JP4732775B2 - Rights management terminal, server device, and usage information collection system - Google Patents

Description

  The present invention relates to a rights management terminal, a server device, and a usage information collection system, and more particularly, to a technique for collecting usage information such as usage history of digital content used in a terminal device anonymously and while preventing impersonation.

  In recent years, digital contents such as video and music (hereinafter abbreviated as contents) are transmitted from a server apparatus (hereinafter also simply referred to as “server”) to a terminal apparatus (hereinafter “terminal” or “right management terminal”) via communication or broadcasting. The content distribution service that uses the content in the terminal device has been put into practical use. On the other hand, with the development of digital devices, it has become easy to illegally copy content, and the problem of infringing on the copyright of content has been increasing. Therefore, in content distribution services, copyright protection technology (DRM: Digital Rights Management) for the purpose of preventing unauthorized use of content is used. Here, the copyright protection technology is a public key certificate (hereinafter also referred to as “normal certificate”) including identification information that uniquely identifies at least one of a terminal and a user who uses the terminal, and the disclosure. A license is securely provided only to legitimate users and terminal devices using authentication technology and encryption technology that uses a public key included in the key certificate and a paired private key, and within the usage conditions set for the license. This technology allows the use of content.

By the way, in Patent Document 1, for the purpose of surveying the audience rating of each content distributed by the content distribution service, the usage history of the content used by the terminal device is recorded, and the usage history is periodically recorded on the server device. An example of a usage record collection system that is transmitted to the site is described.
Special Table 2002-52295 gazette

  In order for the server device to correctly perform the audience rating survey, it is necessary to accept only the usage record from the correct terminal device and to exclude the usage record from the unauthorized terminal device such as impersonation. As a solution to this, as in the case of distributing a license to a terminal device, use an authentication technology that uses a normal certificate to confirm that the other party is the correct terminal device and receive usage records. That's fine.

  However, when terminal authentication is performed and usage records are received, identification information is usually known from a certificate, so that there is a possibility that a terminal or a user is specified, which may infringe privacy.

  Such a problem is not limited to collecting usage records, but is generally applicable to usage information related to content usage by users, such as collecting questionnaires about content usage.

  In view of the above problems, an object of the present invention is to provide a right management terminal, a server device, and a usage information collection system capable of securely communicating usage information while protecting impersonation and privacy.

  In order to achieve the above object, the rights management terminal according to the present invention is a rights management terminal that manages the copyright of the content using a license including the usage conditions of the content, and uses the terminal and the terminal. A first public key certificate including identification information for uniquely identifying at least one of the users to be performed, and a first private key paired with the first public key included in the first public key certificate. A first managing means, a second public key certificate not including the identification information, and a second private key paired with a second public key included in the second public key certificate. A certificate management means; a selection processing means for selecting one of the first public key certificate and the first private key and the second public key certificate and the second private key as a set; and the selection processing means Public selected in set Using key certificate and the private key, when communication with the server apparatus, characterized in that it comprises an authentication processing means for executing an authentication process.

  This makes it possible to communicate usage information securely while protecting impersonation and privacy.

  In the right management terminal according to the present invention, the selection processing means selects a public key certificate and a secret key used in authentication processing as a set according to the type of execution command used for communication with the server device. Can be characterized.

  Also, in the right management terminal according to the present invention, the selection processing means, when the execution command is for notifying the server device of usage information related to use of content by the user, the second public key. The certificate and the second private key may be selected as a set. In other cases, the first public key certificate and the first private key may be selected as a set.

  Moreover, in the rights management terminal according to the present invention, the usage information is a usage record of content, and the selection processing means is configured such that the execution command notifies the server device of the usage record. The second public key certificate and the second secret key may be selected as a set.

  Further, in the right management terminal according to the present invention, the selection processing means, when an execution command for notifying the usage record to the server device is instructed by a user using the terminal device, the second public key. A certificate and a second private key may be selected as a set.

  In the rights management terminal according to the present invention, the selection processing means, when instructed from the server device, an execution command for notifying the server device of the usage record, the second public key certificate and the second public key certificate. Two secret keys may be selected as a set.

  Moreover, in the rights management terminal according to the present invention, the rights management terminal further includes usage history management means for managing the usage history, and the usage history management means is notified of the usage history to the server device. In this case, the usage record to be managed may be deleted.

