification. As a result, the validity of the creator of the content data C, the content key data Kc, and the title data 106 is verified.
[0117]
Step SG6: The secure container decrypting unit 183 signing data SIG_{2, CP}~ SIG_{4, CP}Is confirmed, the key file KF is written into the stack memory 200.
[0118]
Hereinafter, processing contents of each functional block related to processing for using / purchasing the content data C downloaded to the download memory 167 will be described with reference to FIG.
[0119]
The usage monitoring unit 186 reads the rights document data 106 and the usage control status data 166 from the stack memory 200, and purchases / uses the content within the range permitted by the read rights documentation data 106 and the usage control status data 166. To be monitored.
Here, the rights document data 106 is stored in the key file KF shown in FIG. 4B stored in the stack memory 200 after decryption, as described with reference to FIG.
Further, the usage control state data 166 is stored in the stack memory 200 when the purchase mode is determined by the user, as will be described later.
[0120]
The billing processing unit 187 creates usage history data 108 corresponding to the operation signal S165 from the purchase / usage mode determination operation unit 165 shown in FIG.
Here, as described above, the usage history data 108 describes the history of the purchase and usage mode of the secure container 104 by the user. In the EMD service center 102, the settlement processing according to the purchase of the secure container 104 and Used when deciding to pay a license fee.
[0121]
Further, the billing processing unit 187 notifies the user of the sales price or the standard retail price data SRP read from the stack memory 200 as necessary.
Here, the sales price and the standard retail price data SRP are stored in the right document data 106 of the key file KF shown in FIG. 4B stored in the stack memory 200 after decryption.
The billing process by the billing processing unit 187 is performed based on the right contents such as the use permission condition indicated by the right document data 106 and the usage control state data 166 under the monitoring of the usage monitoring unit 186. That is, the user purchases and uses the content within a range according to the content of the right.
[0122]
In addition, the accounting processing unit 187 generates usage control status (UCS) data 166 describing the content purchase mode by the user based on the operation signal S 165, and writes this in the stack memory 200.
Examples of the content purchase mode include purchase purchase without restriction on reproduction by the purchaser and duplication for use by the purchaser, and reproduction charge for charging each time reproduction is performed.
Here, the usage control state data 166 is generated when the user decides the purchase mode of the content, and thereafter, the user uses the content within the range permitted by the decided purchase mode. Used to do. The usage control state data 166 describes the content ID, purchase mode, price corresponding to the purchase mode, SAM_ID of the SAM that purchased the content, USER_ID of the user who performed the purchase, and the like.
[0123]
In the case where the determined purchase form is regenerative charging, for example, the SAM 105₁The usage control status data 166 is transmitted from the content provider 101 to the content provider 101 in real time simultaneously with the purchase of the content data C. The content provider 101 sends the usage history data 108 to the EMD service center 102 within a predetermined period.₁I will tell you to go.
Further, when the determined purchase form is a buyout, for example, the usage control state data 166 is transmitted to both the content provider 101 and the EMD service center 102 in real time. Thus, in this embodiment, in any case, the usage control state data 166 is transmitted to the content provider 101 in real time.
[0124]
The EMD service center management unit 185 transmits the usage history data 108 read from the external memory 201 via the external memory management unit 811 to the EMD service center 102.
At this time, the EMD service center management unit 185 uses the secret key data K in the signature processing unit 189._{SAM1, s}The signature data SIG of the usage history data 108 using_{200, SAM1}Create signature data SIG_{200, SAM1}Is transmitted to the EMD service center 102 together with the usage history data 108.
The usage history data 108 may be transmitted to the EMD service center 102 in response to a request from the EMD service center 102 or periodically, and the amount of history information included in the usage history data 108 is predetermined. You may go when it becomes above. The amount of information is determined according to the storage capacity of the external memory 201, for example.
[0125]
For example, the content data C read from the download memory 167 and the stack memory 200 when the content reproduction operation is performed in response to the operation signal S165 from the purchase form determination operation unit 165 shown in FIG. The content key data Kc read from the information and the user digital watermark information data 196 input from the charging processing unit 187 are output to the decryption / decompression module management unit 184.
The decryption / decompression module management unit 184 also reads the content file CF read from the download memory 167 when the content audition operation is performed in response to the operation signal S165 from the purchase form determination operation unit 165 shown in FIG. The content key data Kc and the semi-disclosure parameter data 199 read from the stack memory 200 are output to the decryption / decompression module management unit 184.
[0126]
Here, the semi-disclosure parameter data 199 is described in the rights document data 106 and indicates the handling of the content in the trial listening mode. Based on the semi-disclosure parameter data 199, the decryption / decompression module 163 can reproduce the encrypted content data C in a semi-disclosure state. As a semi-disclosure method, for example, the decryption / decompression module 163 uses the processing of data (signal) in units of a predetermined block, and decrypts the content key data Kc using the semi-disclosure parameter data 199. There are blocks that specify blocks to be performed and blocks that are not to be decoded, limit playback functions at the time of audition, limit the period during which audition is possible, and the like.
[0127]
Hereinafter, SAM105₁The flow of processing within will be described.
First, the flow of processing until the purchase form of the secure container 104 downloaded from the content provider 101 to the download memory 167 is determined will be described with reference to FIGS.
FIG. 24 is a flowchart of the process.
Step SH1: In the billing processing unit 187, it is determined whether or not the operation signal S165 indicating the trial listening mode is generated by the operation of the purchase / usage mode determination operation unit 165 shown in FIG. 16 by the user. If so, the process of step SH2 is performed, and if not, the process of step SH3 is performed.
[0128]
Step SH2: The accounting processing unit 187 outputs, for example, the content file CF stored in the download memory 167 to the decryption / decompression module 163 shown in FIG. 16 via the decryption / decompression module management unit 184.
At this time, for the content file CF, the mutual authentication between the mutual authentication unit 170 and the media SAM 167a and the session key data K_SESEncryption / decryption by the authentication, mutual authentication between the mutual authentication unit 170 and the mutual authentication unit 220, and session key data K_SESEncryption / decryption is performed by.
The content file CF is decrypted by the decryption unit 221 shown in FIG.
[0129]
Further, the content key data Kc and the semi-disclosure parameter data 199 read from the stack memory 200 are output to the decryption / decompression module 163 shown in FIG. At this time, after the mutual authentication between the mutual authentication unit 170 and the mutual authentication unit 220, the session key data K for the content key data Kc and the semi-disclosure parameter data 199 is obtained._SESEncryption and decryption are performed according to the above.
Next, the decrypted semi-disclosure parameter data 199 is output to the semi-disclosure processing unit 225. Under the control of the semi-disclosure processing unit 225, the decryption of the content data C using the content key data Kc by the decryption unit 222 is semi-disclosure. Done in
Next, the content data C decrypted by the semi-disclosure is decompressed by the decompression unit 223 and then output to the digital watermark information processing unit 224.
Next, after the user digital watermark information data 196 is embedded in the content data C in the digital watermark information processing unit 224, the content data C is reproduced in the reproduction module 169, and sound corresponding to the content data C is output.
[0130]
Step SH3: When the user operates the purchase / use form determining operation unit 165 to determine the purchase form, an operation signal S165 indicating the determined purchase form is output to the billing processing unit 187.
Step SH4: The charge processing unit 187 generates usage history data 108 and usage control state data 166 according to the determined purchase form, and the usage history data 108 is written to the external memory 201 via the external memory management unit 811. At the same time, usage control state data 166 is written into the stack memory 200.
Thereafter, the usage monitoring unit 186 controls (monitors) the content to be purchased and used within the range permitted by the usage control state data 166.
[0131]
Step SH5: The usage control state data 166 is added to the key file KF stored in the stack memory 200, and the new key file KF shown in FIG.₁Is generated. Key file KF₁Is stored in the stack memory 200.
As shown in FIG. 29B, the key file KF₁The usage control state data 166 stored in the storage key data K_STRIs encrypted using the DES CBC mode. In addition, the storage key data K_STRMAC, which is the MAC value generated using MAC as key data₃₀₀Is attached. Also, the usage control status data 166 and the MAC₃₀₀The module consisting of the media key data K_MEDIs encrypted using the DES CBC mode. In addition, the module includes the media key data K_MEDMAC, which is the MAC value generated using MAC as key data₃₀₁Is attached.
[0132]
Hereinafter, the flow of processing when the content data C for which the purchase form stored in the download memory 167 has already been determined is reproduced will be described with reference to FIGS. 23 and 25. FIG.
FIG. 25 is a flowchart of the process.
Step SI1: The billing processing unit 187 inputs an operation signal S165 designating content to be played in response to an operation by the user.
Step SI2: The charging processing unit 187 reads the content file CF stored in the download memory 167 based on the operation signal S165 under the monitoring of the usage monitoring unit 186.
[0133]
Step SI3: The read content file CF is output to the decryption / decompression module 163 shown in FIG. At this time, mutual authentication is performed between the mutual authentication unit 170 shown in FIG. 23 and the mutual authentication unit 220 of the decryption / decompression module 163 shown in FIG.
Further, the content key data Kc read from the stack memory 200 is output to the decryption / decompression module 163.
[0134]
Step SI4: The decryption unit 222 of the decryption / decompression module 163 performs decryption of the content file CF using the content key data Kc and decompression processing by the decompression unit 223, and the reproduction module 169 reproduces the content data C. The
Step SI5: The usage history data 108 stored in the external memory 201 is updated by the accounting processing unit 187 in response to the operation signal S165.
After the usage history data 108 is read from the external memory 201, it is subjected to mutual authentication and the signature data SIG via the EMD service center management unit 185._{200, SAM1}At the same time, it is transmitted to the EMD service center 102.
[0135]
Hereinafter, for example, as shown in FIG.₁The content file CF and the key file KF that have already been downloaded and downloaded to the download memory 167 of the AV device 160 via the bus 191.₂SAM105₂When transferring to SAM105₁The flow of the process will be described with reference to FIGS.
FIG. 28 is a flowchart of the process.
Step SJ1: The user operates the purchase / use form determination operation unit 165 to download predetermined content stored in the download memory 167 to the AV device 160.₂The operation signal S165 corresponding to the operation is output to the billing processing unit 187.
Thereby, the billing processing unit 187 updates the usage history data 108 stored in the external memory 201 based on the operation signal S165.
[0136]
Step SJ2: The download memory management unit 182 outputs the content file CF shown in FIG. 29A read from the download memory 167 to the SAM management unit 190.
Step SJ3: The key file KF shown in FIG. 29B read from the stack memory 200₁Is output to the signature processing unit 189 and the SAM management unit 190.
Step SJ4: The signature processing unit 189 reads the key file KF read from the stack memory 200.₁Signature data SIG_{42, SAM1}Is output to the SAM management unit 190.
In addition, the SAM management unit 190 stores the public key certificate data CER shown in FIG._SAM1And its signature data SIG_{22, ESC}Is read.
[0137]
Step SJ5: The mutual authentication unit 170 executes the SAM 105₂Key data K obtained by performing mutual authentication with_SESIs output to the encryption / decryption unit 171.
The SAM management unit 190 creates a new secure container including the data shown in FIGS. 29 (A), (B), and (C).
Step SJ6: In the encryption / decryption unit 171, the session key data K_SESAfter encryption using the AV device 160 shown in FIG.₂SAM105₂Output to.
At this time, SAM105₁And SAM105₂In parallel with the mutual authentication between the two, the mutual authentication of the bus 191 that is an IEEE 1394 serial bus is performed.
[0138]
Hereinafter, as shown in FIG.₁SAM 105 when writing a content file CF or the like input from a RAM type recording medium (media)₂The flow of the process will be described with reference to FIGS. 30 and 31. FIG.
FIG. 31 is a flowchart of the process.
[0139]
Step SK1: SAM105₂As shown in FIG. 26, the SAM management unit 190 in FIG. 26 includes the content file CF shown in FIG. 29A and the key file KF shown in FIG.₁And its signature data SIG_{42, SAM1}And public key signature data CER shown in FIG._SAM1And its signature data SIG_{22, ESC}And the network device 160₁SAM105₁Enter from.
Then, in the encryption / decryption unit 171, the content file CF input by the SAM management unit 190 and the key file KF₁And its signature data SIG_{42, SAM1}And public key signature data CER_SAM1And its signature data SIG_{22, ESC}The mutual authentication unit 170 and the SAM 105₁Key data K obtained by mutual authentication with the mutual authentication unit 170_SESIs decrypted using.
Next, session key data K_SESKey file KF decrypted using₁And its signature data SIG_{42, SAM1}And public key signature data CER_SAM1And its signature data SIG_{22, ESC}Are written in the stack memory 200.
[0140]
Step SK2: The signature processing unit 189 reads the signature data SIG read from the stack memory 200_{22, ESC}Public key data K read from the storage unit 192_{ESC, P}Using public key certificate data CER_SAM1Check the validity of.
Then, the signature processing unit 189 receives the public key certificate data CER_SAM1Confirm the validity of the public key certificate data CER_SAM1Public key data K stored in_{SAM1, P}Using the signature data SIG_{42, SAM1}Confirm the legitimacy of
Next, the signature data SIG_{42, SAM1}Legitimacy, ie key file KF₁Is confirmed, the key file KF shown in FIG.₁Is read from the stack memory 200 and output to the encryption / decryption unit 173.
In this example, the key file KF₁I mentioned the case where the creator and sender are the same, but the key file KF₁If the creator and sender of the key are different, the key file KF₁The signature data of the creator, the sender, and the signature data are created, and the signature processing unit 189 verifies the validity of both signature data.
[0141]
Step SK3: The encryption / decryption unit 173 reads the recording key data K read from the storage unit 192._STR, Media key data K_MEDAnd purchaser key data K_PINKey file KF using₁Are sequentially encrypted and output to the media SAM management unit 197.
Media key data K_MEDAre stored in advance in the storage unit 192 by mutual authentication between the mutual authentication unit 170 shown in FIG. 27 and the medium SAM 252 of the RAM type recording medium 250 shown in FIG.
[0142]
Here, the recording key data K_STRAre, for example, types such as SACD (Super Audio Compact Disc), DVD (Digital Versatile Disc) equipment, CD-R equipment, and MD (Mini Disc) equipment (in this example, AV equipment 160).₂), And is used for one-to-one correspondence between device types and recording medium types. In addition, since the physical structure of the disk medium is the same between SACD and DVD, there are cases where recording / reproduction of the SACD recording medium can be performed using a DVD device. Key data for recording K_STRPlays a role in preventing unauthorized copying in such a case.
[0143]
Media key data K_MEDIs data unique to the recording medium (in this example, the RAM type recording medium 250).
Media key data K_MEDIs stored on the recording medium (in this example, the RAM type recording medium 250 shown in FIG. 26), and the media key data K in the medium SAM of the recording medium._MEDIt is preferable from the viewpoint of security to perform encryption and decryption using. At this time, the media key data K_MEDIs stored in the medium SAM when the medium SAM is mounted on the recording medium, and is managed by the host CPU 810 in the RAM area, for example, when the medium SAM is not mounted on the recording medium. It is stored in the outside area.
Note that, as in this embodiment, the SAM on the device side (in this example, the SAM 105₂) And the media SAM (media SAM 252 in this example), and the media key data K is transmitted via a secure communication path._MEDIs transferred to the SAM on the device side, and the media key data K in the SAM on the device side_MEDEncryption and decryption may be performed using.
In this embodiment, recording key data K_STRAnd media key data K_MEDIs used to protect the physical layer level security of the recording medium.
[0144]
Purchaser key data K_PINIs data indicating the purchaser of the content file CF, and is assigned by the EMD service center 102 to the purchased user, for example, when the content is purchased by purchase. Purchaser key data K_PINAre managed in the EMD service center 102.
[0145]
Step SK4: The media SAM management unit 197 receives the content file CF input from the SAM management unit 190 and the key file KF input from the encryption / decryption unit 173.₁Is output to the recording module 260 shown in FIG.
Then, the recording module 260 receives the content file CF and the key file KF input from the media SAM management unit 197.₁Is written in the RAM area 251 of the RAM type recording medium 250 shown in FIG. In this case, the key file KF₁May be written in the media SAM 252.
[0146]
Hereinafter, when the user home network 303 receives distribution of the ROM type recording medium 130 shown in FIG.₂ The flow of processing when determining the purchase mode will be described with reference to FIGS. 32, 33, 34, and 35. FIG.
Step SL1: AV device 160₂SAM105₂First, mutual authentication is performed between the mutual authentication unit 170 shown in FIG. 33 and the medium SAM 133 of the ROM type recording medium 130 shown in FIG._MEDEnter.
SAM105₂Is media key data K in advance_MED, The input may not be performed.
[0147]
Step SL2: The key file KF and its signature data SIG shown in FIGS. 4B and 4C stored in the secure container 104 recorded in the RAM area 132 of the ROM type recording medium 130_{7, CP}And public key certificate data CER_CPAnd its signature data SIG_{1, ESC}Are input via the media SAM management unit 197 and written into the stack memory 200.
[0148]
Step SL3: In the signature processing unit 189, the signature data SIG_{1, ESC}After confirming the validity of the public key certificate data CER_CPTo public key data K_{CP, P}And this public key data K_{CP, P}Using the signature data SIG_{7, CP}, I.e., the validity of the creator of the key file KF.
[0149]
Step SL4: Signature data SIG in the signature processing unit 189_{7, CP}Is confirmed, the key file KF is read from the stack memory 200 to the secure container decryption unit 183.
Then, in the secure container decryption unit 183, the distribution key data KD for the corresponding period₁~ KD_ThreeIs used to decrypt the key file KF.
[0150]
Step SL5: In the signature processing unit 189, the public key data K_{ESC, P}The signature data SIG stored in the key file KF_{1, ESCM}After confirming the validity of the public key certificate data CER in the key file KF_CPPublic key data K stored in_{CP, P}Using the signature data SIG_{2, CP}~ SIG_{4, CP}, That is, the authors of the content data C, the content key data Kc, and the rights document data 106 are verified.
[0151]
Step SL6: The billing processing unit 187 determines whether or not the operation signal S165 indicating the trial listening mode is generated by the operation of the purchase / use form determination operation unit 165 shown in FIG. 16 by the user. If so, the process of step SL7 is performed, and if not, the process of step SL8 is performed.
[0152]
Step SL7: After performing mutual authentication between the mutual authentication unit 170 shown in FIG. 33 and the decryption / decompression module 163 shown in FIG.₂The decryption / decompression module management unit 184 reads the content key data Kc stored in the stack memory 200 and the semi-disclosure parameter data 199 stored in the rights document data 106 and the ROM area 131 of the ROM type recording medium 130. The content data C is output to the decryption / decompression module 163 shown in FIG. Next, in the decryption / decompression module 163, the content data C is decrypted in the semi-disclosure mode using the content key data Kc, and then decompressed and output to the reproduction module 270. Then, in the reproduction module 270, the content data C from the decryption / decompression module 163 is reproduced in the trial listening mode.
[0153]
Step SL8: The purchase mode of the content is determined by the purchase operation of the purchase mode determination operation unit 165 shown in FIG. 32 by the user, and the operation signal S165 indicating the determined purchase mode is input to the billing processing unit 187.
[0154]
Step SL9: The billing processing unit 187 creates usage control state data 166 according to the operation signal S165, and writes this into the stack memory 200.
In addition, the billing processing unit 187 creates or updates the usage history data 108.
[0155]
Step SL10: The new key file KF shown in FIG. 29B in which the interest control state data 166 is stored in the key file KF shown in FIG. 4B from the stack memory 200 to the encryption / decryption unit 173, for example.₁Is output.
[0156]
Step SL11: The encryption / decryption unit 173 reads the key file KF shown in FIG.₁For the recording key data K read from the storage unit 192_STR, Media key data K_MEDAnd purchaser key data K_PINAre sequentially encrypted using, and output to the media SAM management unit 197.
[0157]
Step SL12: After performing mutual authentication between the mutual authentication unit 170 shown in FIG. 33 and the media SAM 133 shown in FIG. 32, the SAM management unit 197 receives the key file KF input from the encryption / decryption unit 173.₁Is written into the RAM area 132 of the ROM type recording medium 130 or the medium SAM 133 via the recording module 271 shown in FIG.
Thereby, the ROM type recording medium 130 in which the purchase form is determined is obtained.