  Moreover, in the rights management terminal according to the present invention, the usage information is a questionnaire regarding the use of content, and the selection processing means is configured such that the execution command notifies the server device of the questionnaire. The second public key certificate and the second secret key are selected as a set.

  In the right management terminal according to the present invention, the second certificate management means may manage the second public key certificate and the second private key in advance as a set.

  Further, in the right management terminal according to the present invention, the second certificate management means includes the second disclosure sent from the server device when a user who uses the terminal device joins the right management system. It is also possible to manage the key certificate and the second secret key as a set.

  In the right management terminal according to the present invention, the second public key certificate and the second private key are included in the license, and the second certificate management means includes the second certificate together with the license. A public key certificate and a second private key are managed as a set, and the selection processing means acquires the license from the license when the second public key certificate and the second private key are required as a set. It can also be characterized.

  In the rights management terminal according to the present invention, the second public key certificate and the second private key are included in the content, and the second certificate management means includes the second certificate together with the content. A public key certificate and a second private key are managed as a set, and the selection processing unit obtains the content from the content when the second public key certificate and the second private key are required as a set. It can also be characterized.

  In the rights management terminal according to the present invention, the second public key certificate and the second private key are included in metadata indicating an outline of the content or the license, and the second certificate management means includes The second public key certificate and the second private key are managed as a set together with the metadata, and the selection processing unit needs the second public key certificate and the second private key as a set. In some cases, it can be acquired from the metadata.

  In the rights management terminal according to the present invention, the second public key certificate and the second secret key are included in a broadcast radio wave, and the rights management terminal further includes the second public key from within the broadcast radio wave. A broadcast radio wave certificate obtaining unit for obtaining a key certificate and a second private key, wherein the second certificate management unit includes the second public key certificate obtained by the broadcast radio wave certificate obtaining unit; The second secret key may be managed as a set.

  In the rights management terminal according to the present invention, the pair of the second public key certificate and the second secret key is included in the attribute certificate that certifies the attribute of the user who uses the terminal, and the attribute certificate. When the second public key certificate and the second private key are required as a set, the selection processing unit is configured with a pair of a third public key and a third private key. The third secret key may be acquired as a pair.

  In the right management terminal according to the present invention, the pair of the second public key certificate and the second secret key includes a plurality of attribute certificates storing different attributes and a third secret for each attribute certificate. The right management terminal further includes user profile management means for managing a profile of a user who uses the terminal, and the selection processing means includes the second public key certificate and the second public key certificate. When a private key is required as a set, the attribute certificate including an attribute that matches the profile from the bundle and the third private key may be acquired as a pair.

  Further, in the right management terminal according to the present invention, the second certificate management means uses a pair of the attribute certificate storing the predetermined attribute transmitted from the server device and the third secret key. When the second public key certificate and the second private key are required as a set, the second public key certificate and the second private key are managed. The attribute certificate storing the predetermined attribute managed in step 1 and the third secret key are obtained as a pair.

  In order to achieve the above object, the server apparatus according to the present invention is a server apparatus that handles a license required for a rights management terminal that uses content, and that performs the data communication with the rights management terminal. An authentication unit that authenticates a communication partner using a public key certificate sent from a management terminal, and the authentication unit does not include identification information for uniquely identifying at least one of the terminal and a user who uses the terminal; When the second public key certificate is sent from the right management terminal, the communication partner is authenticated using the second public key certificate while remaining anonymous.

  This also makes it possible to communicate usage information securely while protecting impersonation and privacy.

  In the server device according to the present invention, the server device further sets the second public key certificate and a second private key paired with the second public key included in the second public key certificate. Certificate pair transmission means for transmitting to the rights management terminal at the authentication means, wherein the authentication means includes a second public key certificate transmitted by the certificate pair transmission means and a second public key transmitted from the right management terminal. If the certificate matches, the right management terminal is authenticated as valid.

  In the server device according to the present invention, the server device further includes a command for causing the right management terminal to transmit the usage information when the usage information regarding the usage of the content by the user in the right management terminal is required. And a usage information collection unit that collects usage information transmitted from the right management terminal authenticated by the authentication unit as valid.