At this time, the usage control state data 166 and the usage history data 108 generated by the billing processing unit 187 are transmitted to the EMD service center 102 read from the stack memory 200 and the external memory 201, respectively, at a predetermined timing.
[0158]
Hereinafter, as shown in FIG._ThreeThe secure container 104 is read from the ROM-type recording medium 130 whose purchase form has not been determined in FIG.₂To the AV device 160₂FIG. 37 and FIG. 38 are used to explain the flow of processing when the purchase form is determined and written to the RAM type recording medium 250.
FIG. 37 shows the SAM 105_ThreeIt is a flowchart of the said process in.
FIG. 38 shows the SAM 105₂It is a flowchart of the said process in. The transfer of the secure container 104 from the ROM type recording medium 130 to the RAM type recording medium 250 is performed by the network device 160 shown in FIG.₁And AV equipment 160₁~ 160_FourYou may carry out between any of these.
[0159]
Step SM11 (FIG. 37): AV device 160_ThreeSAM105_ThreeAnd the media SAM 133 of the ROM type recording medium 130 are mutually authenticated, and the media key data K of the ROM type recording medium 130 is obtained._MED1SAM105_ThreeForward to.
At this time, similarly, the V device 160₂SAM105₂And the medium SAM 252 of the RAM type recording medium 250 are subjected to mutual authentication, and the media key data K of the RAM type recording medium 250 is obtained._MED2SAM105₂Forward to.
[0160]
Step SM12: SAM105_Three4B and 4C read from the RAM area 132, the key file KF, and the signature data SIG._{7, CP}, Public key certificate data CER_CPAnd its signature data SIG_{1, ESC}In the encryption / decryption unit 172 shown in FIG.₁~ KD_ThreeDecode sequentially using
Next, the content file CF decrypted by the encryption / decryption unit 172 is output to the encryption / decryption unit 171 and the SAM 105_ThreeAnd 105₂Key data K obtained by mutual authentication with_SESAnd then output to the SAM management unit 190.
The key file KF decrypted by the encryption / decryption unit 172 is output to the encryption / decryption unit 171 and the signature processing unit 189.
[0161]
Step SM13: The signature processing unit 189 executes the SAM 105_ThreeSecret key data K_{SAM3, S}Using the signature data SIG of the key file KF_{350, SAM3}Is output to the encryption / decryption unit 171.
[0162]
Step SM14: The encryption / decryption unit 171 reads the SAM 105 read from the storage unit 192._ThreePublic key certificate data CER_SAM3And its signature data SIG_{351, ESC}And the key file KF and its signature data SIG_{350, SAM3}4 and the content file CF shown in FIG. 4A read from the ROM area 131 of the ROM type recording medium 130 are stored in the SAM 105._ThreeAnd 105₂Key data K obtained by mutual authentication with_SESAfter encrypting using the AV device 160 via the SAM management unit 190₂SAM105₂Output to.
[0163]
Step SN1 (FIG. 38): SAM105₂Then, as shown in FIG. 41, the SAM 105 is connected via the SAM management unit 190._ThreeThe content file CF input from the session key data K in the encryption / decryption unit 171_SESIs written into the RAM area 251 of the RAM type recording medium 250 via the media SAM management unit 197.
In addition, the SAM 105 via the SAM management unit 190_ThreeKey file KF and its signature data SIG_{350, SAM3}And public key certificate data CER_SAM3And its signature data SIG_{351, ESC}Are written in the stack memory 200, and then the encryption / decryption unit 171 uses the session key data K_SESIs decrypted using.
[0164]
Step SN2: The decrypted signature data SIG_{351, ECS}When the signature processing unit 189 verifies the signature and confirms its validity, the public key certificate data CER_SAM3Public key data K stored in_SAM3Using the signature data SIG_{350, SAM3}, That is, the validity of the transmission source of the key file KF.
And signature data SIG_{350, SAM3}Is confirmed, the key file KF is read from the stack memory 200 and output to the secure container decryption unit 183.
[0165]
Step SN3: The secure container decryption unit 183 provides the distribution key data KD for the corresponding period.₁~ KD_ThreeIs used to decrypt the key file KF, and after the predetermined signature verification, the decrypted key file KF is written into the stack memory 200.
Thereafter, the rights document data 106 stored in the already decrypted key file KF stored in the stack memory 200 is output to the usage monitoring unit 186. Then, the usage monitoring unit 186 manages the content purchase mode and usage mode based on the rights document data 106.
[0166]
Step SN4: The billing processing unit 187 determines whether or not the operation signal S165 indicating the trial listening mode is generated by the operation of the purchase / usage mode determination operation unit 165 shown in FIG. 16 by the user. If so, the process of step SN5 is performed, and if not, the process of step SN6 is performed.
[0167]
Step SN5: When the trial listening mode is selected by the user, the session key data K is already_SESThe content data C of the content file CF decrypted by the above, the content key data Kc stored in the stack memory 200, the semi-disclosure parameter data 199 obtained from the rights document data 106, and the user electronic watermark information data 196 are mutually After authentication, the data is output to the playback module 270 via the decryption / decompression module management unit 184 shown in FIG. Then, the reproduction module 270 reproduces the content data C corresponding to the trial listening mode.
[0168]
Step SN6: The purchase / use form of the content is determined by the operation of the purchase / use form determining operation unit 165 shown in FIG. 36 by the user, and an operation signal S165 corresponding to the determination is output to the billing processing unit 187.
Step SN7: The billing processing unit 187 generates usage control state data 166 and usage history data 108 according to the determined purchase / usage mode, and writes them in the stack memory 200 and the external memory 201, respectively.
[0169]
Step SN8: For example, the key file KF shown in FIG. 29B storing the usage control state data 166 read from the stack memory 200₁Is generated and output to the encryption / decryption unit 173.
Step SN9: Recording key data K read from the storage unit 192 in the encryption / decryption unit 173_STR, Media key data K_MED2And purchaser key data K_PINAre sequentially encrypted using the, and output to the media SAM management unit 197.
Step SN10: The media SAM management unit 197 performs key file KF.₁Is written into the RAM area 251 or the medium SAM 252 of the RAM type recording medium 250 by the recording module 271 shown in FIG.
Further, the usage control status data 166 and the usage history data 108 are transmitted to the EMD service center 102 at a predetermined timing.
Hereinafter, SAM105₁~ 105_FourThe realization method will be described.
SAM105₁~ 105_FourWhen the above function is realized as hardware, an ASIC type CPU with a built-in memory is used, and in the memory, a security function module for realizing each function shown in FIG. Stores sensitive data such as modules and key data. A series of rights processing program modules such as a cryptographic library module (public key cryptography, common key cryptography, random number generator, hash function), content usage control program module, billing processing program module, etc. are software, for example. Implemented as
[0170]
For example, modules such as the encryption / decryption unit 171 shown in FIG. 17 are mounted as an IP core in an ASIC type CPU as hardware due to a problem of processing speed, for example. Depending on the performance such as the clock speed and the CPU code system, the encryption / decryption unit 171 may be implemented as software.
Moreover, as a memory for storing the storage unit 192 shown in FIG. 17 and a program module and data for realizing the functions shown in FIG. 17, for example, a non-volatile memory (flash-ROM) is used. A high-speed writable memory such as SRAM is used. In addition, SAM105₁~ 105_FourA ferroelectric memory (FeRAM) may be used as a memory built in the memory.
In addition, SAM105₁~ 105_FourIn addition, there is a built-in clock function that is used to verify the date and time in the expiration date and contract period for content use.
[0171]
As mentioned above, SAM105₁~ 105_FourHas a tamper-resistant structure that shields program modules and data and processing contents from the outside. SAM105₁~ 105_FourThe contents of highly confidential programs and data stored in the internal memory of the SAM IC, the SAM system configuration related registers and encryption via the host CPU bus of the device equipped with the SAM In the SAM, in order to prevent values such as library and clock registers from being read or newly written, that is, not in the address space allocated by the host CPU of the mounted device, Using an MMU (Memory Magagement Unit) that manages the memory space on the CPU side, an address space that is invisible to the host CPU on the mounted device side is set.
In addition, SAM105₁~ 105_FourHas a structure that can withstand physical attacks from the outside such as X-rays and heat, and real-time debugging (reverse engineering) is performed using debugging tools (hardware ICE, software ICE). However, the processing contents are not known or the debugging tool itself cannot be used after the IC is manufactured.
SAM105₁~ 105_FourThe hardware itself is a normal ASIC type CPU with a built-in memory, and the function depends on the software that operates the CPU, but it has a cryptographic function and a tamper resistant hardware structure. This is different from a general ASIC type CPU.
[0172]
SAM105₁~ 105_FourWhen all the functions are implemented by software, the software processing is performed by closing the module inside a tamper-resistant module and the software processing on the host CPU installed in the normal set. There are cases in which it is impossible to decipher only at the time of processing. The former is the same as the case where the cryptographic library module is stored in the memory as a normal software module instead of the IP core, and is considered the same as the case where it is realized as hardware. On the other hand, the latter is called tamper resistant software, and even if the execution status is deciphered by ICE (debugger), the execution order of the tasks may be different (in this case, the divided task itself as a program) The task itself is encrypted and can be implemented in the same way as a task scheduler (MiniOS) for the purpose of a kind of secure processing. . The task scheduler is embedded in the target program.
[0173]
Next, the decoding / decompression module 163 shown in FIG. 16 will be described.
As illustrated in FIG. 16, the decryption / decompression module 163 includes a mutual authentication unit 220, a decryption unit 221, a decryption unit 222, a decompression unit 223, a digital watermark information processing unit 224, and a semi-disclosure processing unit 225.
In the mutual authentication unit 220, the decryption / decompression module 163 performs the₁When data is input from the session key data K, mutual authentication is performed with the mutual authentication unit 170 shown in FIG._SESIs generated.
[0174]
The decoding unit 221 uses the SAM 105₁Content key data Kc, semi-disclosure parameter data 199, user digital watermark information data 196, and content data C input from session key data K_SESDecode using Then, the decryption unit 221 outputs the decrypted content key data Kc and the content data C to the decryption unit 222, outputs the decrypted user digital watermark information data 196 to the digital watermark information processing unit 224, and semi-disclosure parameter data 199. Is output to the semi-disclosure processing unit 225.
[0175]
Based on the control from the semi-disclosure processing unit 225, the decryption unit 222 decrypts the content data C in the semi-disclosure state using the content key data Kc, and outputs the decrypted content data C to the decompression unit 223.
[0176]
The decompression unit 223 decompresses the decrypted content data C and outputs the decompressed content data C to the digital watermark information processing unit 224.
The decompression unit 223 performs decompression processing using, for example, A / V decompression software stored in the content file CF illustrated in FIG. 4A, and performs decompression processing using, for example, the ATRAC3 method.
[0177]
The digital watermark information processing unit 224 embeds user digital watermark information corresponding to the decoded user digital watermark information data 196 in the decoded content data C, and generates new content data C. The digital watermark information processing unit 224 outputs the new content data C to the reproduction module 169.
Thus, the user digital watermark information is embedded in the decoding / decompression module 163 when the content data C is reproduced.
In the present invention, the user digital watermark information data 196 may not be embedded in the content data C.
[0178]
Based on the semi-disclosure parameter data 199, the semi-disclosure processing unit 225 instructs the decryption unit 222, for example, a block in the content data C that is not decrypted and a block that is decrypted.
In addition, the semi-disclosure processing unit 225 performs other control based on the semi-disclosure parameter data 199 such as limiting the playback function at the time of trial listening and limiting the period during which trial listening is possible.
[0179]
The playback module 169 performs playback according to the decrypted and decompressed content data C.
[0180]
Next, a data format for transmitting / receiving data with signature data generated using private key data and public key certificate data between the content provider 101, the EMD service center 102, and the user home network 103 will be described. .
FIG. 42A shows the content provider 101 to the SAM 105.₁FIG. 5 is a diagram for explaining a data format when data Data is transmitted by an in-band method.
In this case, the content provider 101 to the SAM 105₁Content provider 101 and SAM 105₁Key data K obtained by mutual authentication_SESModule Mod encrypted with₅₀Is sent.
Module Mod₅₀The module Mod₅₁And its secret key data K_{CP, S}Signature data by SIG_CPIs stored.
Module Mod₅₁Includes the secret key data K of the content provider 101_{CP, P}Public key certificate data CER_CPAnd public key certificate data CER_CPSecret key data for_{ESC, S}Signature data by SIG_EscAnd data Data to be transmitted are stored.
Thus, public key certificate data CER_CPModule Mod that stores₅₀From the content provider 101 to the SAM 105₁SAM105 by sending to₁Signature data SIG_CPThe EMD service center 102 to the SAM 105₁Public key certificate data CER_CPNo need to send.
[0181]
42B and 42C show contents provider 101 to SAM 105.₁FIG. 5 is a diagram for explaining a data format when data Data is transmitted in an out-of-band manner.
In this case, the content provider 101 to the SAM 105₁Content provider 101 and SAM 105₁Key data K obtained by mutual authentication_SESModule Mod shown in FIG.₅₂Is sent.
Module Mod₅₂Includes data Data to be transmitted and its secret key data K_{CP, S}Signature data by SIG_CPAnd are stored.
Also, the EMD service center 102 to the SAM 105₁The EMD service center 102 and the SAM 105₁Key data K obtained by mutual authentication_SESModule Mod shown in FIG.₅₃Is sent.
Module Mod₅₃Includes the public key certificate data CER of the content provider 101_CPAnd its secret key data K_{ESC, S}Signature data by SIG_EscAnd are stored.
[0182]
FIG. 42D illustrates the SAM 105₁FIG. 4 is a diagram for explaining a data format when data Data is transmitted from the content provider 101 to the content provider 101 in an in-band method.
In this case, SAM105₁From content provider 101 to content provider 101 and SAM 105₁Key data K obtained by mutual authentication_SESModule Mod encrypted with₅₄Is sent.
Module Mod₅₄The module Mod₅₅And its secret key data K_{SAM1, S}Signature data by SIG_SAM1Is stored.
Module Mod₅₅SAM105₁Secret key data K_{SAM1, P}Public key certificate data CER_SAM1And public key certificate data CER_SAM1Secret key data for_{ESC, S}Signature data by SIG_EscAnd data Data to be transmitted are stored.
Thus, public key certificate data CER_SAM1Module Mod that stores₅₅SAM105₁The signature data SIG is transmitted from the content provider 101 to the content provider 101._SAM1When verifying the public key certificate data CER from the EMD service center 102 to the content provider 101_SAM1No need to send.
[0183]
42E and 42F show the SAM 105.₁FIG. 6 is a diagram for explaining a data format when data Data is transmitted from the content provider 101 to the content provider 101 in an out-of-band manner.
In this case, SAM105₁From content provider 101 to content provider 101 and SAM 105₁Key data K obtained by mutual authentication_SESModule Mod shown in FIG.₅₆Is sent.
Module Mod₅₆Includes data Data to be transmitted and its secret key data K_{SAM1, S}Signature data by SIG_SAM1And are stored.
Also, the EMD service center 102 sends the content provider 101 to the session key data K obtained by mutual authentication between the EMD service center 102 and the content provider 101._SESModule Mod shown in FIG.₅₇Is sent.
Module Mod₅₇SAM105₁Public key certificate data CER_SAM1And its secret key data K_{ESC, S}Signature data by SIG_EscAnd are stored.
[0184]
FIG. 43G is a diagram for explaining a data format when data Data is transmitted from the content provider 101 to the EMD service center 102 by the in-band method.
In this case, the session key data K obtained by mutual authentication between the content provider 101 and the EMD service center 102 from the content provider 101 to the EMD service center 102._SESModule Mod encrypted with₅₈Is sent.
Module Mod₅₈The module Mod₅₉And its secret key data K_{CP, S}Signature data by SIG_CPIs stored.
Module Mod₅₉Includes the secret key data K of the content provider 101_{CP, P}Public key certificate data CER_CPAnd public key certificate data CER_CPSecret key data for_{ESC, S}Signature data by SIG_EscAnd data Data to be transmitted are stored.
[0185]
FIG. 43H is a diagram for explaining a data format when data Data is transmitted from the content provider 101 to the EMD service center 102 by the out-of-band method.
In this case, the session key data K obtained by mutual authentication between the content provider 101 and the EMD service center 102 from the content provider 101 to the EMD service center 102._SESModule Mod shown in FIG.₆₀Is sent.
Module Mod₆₀Includes data Data to be transmitted and its secret key data K_{CP, S}Signature data by SIG_CPAnd are stored.
At this time, the EMD service center 102 stores the public key certificate data CER of the content provider 101._CPIs already registered.
[0186]
FIG. 43I shows the configuration of the SAM 105₁FIG. 4 is a diagram for explaining a data format when data Data is transmitted from an EMD service center 102 to an EMD service center 102 in an in-band method.
In this case, SAM105₁From the EMD service center 102 to the EMD service center 102 and the SAM 105₁Key data K obtained by mutual authentication_SESModule Mod encrypted with₆₁Is sent.
Module Mod₆₁The module Mod₆₂And its secret key data K_{SAM1, S}Signature data by SIG_SAM1Is stored.
Module Mod₆₂SAM105₁Secret key data K_{SAM1, P}Public key certificate data CER_SAM1And public key certificate data CER_SAM1Secret key data for_{ESC, S}Signature data by SIG_EscAnd data Data to be transmitted are stored.
[0187]
FIG. 43J shows the SAM105.₁5 is a diagram for explaining a data format when data Data is transmitted from the EMD service center 102 to the EMD service center 102 in an out-of-band manner. FIG.
In this case, SAM105₁From the EMD service center 102 to the EMD service center 102 and the SAM 105₁Key data K obtained by mutual authentication_SESModule Mod shown in FIG.₆₃Is sent.
Module Mod₆₃Includes data Data to be transmitted and its secret key data K_{SAM1, S}Signature data by SIG_SAM1And are stored.
At this time, the EMD service center 102 has a SAM 105.₁Public key certificate data CER_SAM1Is already registered.
[0188]
Hereinafter, SAM105₁~ 105_FourRegistration processing to the EMD service center 102 at the time of shipment will be described.
SAM105₁~ 105_FourSince the registration process of SAM105 is the same, hereinafter SAM105₁The registration process will be described.
SAM105₁11 is initially registered by the key server 141 of the EMD service center 102 shown in FIG. 11 via the SAM management unit 149 in the storage unit 192 shown in FIG.
In addition, SAM105₁For example, the SAM 105 is stored in the storage unit 192 at the time of shipment.₁Stores a program used when accessing the EMD service center 102 for the first time.
That is, the storage unit 192 includes, for example, the SAM 105 with “*” on the left side in FIG.₁Identifier SAM_ID, recording key data K_STRPublic key data K of the root certificate authority 2_R-CA, EMD service center 102 public key data K_{ESC, P}, SAM105₁Secret key data K_{SAM1, S}, Public key certificate data CER_SAM1And its signature data SIG_{22, ESC}Original key data for generating key data for authentication between the decryption / decompression module 163 and the media SAM is stored by initial registration.
Public key certificate data CER_SAM1SAM105₁Is registered after shipment from the EMD service center 102 to the SAM 105₁May be sent to.
[0189]
Here, the public key data K of the root certificate authority 2_R-CAUses RSA, which is generally used in electronic commerce on the Internet, and has a data length of, for example, 1024 bits. Public key data K_R-CAIs issued by the root certificate authority 2 shown in FIG.
Also, public key data K of the EMD service center 102_{ESC, P}Is generated using elliptic curve cryptography having a short data length and a strength equal to or higher than that of RSA, and the data length is, for example, 160 bits. However, considering the encryption strength, the public key data K_{ESC, P}Is preferably 192 bits or more. Further, the EMD service center 102 sends the public key data K to the root certificate authority 92._{ESC, P}Register.
In addition, the root certificate authority 92 uses the public key data K_{ESC, P}Public key certificate data CER_EscCreate Public key data K_{ESC, P}Public key certificate data CER_EscIs preferably SAM105₁Is stored in the storage unit 192 at the time of shipment. In this case, public key certificate data CER_EscIs the secret key data K of the root certificate authority 92_{ROOT, S}Signed with
[0190]
The EMD service center 102 generates a random number and generates a SAM 105₁Secret key data K_{SAM1, S}, And public key data K paired therewith_{SAM1, P}Is generated.