  The present invention can be realized not only as such a rights management terminal and server device, but also as a usage information collection system composed of a rights management terminal and a server device, or such a rights management terminal. Also, it can be realized as a rights management method that uses characteristic means of the server device as steps, a usage information collection method, or a program that causes a computer to execute these steps. Needless to say, such a program can be distributed via a recording medium such as a CD-ROM or a transmission medium such as the Internet.

  As is clear from the above description, according to the present invention, when transmitting usage information such as usage records and questionnaires, a public key certificate and a private key for anonymous authentication are selected, and authentication processing is performed using these. Therefore, the usage information can be collected by confirming that the usage information is from the correct terminal device without specifying the terminal device.

  Therefore, the practical value of the present invention is very high today when content distribution services are put into practical use and respect for privacy is important.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

(Embodiment 1)
(Description of system configuration)
FIG. 1 is a diagram showing a system configuration of a usage record collection system according to an embodiment of the present invention.

  As shown in FIG. 1, the usage record collection system 1 includes a member management server 111, a license sales server 112, a license management server 113, a use record collection server 114, a content distribution server 115, and a LAN 116 used by the service provider 11. And a database (hereinafter abbreviated as “DB”) group 117, a rights management terminal (hereinafter also referred to as “terminal” or “terminal device”) 211 used by the user 21, and each server of the service provider 11 And a transmission line 31 such as a wired or wireless connection connecting the user 21 and the right management terminal 211 of the user 21.

  Here, the member management server 111 is a server that accepts membership in the content distribution service provided by the service provider 11, and receives a membership request from the rights management terminal 211 and performs a necessary membership procedure process. Fulfill.

  The license sales server 112 is a server that sells licenses necessary for using the content, and plays a role of receiving a license purchase request from the right management terminal 211 and performing necessary purchase procedure processing.

  The license management server 113 is a server that issues a license purchased by a user, and plays a role of receiving a license issuance request from the right management terminal 211 and issuing a license corresponding to the request. In the first embodiment, the license management server 113 uses the public key certificate (anonymous certificate) used when notifying the usage record collection server 114 of the usage record from the right management terminal 211 and the anonymous certificate. The license includes the public key and the paired secret key included in the license and distributes the license to the right management terminal 211.

  The usage record collection server 114 is a server that collects the usage record of the content used by the user, and receives a use record notification request from the right management terminal 211 and plays a role of recording the notified use record.

  The content distribution server 115 plays a role of distributing encrypted content to the right management terminal 211.

  The LAN 116 is a local area network that connects the member management server 111, license sales server 112, license management server 113, usage record collection server 114, content distribution server 115, and DB group 117.

  The DB group 117 is a generic term for a DB that manages member information, a DB that manages license information, a DB that manages content information, and the like.

  The rights management terminal 211 generates a function for acquiring a license and content from the license management server 113 and the content distribution server 115, a function for controlling the use of content according to the license usage conditions, and a content usage record, and notifies the server of it. It is a terminal device having functions and the like. Further, the right management terminal 211 holds a client ID “0C000001” as an identifier for uniquely identifying the right management terminal.

  Finally, the transmission line 31 is a communication medium such as ADSL (Asymmetric Digital Subscriber Line) or FTTH (Fiber To The Home), a broadcasting medium such as digital broadcasting, a DVD (Digital Versatile Disc), or a CD (Compact Disc). Indicates a physical medium.

  In the following, a detailed description will be given focusing on the module configuration and sequence of the license management server 113, the usage record collection server 114, and the right management terminal 211, which are necessary for explaining the present invention.

(Explanation of module configuration and DB configuration)
First, the module configuration of the license management server 113, the usage record collection server 114, and the right management terminal 211 and the DB configuration of the DB group 117 will be sequentially described.

(Module configuration of the license management server 113)
FIG. 2 is a diagram showing a module configuration of the license management server 113.

  As shown in FIG. 2, the license management server 113 includes a DBI / F 1131, a scenario control unit 1132, a license processing unit 1133, and a communication processing unit 1134.

  Here, the DB I / F 1131 is a module that performs data operations (data search, data registration, data deletion, etc.) on each DB in the DB group 117.

  The scenario control unit 1132 is a module that controls the scenario for the request received by the communication processing unit 1134.

  For the license issued to the rights management terminal 211, the license processing unit 1133 pairs the public key certificate (anonymous certificate) used for the signature of the license management server 113 and notification of the usage record with the public key of this certificate. This module performs processing for adding a private key to the license.