In addition, the EMD service center 102 obtains the authentication of the root certificate authority 92 and public key data K_{SAM1, P}Public key certificate data CER_SAM1Is issued, and its own private key data K_{ESC, S}Attach signature data using. That is, the EMD service center 102 functions as a second CA (certificate authority).
[0191]
In addition, SAM105₁Is assigned a unique identifier SAM_ID under the management of the EMD service center 102 by the SAM management unit 149 of the EMD service center 102 shown in FIG.₁Are also stored in the SAM database 149 a shown in FIG. 11 and managed by the EMD service center 102.
[0192]
In addition, SAM105₁After shipping, for example, the user is connected to the EMD service center 102 by the user, performs registration procedures, and sends the distribution key data KD from the EMD service center 102 to the storage unit 192.₁~ KD_ThreeIs transferred.
That is, SAM105₁A user who uses the EMD service center needs to register with the EMD service center 102 before downloading the content. This registration procedure is, for example, SAM105₁(In this example, the network device 160₁This is done off-line, for example, by mail, by describing information for identifying the user himself / herself, using a registration form attached at the time of purchase.
SAM105₁Can only be used after the registration procedure described above.
[0193]
The EMD service center 102 is connected to the SAM 105₁In response to the registration procedure by the user, an identifier USER_ID unique to the user is issued. For example, the correspondence relationship between the SAM_ID and the USER_ID is managed in the SAM database 149a shown in FIG.
In addition, the EMD service center 102 has a SAM 105₁An information reference identifier ID and a password used for the first time are assigned to this user, and this is notified to the user. Using the information reference identifier ID and the password, the user can inquire of the EMD service center 102 about information such as the usage status (usage history) of the content data up to now.
In addition, the EMD service center 102 confirms the identity of a credit card company or the like at the time of user registration, or confirms the identity of the user offline.
[0194]
Next, as shown in FIG.₁A procedure for storing the SAM registration list in the storage unit 192 will be described.
SAM 105 shown in FIG.₁For example, when an IEEE 1394 serial bus is used as the bus 191, a power source of a device connected to the bus 191 is turned on, or a topology map generated when a new device is connected to the bus 191 is used. SAM105 existing in my system₂~ SAM105_FourSAM registration list.
Note that the topology map generated according to the bus 191 that is an IEEE 1394 serial bus is, for example, the SAM 105 in the bus 191 as shown in FIG.₁~ 105_FourIn addition to AV equipment 160_Five, 160₆SCMS processing circuit 105_Five, 105₆Is connected, SAM105₁~ 105_FourAnd SCMS processing circuit 105_Five, 105₆It is generated for.
Therefore, SAM105₁From the topology map, SAM105₁~ 105_FourThe SAM registration list is generated by extracting information about the.
[0195]
The data format of the SAM registration list is shown in FIG. 45, for example.
And SAM105₁Registers the SAM registration list in the EMD service center 102 to obtain a signature.
These processes are performed by using the session of the bus 191 and the SAM 105.₁Automatically issues a SAM registration list registration command to the EMD service center 102.
The EMD service center 102 is connected to the SAM 105₁When the SAM registration list shown in FIG. 45 is received, the expiration date is confirmed. Then, the EMD service center 102 receives the SAM 105 at the time of registration.₁The corresponding part is set with reference to the presence or absence of the specified payment function. The EMD service center 102 checks the revocation list and sets a revocation flag in the SAM registration list. The revocation list is, for example, a list of SAMs whose use is prohibited (invalid) by the EMD service center 102 due to unauthorized use.
In addition, the EMD service center 102 uses the SAM 105 at the time of settlement.₁The SAM registration list corresponding to is retrieved, and it is confirmed whether the SAM described therein is included in the revocation list. Further, the EMD service center 102 attaches a signature to the SAM registration list.
Note that the SAM revocation list is generated only for SAMs of the same system (connected to the same bus 191), and indicates whether the SAM is valid or invalid by the revocation flag corresponding to each SAM. Yes.
[0196]
Hereinafter, the overall operation of the content provider 101 shown in FIG. 1 will be described.
FIG. 46 is a flowchart of the overall operation of the content provider 101.
Step S1: The EMD service center 102 performs public key data K of the content provider 101 after the content provider 101 has undergone a predetermined registration process._{CP, P}Public key certificate CER_CPIs transmitted to the content provider 101.
In addition, the EMD service center 102 has a SAM 105₁~ 105_FourAfter a predetermined registration process, SAM105₁~ 105_FourPublic key data K_{SAM1, P}~ K_{SAM4, P}Public key certificate CER_CP1~ CER_CP4SAM105₁~ 105_FourSend to.
Further, after performing the mutual authentication, the EMD service center 102 provides the distribution key data KD for six months each having an expiration date of one month.₁~ KD₆Is sent to the content provider 101, and the distribution key data KD for 3 months₁~ KD_ThreeIs transmitted to the user home network 103.
Thus, in the EMD system 100, the distribution key data KD₁~ KD_ThreeSAM105 in advance₁~ 105_FourSAM105 because it is distributed to₁~ 105_FourSAM 105 even when the system is offline with EMD service center 102₁~ 105_FourThe secure container 104 distributed from the content provider 101 can be decrypted and purchased / used. In this case, the purchase / use history is described in the use history data 108, and the use history data 108 is stored in the SAM 105.₁~ 105_FourIs automatically transmitted to the EMD service center 102 when the EMD service center 102 is connected to the EMD service center 102, the settlement processing in the EMD service center 102 can be performed reliably. Note that SAMs for which the EMD service center 102 cannot collect the usage history data 108 within a predetermined period are invalidated in the revocation list.
Note that the usage control status data 166 is, in principle, in real time and the SAM 105₁~ 105_FourTo the EMD service center 102.
[0197]
Step S2: After the content provider 101 performs mutual authentication, the right registration request module Mod shown in FIG.₂Is transmitted to the EMD service center 102.
Then, after performing a predetermined signature verification, the EMD service center 102 registers and authorizes the rights document data 106 and the content key data Kc.
[0198]
Step S3: The content provider 101 sends the distribution key data KD for the corresponding period.₁~ KD₆Is used to create the content file CF and key file KF shown in FIGS. 4A and 4B, and the public key certificate data CER shown in FIG. 4C._cpAre delivered to the user home network 103 online and / or offline.
[0199]
Step S4: SAM 105 of user home network 103₁~ SAM105_FourIs the distribution key data KD for the corresponding period of the secure container 104₁~ KD_ThreeAnd verifying the authenticity with the creator and sender of the secure container 104, and confirming whether the secure container 104 has been transmitted from the valid content provider 101.
[0200]
Step S5: SAM105₁~ SAM105_FourThe purchase / use form is determined based on an operation signal S165 according to the operation of the purchase / use form determining operation unit 165 shown in FIG.
At this time, the usage monitoring unit 186 shown in FIG. 23 manages the purchase / use mode of the content file CF by the user based on the rights document data 106 stored in the secure container 104.
[0201]
Step S6: SAM105₁~ SAM105_Four23, the usage history data 108 and the usage control status data 166 describing the purchase / use mode determination operation by the user are generated based on the operation signal S165, and these are generated by the EMD service center. 102.
[0202]
Step S7: The EMD service center 102 performs settlement processing based on the usage history data 108 in the settlement processing unit 142 shown in FIG. 11, and creates settlement claim data 152 and settlement report data 107. The EMD service center 102 receives the settlement claim right data 152 and its signature data SIG.₉₉Is transmitted to the payment institution 91 via the payment gateway 90 shown in FIG. Further, the EMD service center 102 transmits the settlement report data 107 to the content provider 101.
[0203]
Step S8: In the clearing house 91, the signature data SIG₉₉After the verification, the amount paid by the user is distributed to the owner of the content provider 101 based on the payment request right data 152.
[0204]
As described above, in the EMD system 100, the secure container 104 in the format shown in FIG. 4 is distributed from the content provider 101 to the user home network 103, and the process for the key file KF in the secure container 104 is performed by the SAM 105.₁~ 105_FourDo it within.
The content key data Kc and the rights document data 106 stored in the key file KF are distributed key data KD.₁~ KD_ThreeIs encrypted using the distribution key data KD₁~ KD_ThreeSAM105 holding₁~ 105_FourOnly decrypted within. And SAM105₁~ 105_FourThen, the module has tamper resistance, and the purchase mode and the usage mode of the content data C are determined based on the handling contents of the content data C described in the rights document data 106.
Therefore, according to the EMD system 100, the purchase and use of the content data C in the user home network 103 can be reliably performed based on the contents of the rights document data 106 created by the parties related to the content provider 101.
[0205]
In the EMD system 100, the distribution of the content data C from the content provider 101 to the user home network 103 is performed using the secure container 104 in both cases of online and offline, so that the SAM 105₁~ 105_FourThe right processing of the content data C can be made common in both cases.
[0206]
In the EMD system 100, the network device 160 in the user home network 103 is used.₁And AV equipment 160₂~ 160_FourWhen the content data C is purchased, used, recorded, and transferred, a common rights processing rule can be adopted by always performing processing based on the rights document data 106.
[0207]
First modification of the first embodiment
In the embodiment described above, as shown in FIG. 4B, the content provider 101 encrypts the key file KF using the distribution key data KD, and the SAM 105₁~ 105_FourIn FIG. 1, the case where the key file KF is decrypted using the distribution key data KD is illustrated, but as shown in FIG.₁~ 105_FourWhen the secure container 104 is directly supplied, the key file KF using the distribution key data KD does not necessarily have to be encrypted. As described above, encrypting the key file KF using the distribution key data KD is a case where content data is supplied from the content provider to the user home network via the service provider as in the second embodiment described later. In addition, by holding the distribution key data KD only in the content provider and the user home network, a great effect is exhibited when suppressing illegal acts by the service provider.
However, even in the case of the first embodiment described above, encrypting the key file KF using the distribution key data KD is effective in increasing the suppression of unauthorized use of content data.
[0208]
Further, in the above-described embodiment, the case where the standard retail price data SRP is stored in the rights document data 106 in the key file KF shown in FIG. 4B is exemplified, but the outside of the key file KF in the secure container 104 is illustrated. In addition, standard retail price data SRP (price tag data) may be stored. In this case, the secret key data K with respect to the standard retail price data SRP_cpAttach the signature data created using.
[0209]
Second modification of the first embodiment
In the first embodiment described above, as shown in FIG. 1, the EMD service center 102 uses the payment claim right data 152 generated by itself to perform payment processing at the payment institution 91 via the payment gateway 90. For example, as shown in FIG. 47, the EMD service center 102 transmits settlement claim data 152 to the content provider 101, and the content provider 101 itself uses the settlement claim data 152 to set the payment gateway 90. Payment processing may be performed on the payment institution 91 through the network.
[0210]
Third modification of the first embodiment
In the first embodiment described above, the SAM 105 of the user home network 103 is transmitted from a single content provider 101.₁~ 105_FourIn the above example, the secure container 104 is supplied, but two or more content providers 101a and 101b are connected to the SAM 105.₁~ 105_FourThe secure containers 104a and 104b may be supplied respectively.
FIG. 48 is a configuration diagram of an EMD system according to a third modification of the first embodiment when the content providers 101a and 101b are used.
In this case, the EMD service center 102 sends the distribution provider key data KDa for 6 months to the content providers 101a and 101b.₁~ KDa₆And KDb₁~ KDb₆To deliver.
In addition, the EMD service center 102 has a SAM 105₁~ 105_FourAnd 3 months of distribution key data KDa₁~ KDa_ThreeAnd KDb₁~ KDb_ThreeTo deliver.
[0211]
Then, the content provider 101a distributes the content file CFa encrypted using the original content key data Kca, the distribution key data KDa for the period corresponding to the content key data Kca, the rights document data 106a, and the like.₁~ KDa₆The secure container 104a storing the key file KFa encrypted using the SAM 105₁~ 105_FourOnline and / or off-line.
At this time, a globally unique identifier Content_ID distributed by the EMD service center 102 is used as an identifier of the key file, and the EMD service center 102 centrally manages the content data.
Further, the content provider 101b distributes the content file CFb encrypted using the original content key data Kcb, the distribution key data KDb for the period corresponding to the content key data Kcb, the rights document data 106b, and the like.₁~ KDb₆The secure container 104b storing the key file KFb encrypted using the SAM 105₁~ 105_FourOnline and / or off-line.
[0212]
SAM105₁~ 105_FourIs the distribution key data KDa for the corresponding period for the secure container 104a.₁~ KDa_ThreeIs used to determine the purchase mode of the content through a predetermined signature verification process, etc., and the usage history data 108a and the usage control state data 166a generated according to the determined purchase mode and usage mode are EMD. Transmit to the service center 102.
In addition, SAM105₁~ 105_FourIs the distribution key data KDb for the corresponding period for the secure container 104b.₁~ KDb_ThreeIs used to determine the purchase mode of the content through a predetermined signature verification process, etc., and the usage history data 108b and the usage control state data 166b generated according to the determined purchase mode and usage mode are EMD Transmit to the service center 102.
[0213]
The EMD service center 102 creates settlement claim data 152a for the content provider 101a based on the usage history data 108a, and performs settlement processing for the settlement organization 91 using this.
Further, the EMD service center 102 creates settlement claim right data 152b for the content provider 101b based on the usage history data 108b, and performs settlement processing for the settlement organization 91 using this.
[0214]
Further, the EMD service center 102 registers the rights document data 106a and 106b to make it authoritative. At this time, the EMD service center 102 distributes a globally unique identifier Content_ID to the key files KFa and KFb corresponding to the rights document data 106a and 106b.
In addition, the EMD service center 102 receives the public key certificate data CER of the content providers 101a and 101b._cpa, CER_CPbIs issued and the signature data SIG_{1b, ESC}, SIG_{1a, ESC}To authenticate its validity.
[0215]
Second embodiment
In the embodiment described above, the SAM 105 of the user home network 103 is sent from the content provider 101.₁~ 105_FourIn this embodiment, content data provided by a content provider is distributed to a SAM of a user home network via a service provider.
[0216]
  FIG. 49 is a configuration diagram of the EMD system 300 of the present embodiment. As shown in FIG. 49, the EMD system 300 includes a content provider 301, an EMD service center 302, a user home network 303, a service provider 310, a payment gateway 90, and a settlement organization 91.Content provider 301,SAMs 3051-3054 and service provider 310 areClaim 3 etc.Related toData providing device, data processing deviceAnd it corresponds to the data distribution device.The EMD service center 302 is a management device.The content provider 301 is the same as the content provider 101 of the first embodiment described above except that content data is supplied to the service provider 310. The EMD service center 302 has the above-described first embodiment except that the service provider 310 has an authentication function, a key data management function, and a right processing function in addition to the content provider 101 and the SAMs 5051 to 5054. This is the same as the EMD service center 102 in FIG. The user home network 303 includes a network device 3601 and AV devices 3602 to 3604. The network device 3601 includes a SAM 3051 and a CA module 311, and the AV devices 3602 to 3604 include SAMs 3052 to 3054, respectively. Here, each of the SAMs 3051 to 3054 receives the distribution of the secure container 304 from the service provider 310, the signature data verification processing for the service provider 310 in addition to the content provider 301, and the purchase history data for SP (the purchase for the data distribution device) (History data) 309 is the same as the SAMs 1051 to 1054 of the first embodiment except that 309 is created.
[0217]
First, an outline of the EMD system 300 will be described.
In the EMD system 300, the content provider 301 uses the same rights document (UCP: Usage Control Policy) data as in the first embodiment, which indicates the rights content such as the license conditions of the content data C of the content that the content provider 301 intends to provide. 106 is transmitted to the EMD service center 302 which is a highly reliable authority.
The rights document data 106 is registered in the EMD service center 302 and is authorized (authenticated).
[0218]
In addition, the content provider 301 encrypts the content data C with the content key data Kc to generate a content file CF. The content provider 301 also distributes the distribution key data KD for the corresponding period distributed from the EMD service center 302.₁~ KD₆Is used to encrypt the content key data Kc and the rights document data 106 and create a key file KF storing them. Then, the content provider 301 uses the secure container 104 storing the content file CF, the key file KF, and its signature data using a network such as the Internet, digital broadcasting, a recording medium, an informal protocol, or offline. To the service provider 310.
[0219]
When the service provider 310 receives the secure container 104 from the content provider 301, the service provider 310 verifies the signature data, and confirms whether the secure container 104 has been created by the valid content provider 301 and the validity of the sender. .
Next, the service provider 310 adds price tag data (PT) 312 indicating a price obtained by adding the price of its service to the price (SRP) for the content desired by the content provider 301 notified offline, for example. create.
The service provider 310 then extracts the content file CF and key file KF extracted from the secure container 104, the price tag data 312 and its own private key data K for these._{SP, S}A secure container 304 is created that stores the signature data obtained by.
At this time, the key file KF is the distribution key data KD.₁~ KD₆And the service provider 310 sends the distribution key data KD.₁~ KD₆Therefore, the service provider 310 cannot see or rewrite the contents of the key file KF.
Further, the EMD service center 302 registers the price tag data 312 to make it authoritative.
[0220]
The service provider 310 distributes the secure container 304 to the user home network 303 online and / or offline.
At this time, in the case of offline, the secure container 304 is set to the SAM 305.₁~ 305_FourIs supplied as is. On the other hand, when online, mutual authentication is performed between the service provider 310 and the CA module 311, and the secure container 304 is stored in the service provider 310 with the session key data K_SESThe secure container 304 that has been encrypted and transmitted using the CA and received by the CA module 311 is stored in the session key data K._SESSAM305 after decoding using₁~ 305_FourForward to.
[0221]
Next, SAM305₁~ 305_FourThe distribution key data KD for the corresponding period distributed from the EMD service center 302 to the secure container 304 in FIG.₁~ KD_ThreeAfter decrypting using, signature data verification processing is performed.
SAM305₁~ 305_FourThe secure container 304 supplied to the network device 360₁And AV equipment 360₂~ 360_FourIn this case, after the purchase / use form is determined according to the user's operation, it becomes a target for reproduction or recording on a recording medium.
SAM305₁~ 305_FourRecords the purchase / use history of the secure container 304 as usage log data 308.
The usage history data (history data or management device history data) 308 is transmitted from the user home network 303 to the EMD service center 302 in response to a request from the EMD service center 302, for example.
[0222]
The EMD service center 302 determines (calculates) billing contents for each of the content provider 301 and the service provider 310 based on the usage history data 308, and based on the result, the EMD service center 302 performs settlement such as a bank via the payment gateway 90. Settlement to the institution 91. Thereby, the money paid by the user of the user home network 103 is distributed to the content provider 101 and the service provider 310 by the settlement processing by the EMD service center 102.
[0223]
In the present embodiment, as in the first embodiment, by providing digital content data C in an encapsulated form, the digital content that is in close contact with the conventional recording medium is separated from the recording medium, and the digital content alone is present. Can be given.
Here, the secure container is the most basic product capsule when selling the content data C (product) regardless of the distribution channel (delivery channel). Specifically, the secure container verifies the encryption information for charging, the validity of the content data C, the validity of the person who created the content data, and the validity of the distributor of the content data. This is a product capsule containing copyright information such as signature data and information on digital watermark information embedded in content data.
[0224]
In the present embodiment, the EMD service center 302 has an authentication function, a key data management function, and a right processing (profit distribution) function.
That is, the EMD service center 302 serves as a second certificate authority for the root certificate authority 92, which is the highest authority in a neutral position, and includes the content provider 301, the service provider 310, and the SAM 305.₁~ 305_FourThe signature of the public key data of the public key data used for the verification process of the signature data is signed with the secret key data of the EMD service center 302, thereby authenticating the validity of the public key data. Further, as described above, it is also due to the authentication function of the EMD service center 302 that the rights document data 106 of the content provider 301 and the price tag data 312 of the service provider 310 are registered and made authoritative.
In addition, the EMD service center 302 can, for example, distribute key data KD.₁~ KD₆And a key data management function for managing key data.
Also, the EMD service center 302 receives the rights document data 106 registered by the content provider 301 and the SAM 305.₁~ SAM305_FourBased on the usage history data 308 input from the service provider 310 and the price tag data 312 registered by the service provider 310, the user pays for the purchase / use of the content of the user home network 303, and the money paid by the user is the content provider. 301 and a right processing (profit distribution) function for distributing and paying to the service provider 310.
[0225]
Hereinafter, each component of the content provider 301 will be described in detail.
[Content Provider 301]
FIG. 50 is a functional block diagram of the content provider 301 and shows a data flow related to data transmitted to and received from the service provider 310.
As shown in FIG. 50, the content provider 301 includes a content master source server 111, a digital watermark information addition unit 112, a compression unit 113, an encryption unit 114, a random number generation unit 115, an encryption unit 116, a signature processing unit 117, secure It includes a container creation unit 118, a secure container database 118a, a storage unit 119, a mutual authentication unit 120, an encryption / decryption unit 121, a rights document data creation unit 122, an EMD service center management unit 125, and a service provider management unit 324.
[0226]
50, the same reference numerals as those in FIG. 2 are the same as the same reference numerals as those described with reference to FIGS. 2 and 3 in the first embodiment.
That is, the content provider 301 has a configuration in which a service provider management unit 324 is provided instead of the SAM management unit 124 shown in FIG.
The service provider management unit 324 provides the secure container 104 input from the secure container creation unit 118 to the service provider 310 shown in FIG. 49 offline and / or online. As in the first embodiment, the secure container 104 includes the content file CF and its signature data SIG shown in FIGS. 4 (A), (B), and (C)._{6, CP}And the key file KF and its signature data SIG_{7, CP}And public key certificate data CER_CPAnd its signature data SIG_{1, ESC}And are stored.
[0227]
When distributing the secure container 104 to the service provider 310 online, the service provider management unit 324 uses the session key data K in the encryption / decryption unit 121._SESAfter the secure container 104 is encrypted using, it is delivered to the service provider 310 via the network.
[0228]
Further, the data flow in the content provider 101 shown in FIG. 3 is similarly applied to the service provider 310.
[0229]
[Service Provider 310]
The service provider 310, online and / or offline, stores the secure container 304 storing the content file CF and key file KF in the secure container 104 received from the content provider 301 and the price tag data 312 generated by itself. , Network device 360 of user home network 303₁And AV equipment 360₂~ 360_FourTo be distributed.
There are roughly two types of content distribution service forms by the service provider 310: an independent service and a linked service.
The stand-alone service is, for example, a download-only service that distributes content individually. The linked service is a service that distributes contents in conjunction with programs and CMs (advertisements). For example, the contents of drama theme songs and insertion songs are stored in a drama program stream. When a user is watching a drama program, the user can purchase contents of a theme song or an insertion song in the stream.
[0230]
FIG. 51 is a functional block diagram of the service provider 310.
FIG. 51 shows a data flow when supplying the secure container 304 corresponding to the secure container 104 supplied from the content provider 301 to the user home network 303.
As shown in FIG. 51, the service provider 310 includes a content provider management unit 350, a storage unit 351, a mutual authentication unit 352, an encryption / decryption unit 353, a signature processing unit 354, a secure container creation unit 355, a secure container database 355a, A price tag data creation unit 356, a user home network management unit 357, an EMD service center management unit 358, and a user preference filter generation unit 920 are included.
[0231]
Hereinafter, the process flow in the service provider 310 when the secure container 304 is created from the secure container 104 supplied from the content provider 301 and distributed to the user home network 303 will be described with reference to FIGS. 51 and 52. While explaining.
FIG. 52 is a flowchart of the process.
Step SZ1: The content provider management unit 350 receives the supply of the secure container 104 shown in FIG. 4 from the content provider 301 and writes the secure container 104 into the storage unit 351 online and / or offline.
At this time, in the case of online, the content provider management unit 350, the session key data K obtained by the mutual authentication between the mutual authentication unit 120 shown in FIG. 50 and the mutual authentication unit 352 shown in FIG._SESAfter the secure container 104 is decrypted by the encryption / decryption unit 353, the data is written in the storage unit 351.
[0232]
Step SZ2: In the signature processing unit 354, the signature data SIG shown in FIG. 4C of the secure container 104 stored in the storage unit 351_{1, ESC}The public key data K of the EMD service center 302 read from the storage unit 351_{ESC, P}After the verification is made and the validity is recognized, the public key certificate data CER shown in FIG._CPTo public key data K_{CP, P}Take out.
Step SZ3: The signature processing unit 354 extracts the extracted public key data K_{CP, P}The signature data SIG shown in FIGS. 4A and 4B of the secure container 104 stored in the storage unit 351_{6, CP}, SIG_{7, CP}Perform verification.
[0233]
Step SZ4: The price tag data creation unit 356, for example, price tag data 312 indicating a price obtained by adding the price of its service to the price for the content requested by the content provider 301 notified offline from the content provider 301. Is output to the secure container creation unit 355.
[0234]
Step SZ5: The signature processing unit 354 takes hash values of the content file CF, the key file KF, and the price tag data 312 and uses the secret key data K of the service provider 310._{SP, P}Using the signature data SIG_{62, SP}, SIG_{63, SP}, SIG_{64, SP}Is output to the secure container creation unit 355.
[0235]
Step SZ6: The secure container creation unit 355, as shown in FIGS. 53A to 53D, the content file CF and its signature data SIG._{62, SP}And the key file KF and its signature data SIG_{63, ESC}Price tag data 312 and its signature data SIG_{64, SP}And public key certificate data CER_SPAnd its signature data SIG_{61, ESC}Are stored in the secure container database 355a. Then, the secure container creation unit 355 reads the secure container 304 corresponding to the request from the user home network 303 from the secure container database 355a and outputs it to the user home network management unit 357.
At this time, the secure container 304 may be a composite container that stores a plurality of content files CF and a plurality of key files KF corresponding thereto. For example, a plurality of content files CF relating to songs, video clips, lyrics cards, liner notes, and jackets may be stored in a single secure container 304, respectively. The plurality of content files CF and the like may be stored in the secure container 304 in a directory structure.
[0236]
The secure container 304 uses an MHEG (Multimedia and Hypermedia information coding Experts Group) protocol when transmitted by digital broadcasting, and XML / SMIL / HTML (Hyper Text Markup Language) when transmitted via the Internet. A protocol is used.
At this time, the content file CF and the key file KF are centrally managed by the content provider 301 and do not depend on the protocol for transmitting the secure container 304. That is, the content file CF and the key file KF are stored in the secure container 304 in a form in which the MHEG and HTML protocols are tunneled.
[0237]
Step SZ7: The user home network management unit 357 supplies the secure container 304 to the user home network 303 offline and / or online.
The user home network management unit 357 moves the secure container 304 online to the network device 360 of the user home network 303.₁In the case of distribution to the session key data K, the encryption / decryption unit 352 performs session authentication after mutual authentication._SESAfter the secure container 304 is encrypted using the network device 360 via the network₁Deliver to.
[0238]
Note that the user home network management unit 357, when broadcasting the secure container 304 via, for example, a satellite, the scramble key data K_SCREncrypt using. In addition, the scramble key data K_SCRWork key data K_WIs encrypted, work key data K_WMaster key data K_MEncrypt using.
Then, the user home network management unit 357, together with the secure container 304, scramble key data K_SCRAnd work key data K_WIs transmitted to the user home network 303 via a satellite.
For example, master key data K_MIs stored in an IC card or the like and distributed to the user home network 303 offline.
[0239]
When the user home network management unit 357 receives the SP purchase history data 309 regarding the content data C distributed by the service provider 310 from the user home network 303, the user home network management unit 357 writes the SP purchase history data 309 in the storage unit 351.
The service provider 310 refers to the SP purchase history data 309 when determining the future service content. In addition, the user preference filter generation unit 920 transmits the SP purchase history data 309 based on the SP purchase history data 309.₁~ 305_FourThe user preference filter data 900 is generated by analyzing the user's preference and transmitted to the CA module 311 of the user home network 303 via the user home network management unit 357.
[0240]
FIG. 54 shows a flow of data related to communication with the EMD service center 302 in the service provider 310.
In addition, as a premise for performing the processing shown below, a person concerned with the service provider 310 performs registration processing with the EMD service center 302 offline using, for example, an identification card and a bank account for performing settlement processing. The globally unique identifier SP_ID is obtained. The identifier SP_ID is stored in the storage unit 351.
[0241]
First, the service provider 310 sends its private key data K to the EMD service center 302._{SP, S}Public key data K corresponding to_{SP, S}Public key certificate data CER certifying the validity of_SPThe processing when requesting is requested will be described with reference to FIG.
First, the service provider 310 generates a random number using a true random number generator and generates secret key data K_{SP, S}And the secret key data K_{SP, S}Public key data K corresponding to_{SP, P}Is stored in the storage unit 351.
EMD service center management unit 358, service provider 310 identifier SP_ID and public key data K_{SP, P}Are read from the storage unit 351.
The EMD service center management unit 358 then uses the identifier SP_ID and the public key data K_{SP, P}Is transmitted to the EMD service center 302.
Then, the EMD service center management unit 348 responds to the registration with the public key certificate data CER._SPAnd its signature data SIG_{61, ESC}Is input from the EMD service center 302 and written in the storage unit 351.
[0242]
Next, processing when the service provider 310 registers the price tag data 312 in the EMD service center 302 to make it authoritative will be described with reference to FIG.
[0243]
In this case, the module Mod that stores the price tag data 312 created by the price tag data creation unit 356 and the globally unique identifier Content_ID read from the storage unit 351 in the signature processing unit 354.₁₀₃Hash value of the private key data K_{SP, S}Using the signature data SIG_{80, SP}Is generated.
Further, the public key certificate data CER is stored from the storage unit 351._SPAnd its signature data SIG_{61, ESC}Is read out.
Then, the price tag registration request module Mod shown in FIG.₁₀₂Session key data K obtained by mutual authentication between the mutual authentication unit 352 and the EMD service center 302._SESAfter being encrypted in the encryption / decryption unit 353, the EMD service center management unit 358 transmits it to the EMD service center 302.
Module Mod₁₀₃In addition, a globally unique identifier SP_ID of the service provider 310 may be stored.
[0244]
Further, the EMD service center management unit 358 writes the settlement report data 307 s received from the EMD service center 302 in the storage unit 351.
[0245]
Further, the EMD service center management unit 358 stores the marketing information data 904 received from the EMD service center 302 in the storage unit 351.
The marketing information data 904 is referred to when the service provider 310 determines content data C to be distributed in the future.
[0246]
[EMD Service Center 302]
As described above, the EMD service center 302 serves as a certificate authority (CA), a key management station, and a rights processing station.
FIG. 56 is a functional configuration diagram of the EMD service center 302.
As shown in FIG. 56, the EMD service center 302 includes a key server 141, a key database 141a, a settlement processing unit 442, a signature processing unit 443, a settlement organization management unit 144, a certificate / rights certificate management unit 445, a CER database 445a, Content provider management unit 148, CP database 148a, SAM management unit 149, SAM database 149a, mutual authentication unit 150, encryption / decryption unit 151, service provider management unit 390, SP database 390a, user preference filter generation unit 901, and marketing information A data generation unit 902 is included.
In FIG. 56, functional blocks having the same reference numerals as those in FIGS. 10 and 11 have substantially the same functions as the functional blocks having the same reference numerals described in the first embodiment.
In the following, a functional block with a new reference numeral in FIG. 56 will be described.
FIG. 56 shows a data flow related to data transmitted / received to / from the service provider 310 among the data flows between the functional blocks in the EMD service center 302.
FIG. 57 shows a data flow related to data transmitted to and received from the content provider 301 among data flows between functional blocks in the EMD service center 302.
FIG. 58 shows the SAM 305 shown in FIG. 49 in the data flow between the functional blocks in the EMD service center 302.₁~ 305_FourThe flow of data related to data transmitted to and received from the settlement institution 91 is shown.
[0247]
As shown in FIG.₁~ 305_FourThe payment processing is performed based on the usage history data 308 input from, the standard retail price data SRP and the price tag data 312 input from the certificate / rights certificate management unit 445. At this time, the settlement processing unit 442 monitors the presence or absence of dumping by the service provider 310.
As shown in FIG. 58, the settlement processing unit 442 creates settlement report data 307c and settlement claim right data 152c for the content provider 301, as shown in FIG. 58, and these are respectively generated as the content provider management unit 148 and the settlement organization management unit 144. Output to.
Further, as shown in FIG. 56 and FIG. 58, the settlement report data 307s and the settlement claim data 152s for the service provider 310 are created by the settlement process, and these are stored in the service provider management unit 390 and the settlement organization management unit 144, respectively. Output.
Here, the settlement claim right data 152c and 152s is authoritative data that can claim payment of money from the settlement organization 91 based on the data.
[0248]
Here, similarly to the usage history data 108 described in the first embodiment, the usage history data 308 is used when determining payment of a license fee related to the secure container 304. In the usage history data 308, for example, as shown in FIG. 59, the identifier Content_ID of the content data C stored in the secure container 304, the identifier CP_ID of the content provider 301 that provided the content data C stored in the secure container 304, The identifier SP_ID of the service provider 310 that has distributed the secure container 304, the signal specification data of the content data C, the compression method of the content data C in the secure container 304, the identifier Media_ID of the recording medium that records the secure container 304, the secure container 304 Distributed SAM305₁~ 305_FourIdentifier SAM_ID of the SAM 105₁~ 105_FourUSER_ID of the user is described. Therefore, the EMD service center 302 needs to distribute the money paid by the user of the user home network 303 to the owner of the license, such as a compression method or a recording medium, in addition to the owner of the content provider 301 and the service provider 310. If there is, the amount to be paid to each partner is determined based on a predetermined distribution ratio table, and settlement report data and settlement claim right data according to the determination are created.
[0249]
The certificate / rights certificate management unit 445 has the public key certificate data CER registered in the CER database 445a and authorized._cp, Public key certificate data CER_SPAnd public key certificate data CER_SAM1~ CER_SAM2Are registered in the CER database 445a to authorize the rights document data 106 and the content key data Kc of the content provider 301 and the price tag data 312 of the service provider 310.
At this time, the certificate / rights document management unit 445 takes hash values such as the rights document data 106, the content key data Kc, and the price tag data 312 to obtain the secret key data K_{ESC, S}Create authoritative certificate data with signature data using.
[0250]
The content provider management unit 148 has a function of communicating with the content provider 101, and can access a CP database 148a that manages the identifier CP_ID and the like of the registered content provider 101.
[0251]
Based on the usage history data 308, the user preference filter generation unit 901 transmits the usage history data 308 to the SAM 305.₁~ 305_FourThe user preference filter data 903 for selecting the content data C according to the user's preference is generated, and the user history filter data 903 is transmitted to the usage history data 308 via the SAM management unit 149.₁~ 305_FourSend to.
[0252]
Based on the usage history data 308, the marketing information data generation unit 902 generates, for example, marketing information data 904 indicating the entire purchase status of the content data C distributed to the user home network 103 by a plurality of service providers 310. This is transmitted to the service provider 310 via the service provider management unit 390. The service provider 310 refers to the marketing information data 904 and determines the content of the service to be provided in the future.
[0253]
Hereinafter, the flow of processing in the EMD service center 302 will be described.
Distribution key data KD from the EMD service center 302 to the content provider 301₁~ KD₆And the EMD service center 302 to the SAM 305₁~ 305_FourKey data KD for distribution to₁~ KD_ThreeIs transmitted in the same manner as in the first embodiment.
[0254]
The processing when the EMD service center 302 receives a public key certificate data issuance request from the content provider 301 is also excluded except that the certificate / rights certificate management unit 445 registers with the CER database 445a. This is performed in the same manner as in the first embodiment described above.
[0255]
Hereinafter, processing when the EMD service center 302 receives a public key certificate data issuance request from the service provider 310 will be described with reference to FIGS. 56 and 60. FIG.
FIG. 60 is a flowchart of the processing.
Step SO1: The service provider management unit 390, the identifier SP_ID of the service provider 310 given in advance by the EMD service center 302, the public key data K_{SP, P}And signature data SIG_{70, SP}When the public key certificate data registration request including the service key is received from the service provider 310, the session key data K obtained by the mutual authentication between the mutual authentication unit 150 and the mutual authentication unit 352 shown in FIG._SESDecode using
[0256]
Step SO2: The decrypted signature data SIG_{70, SP}After the signature processing unit 443 confirms the validity of the identifier SP_ID and the public key data K_{SP, P}Based on the above, it is confirmed whether or not the service provider 310 that issued the public key certificate data issuance request is registered in the SP database 390a.
Step SO3: The certificate / rights certificate management unit 445 sets the public key certificate data CER of the service provider 310._SPIs read from the CER database 445a and output to the service provider management unit 390.
[0257]
Step SO4: The signature processing unit 443 performs public key certificate data CER._SPAnd the secret key data K of the EMD service center 302_{ESC, S}Using the signature data SIG_{61, ESC}Is output to the service provider management unit 390.
Step SO5: The service provider management unit 390 makes public key certificate data CER_SPAnd its signature data SIG_{61, ESC}Session key data K obtained by mutual authentication between the mutual authentication unit 150 and the mutual authentication unit 352 shown in FIG._SESAnd then transmitted to the service provider 310.
[0258]
Note that the EMD service center 302 is connected to the SAM 105.₁~ 105_FourThe processing when the public key certificate data issuance request is received is the same as in the first embodiment.
The processing when the EMD service center 302 receives a registration request for the rights document data 106 from the content provider 301 is the same as in the first embodiment.
[0259]
Next, processing when the EMD service center 302 receives a registration request for price tag data 312 from the service provider 310 will be described with reference to FIGS. 56 and 61. FIG.
FIG. 61 is a flowchart of the processing.
Step SP1: The service provider management unit 390 sends the price tag registration request module Mod shown in FIG.₁₀₂Is received, the session key data K obtained by the mutual authentication between the mutual authentication unit 150 and the mutual authentication unit 352 shown in FIG._SESPrice tag registration request module Mod using₁₀₂Is decrypted.
[0260]
Step SP2: The decrypted price tag registration request module Mod₁₀₂Signature data SIG stored in_{80, SP}Is verified in the signature processing unit 443.
[0261]
Step SP3: The certificate / rights certificate management unit 445 executes the price tag registration request module Mod.₁₀₂The price tag data 312 stored in is registered in the CER database 445a to be authoritative.
[0262]
Next, processing when making a settlement at the EMD service center 302 will be described with reference to FIGS.
FIG. 62 is a flowchart of the processing.
Step SQ1: The SAM management unit 149, for example, the SAM 305 of the user home network 303₁Usage history data 308 and its signature data SIG_{205, SAM1}Is entered, usage history data 308 and signature data SIG_{205, SAM1}The mutual authentication unit 150 and the SAM 305₁~ 305_FourKey data K obtained by mutual authentication with_SESUsing SAM305₁Public key data K_{SAM1, p}Using the signature data SIG_{205, SAM1}Is output to the settlement processing unit 442.
[0263]
Step SQ2: The settlement processing unit 442 executes the SAM 305₁The payment processing is performed based on the usage history data 308 input from, and the standard retail price data SRP and price tag data 312 input from the certificate / rights document management unit 445.
As shown in FIG. 58, the settlement processing unit 442 performs settlement report data 307c and settlement claim data 152c for the content provider 301, settlement report data 307s and settlement claim data 152s for the service provider 310, as shown in FIG. Create
The payment processing by the payment processing unit 442 may be performed every time the usage history data 308 is input, or may be performed every predetermined period.
[0264]
Step SQ3: As shown in FIGS. 56 and 58, payment request right data 152c and 152s for the content provider 301 and the service provider 310 are created and output to the settlement organization management unit 144.
The settlement organization management unit 144 sets the settlement claim data 152c and 152s and the secret key data K for them._{ESC, S}The signature data created by using the mutual authentication and session key data K_SESAfter decryption, the data is transmitted to the settlement institution 91 via the payment gateway 90 shown in FIG.
As a result, the amount of money indicated in the settlement claim right data 152c is paid to the content provider 301, and the amount of money indicated in the settlement claim right data 152s is paid to the service provider 310.
Note that the EMD service center 302 may transmit the settlement claim data 152c and 152s to the content provider 301 and the service provider 310, respectively. In this case, the content provider 301 and the service provider 310 charge the payment agency 91 based on the received payment request data 152c and 152s.