  Finally, the communication processing unit 1134 is a module that receives a license issuance request from the right management terminal 211 and returns a license issuance response including the corresponding license.

Each module of the license management server 113 may be configured by hardware, and is configured by a ROM that stores a program, a CPU that executes the program, a RAM that provides a work area when the program is executed, and the like. May be.
Each of these units is realized by an application, a PC CPU, a memory, and the like.

(Module configuration of usage record collection server 114)
FIG. 3 is a diagram illustrating a module configuration of the usage record collection server 114.

  As shown in FIG. 3, the usage record collection server 114 includes a DBI / F 1141, a scenario control unit 1142, a usage record determination processing unit 1143, and a communication processing unit 1144.

  Here, the DB I / F 1141 is a module that performs data operation on each DB of the DB group 117.

  The scenario control unit 1142 is a module that controls the scenario for the request received by the communication processing unit 1144.

  The usage record determination processing unit 1143 matches the public key certificate (anonymous certificate) used by the rights management terminal 211 for terminal authentication with the public key certificate of the DB group 117 corresponding to the notified usage record. It is a module that determines whether or not a SAC is formed or forms a SAC.

  The communication processing unit 1144 is a module that receives a usage record notification request from the right management terminal 211 and returns a use record notification response including a processing result.

  Each module of the usage record collection server 114 may be configured by hardware, and is configured by a ROM that stores a program, a CPU that executes the program, a RAM that provides a work area when the program is executed, and the like. May be.

(DB configuration of DB group 117)
FIG. 4 is a diagram showing a DB configuration of the DB group 117.

  As shown in FIG. 4, the DB group 117 includes a member information DB 1171, a license DB 1172, a purchase information DB 1173, a usage record DB 1174 and a content DB 1175.

  Here, the member information DB 1171 is a DB that manages user information such as the name, age, and address of a member user who subscribes to this service.

  The license DB 1172 is a DB that manages meta information (such as the number of reproductions and the reproduction period) describing the license to be sold and the contents of the license, and information on the public key certificate and private key used when notifying the usage record.

The purchase information DB 1173 is a DB that manages license information purchased by the user.
The usage record DB 1174 is a DB that manages the use record notified from the right management terminal 211.

  The content DB 1175 is a DB that manages encrypted content and meta information (such as a title name and artist name) that describes the content.

  The table configuration of the member information DB 1171 and license DB 1172 necessary for explaining the present invention will be described below.

(Table structure of member information DB 1171)
FIG. 5 is a diagram showing a table configuration of the member information DB 1171.

  As shown in FIG. 5, the member information DB 1171 includes a user table T51 and a client table T52.

  In the user table T51, a user ID that uniquely identifies a member user and user information such as a name, age, and address are managed in association with the user ID.

  Further, in the client table T52, a client ID that uniquely identifies the right management terminal 211 owned by the user and a user ID are managed in association with each other. As described above, the member information DB 1171 is characterized in that the user ID can be searched from the client ID and the user information can be searched from the user ID.

(Table structure of license DB 1172)
FIG. 6 is a diagram showing a table configuration of the license DB 1172.

  As shown in FIG. 6, the license DB 1172 includes a license table T61 and a certificate table T62.

  In the license table T61, a license ID that uniquely identifies a license, license data, and license meta information indicating the contents of the license are managed in association with the license ID.

  In the certificate table T62, the “license ID”, the issue number, the public key certificate (anonymous certificate) used for notification of the usage record, and the public key included in the anonymous certificate are associated with the license ID. Information on the secret key paired with is managed. As described above, the license DB 1172 is characterized in that the information on the public key certificate and the secret key used at the time of usage record notification is managed for each license.

(Module configuration of the rights management terminal 211)
FIG. 7 shows a module configuration of the right management terminal 211.

  7, the rights management terminal 211 includes a communication processing unit 2111, a certificate selection processing unit 2112, a scenario control unit 2113, a license processing unit 2114, a content processing unit 2115, a usage record processing unit 2116, and an input / output I. / F2117, content output I / F2118, and terminal DB2119.

  Here, the communication processing unit 2111 is a module that communicates with each server in accordance with an instruction from the scenario control unit 2113.

  The certificate selection processing unit 2112 includes a public key certificate used for authentication processing with each server in accordance with an execution command for communicating with the external device (here, each server) notified from the scenario control unit 2113. This module selects a private key.