[0265]
Step SQ4: Settlement report data S307c and S307s for the content provider 301 and the service provider 310 are output to the content provider 301 and the service provider 310 via the content provider management unit 148 and the service provider management unit 390, respectively.
[0266]
In addition, the EMD service center 302 is similar to the EMD service center 102 of the first embodiment in the SAM 305.₁~ 305_FourThe process at the time of shipment and the registration process of the SAM registration list are performed.
[0267]
[User home network 303]
As shown in FIG. 49, the user home network 303 includes a network device 360.₁And A / V equipment 360₂~ 360_Fourhave.
Network device 360₁CA module 311 and SAM305₁Built in. AV equipment 360₂~ 360_FourRespectively, SAM305₂~ 305_FourBuilt in.
SAM305₁~ 305_FourAre connected via a bus 191 such as a 1394 serial interface bus.
AV equipment 360₂~ 360_FourMay have a network communication function, or may not have a network communication function, and the network device 360 via the bus 191.₁The network communication function may be used.
Further, the user home network 303 may include only AV devices that do not have a network function.
[0268]
Hereinafter, the network device 360₁Will be described.
FIG. 63 shows a network device 360.₁FIG.
As shown in FIG. 63, the network device 360₁Communication module 162, CA module 311, decryption module 905, SAM 305₁, A decryption / decompression module 163, a purchase / use form determination operation unit 165, a download memory 167, a playback module 169, and an external memory 201.
In FIG. 63, the constituent elements having the same reference numerals as those in FIG. 16 are the same as the constituent elements having the same reference numerals described in the first embodiment.
[0269]
The communication module 162 performs communication processing with the service provider 310.
Specifically, the communication module 162 outputs the secure container 304 received from the service provider 310 by satellite broadcasting or the like to the decryption module 905.
Further, the communication module 162 outputs the user preference filter data 900 received from the service provider 310 via the telephone line or the like to the SP preference history data 309 to the CA module 311 and the SP purchase history input from the CA module 311. Data 309 is transmitted to the service provider 310 via a telephone line or the like.
[0270]
FIG. 64 is a functional block diagram of the CA module 311 and the decryption module 905.
As shown in FIG. 64, the CA module 311 includes a mutual authentication unit 906, a storage unit 907, an encryption / decryption unit 908, and an SP purchase history data generation unit 909.
When the mutual authentication unit 906 transmits and receives data between the CA module 311 and the service provider 310 via a telephone line, the mutual authentication unit 906 performs mutual authentication with the service provider 310 and performs session key data K._SESIs output to the encryption / decryption unit 908.
[0271]
The storage unit 907 stores, for example, master key data K supplied offline from the service provider 310 using the IC card 912 or the like after a contract is established between the service provider 310 and the user._MRemember.
[0272]
The encryption / decryption unit 908 is scrambled key data K encrypted from the decryption unit 910 of the decryption module 905._SCRAnd work key data K_WAnd the master key data K read from the storage unit 907_MWork key data K using_WIs decrypted. The encryption / decryption unit 908 then sends the decrypted work key data K_WScramble key data K using_SCRAnd the decrypted scramble key data K_SCRIs output to the decoding unit 910.
Also, the encryption / decryption unit 908 receives the user preference filter data 900 received from the service provider 310 by the communication module 162 via a telephone line or the like, and the session key data K from the mutual authentication unit 906._SESIs decrypted using, and output to the secure container selection unit 911 of the decryption module 905.
Also, the encryption / decryption unit 908 uses the SP purchase history data 309 input from the SP purchase history data generation unit 909 as the session key data K from the mutual authentication unit 906._SESAnd transmitted to the service provider 310 via the communication module 162.
[0273]
The SP purchase history data generation unit 909 uses the purchase / use form determination operation unit 165 shown in FIG. 63 to operate the operation signal S165 or SAM305 in accordance with the purchase operation of the content data C by the user.₁The SP purchase history data 309 indicating the purchase history of the content data C unique to the service provider 310 is generated based on the usage control state data 166 from the service provider 310, and is output to the encryption / decryption unit 908.
The SP purchase history data 309 includes, for example, information that the service provider 310 wants to collect from the user regarding the distribution service, monthly basic charges (network rent), contract (update) information, purchase history information, and the like.
[0274]
Note that the CA module 311 communicates with the charging database, customer management database, and marketing information database of the service provider 310 when the service provider 310 has a charging function. In this case, the CA module 311 transmits billing data for the content data distribution service to the service provider 310.
[0275]
The decryption module 905 includes a decryption unit 910 and a secure container selection unit 911.
The decryption unit 910 receives the encrypted secure container 304 and scramble key data K from the communication module 162, respectively._SCRAnd work key data K_WEnter.
Then, the decryption unit 910 receives the encrypted scramble key data K_SCRAnd work key data K_WIs output to the encryption / decryption unit 908 of the CA module 311 and the scramble key data K decrypted from the encryption / decryption unit 908 is output._SCREnter.
Then, the decryption unit 910 converts the encrypted secure container 304 into scramble key data K_SCRIs output to the secure container selection unit 911.
[0276]
Note that when the secure container 304 is transmitted from the service provider 310 by the MPEG2 Transport Stream method, for example, the decryption unit 910 receives the scramble key data K from the ECM (Entitlement Control Message) in the TS Packet._SCRThe work key data K from EMM (Entitlement Management Message)_WTake out.
In addition, the ECM includes, for example, program attribute information for each channel. In addition, the EMM includes individual trial listening contract information that is different for each user (viewer).
[0277]
The secure container selection unit 911 performs filtering processing on the secure container 304 input from the decryption unit 910 using the user preference filter data 900 input from the CA module 311, and selects the secure container 304 according to the user preference. SAM305₁Output to.
[0278]
Next, SAM305₁Will be described.
SAM305₁The SAM 105 of the first embodiment described above with reference to FIGS. 17 to 41 except that the processing related to the service provider 310 is performed in addition to the content provider 301 such as the signature verification processing for the service provider 310.₁It has the function and structure which perform fundamentally.
Also, SAM305₂~ 305_FourSAM305₁And has basically the same function.
That is, SAM305₁~ 305_FourIs a module that performs charging processing in units of content, and performs communication with the EMD service center 302.
[0279]
Hereinafter, SAM305₁The function of will be described in detail.
FIG. 65 shows the SAM 305₁It is a block diagram of the function.
FIG. 65 shows the data flow related to the process of inputting the secure container 304 from the service provider 310 and decrypting the key file KF in the secure container 304.
As shown in FIG.₁Are a mutual authentication unit 170, encryption / decryption units 171, 172, 173, error correction unit 181, download memory management unit 182, secure container decryption unit 183, decryption / decompression module management unit 184, EMD service center management unit 185, Usage monitoring unit 186, signature processing unit 189, SAM management unit 190, storage unit 192, media SAM management unit 197, stack memory 200, service provider management unit 580, billing processing unit 587, signature processing unit 598, and external memory management unit 811 Have
Note that the SAM 305 shown in FIG.₁The predetermined function of SAM105₁In the same manner as in the above, it is realized by executing the secret program in the CPU.
In FIG. 65, functional blocks denoted by the same reference numerals as those in FIG. 17 are the same as the functional blocks having the same reference numerals described in the first embodiment.
[0280]
63, the usage history data 308 and the SAM registration list are stored through the processing described in the first embodiment and the processing described later.
In addition, as shown in FIG. 66, the stack memory 200 includes content key data Kc, right document data (UCP) 106, and lock key data K stored in the storage unit 192._LOC, Public key certificate data CER of the content provider 301_CP, Public key certificate data CER of service provider 310_SP, Usage control status data (UCS) 366, SAM program download container SDC₁~ SDC_ThreeIn addition, price tag data 312 and the like are stored.
[0281]
Hereinafter, SAM305₁Of these functional blocks, the functional blocks newly denoted with reference to FIG. 65 will be described.
The signature processing unit 589 reads the public key data K of the EMD service center 302 read from the storage unit 192 or the stack memory 200._{ESC, P}, Public key data K of content provider 301_{cp, p}And public key data K of service provider 310_{SP, P}Is used to verify the signature data in the secure container 304.
[0282]
As shown in FIG. 67, the billing processing unit 587 is based on the operation signal S165 from the purchase / use form determining operation unit 165 shown in FIG. 63 and the price tag data 312 read from the stack memory 200. Billing processing is performed according to the content purchase / use mode.
The billing process by the billing processing unit 587 is performed based on the rights contents such as the use permission condition indicated by the rights document data 106 and the usage control state data 166 under the monitoring of the usage monitoring unit 186. That is, the user can purchase and use the content within a range according to the content of the right.
[0283]
Further, the billing processing unit 587 generates usage history data 308 in the billing processing, and writes this into the external memory 201 via the external memory management unit 811.
Here, similarly to the usage history data 108 of the first embodiment, the usage history data 308 is used when the EMD service center 302 determines payment of a license fee related to the secure container 304.
[0284]
In addition, the accounting processing unit 587 generates usage control status (UCS) data 166 describing the purchase / usage mode of content by the user based on the operation signal S165, and this is stored in the external memory management unit 811. To the external memory 201.
Examples of the content purchase mode include purchase purchase without restriction on reproduction by the purchaser and duplication for use by the purchaser, and reproduction charge for charging each time reproduction is performed.
Here, the usage control state data 166 is generated when the user decides the purchase mode of the content, and thereafter, the user uses the content within the range permitted by the decided purchase mode. Used to do. In the usage control state data 166, the content ID, purchase mode, purchase price, SAM_ID of the SAM where the content was purchased, USER_ID of the user who performed the purchase, and the like are described.
[0285]
In the case where the determined purchase form is regenerative charging, for example, SAM305₁Usage control status data 166 is transmitted from the service provider 310 to the service provider 310 in real time, the service provider 310 sends the usage history data 108 to the EMD service center 302, and the SAM 105₁I will tell you to go.
Further, when the determined purchase form is a buy-out, for example, the usage control state data 166 is transmitted to the service provider 310 and the EMD service center 302 in real time.
[0286]
Also, SAM305₁Then, the user preference filter data 903 received by the EMD service center management unit 185 from the EMD service center 302 is output to the service provider management unit 580. Then, in the service provider management unit 580, the secure container 304 input from the decryption module 905 shown in FIG. 63 is filtered based on the user preference filter data 903, and the secure container 304 corresponding to the user preference is selected, and the selection is performed. The secured container 304 is output to the error correction unit 181. As a result, SAM305₁SAM305₁The content data C can be selected based on the user's preferences obtained from the purchase status of the content data C by the user for all service providers 310 to which the user has contracted.
[0287]
Hereinafter, SAM305₁The flow of processing within will be described.
Distribution key data KD received from the EMD service center 302₁~ KD_ThreeIs stored in the storage unit 192.₁The process flow in the SAM 105 is as described above.₁It is the same as the case of.
[0288]
Hereinafter, the SAM 305 when the secure container 304 is input from the service provider 310 and the key file KF in the secure container 304 is decrypted.₁The flow of the process will be described with reference to FIGS.
FIG. 68 is a flowchart of the processing.
Step SR1: Mutual authentication is performed between the mutual authentication unit 170 and the mutual authentication unit 352 of the service provider 310 shown in FIG.
The encryption / decryption unit 171 uses the session key data K obtained by the mutual authentication._SESIs used to decrypt the secure container 304 shown in FIG. 53 received from the service provider 310 via the service provider manager 580.
[0289]
Step SR2: The signature processing unit 589 performs signature data SIG shown in FIG._{61, ESC}After the verification of the public key certificate data CER shown in FIG._SPPublic key data K of service provider 310 stored in_{SP, P}Using the signature data SIG_{62, SP}, SIG_{63, SP}, SIG_{64, SP}Check the validity of.
The service provider management unit 580 uses the signature data SIG_{62, SP}, SIG_{63, SP}, SIG_{64, SP}Is confirmed, the secure container 304 is output to the error correction unit 181.
The error correction unit 181 corrects the error of the secure container 304 and then outputs it to the download memory management unit 182.
[0290]
Step SR3: The download memory management unit 182 writes the secure container 304 in the download memory 167 after performing mutual authentication between the mutual authentication unit 170 and the media SAM 167a shown in FIG.
[0291]
Step SR4: The download memory management unit 182 performs the mutual authentication between the mutual authentication unit 170 and the media SAM 167a shown in FIG. 63, and then stores the key file KF shown in FIG. 53B stored in the secure container 304. Read and output to the secure container decryption unit 183.
Then, the secure container decryption unit 183 receives the distribution key data KD for the corresponding period input from the storage unit 192.₁~ KD_ThreeIs used to decrypt the key file KF.
[0292]
Step SR5: The secure container decrypting unit 183 performs the signature / certificate module Mod shown in FIG.₁Signature data SIG stored in_{1, ESC}, SIG_{2, cp}~ SIG_{4, cp}Is output to the signature processing unit 589.
The signature processing unit 589 receives the signature data SIG shown in FIG._{1, ESC}After verifying the public key certificate data CER_cpPublic key data K stored in_{CP, P}Using the signature data SIG_{2, cp}~ SIG_{4, cp}Perform verification.
[0293]
Step SR6: The secure container decrypting unit 183 signing data SIG_{2, cp}~ SIG_{4, cp}Is confirmed, the key file KF is written into the stack memory 200.
[0294]
Hereinafter, the flow of processing until the purchase form of the secure container 304 downloaded from the service provider 310 to the download memory 167 is determined will be described with reference to FIGS. 67 and 69. FIG.
FIG. 69 is a flowchart of the processing.
Step SS1: In the billing processing unit 587, it is determined whether or not the operation signal S165 indicating the trial listening mode is input by the operation of the purchase / use form determining operation unit 165 shown in FIG. 63 by the user. If so, the process of step SS2 is executed, and if not, the process of step SS3 is executed.
[0295]
Step SS2: For example, the content file CF stored in the download memory 167 is output to the decryption / decompression module 163 shown in FIG. 63 via the decryption / decompression module management unit 184.
At this time, for the content file CF, the mutual authentication between the mutual authentication unit 170 and the media SAM 167a and the session key data K_SESEncryption / decryption by the authentication, mutual authentication between the mutual authentication unit 170 and the mutual authentication unit 220, and session key data K_SESEncryption / decryption is performed by.
The content file CF is decrypted by the decryption unit 221 shown in FIG.
[0296]
Also, the content key data Kc and the semi-disclosure parameter data 199 read from the stack memory 200 are output to the decryption / decompression module 163 shown in FIG. At this time, after the mutual authentication between the mutual authentication unit 170 and the mutual authentication unit 220, the session key data K for the content key data Kc and the semi-disclosure parameter data 199 is obtained._SESEncryption and decryption are performed according to the above.
Next, the decrypted semi-disclosure parameter data 199 is output to the semi-disclosure processing unit 225. Under the control of the semi-disclosure processing unit 225, the decryption of the content data C using the content key data Kc by the decryption unit 222 is semi-disclosure. Done in
Next, the content data C decrypted by the semi-disclosure is decompressed by the decompression unit 223 and then output to the digital watermark information processing unit 224.
Next, after the user digital watermark information data 196 is embedded in the content data C in the digital watermark information processing unit 224, the content data C is reproduced in the reproduction module 169, and sound corresponding to the content data C is output.
[0297]
Step SS3: When the user who auditioned the content operates the purchase / use form determining operation unit 165 to determine the purchase form, an operation signal S165 indicating the determined purchase form is output to the billing processing unit 187.
[0298]
Step SS4: The usage history data 308 and the usage control status data 166 corresponding to the determined purchase form are generated in the charging processing unit 187, and the usage history data 308 is written into the external memory 201 via the external memory management unit 811. At the same time, usage control state data 166 is written into the stack memory 200.
Thereafter, the usage monitoring unit 186 controls (monitors) the content to be purchased and used within the range permitted by the usage control state data 166.
[0299]
Step SS5: The usage control state data 166 is added to the key file KF stored in the stack memory 200, and the new key file KF shown in FIG.₁₁Is generated. Key file KF₁₁Is stored in the stack memory 200.
As shown in FIG. 71, the key file KF₁The usage control state data 166 stored in the storage key data K_STRIs encrypted using the DES CBC mode. In addition, the storage key data K_STRMAC, which is the MAC value generated using MAC as key data₃₀₀Is attached. Also, the usage control status data 166 and the MAC₃₀₀The module consisting of media key data_MEDIs encrypted using the DES CBC mode. In addition, the module includes the media key data K_MEDMAC, which is the MAC value generated using MAC as key data₃₀₁Is attached.
[0300]
Next, the flow of processing when the content data C for which the purchase form stored in the download memory 167 has already been determined will be described with reference to FIGS. 67 and 70. FIG.
FIG. 70 is a flowchart of the process.
Step ST1: For example, the SAM receives designation of content to be reproduced in accordance with a user operation.
[0301]
Step ST2: Under the monitoring of the usage monitoring unit 186, the content file CF stored in the download memory 167 is read based on the operation signal S165.
Step ST3: The read content file CF is output to the decryption / decompression module 163 shown in FIG.
Further, the content key data Kc read from the stack memory 200 is output to the decryption / decompression module 163.
[0302]
Step ST4: The decryption unit 222 of the decryption / decompression module 163 performs decryption of the content file CF using the content key data Kc and decompression processing by the decompression unit 223, and the reproduction module 169 reproduces the content data C. The
Step ST5: In the billing processing unit 587, the usage history data 308 is updated according to the operation signal S165.
Usage history data 308 is private key data K_{SAM1, S}Each signature data SIG created using_{205, SAM1}At the same time, it is transmitted to the EMD service center 302 via the EMD service center management unit 185 at a predetermined timing.
[0303]
Hereinafter, as shown in FIG. 72, for example, a network device 360 is used.₁The content file CF that has already been downloaded and is downloaded to the download memory 167 of the AV device 360 via the bus 191.₂SAM305₂SAM305 when transferring to₁The flow of the process will be described with reference to FIGS. 73 and 74.
Step SU1: The user operates the purchase / usage mode determination operation unit 165 to download the predetermined content stored in the download memory 167 to the AV device 360.₂The operation signal S165 corresponding to the operation is output to the billing processing unit 587.
Thereby, the billing processing unit 587 updates the usage history data 308 stored in the stack memory 200 based on the operation signal S165.
[0304]
Step SU2: The download memory management unit 182 outputs the content file CF shown in FIG. 75A read from the download memory 167 to the SAM management unit 190.
Step SU3: Key file KF that has already been determined to be purchased as shown in FIG. 75B read from the stack memory 200₁₁Are output to the signature processing unit 589 and the SAM management unit 190.
Step SU4: The signature processing unit 589 executes the key file KF₁₁Signature data SIG_{80, SAM1}Is output to the SAM management unit 190.
[0305]
Step SU5: The SAM management unit 190 sends the public key certificate data CER shown in FIG._SAM1And its signature data SIG_{22, ESC}Is read.
In addition, the mutual authentication unit 170 receives the SAM 305.₂Key data K obtained by performing mutual authentication with_SESIs output to the encryption / decryption unit 171.
The SAM management unit 190 creates a secure container including data shown in FIGS. 75 (A), 75 (B), and 75 (C).
[0306]
Step SU6: In the encryption / decryption unit 171, the session key data K_SESIs used to encrypt the secure container to create an AV device 360 shown in FIG.₂SAM305₂Output to.
[0307]
Hereinafter, as shown in FIG.₁SAM 305 when writing a content file CF or the like input from a RAM type recording medium (media)₂The flow of the process will be described with reference to FIGS. 76 and 77.
FIG. 77 is a flowchart of the processing.
[0308]
Step SV1: SAM305₂76, as shown in FIG. 76, the content file CF shown in FIG. 75A and the key file KF shown in FIG.₁₁And its signature data SIG_{80, SAM1}And public key signature data CER shown in FIG._SAM1And its signature data SIG_{22, ESC}And the network device 360.₁SAM305₁Enter from.
Then, in the encryption / decryption unit 171, the content file CF input by the SAM management unit 190 and the key file KF₁₁And its signature data SIG_{80, SAM1}And public key signature data CER_SAM1And its signature data SIG_{22, ESC}The mutual authentication unit 170 and the SAM 305₁Key data K obtained by mutual authentication with the mutual authentication unit 170_SESIs decrypted using.
[0309]
Next, session key data K_SESThe content file CF decrypted using is output to the media SAM management unit 197.
Session key data K_SESKey file KF decrypted using₁₁And its signature data SIG_{80, SAM1}And public key signature data CER_SAM1And its signature data SIG_{22, ESC}Are written in the stack memory 200.
[0310]
Step SV2: The signature processing unit 589 reads the signature data SIG read from the stack memory 200._{22, ESC}Public key data K read from the storage unit 192_{ESC, P}Using public key certificate data CER_SAM1Check the validity of.
Then, the signature processing unit 589 performs public key certificate data CER_SAM1Confirm the validity of the public key certificate data CER_SAM1Public key data K stored in_{SAM1, P}Using the signature data SIG_{80, SAM1}Check the validity of.
[0311]
Step SV3: Signature data SIG_{80, SAM1}Is confirmed, the key file KF shown in FIG.₁₁Is read from the stack memory 200 and output to the encryption / decryption unit 173.
Then, the encryption / decryption unit 173 records the recording key data K read from the storage unit 192._STR, Media key data K_MEDAnd purchaser key data K_PINKey file KF using₁₁Are sequentially encrypted and output to the media SAM management unit 197.
[0312]
Step SV4: The media SAM management unit 197 receives the content file CF input from the SAM management unit 190 and the key file KF input from the encryption / decryption unit 173.₁₁Is output to the recording module 260 shown in FIG.
Then, the recording module 260 receives the content file CF and the key file KF input from the media SAM management unit 197.₁₁Is written in the RAM area 251 of the RAM type recording medium 250 shown in FIG.
[0313]
SAM305₁AV device 360 for determining the purchase mode of a ROM type recording medium whose content purchase mode has not yet been determined.₂ Process flow, AV equipment 360_ThreeThe secure container 304 is read from the ROM-type recording medium whose purchase form has not been determined in FIG.₂The process flow when the data is transferred to the RAM type recording medium is verified in the signature data of the signature data using the secret key data of the service provider 310, and the price in the key file for which the purchase form is determined. The SAM 105 of the first embodiment except that the tag data 312 is stored.₁Is the same as
[0314]
Next, the overall operation of the EMD system 300 shown in FIG. 49 will be described.
78 and 79 are flowcharts of the overall operation of the EMD system 300. FIG.
Here, a case where the secure container 304 is transmitted online from the service provider 310 to the user home network 303 will be described as an example.
Note that the content provider 301, the service provider 310, and the SAM 305 to the EMD service center 302 are premised on the following processing.₁~ 305_FourRegistration of has already been completed.
[0315]
Step S21: The EMD service center 302 sets the public key data K of the content provider 301._{CP, P}Public key certificate CER_CP, Own signature data SIG_{1, ESC}At the same time, it is transmitted to the content provider 301.
The EMD service center 302 also sets the public key data K of the content provider 301._{SP, P}Public key certificate CER_SP, Own signature data SIG_{61, ESC}Together with the service provider 310.
Also, the EMD service center 302 distributes the distribution key data KD for 6 months, each of which has an expiration date of 1 month.₁~ KD₆Is sent to the content provider 301, and the distribution key data KD for three months₁~ KD_ThreeSAM 305 of user home network 303₁~ 305_FourSend to.
[0316]
Step S22: The content provider 301 sends the right registration request module Mod shown in FIG.₂Is transmitted to the EMD service center 302.
Then, after performing a predetermined signature verification, the EMD service center 302 registers and authorizes (authenticates) the rights document data 106 and the content key data Kc.
[0317]
Step S23: The content provider 301 creates the signature data and distributes key data KD for a period corresponding to SIG.₁~ KD_ThreeThe secure container 104 storing the data shown in FIGS. 4A, 4 </ b> B, and 4 </ b> C is supplied to the service provider 310 through an encryption process using the above.
[0318]
Step S24: The service provider 310 sends the signature data SIG shown in FIG._{1, ESC}After verifying the public key certificate data CER_CPPublic key data K stored in_{CP, P}Is used to sign data SIG shown in FIGS. 4 (A) and 4 (B)._{6, CP}And SIG_{7, CP}To confirm whether the secure container 104 is transmitted from a valid content provider 301.
[0319]
Step S25: The service provider 310 creates price tag data 312 and creates a secure container 304 shown in FIG. 53 in which the price tag data 312 is stored.
[0320]
Step S26: The service provider 310 sends the price tag registration request module Mod shown in FIG.₁₀₂Is transmitted to the EMD service center 302.
The EMD service center 302 registers the price tag data 312 and authorizes it after performing a predetermined signature verification.
[0321]
Step S27: The service provider 310, for example, in response to a request from the CA module 311 of the user home network 303, the secure container 304 created in step S25 is online or offline, and the network device 360 shown in FIG.₁To the decryption module 905.
[0322]
Step S28: The CA module 311 creates SP purchase history data 309 and transmits it to the service provider 310 at a predetermined timing.
[0323]
Step S29: SAM305₁~ 305_FourAny of the signature data SIG shown in FIG._{61, ESC}After verifying the public key certificate data CER_SPPublic key data K stored in_{SP, P}Is used to sign data SIG shown in FIGS. 53 (A), (B), (C)._{62, SP}, SIG_{63, SP}, SIG_{64, SP}To confirm whether the secure container 304 is transmitted from a valid service provider 310.
[0324]
Step S30: SAM305₁~ 305_FourIn any of the above, the distribution key data KD₁~ KD_ThreeIs used to decrypt the key file KF shown in FIG. And SAM305₁~ 305_FourAny of the signature data SIG shown in FIG._{1, ESC}After verifying the public key certificate data CER_CPPublic key data K stored in_{CP, P}The signature data SIG shown in FIG._{2, CP}, SIG_{3, CP}And SIG_{4, CP}To confirm whether the content data C, the content key data Kc, and the rights document data 106 are created by the valid content provider 301.
[0325]
Step S31: The user operates the purchase / use form determining operation unit 165 in FIG. 63 to determine the purchase / use form of the content.
[0326]
Step S32: Based on the operation signal S165 generated in step S31, the SAM 305₁~ 305_Four, Usage log data 308 of the secure container 304 is generated.
SAM305₁~ 305_FourTo the EMD service center 302 to use history data 308 and its signature data SIG_{205, SAM1}Is sent.
[0327]
The EMD service center 302 determines (calculates) billing contents for each of the content provider 301 and the service provider 310 based on the usage history data 308, and creates settlement claim data 152c and 152s based on the result. .
[0328]
The EMD service center 302 transmits the payment claim data 152c and 152s together with its own signature data to the payment institution 91 via the payment gateway 90, and thereby the money paid by the user of the user home network 303 to the payment institution 91. Are distributed to the owners of the content provider 301 and the service provider 310.
[0329]
As described above, in the EMD system 300, the secure container 104 having the format shown in FIG. 4 is distributed from the content provider 301 to the service provider 310, and the content file CF and the key file KF in the secure container 104 are stored as they are. 304 is distributed from the service provider 310 to the user home network 303, and the process for the key file KF is performed by the SAM 305.₁~ 305_FourDo it within.
The content key data Kc and the rights document data 106 stored in the key file KF are distributed key data KD.₁~ KD_ThreeIs encrypted using the distribution key data KD₁~ KD_ThreeSAM305 holding₁~ 305_FourOnly decrypted within. And SAM305₁~ 305_FourThen, the module has tamper resistance, and the purchase mode and the usage mode of the content data C are determined based on the handling contents of the content data C described in the rights document data 106.
[0330]
Therefore, according to the EMD system 300, the purchase and use of the content data C in the user home network 303 is based on the contents of the rights document data 106 created by the parties related to the content provider 101 regardless of the processing in the service provider 310. Can be done reliably. That is, the EMD system 300 can prevent the service provider 310 from managing the rights document data 106.
Therefore, according to the EMD system 300, even when the content data C is distributed to the user home network 303 via a plurality of different service providers 310, the right processing for the content data C in the user home network 303 is performed. This can be performed based on the common rights document data 106 created by the content provider 301.
[0331]
In the EMD system 300, the distribution of the content data C from the service provider 310 to the user home network 103 is performed using the secure container 304 in both cases of online and offline.₁~ 305_FourThe right processing of the content data C can be made common.
[0332]
In the EMD system 300, the network device 360 in the user home network 303 is used.₁And AV equipment 360₂~ 360_FourWhen the content data C is purchased, used, recorded, and transferred, a common rights processing rule can be adopted by always performing processing based on the rights document data 106.
[0333]
Further, according to the EMD system 300, since the EMD service center 302 has an authentication function, a key data management function, and a right processing (profit distribution) function, the amount paid by the user with the use of the content is the content provider. It is reliably distributed to the owners of 301 and EMD service center 302 according to a predetermined ratio.
Further, according to the EMD system 300, the rights document data 106 for the same content file CF supplied by the same content provider 301 is used as it is regardless of the service form of the service provider 310.₁~ 305_FourTo be supplied. Therefore, SAM305₁~ 305_FourThe content file CF can be used as intended by the content provider 301 based on the rights document data 106.
That is, according to the EMD system 300, when the content is used by the user and the content is used by the user, the owner of the content provider 301 can be obtained by technical means without relying on the audit organization 725 as in the past. Can protect their rights and interests.
[0334]
First modification of the second embodiment
FIG. 80 is a configuration diagram of an EMD system 300a using two service providers according to the first modification of the second embodiment.
In FIG. 80, constituent elements denoted by the same reference numerals as those in FIG. 49 are the same as constituent elements having the same reference numerals described in the second embodiment.
As shown in FIG. 80, in the EMD system 300a, the same secure container 104 is supplied from the content provider 301 to the service providers 310a and 310b.
[0335]
The service provider 310a, for example, provides a content drama program providing service, and stores content data C related to the drama program and price tag data 312a uniquely created for the content data C in the service. The secure container 304a created is created, and this network container 360 is created.₁To be distributed.
In addition, the service provider 310b provides, for example, a karaoke service, and in this service, secure data that stores content data C related to the karaoke service and price tag data 312b uniquely created for the content data C is stored. A container 304b is created and this is created as a network device 360.₁To be distributed.
Here, the format of the secure containers 304a and 304b is the same as that of the secure container 304 described with reference to FIG.
[0336]
Network device 360a₁Are provided with CA modules 311a and 311b corresponding to the service providers 310a and 310b, respectively.
The CA modules 311a and 311b receive distribution of the secure containers 304a and 304b according to their own requests from the service providers 310a and 310b, respectively.
[0337]
Next, the CA modules 311a and 311b create SP purchase history data 309a and 309b corresponding to the distributed secure containers 304a and 304b, respectively, and transmit them to the service providers 310a and 310b, respectively.
Further, the CA modules 311a and 311b use the secure containers 304a and 304b as session key data K._SESAfter decoding with SAM305₁~ 305_FourOutput to.
[0338]
Next, SAM305₁~ 305_FourCommon key data for distribution KD₁~ KD_ThreeIs used to decrypt the key file KF in the secure containers 304a and 304b, and based on the common rights document data 106, processing related to the purchase / use of the content according to the operation from the user is performed, and the use corresponding to that is performed. History data 308 is created.
[0339]
And SAM305₁~ 305_FourThe usage history data 308 is transmitted from the EMD service center 302 to the EMD service center 302.
[0340]
Based on the usage history data 308, the EMD service center 302 determines (calculates) billing details for each of the content provider 301 and the service providers 310a and 310b, and based on the result, payment claim right data corresponding thereto. 152c, 152sa, and 152sb are created.
[0341]
The EMD service center 302 transmits the payment claim data 152c, 152sa, and 152sb to the payment institution 91 via the payment gateway 90, so that the money paid by the user of the user home network 303 to the payment institution 91 is It is distributed to the owners of the provider 301 and the service providers 310a and 310b.
[0342]
As described above, according to the EMD system 300b, when the same content file CF is supplied to the service provider 310a, 310b, the rights document data 106 regarding the content file CF is distributed to the distribution key data KD.₁~ KD₆The encrypted data is supplied to the service providers 310a and 310b, and the service providers 310a and 310b distribute the secure containers 304a and 304b storing the encrypted rights document data 106 to the user home network. Therefore, the SAM 305 in the user home network₁~ 305_FourThen, regardless of whether the content file CF is distributed to the service provider from either 310a or 310b, the rights processing can be performed based on the common rights document data 106.
[0343]
In the first modification described above, the case where two service providers are used is illustrated, but in the present invention, the number of service providers is arbitrary.
[0344]
Second modification of the second embodiment
FIG. 81 is a configuration diagram of an EMD system 300b using a plurality of content providers according to the second modification of the second embodiment.
In FIG. 81, the constituent elements having the same reference numerals as those in FIG. 49 are the same as the constituent elements having the same reference numerals described in the second embodiment.
As shown in FIG. 81, in the EMD system 300b, secure containers 104a and 104b are supplied from the content providers 301a and 301b to the service provider 310, respectively.
[0345]
For example, the service provider 310 provides a service using the content supplied by the content providers 301a and 301b, and generates price tag data 312a for the secure container 104a and price tag data 312b for the secure container 104b, respectively. Then, a secure container 304c storing these is created.
As shown in FIG. 81, the secure container 304c includes content files CFa and CFb, key files KFa and KFb, price tag data 312a and 312b, and secret key data K of the service provider 310 for each of them._{CP, S}The signature data by is stored.
[0346]
The secure container 304c is a network device 360 of the user home network 303.₁SAM 305 after being received by the CA module 311₁~ 305_FourIs processed.
[0347]
SAM305₁~ 305_FourThen, the distribution key data KDa₁~ KDa_ThreeIs used to decrypt the key file KFa, and based on the rights document data 106a, processing related to purchase / use of the content file CFa according to the user's operation is performed, and the history is described in the usage history data 308. The
Also, SAM305₁~ 305_FourIn the distribution key data KDb₁~ KDb_ThreeIs used, the key file KFb is decrypted, processing based on purchase / use of the content file CFb according to the operation from the user is performed based on the rights document data 106b, and the history is described in the usage history data 308. The
[0348]
And SAM305₁~ 305_FourThe usage history data 308 is transmitted from the EMD service center 302 to the EMD service center 302.
[0349]
The EMD service center 302 determines (calculates) billing contents for each of the content providers 301a and 301b and the service provider 310 based on the usage history data 308, and based on the result, sets the billing right data corresponding to each. 152ca, 152cb, and 152s are created.
[0350]
The EMD service center 302 transmits the payment request data 152ca, 152cb, 152s to the payment institution 91 via the payment gateway 90, whereby the money paid by the user of the user home network 303 to the payment institution 91 is Distributed to owners of providers 301a and 301b and service provider 310.
[0351]
As described above, according to the EMD system 300b, the rights document data 106a and 106b of the content files CFa and CFb stored in the secure container 304c are used as they are created by the content providers 301a and 301b.₁~ 305_FourThe rights processing for the content files CFa and CFb is reliably performed in accordance with the intentions of the content providers 301a and 301b based on the rights document data 106a and 106b.
[0352]
In the second modification shown in FIG. 81, the case where two content providers are used is illustrated, but the number of content providers is arbitrary.
There may be a plurality of content providers and service providers.
[0353]
Third modification of the second embodiment
FIG. 82 is a configuration diagram of an EMD system according to a third modification of the second embodiment.
In the second embodiment described above, the EMD service center 302 exemplifies a case in which the content provider 301 and the service provider 310 make a payment to the payment organization 91. However, in the present invention, for example, as shown in FIG. Based on the usage history data 308, the EMD service center 302 creates settlement billing right data 152c for the content provider 301 and settlement billing right data 152s for the service provider 310. You may make it transmit to the service provider 310. FIG.
In this case, the content provider 301 uses the payment request right data 152c to make a payment to the payment agency 91a via the payment gateway 90a.
Further, the service provider 310 uses the payment request right data 152s to make a payment to the payment institution 91b via the payment gateway 90b.
[0354]
Fourth modification of the second embodiment
FIG. 83 is a configuration diagram of an EMD system according to a fourth modification of the second embodiment.
In the second embodiment described above, for example, the case where the service provider 310 does not have a charging function as in the current Internet has been illustrated, but the service provider 310 has a charging function as in the current digital broadcasting. If there is, the CA module 311 creates use history data 308 s for the service of the service provider 310 related to the secure container 304 and transmits it to the service provider 310.
Then, the service provider 310 performs billing processing based on the usage history data 308s to create payment request right data 152s, and uses this to make a payment to the payment agency 91b via the payment gateway 90b.
On the other hand, SAM305₁~ 305_FourCreates usage history data 308 c for the right processing of the content provider 301 related to the secure container 304, and transmits this to the EMD service center 302.
The EMD service center 302 creates payment claim data 152c based on the usage history data 308c and transmits it to the content provider 301.
The content provider 301 uses the payment request right data 152c to make a payment to the payment agency 91a via the payment gateway 90a.
[0355]
Fifth modification of the second embodiment
In the above-described embodiment, as shown in FIG. 49, the user preference filter generation unit 901 of the EMD service center 302 performs the SAM 305.₁For example, the user preference filter data 903 is generated based on the usage history data 308 received from the above, but for example, the SAM 305 shown in FIG.₁The usage control status data 166 generated by the usage monitoring unit 186 is transmitted to the EMD service center 302 in real time, and the user preference filter data 903 is updated based on the usage control status data 166 in the SP purchase history data 309. You may make it produce | generate.
[0356]
Sixth modification of the second embodiment
Content provider 301, service provider 310, and SAM 305₁~ 305_FourIs their own public key data K_{CP, P}, K_{SP, P}, K_{SAM1, P}~ K_{SAM4, P}In addition, own secret key data K_{CP, S}, K_{SP, S}, K_{SAM1, S}~ K_{SAM4, S}May be registered in the EMD service center 302.
In this way, the EMD service center 302 can respond to requests from the state or police agencies in the event of an emergency by using the secret key data K_{CP, S}, K_{SP, S}, K_{SAM1, S}~ K_{SAM4, S}Communication between the content provider 301 and the service provider 310, the service provider 310 and the SAM 305₁~ 305_FourSAM 305 in the user home network 303₁~ 305_FourIt becomes possible to eavesdrop on the target communication among the communications between each other.
Also, SAM305₁~ 305_FourFor the secret key data K by the EMD service center 302 at the time of shipment._{SAM1, S}~ K_{SAM4, S}Is generated and this is converted to SAM305.₁~ 305_FourAnd the EMD service center 302 may hold (register) it.
[0357]
Seventh modification of the second embodiment
In the above-described embodiment, the content provider 301, the service provider 310, and the SAM 305₁~ 305_FourHowever, when communicating with each other, the EMD service center 302 receives the public key certificate data CER in advance._CP, CER_SP, CER_SAM1~ CER_SAN4However, in the present invention, various forms can be adopted as the transmission form of the public key certificate data to the communication destination.
For example, content provider 301, service provider 310, and SAM 305₁~ 305_FourHowever, when communicating with each other, the EMD service center 302 receives the public key certificate data CER in advance._CP, CER_SP, CER_SAM1~ CER_SAN4May be acquired and transmitted to the communication destination in an out-of-band manner prior to the communication.
In addition, the content provider 301, the service provider 310, and the SAM 305₁~ 305_FourHowever, during communication, the EMD service center 302 sends public key certificate data CER._CP, CER_SP, CER_SAM1~ CER_SAN4May be obtained.
[0358]
FIG. 84 is a diagram for explaining the form of the acquisition (acquisition) route of public key certificate data.
In FIG. 84, the constituent elements denoted by the same reference numerals as those in FIG. 49 are the same as the constituent elements having the same reference numerals. The user home network 303a is the same as the user home network 303 described above. In the user home network 303b, the SAM 305 is connected via the bus 191 which is an IEEE 1394 serial bus.₁₁~ 305₁₄Is connected.
[0359]
The content provider 301 makes public key certificate data CER of the service provider 310_SPFor example, the public key certificate data CER is transmitted from the service provider 310 to the content provider 301 prior to communication._SPIs transmitted ((3) in FIG. 84), the content provider 301 sends the public key certificate data CER from the EMD service center 302._SP(1 in FIG. 84).