  The scenario control unit 2113 is a module that performs scenario execution control in response to a user request received by the input / output I / F 2117.

  The license processing unit 2114 is a module in charge of processing related to the license, such as interpretation of usage conditions included in the license and acquisition of a content key for decrypting the encrypted content.

  The content processing unit 2115 is a module that performs decryption processing of encrypted content and provides non-encrypted content to the content output I / F 2118.

  The usage record processing unit 2116 is a module that generates a usage record according to the content usage report from the content processing unit 2115.

  The input / output I / F 2117 is a module that functions as an input interface that receives a request from a user and as an output interface that displays a result to the user.

  The content output I / F 2118 serves as an output interface for presenting content to the user.

  Finally, the terminal DB 2119 is a DB for recording the encrypted content acquired from each server, the license, the public key certificate and private key used for authentication processing with the server, and the content usage record.

  Each module of the rights management terminal 211 may be configured by hardware, and is configured by a ROM that stores a program, a CPU that executes the program, a RAM that provides a work area when the program is executed, and the like. May be.

(Explanation of sequence, flowchart, data structure)
Next, using FIG. 8 to FIG. 18, a license issuance sequence and a usage record notification sequence are shown, and a flowchart of processing related to the present invention will be described. Also, the data structure of the license and public key certificate will be described.

(Explanation of license issuance sequence)
First, a sequence from the user operating the right management terminal 211 to purchasing a license and acquiring the license (license issuing sequence) will be described.

FIG. 8 is a sequence diagram showing a license issuance sequence.
As shown in FIG. 8, the user first requests “list display” from the right management terminal 211 in order to confirm a list of sold licenses. When the scenario control unit 2113 of the right management terminal 211 receives “list display” from the user via the input / output I / F 2117, the scenario control unit 2113 accesses the license list screen provided by the license sales server 112 via the communication processing unit 2111 ( S801), the list display screen 901 shown in FIG. 9 is displayed via the input / output I / F 2117. When there is a favorite license (for example, black tower (final round) or baseball (Daiye vs. Giant)) in the displayed list, the user requests the input / output I / F 2117 to “purchase”. When the scenario control unit 2113 receives “purchase” from the user via the input / output I / F 2117, the scenario control unit 2113 sends a license purchase request including the instructed license ID (license ID) and the user ID via the communication processing unit 2111. The license is sent to the license sales server 112 (S802).

  When there is a license purchase request, the license sales server 112 associates the license ID with the designated user ID and performs license registration (S803). Thereafter, a license purchase response (S804) including access information such as the URI of the license management server 113 is returned to the right management terminal 211.

  When the certificate selection processing unit 2112 of the right management terminal 211 receives the license purchase response (S804) via the communication processing unit 2111 and the scenario control unit 2113, the certificate selection processing unit 2112 receives the public key certificate used when executing the license acquisition command. Select (S805).

  The certificate selection process (S805) is performed according to the flowchart of the subroutine shown in FIG.

  As illustrated in FIG. 10, when the certificate selection processing unit 2112 receives the execution command, the certificate selection processing unit 2112 determines whether or not this command is to execute the usage record notification (S1001). When the command is to execute a usage record notification (Yes in S1001), the certificate selection processing unit 2112 acquires license data from the terminal DB 2119 (S1002), and a certificate for usage record notification from the acquired license data. The (anonymous certificate) and the private key are extracted, and the certificate selection process ends (S1003). On the other hand, when the command does not execute the usage record notification (No in S1001), the certificate selection processing unit 2112 obtains a normal terminal certificate (normal certificate) and a private key from the terminal DB 2119. (S1004), the certificate selection process ends.

  Here, since it is determined No in “execute usage record notification?” In S1001, the process proceeds to “acquire a normal terminal certificate” in S1004 and ends. Therefore, in the license acquisition command, the scenario control unit 2113 uses the public key certificate (normal certificate) of the normal terminal including the client ID of the right management terminal 211 to perform mutual authentication processing with the server. To form a secure communication path SAC. That is, after selecting the public key certificate, the scenario control unit 2113 identifies the license management server 113 that acquires the license with reference to the access information included in the license purchase response. Then, after performing authentication processing with the license management server 113 using the selected public key certificate (ordinary certificate) and private key, a license acquisition request including a license ID (S806) is transmitted.

  As shown in FIG. 11, the normal certificate includes a version (for example, 02), a serial number (for example, 0C000001 which is a client ID for identifying a terminal), and an issuer (for example, a provider CA). , A valid period (for example, January 01, 2004 to December 31, 2006), a public key (public key data), and a signature for this normal certificate. Therefore, the right management terminal 211 and the license management server 113 communicate with each other after recognizing who the other party is with, that is, without protecting privacy.

Here, FIG. 12 shows an example of a display screen when executing license acquisition.
As shown in FIG. 12, this screen is characterized in that it presents the authentication process currently performed to the user.

  Upon receiving the license acquisition request via the communication processing unit 1134 and the scenario control unit 1132, the license processing unit 1133 of the license management server 113 executes a license issuance process (S807).

  This license issuance process (S807) is performed according to a subroutine flowchart shown in FIG.

  As shown in FIG. 13, the license processing unit 1133 first checks whether or not the designated license has been purchased (S1301). Specifically, the client ID of the right management terminal 211 is extracted from the public key certificate (ordinary certificate) acquired during the authentication process, and the user ID corresponding to the client ID is stored in the member information DB 1171 of the DB group 117. Use to identify. Then, it is determined using the purchase information DB 1173 of the DB group 117 whether or not the license ID specified in the license acquisition request (S806) is recorded in association with the user ID.

  As a result of the determination, if they are not associated (No in S1301), the license processing unit 1133 ends the license issuance process.

  On the other hand, if the result of determination is that they are associated (Yes in S1301), the license corresponding to the license ID, and the public key certificate and private key pair used for the authentication process at the time of usage notification Obtained from the license DB 1172 (S1302).

  FIG. 14 is a diagram illustrating a data structure of a license acquired from the license DB 1172.

  As shown in FIG. 14, the license D1401 includes a license ID (D1402), a content key for decrypting the encrypted content to be licensed, and content information for specifying the content to be licensed (Content ID) and data (D1403) including usage conditions. The usage conditions include the number of times the content is used (for example, once), a usage period (for example, no time limit), a notification of usage history (for example, necessary), and the like. When the usage record notification indicates “necessary”, the user who purchased the license needs to notify the usage record after using the content.

  FIG. 15 is a diagram illustrating a data structure of a public key certificate (anonymous certificate) acquired from the license DB 1172.

  As shown in FIG. 15, in the public key certificate for notification of usage results, the license ID (0A000001 in FIG. 15) and the like are described at the location where the client ID is described in the public key certificate of a normal terminal. Since the license ID is not associated with the terminal ID, the terminal cannot be specified. Specifically, a version (for example, 02), a serial number (for example, 0A00001 indicating a license ID), an issuer (for example, a business operator CA), and a valid period (from January 01, 2004 to December 2006). Month 31), a public key (public key data), and a signature by the issuer. In this example, the license ID is described in place of the client ID in the certificate used for the authentication process at the time of usage record notification. However, the present invention is not limited to this, and any content ID, server ID, etc. May be described, or nothing in particular may be described. In other words, information that does not include information specifying a terminal or a user who uses the terminal may be used, and privacy infringement can be prevented.

  When the license, the public key certificate, and the private key pair are acquired, the license management server 113 refers to the usage conditions of the D1403 of the license D1401 and determines whether or not the usage history notification is necessary (S1303). .

  As a result of the determination, if notification is necessary, that is, if notification of usage record is necessary (Yes in S1303), the license processing unit 1133 performs S1302 during license D1401, as shown in FIG. A pair of the acquired public key certificate D1601 and private key D1602 is added (S1304), and a signature D1603 of the license management server 113 is added (S1305). On the other hand, as a result of the determination, if there is no need for notification, that is, if notification of usage record is not required (No in S1303), only the signature D1603 of the license management server 113 is added to the license D1401. (S1305). Thereafter, the corresponding license in the purchase information DB 1173 of the DB group 117 is updated to issued (S1306), and the license issuance process is terminated. Here, it is assumed that notification of the usage record of the usage conditions included in the license is necessary, and it is assumed that a pair of the public key certificate D1601 and the private key D1602 is added to this license.

  When the addition process such as public key certificate (anonymous certificate) or signature is completed in the license issuance process (S807), the scenario control unit 1132 returns a license acquisition response including this license to the right management terminal 211 (S808). ).