[0360]
In addition, the service provider 310 sets the public key certificate data CER of the content provider 301._CPFor example, the public key certificate data CER is transmitted from the content provider 301 to the service provider 310 prior to communication._CP(2 in FIG. 84), the service provider 310 sends the public key certificate data CER from the EMD service center 302._CP(4 in FIG. 84).
[0361]
In addition, the service provider 310 has the SAM 305₁~ 305_FourPublic key certificate data CER_SAM1~ CER_SAM4For example, when acquiring SAM 305 prior to communication,₁~ 305_FourPublic key certificate data CER from service provider 310 to service provider 310_SAM1~ CER_SAM4(6 in FIG. 84), the service provider 310 sends public key certificate data CER from the EMD service center 302._SAM1~ CER_SAM4(4 in FIG. 84).
[0362]
Also, SAM305₁~ 305_FourIs the public key certificate data CER of the service provider 310_SPFor example, the service provider 310 may request the SAM 305 prior to communication.₁~ 305_FourPublic key certificate data CER_SP(5 in FIG. 84) and SAM305₁~ 305_FourPublic key certificate data CER from the EMD service center 302_SPIn some cases (such as (7) in FIG. 84).
[0363]
Also, SAM305₁SAM305₂Public key certificate data CER_SAM2For example, when acquiring SAM 305 prior to communication,₂To SAM305₁Public key certificate data CER_SAM2(SAM (305) in FIG. 84) and SAM305₁Public key certificate data CER from the EMD service center 302_SAM2In some cases (such as (7) in FIG. 84).
[0364]
Also, SAM305₂SAM305₁Public key certificate data CER_SAM1For example, when acquiring SAM 305 prior to communication,₁To SAM305₂Public key certificate data CER_SAM1(SAM (305) in FIG. 84) and SAM305₂Himself / herself from the EMD service center 302 public key certificate data CER_SAM1SAM305 when ordering₁Public key certificate data CER via a network device equipped with_SAM1May be ordered ((7), (8) in FIG. 84).
[0365]
Also, SAM305_FourSAM305₁₃Public key certificate data CER_SAM13For example, when acquiring SAM 305 prior to communication,₁₃To SAM305_FourPublic key certificate data CER_SAM13(SAM (305) in FIG. 84) and SAM305_FourHimself / herself from the EMD service center 302 public key certificate data CER_SAM13When requesting the public key certificate data CER via the network device in the user home network 303b ((10) in FIG. 84)_SAM13May be ordered.
[0366]
Also, SAM305₁₃SAM305_FourPublic key certificate data CER_SAM4For example, when acquiring SAM 305 prior to communication,_FourTo SAM305₁₃Public key certificate data CER_SAM4(SAM (305) in FIG. 84) and SAM305₁₃Himself / herself from the EMD service center 302 public key certificate data CER_SAM4When requesting (in (13) in FIG. 84), the public key certificate data CER is transmitted via the network device in the user home network 303b._SAM4May be ordered.
[0367]
Handling of public key certificate revocation list (data) in the second embodiment
In the second embodiment, in the EMD service center 302, the content provider 301, the service provider 310, and the SAM 305 used for fraudulent acts and the like.₁~ 305_FourIn order to prevent communication with other devices, public key certificate revocation data that invalidates the public key certificate data of the device used for the fraudulent act is created. Then, the public key certificate revocation data CRL (Certificate Revocation List) is stored in the content provider 301, the service provider 310, and the SAM 305.₁~ 305_FourSend to.
In addition to the EMD service center 302, the public key certificate revocation data CRL is, for example, a content provider 301, a service provider 310, and a SAM 305.₁~ 305_FourMay be generated.
[0368]
First, the EMD service center 302 makes public key certificate data CER of the content provider 301._CPThe case of invalidating will be described.
As shown in FIG. 85, the EMD service center 302 uses the public key certificate data CER._CPPublic key certificate revocation data CRL indicating invalidation₁ Is transmitted to the service provider 310 ((1) in FIG. 85). When the service provider 310 verifies the signature data input from the content provider 301, the public key certificate revocation data CRL₁Refers to the public key certificate data CER_CPThe validity of the public key data K is determined when it is determined that it is valid._{CP, P}If the signature is verified using this, the data from the content provider 301 is invalidated without performing the signature verification. The communication may be rejected instead of invalidating the data.
[0369]
Also, the EMD service center 302 sets the public key certificate revocation data CRL.₁For example, the SAM 305 in the user home network 303 using either the broadcast type or the on-demand type using the distribution resources of the service provider 310.₁((1), (2) in FIG. 85). SAM305₁When verifying the signature data of the content provider 301 stored in the secure container input from the service provider 310, the public key certificate revocation data CRL₁Refers to the public key certificate data CER_CPThe validity of the public key data K is determined when it is determined that it is valid._{CP, P}If the signature is verified using invalidation and it is determined to be invalid, the secure container is invalidated without performing the signature verification.
The EMD service center 302 uses the public key certificate revocation data CRL.₁Through the network device in the user home network 303.₁(3 in FIG. 85).
[0370]
Next, the EMD service center 302 makes public key certificate data CER of the service provider 310._SPThe case of invalidating will be described.
As shown in FIG. 86, the EMD service center 302 uses the public key certificate data CER._SPPublic key certificate revocation data CRL indicating invalidation₂Is transmitted to the content provider 301 ((1) in FIG. 86). When the content provider 301 verifies the signature data input from the service provider 310, the public key certificate revocation data CRL₂Refers to the public key certificate data CER_SPThe validity of the public key data K is determined when it is determined that it is valid._{SP, P}If the signature is verified by using, the data from the service provider 310 is invalidated without performing the signature verification.
[0371]
Also, the EMD service center 302 sets the public key certificate revocation data CRL.₂For example, the SAM 305 in the user home network 303 using either the broadcast type or the on-demand type using the distribution resources of the service provider 310.₁((2) in FIG. 86). SAM305₁When verifying the signature data of the service provider 310 stored in the secure container input from the service provider 310, the public key certificate revocation data CRL₂Refers to the public key certificate data CER_SPThe validity of the public key data is determined.
K_{SP, P}If the signature is verified using invalidation and it is determined to be invalid, the secure container is invalidated without performing the signature verification.
In this case, in the service provider 310, the public key certificate revocation data CRL₂The module that performs transmission / reception must be tamper resistant. In the service provider 310, the public key certificate revocation data CRL₂Need to be stored in an area that is difficult to tamper with by the service provider 310.
The EMD service center 302 uses the public key certificate revocation data CRL.₂Through the network device in the user home network 303.₁(3 in FIG. 86).
[0372]
Next, the EMD service center 302 receives, for example, the SAM 305.₂Public key certificate data CER_SAM2The case of invalidating will be described.
As shown in FIG. 87, the EMD service center 302 uses the public key certificate data CER._SAM2Public key certificate revocation data CRL indicating invalidation_ThreeIs transmitted to the content provider 301 ((1) in FIG. 87). The content provider 301 uses the public key certificate revocation data CRL_ThreeIs transmitted to the service provider 310.
The service provider 310 uses, for example, a broadcast type or an on-demand type using its own distribution resources, while the SAM 305 in the user home network 303 is used.₁Public key certificate revocation data CRL_SAM1Is transmitted ((1) in FIG. 87).
SAM305₁SAM305₂SAM305 added to data input from₂Public key certificate revocation data CRL when verifying signature data_ThreeRefers to the public key certificate data CER_SAM2The validity of the public key data K is determined when it is determined that it is valid._{SAM2, P}If the signature is verified using invalidation, the data is invalidated without performing the signature verification.
In this case, in the service provider 310, the public key certificate revocation data CRL_ThreeThe module that performs transmission / reception must be tamper resistant. In the service provider 310, the public key certificate revocation data CRL_ThreeNeed to be stored in an area that is difficult to tamper with by the service provider 310.
[0373]
The EMD service center 302 uses the public key certificate revocation data CRL._ThreeSAM 305 via service provider 310₁((1) and (2) in FIG. 87).
Also, the EMD service center 302 sets the public key certificate revocation data CRL._ThreeThrough the network device in the user home network 303.₁(3 in FIG. 87).
[0374]
The EMD service center 302 is, for example, the SAM 305.₂Public key certificate data CER_SAM2Public key certificate revocation data CRL indicating invalidation_ThreeCreate and save this.
Further, the user home network 303 creates a SAM registration list SRL of the SAM connected to the bus 191 and transmits it to the EMD service center 302 ((1) in FIG. 88).
The EMD service center 302 uses the SAM 305 shown in the SAM registration list.₁~ 305_FourAmong them, public key certificate revocation data CRL_ThreeSAM indicated to be invalidated by (e.g. SAM305)₂) Is specified, and the discard flag corresponding to the SAM in the SAM registration list SRL is set to indicate invalidity, and a new SAM registration list SRL is created.
Next, the EMD service center 302 stores the generated SAM registration list SRL in the SAM 305.₁((1) in FIG. 88).
SAM305₁When communicating with other SAMs, with reference to the discard flag of the SAM registration list SRL, the presence / absence of verification of signature data and whether or not communication is permitted are determined.
[0375]
Also, the EMD service center 302 sets the public key certificate revocation data CRL._ThreeIs transmitted to the content provider 301 ((2) in FIG. 88).
The content provider 301 uses the public key certificate revocation data CRL_ThreeIs transmitted to the service provider 310 ((2) in FIG. 88).
Next, the service provider 310 uses its own distribution resources to either public or on demand type public key certificate revocation data CRL._ThreeSAM305₁((2) in FIG. 88).
SAM305₁Is the SAM305 shown in the SAM registration list created by itself.₁~ 305_FourAmong them, public key certificate revocation data CRL_ThreeSAM indicated to be invalidated by (e.g. SAM305)₂) Is specified, and a discard flag corresponding to the SAM in the SAM registration list SRL is set to indicate invalidity.
After that, SAM305₁When communicating with other SAMs, with reference to the discard flag of the SAM registration list SRL, the presence / absence of verification of signature data and whether or not to permit communication are determined.
[0376]
Also, the EMD service center 302 sets the public key certificate revocation data CRL._ThreeIs transmitted to the service provider 310 ((3) in FIG. 88).
Next, the service provider 310 uses its own distribution resources to either public or on demand type public key certificate revocation data CRL._ThreeSAM305₁((3) in FIG. 88).
SAM305₁Is the SAM305 shown in the SAM registration list created by itself.₁~ 305_FourAmong them, public key certificate revocation data CRL_ThreeSAM indicated to be invalidated by (e.g. SAM305)₂) Is specified, and the discard flag corresponding to the SAM in the SAM registration list SRL is set to indicate invalidity.
After that, SAM305₁When communicating with other SAMs, with reference to the discard flag of the SAM registration list SRL, the presence / absence of verification of signature data and whether or not to permit communication are determined.
[0377]
Role of EMD service center 302
FIG. 89 is a configuration diagram of the EMD system when the function of the EMD service center (clearing house) 302 shown in FIG. 49 is divided into a rights management clearing house 950 and an electronic settlement clearing house 951. .
In the EMD system, the clearing house 951 for electronic settlement performs settlement processing (profit sharing processing) based on the usage history data 308 from the SAM of the user home networks 303a and 303b, and the content provider 301 and the service provider 310 Payment request right data is generated, and payment is made at the payment institution 91 via the payment gateway 90.
[0378]
Further, the rights management clearing house 950 creates settlement reports of the content provider 301 and the service provider 310 according to the settlement notification from the electronic settlement clearing house 951 and transmits them to the content provider 301 and the content provider 301. To do.
Also, registration (authorization) of the rights document data 106 and content key data Kc of the content provider 301 is performed.
As shown in FIG. 90, when the right management clearing house 950 and the electronic settlement clearing house 951 are stored in a single device, an EMD service center 302 shown in FIG. 49 is obtained.
[0379]
Further, according to the present invention, for example, as shown in FIG. 91, the EMD service center 302 is provided with a function of a rights management clearing house 960, and the rights management clearing house 960 registers the rights document data 106. At the same time, the payment request right data of the service provider 310 may be created based on the usage history data 308 from the SAM and transmitted to the service provider 310. In this case, the service provider 310 uses its own billing system as the electronic settlement clearing house 961 and performs settlement based on the settlement claim data from the right management clearing house 960.
[0380]
In the present invention, for example, as shown in FIG. 92, the EMD service center 302 is provided with a function of a rights management clearing house 970, and the rights management clearing house 970 registers the rights document data 106. At the same time, the payment request data of the content provider 301 may be created based on the usage history data 308 from the SAM and transmitted to the content provider 301. In this case, the content provider 301 uses its own billing system as the electronic payment clearing house 961 and performs payment based on the payment claim data from the right management clearing house 970.
[0381]
Eighth modification of the second embodiment
In the second embodiment described above, in the EMD system 300 shown in FIG. 49, the secure container 104 in the format shown in FIG. 4 is provided from the content provider 301 to the service provider 310, and the service provider 310 sends the secure container 104 to the user home network 303 in FIG. The case where the secure container 304 of the format shown is distributed is illustrated.
That is, in the second embodiment described above, as shown in FIGS. 4 and 53, a single content file CF and a single key file KF corresponding to the content file CF are respectively stored in the secure container 104 and the secure container 304. The case of storing was illustrated.
In the present invention, a plurality of content files CF and a plurality of key files KF respectively corresponding to the plurality of content files CF may be stored in the secure container 104 and the secure container 304, respectively.
[0382]
FIG. 93 is a diagram for explaining the format of the secure container 104a provided from the content provider 301 to the service provider 310 shown in FIG. 49 in the present modification.
As shown in FIG. 93, the secure container 104a contains a content file CF.₁₀₁, CF₁₀₂, CF₁₀₃, Key file KF₁₀₁, KF₁₀₂, KF₁₀₃, Public key certificate data CER_CP, Signature data SIG_{1, ESC}And signature data SIG_{250, CP}Is stored.
Here, the signature data SIG_{250, CP}In the content provider 301, the content file CF₁₀₁, CF₁₀₂, CF₁₀₃, Key file KF₁₀₁, KF₁₀₂, KF₁₀₃, Public key certificate data CER_CPAnd signature data SIG_{1, ESC}The hash value is taken for the entire content of the content provider 301 and the secret key data K_{cp, s}Is generated using
[0383]
Content file CF₁₀₁In the header, link data LD₁, Metadata Meta₁, Content data C₁And A / V decompression software Soft₁Is stored.
Here, the content data C₁And A / V decompression software Soft₁Is the content key data Kc described above₁Is encrypted using the metadata Meta₁Is content key data Kc as required₁It is encrypted using
Content data C₁Is compressed by, for example, the ATRAC3 method. A / V decompression software Soft₁Is ATRAC3 type decompression software.
Link data LD₁Is the key file KF₁₀₁To link to.
[0384]
Content file CF₁₀₂In the header, link data LD₁, Metadata Meta₂, Content data C₂And A / V decompression software Soft₂Is stored.
Here, the content data C₂And A / V decompression software Soft₂Is the content key data Kc described above₂Is encrypted using the metadata Meta₂Is content key data Kc as required₂It is encrypted using
Content data C₂Is compressed by, for example, the MPEG2 system.
A / V decompression software Soft₂Is software for decompression of the MPEG2 system.
Link data LD₂Is the key file KF₁₀₂To link to.
[0385]
Content file CF₁₀₃In the header, link data LD_Three, Metadata Meta_Three, Content data C_ThreeAnd A / V decompression software Soft_ThreeIs stored.
Here, the content data C_ThreeAnd A / V decompression software Soft_ThreeIs the content key data Kc described above_ThreeIs encrypted using the metadata Meta_ThreeIs content key data Kc as required_ThreeIt is encrypted using
Content data C_ThreeIs compressed by, for example, the JPEG method. A / V decompression software Soft_ThreeIs software for decompression in JPEG format.
Link data LD_ThreeIs the key file KF₁₀₃To link to.
[0386]
Key file KF₁₀₁Includes a header and each distribution key data KD.₁~ KD_ThreeContent key data Kc encrypted using₁, Rights document data 106₁, SAM program download container SDC₁And signature / certificate module Mod₂₀₀And are stored.
Here, the signature / certificate module Mod₂₀₀As shown in FIG. 94 (A), each of the content data C₁, Content key data Kc₁And rights document data 106₁And the content provider 301's private key data K_{CP, S}Signature data SIG created using_{211, CP}, SIG_{212, CP}, SIG_{213, CP}And public key data K_{CP, P}Public key certificate data CER_CPAnd the public key certificate data CER_CPSignature data SIG of EMD service center 302 for_{1, ESC}And are stored.
[0387]
Key file KF₁₀₂Includes a header and each distribution key data KD.₁~ KD_ThreeContent key data Kc encrypted using₂, Rights document data 106₂, SAM program download container SDC₂And signature / certificate module Mod₂₀₁And are stored.
Here, the signature / certificate module Mod₂₀₁As shown in FIG. 94 (B), each of the content data C₂, Content key data Kc₂And rights document data 106₂And the content provider 301's private key data K_{CP, S}Signature data SIG created using_{221, CP}, SIG_{222, CP}, SIG_{223, CP}And public key certificate data CER_CPAnd the public key certificate data CER_CPSignature data for SIG_{1, ESC}And are stored.
[0388]
Key file KF₁₀₃Includes a header and each distribution key data KD.₁~ KD_ThreeContent key data Kc encrypted using_Three, Rights document data 106_Three, SAM program download container SDC_ThreeAnd signature / certificate module Mod₂₀₂And are stored.
Here, the signature / certificate module Mod₂₀₂As shown in FIG. 94 (C), each of the content data C_Three, Content key data Kc_ThreeAnd rights document data 106_ThreeAnd the content provider 301's private key data K_{CP, S}Signature data SIG created using_{231, CP}, SIG_{232, CP}, SIG_{233, CP}And public key certificate data CER_CPAnd the public key certificate data CER_CPSignature data for SIG_{1, ESC}And are stored.
[0389]
When the service provider 310 receives distribution of the secure container 104a shown in FIG. 93, the public key data K of the EMD service center 302 is received._{ESC, P}Public key certificate data CER using_cpAfter confirming the validity of the public key certificate data CER_CPPublic key data K stored in_{cp, P}Using the signature data SIG_{250, CP}Check the validity of.
Then, the service provider 310 sends the signature data SIG_{250, CP}As shown in FIG. 95, the content file CF obtained from the secure container 104a is confirmed.₁₀₁, CF₁₀₂, CF₁₀₃And key file KF₁₀₁, KF₁₀₂, KF₁₀₃And public key certificate data CER of the service provider 310_SPAnd signature data SIG_{61, ESC}Price tag data 312₁, 312₂, 312_ThreeAnd signature data SIG_{260, SP}Is created.
Here, price tag data 312₁, 312₂, 312_ThreeIs the content data C₁, C₂, C_ThreeShows the selling price.
Also, the signature data SIG_{260, SP}Is the content file CF₁₀₁, CF₁₀₂, CF₁₀₃, Key file KF₁₀₁, KF₁₀₂, KF₁₀₃, Public key certificate data CER_SPAnd signature data SIG_{61, ESC}And price tag data 312₁, 312₂, 312_ThreeThe hash value is taken for the entire service key 310, and the secret key data K of the service provider 310 is taken._{Sp, s}Is generated using
[0390]
The service provider 310 distributes the secure container 304 a shown in FIG. 95 to the user home network 303.
In the user home network 303, the SAM 305₁~ 305_FourThe signature data SIG stored in the secure container 304a_{61, ESC}After confirming the validity of the public key certificate data CER_spPublic key data K stored in_{SP, KP}Using the signature data SIG_{260, SP}Check the validity of.
Then SAM305₁~ 305_FourIs the content data C₁₀₁, C₁₀₂, C₁₀₃Rights data about the link data LD₁, LD₂, LD_ThreeEach key file KF₁₀₁, KF₁₀₂, KF₁₀₃Based on.
[0390]
In the above-described eighth modification, the content provider 301 uses the content file CF in the content provider 301 as shown in FIG.₁₀₁, CF₁₀₂, CF₁₀₃, Key file KF₁₀₁, KF₁₀₂, KF₁₀₃, Public key certificate data CER_CPAnd signature data SIG_{1, ESC}Signature data SIG for all_{250, CP}For example, the content file CF is created.₁₀₁, CF₁₀₂, CF₁₀₃And key file KF₁₀₁, KF₁₀₂, KF₁₀₃The signature data may be created for each of these and stored in the secure container 104a.
Further, in the above-described eighth modification, the service provider 310 performs the content file CF as shown in FIG.₁₀₁, CF₁₀₂, CF₁₀₃, Key file KF₁₀₁, KF₁₀₂, KF₁₀₃, Public key certificate data CER_SPAnd signature data SIG_{61, ESC}And price tag data 312₁, 312₂, 312_ThreeSignature data SIG for all_{260, SP}However, it is also possible to create signature data for each of these and store them in the secure container 304a.
[0392]
Further, in the above-described eighth modification, the secure container 304 has a plurality of content files CF received from a single service provider 310.₁₀₁, CF₁₀₂, CF₁₀₃Is stored in a single secure container 304a and distributed to the user home network 303. As shown in FIG. 81, a plurality of content files CF received from a plurality of content providers 301a and 301b are May be stored in a secure container and distributed to the user home network 303.
[0393]
The format shown in FIG. 93 can be similarly applied to the case where the secure container 104 is transmitted from the content provider 101 shown in FIG. 1 to the user home network 103 in the first embodiment described above.
[0394]
In the above-described embodiment, the case where the EMD service center performs a payment process based on the usage history data input from the SAM has been exemplified. The payment processing may be performed using the usage control state data transmitted from the SAM to the EMD service center and received at the EMD service center.
[0395]
Hereinafter, concepts such as the content file CF and the key file KF created in the content provider 101 will be summarized.
When the content provider 101 provides content using the Internet, as shown in FIG. 96, the content file CF including the encrypted content data C and signature data using the header, the content ID, and the content key data Kc. Is created. The rights document data indicating the handling of the content data C and the content key data Kc are encrypted with the distribution key data of the EMD service centers 102 and 302, which are predetermined trust organizations, and then stored in the key file KF. The The key file KF stores a header, a content ID, and, if necessary, metadata and signature data.
Then, the content file CF and the key file KF are directly provided from the content provider 101 to the user home networks 103 and 303 or from the content provider 101 to the user home networks 103 and 303 via the service provider 310.
[0396]
When the content provider 101 provides content using the Internet, as shown in FIG. 97, the content key data Kc is not stored in the key file KF, and the EMD service centers 102 and 302 that are predetermined trust organizations are provided. The content key data Kc encrypted with the distribution key data may be provided from the EMD service centers 102 and 302 to the user home networks 103 and 303.
[0397]
When the content provider 101 provides content using digital broadcasting, for example, as shown in FIG. 98, content data C and signature data encrypted using content key data Kc are sent from the content provider 101. Provided to the user home networks 103 and 303 directly or via the service provider 310. In this case, a key data block corresponding to the key file KF shown in FIG. 97 is provided from the content provider 101 to the user home networks 103 and 303 directly or via the service provider 310.
Also, in this case, for example, as shown in FIG. 99, the content key data Kc encrypted with the distribution key data of the EMD service centers 102 and 302, which are predetermined trust organizations, is sent from the EMD service centers 102 and 302 to the user home You may provide to network 103,303.
[0398]
【The invention's effect】
As described above, according to the present invention, the interests of the parties involved in the data providing apparatus are appropriately protected.
Further, according to the present invention, it is possible to appropriately avoid illegally tampering with the rights document data.
Furthermore, according to the present invention, it is possible to reduce the burden of auditing for protecting the interests of the parties related to the data providing apparatus.
[Brief description of the drawings]
FIG. 1 is an overall configuration diagram of an EMD system according to a first embodiment of the present invention.
FIG. 2 is a functional block diagram of the content provider shown in FIG. 1 and shows a data flow related to data transmitted to and received from a SAM of a user home network.
FIG. 3 is a functional block diagram of the content provider shown in FIG. 1, and is a diagram showing a flow of data related to data transmitted and received between the content provider and the EMD service center.
FIG. 4 is a diagram for explaining a format of a secure container transmitted from the content provider shown in FIG. 1 to the SAM.
FIG. 5 is a diagram for explaining a correspondence relationship between an OSI layer layer and a definition of a secure container according to the present embodiment.
FIG. 6 is a diagram for explaining a ROM type recording medium;
7A is a diagram for explaining a format of a right registration request module transmitted from the content provider to the EMD service center, and FIG. 7B is transmitted from the EMD service center to the content provider. It is a figure for demonstrating the rights-certification certificate module.
FIG. 8 shows a case where the content provider requests the EMD service center for public key certificate data certifying the validity of the public key data corresponding to its own private key data in the first embodiment. It is a flowchart of a process.
FIG. 9 is a flowchart of processing when a content provider transmits a secure container to a SAM of a user home network in the first embodiment.
FIG. 10 is a functional block diagram of the EMD service center shown in FIG. 1, and shows a data flow related to data transmitted / received to / from a content provider.
11 is a functional block diagram of the EMD service center shown in FIG. 1, and shows a data flow related to data transmitted / received between the SAM and the clearing house shown in FIG.
FIG. 12 is a flowchart of processing when the EMD service center receives a public key certificate data issuance request from a content provider in the first embodiment.
FIG. 13 is a flowchart of processing when the EMD service center receives a public key certificate data issuance request from the SAM in the first embodiment;
FIG. 14 is a flowchart of processing when an EMD service center receives a request for registration of rights document data and content key data from a content provider in the first embodiment.
FIG. 15 is a flowchart of processing when an EMD service center performs settlement processing in the first embodiment.
FIG. 16 is a configuration diagram of a network device in the user home network shown in FIG. 1;
FIG. 17 is a functional block diagram of the SAM in the user home network shown in FIG. 1, and shows a data flow until the secure container received from the content provider is decrypted.
FIG. 18 is a diagram for explaining data stored in the external memory shown in FIG. 16;
FIG. 19 is a diagram for explaining data stored in a stack memory;
20 is another configuration diagram of the network device in the user home network shown in FIG. 1. FIG.
FIG. 21 is a diagram for explaining data stored in a storage unit illustrated in FIG. 17;
FIG. 22 is a flowchart of processing in the SAM when the secure container is input from the content provider and the key file KF in the secure container is decrypted in the first embodiment.
FIG. 23 is a functional block diagram of the SAM in the user home network shown in FIG. 1, and shows a data flow related to processing for using / purchasing content data.
FIG. 24 is a flowchart of processing up to determining a purchase form of a secure container downloaded from a content provider to a download memory in the first embodiment.
FIG. 25 is a flowchart of processing in the case of playing back content data for which the purchase form stored in the download memory has already been determined in the first embodiment.
FIG. 26 is a flowchart showing the processing in the transfer source SAM when transferring the content file downloaded to the download memory of the network device shown in FIG. It is a figure for demonstrating a flow.
FIG. 27 is a diagram illustrating a data flow in the transfer source SAM in the case illustrated in FIG. 26;
FIG. 28 is a diagram showing an example of a SAM in a case where a content file and a key file that have already been downloaded and downloaded to a network device download memory are transferred to a SAM of another AV device in the first embodiment; FIG.
FIG. 29 is a diagram for explaining a format of a secure container whose purchase form is determined;
FIG. 30 is a diagram showing a data flow when an input content file or the like is written in a RAM type or ROM type recording medium (media) in the transfer destination SAM in the case shown in FIG. 26; is there.
FIG. 31 is a flowchart of processing in the SAM when a content file or the like input from another SAM is written in a RAM type recording medium in the first embodiment.
FIG. 32 shows a process for determining a purchase form in an AV device when the user home network receives distribution of the ROM type recording medium shown in FIG. It is a figure for demonstrating a flow.
FIG. 33 is a diagram showing a data flow in the SAM in the case shown in FIG. 32;
FIG. 34 is a diagram showing a purchase form in the AV device when the user home network receives distribution of the ROM type recording medium shown in FIG. 5 whose content purchase form has not yet been decided in the first embodiment. It is a flowchart of the process at the time of determining.
FIG. 35 is a flowchart that is a continuation of the flowchart of FIG. 34;
FIG. 36 is a diagram illustrating a process of reading a secure container from a ROM type recording medium whose purchase form has not yet been determined in an AV device in a user home network, transferring the secure container to another AV device, and converting it into a RAM type recording medium. It is a figure for demonstrating the flow of the process at the time of writing.
FIG. 37 is a diagram illustrating a process of reading a secure container from a ROM-type recording medium whose purchase form is undetermined in the first AV device and transferring it to the second AV device as shown in FIG. It is a flowchart of the process of the 1st AV apparatus at the time of determining a purchase form and writing in a RAM type recording medium in AV apparatus.
FIG. 38 is a flowchart of processing of the second AV device in the case shown in FIG. 37;
FIG. 39 is a flowchart subsequent to the flowchart shown in FIG. 38;
40 is a diagram showing a data flow in the transfer source SAM in the case shown in FIG. 36. FIG.
41 is a diagram showing a data flow in the transfer destination SAM in the case shown in FIG. 36; FIG.
42 is a diagram for explaining a format of data transmitted / received between the content provider, the EMD service center, and the SAM shown in FIG. 1 by using an in-band method and an out-band method. .
43 is a diagram for explaining a format of data transmitted / received between the content provider, the EMD service center, and the SAM shown in FIG. 1 using an in-band method and an out-band method. .
FIG. 44 is a diagram for explaining an example of a connection form of devices to a bus.
FIG. 45 is a diagram for explaining a data format of a SAM registration list;
46 is a flowchart of the overall operation of the content provider shown in FIG. 1. FIG.
FIG. 47 is a view for explaining a second modification of the first embodiment of the present invention.
FIG. 48 is a view for explaining a third modification of the first embodiment of the present invention.
FIG. 49 is an overall configuration diagram of an EMD system according to a second embodiment of the present invention.
FIG. 50 is a functional block diagram of the content provider shown in FIG. 49, and is a diagram showing a flow of data related to the secure container transmitted to the service provider.
51 is a functional block diagram of the service provider shown in FIG. 49, and shows a flow of data transmitted / received to / from the user home network.
FIG. 52 is a flowchart of processing of a service provider when a secure container is created from a secure container supplied from a content provider and distributed to a user home network in the second embodiment.
53 is a diagram for explaining a format of a secure container transmitted from the service provider shown in FIG. 49 to the user home network. FIG.
54 is a functional block diagram of the service provider shown in FIG. 49, and shows a flow of data transmitted / received to / from the EMD service center.
FIG. 55 is a diagram for explaining a format of a price tag registration request module transmitted from a service provider to an EMD service center.
FIG. 56 is a functional block diagram of the EMD service center shown in FIG. 49, and shows a data flow related to data transmitted to and received from the service provider.
FIG. 57 is a functional block diagram of the EMD service center shown in FIG. 49, and shows a data flow related to data transmitted to and received from the content provider.
FIG. 58 is a functional block diagram of the EMD service center shown in FIG. 49, and shows a data flow related to data transmitted to and received from the SAM.
FIG. 59 is a diagram for explaining the contents of usage history data;
FIG. 60 is a flowchart of processing when the EMD service center receives a public key certificate data issuance request from a service provider in the second embodiment.
FIG. 61 is a flowchart of processing when the EMD service center receives a price tag data registration request from a service provider in the second embodiment;
FIG. 62 is a flowchart of processing when an EMD service center performs settlement in the second embodiment.
63 is a block diagram of the network device shown in FIG. 49. FIG.
64 is a functional block diagram of the CA module shown in FIG. 63. FIG.
FIG. 65 is a functional block diagram of the SAM shown in FIG. 63, and shows a data flow from input of a secure container to decryption.
66 is a diagram for explaining data stored in a storage unit illustrated in FIG. 65. FIG.
67 is a functional block diagram of the SAM shown in FIG. 63, and shows a data flow when determining a content purchase / use form.
FIG. 68 is a flowchart of SAM processing when a secure container is input from a service provider and a key file in the secure container is decrypted in the second embodiment.
FIG. 69 is a flowchart of SAM processing up to determining a purchase form of a secure container downloaded to a download memory from a service provider in the second embodiment.
FIG. 70 is a flowchart of processing in the case of reproducing content data for which a purchase form stored in the download memory has already been determined.
FIG. 71 is a diagram for explaining a format of a key file after a purchase form is determined.
72 is a diagram of processing in a transfer destination SAM when transferring a content file downloaded to the download memory of the network device shown in FIG. 63 and already determined as a purchase form to the SAM of the AV device; It is a figure for demonstrating a flow.
FIG. 49 is a diagram showing a data flow in the transfer source SAM in the case shown in FIG. 72;
74 is a transfer source SAM when transferring, for example, a content file already downloaded in a download memory of a network device and determined to be purchased to the SAM of the AV device as shown in FIG. It is a flowchart of the process of.
FIG. 75 is a diagram for explaining a format of a secure container in which a purchase form to be transferred from a network device SAM to an AV device SAM is already determined;
FIG. 51 is a diagram showing a data flow in the transfer destination SAM in the case shown in FIG. 72;
FIG. 77 is a flowchart of SAM processing when a content file or the like input from another SAM is written to a recording medium such as a RAM type as shown in FIG. 72.
78 is a flowchart of the overall operation of the EMD system shown in FIG. 49. FIG.
FIG. 79 is a flowchart of overall operation of the EMD system shown in FIG. 49;
FIG. 80 is a configuration diagram of an EMD system using two service providers according to a first modification of the second embodiment of the present invention.
FIG. 81 is a configuration diagram of an EMD system using a plurality of content providers according to a second modification of the second embodiment of the present invention.
FIG. 82 is a block diagram of an EMD system according to a third modification of the second embodiment of the present invention.
FIG. 83 is a block diagram of an EMD system according to a fourth modification of the second embodiment of the present invention.
FIG. 84 is a diagram for explaining a form of an acquisition route for public key certificate data;
FIG. 85 is a diagram for explaining processing when invalidating public key certificate data of a content provider;
[Fig. 86] Fig. 86 is a diagram for describing processing in the case of invalidating public key certificate data of a service provider.
FIG. 87 is a diagram for explaining processing when invalidating SAM public key certificate data;
FIG. 88 is a diagram for explaining other processing when invalidating the SAM public key certificate data;
FIG. 89 is a diagram for explaining a case where a rights management clearing house and an electronic settlement clearing house are provided in place of the EMD service center in the EMD system shown in FIG. 49;
90 is a configuration diagram of an EMD system when the rights management clearing house and the electronic settlement clearing house shown in FIG. 89 are provided in a single EMD service center.
FIG. 91 is a block diagram of an EMD system when a service provider makes a payment directly to an electronic payment clearinghouse.
FIG. 92 is a configuration diagram of an EMD system when a content provider makes a payment directly to an electronic payment clearinghouse.
FIG. 93 is a diagram for explaining a format of a secure container provided from the content provider shown in FIG. 49 to the service provider in the eighth modification of the second embodiment of the present invention.
FIG. 94 is a diagram for explaining a detailed format of a module stored in FIG. 93;
FIG. 95 is a diagram for explaining a format of a secure container provided to the SAM from the service provider shown in FIG. 49 in the eighth modification example of the second embodiment of the present invention.
FIG. 96 is a conceptual diagram when a secure container is provided using the Internet.
FIG. 97 is another conceptual diagram when a secure container is provided using the Internet.
FIG. 98 is a conceptual diagram when a secure container is provided using digital broadcasting.
FIG. 99 is another conceptual diagram when a secure container is provided using digital broadcasting.
FIG. 100 is a configuration diagram of a conventional EMD system.
[Explanation of symbols]
90 ... Payment gateway, 91 ... Settlement organization, 92 ... Root certificate authority, 100, 300 ... EMD system, 101, 301 ... Content provider, 102, 302 ... EMD service center, 103, 303 ... User home network, 104, 304 ... Secure container, 105₁~ 105_Four305₁~ 305_Four... SAM, 106 ... Rights data, 107,307 ... Settlement report data, 108,308 ... Usage history data, 160₁... Network equipment, 160₂~ 160_Four... AV equipment, 152, 152c, 152s ... Payment claim data, 191 ... Bus, 310 ... Service provider, 311 ... CA module, 312 ... Price tag data, CF ... Content file, KF ... Key file, Kc ... Content key data

Claims (6)

Connected content providing apparatus to a network, the content processing apparatus, and a purchase processing unit sends said content data from the content providing apparatus to the content processing apparatus, the Oite purchased purchased period to the purchase processing unit to use the previous SL content data to the content processing apparatus according to,
The purchase processing apparatus includes:
Through the network, a plurality of distribution key data effective for each predetermined usage period of the content data is transmitted to the content providing apparatus, and the distribution of the plurality of distribution key data effective during the purchase period Key data to the content processing device ,
The content providing apparatus includes:
A storage unit for storing the content data;
A content encryption unit that encrypts the content data stored in the storage unit with content key data;
A communication unit for a content providing device connected to the network and receiving the plurality of distribution key data from the purchase processing device;
A content key encryption unit that encrypts the content key data using each of the received distribution key data and generates encrypted data of a plurality of content key data;
A secure container data generating unit that generates secure container data having the encrypted content data and encrypted data of the plurality of content key data, and
The communication unit for the content providing device includes:
By transmitting the secure container data to the content processing device, the content data and the plurality of content key data are transmitted to the content processing device,
The content processing apparatus includes:
A communication unit for a content processing device that is connected to the network, receives key data for distribution effective from the purchase processing device during the purchase period, and receives the secure container data from the communication unit for the content providing device;
Content encrypted with the distribution key data out of the encrypted data of the plurality of content key data included in the received secure container data, using the distribution key data valid for the received purchase period A content key decrypting unit for decrypting the encrypted data of the key data;
A data providing system comprising: a content decrypting unit that decrypts the content data of the secure container data using content key data decrypted using distribution key data valid during the purchase period. A storage unit for storing content data;
A content encryption unit that encrypts the content data stored in the storage unit with content key data;
A communication unit connected to a network and receiving a plurality of distribution key data valid for each predetermined usage period of the content data from the network;
A content key encryption unit that encrypts the content key data using each of the received distribution key data and generates encrypted data of a plurality of content key data;
A secure container data generating unit that generates secure container data having the encrypted content data and encrypted data of the plurality of content key data, and
The communication unit is
A content providing device that transmits the content data and the plurality of content key data to a content processing device by transmitting the secure container data to the network. A data providing system comprising the content providing device and the purchase processing device according to claim 2 connected to a network,
The purchase processing apparatus includes:
A data providing system for transmitting the plurality of distribution key data effective for each predetermined usage period of the content data to the content providing apparatus through the network. Content data encrypted with content key data and a plurality of content key data encrypted with a plurality of distribution key data valid for each predetermined usage period of the content data are connected to the network. A communication unit that receives secure container data having encrypted data and distribution key data that is valid during a purchase period among the plurality of distribution key data;
Content encrypted with the distribution key data out of the encrypted data of the plurality of content key data included in the received secure container data, using the distribution key data valid for the received purchase period A content key decrypting unit for decrypting the encrypted data of the key data;
A content processing apparatus comprising: a content decrypting unit configured to decrypt the content data of the secure container data using content key data decrypted using distribution key data valid during the purchase period. Secure container data having content data encrypted with content key data and encrypted data of a plurality of content key data encrypted with a plurality of distribution key data valid for each predetermined usage period of the content data A storage unit capable of storing;
Of the plurality of distribution key data, a communication unit that receives distribution key data effective during a purchase period;
Using the received distribution key data valid during the purchase period, the encrypted data of the plurality of content key data included in the stored secure container data is encrypted with the distribution key data. A content key decrypting unit for decrypting encrypted data of the content key data,
A content processing apparatus comprising: a content decrypting unit configured to decrypt the content data of the secure container data using content key data decrypted using distribution key data valid during the purchase period. Secure container data having content data encrypted with content key data and encrypted data of a plurality of content key data encrypted with a plurality of distribution key data valid for each predetermined usage period of the content data A reading unit capable of reading the recorded recording medium;
Of the plurality of distribution key data, a communication unit that receives distribution key data effective during a purchase period;
Content encrypted with the distribution key data out of the encrypted data of the plurality of content key data included in the secure container data read using the distribution key data valid for the received purchase period A content key decrypting unit for decrypting the encrypted data of the key data;
A content processing apparatus comprising: a content decrypting unit configured to decrypt the content data of the secure container data using content key data decrypted using distribution key data valid during the purchase period.

Images