  When receiving the license acquisition response via the communication processing unit 2111 and the scenario control unit 2113, the license processing unit 2114 of the right management terminal 211 extracts the license included therein and records it in the terminal DB 2119 (S809). The above is the description regarding the license issuance sequence.

  In the license issuance sequence described above, the charging process for the license purchase is not described, but the charging process may be performed for the license purchase. Further, when purchasing a license, a SAC may be formed between the right management terminal 211 and the license sales server 112 using a normal certificate.

(Explanation of usage record notification sequence)
Next, a sequence (utilization record notification sequence) for notifying the utilization record collection server 114 of the use record generated when the content is used will be described.

  FIG. 17 is a sequence diagram showing a usage record notification sequence performed between the right management terminal 211 and the usage record collection server 114.

  When the usage record processing unit 2116 of the right management terminal 211 receives a request for “use record notification” from the user via the input / output I / F 2117 and the scenario control unit 2113, as shown in FIG. Is acquired from the terminal DB 2119 (S1701). Then, the certificate selection processing unit 2112 selects a public key certificate used in the usage record notification (S1702). Here, it has been described that the request for “notification of usage record” is started with an instruction from the user as a trigger. However, the request may be automatically started after the use of the content ends.

  The above-described certificate selection S1702 is performed according to the flowchart shown in FIG. Here, since it is determined Yes in “execute usage record notification?” In S1001, a license corresponding to the usage record is acquired from the terminal DB 2119 (S1002), and a public key certificate for notification of use record (from the license) (Anonymous certificate) and private key are extracted (S1003).

  The scenario control unit 2113 of the rights management terminal 211 uses the acquired public key certificate and private key to perform authentication processing with the usage record collection server 114, forms a SAC, and then uses the usage record notification request including the use record. Is transmitted (S1703).

  Here, FIG. 18 shows an example of a display screen when the usage record notification is executed. As shown in FIG. 18, this screen is characterized in that it presents the authentication process currently performed to the user.

  Upon receiving the usage record notification request S1703 via the communication processing unit 1144 and the scenario control unit 1142, the usage record determination processing unit 1143 of the usage record collection server 114 extracts the use record included in the request, and the DBI / F 1141. Is recorded in the utilization result DB 1174 of the DB group 117 (S1704). After recording the usage record, the use record determination processing unit 1143 returns a use record notification response including the processing result to the rights management terminal 211 via the scenario control unit 1142 and the communication processing unit 1144 (S1705).

  When receiving the usage record notification response, the usage record processing unit 2116 of the right management terminal 211 deletes the notified use record from the terminal DB 2119 (S1706). The above is the description regarding the usage record notification sequence.

  Therefore, in the usage record notification sequence, an anonymous certificate and this private key are selected, and authentication processing using this anonymous certificate is performed, so it is only possible to know the license ID as a pseudonym, and anonymity is guaranteed. It is also confirmed that it is a usage record from the correct right management terminal. Accordingly, it is possible to confirm that the usage information is correct from the terminal device without collecting the terminal device, and collect the usage information.

  In the first embodiment of the present invention, it has been described that a public key certificate (anonymous certificate) and a private key used at the time of usage record notification are included in the license, but the present invention is not limited to this. As shown in FIG. 19, an anonymous certificate and its private key may be included in the encrypted content. Further, the anonymous certificate and its private key may be included in the metadata indicating the outline of the content and license. Further, the terminal DB 2119 of the right management terminal 211 may have two types of public key certificate for normal use and usage record notification and a secret key in advance. Further, when the user joins the usage record collection system 1, the anonymous certificate and the private key may be distributed from the server. Moreover, you may transmit an anonymous certificate and its private key regularly using a broadcast radio wave. In these cases, similar to the configuration of the license management server 113, the content distribution server 115, the member management server 111, and the like may be provided with a function of including the anonymous certificate and its private key in the encrypted content. .

  In the first embodiment of the present invention, the right management terminal 211 has been described as starting the notification of the usage record triggered by the user's instruction or the end of content usage. However, the present invention is not limited to this. The usage record notification trigger data is transmitted from the collection server 114 using broadcast radio waves, etc., and the right management terminal 211 receives the usage record notification trigger data transmitted using broadcast waves according to the flowchart shown in FIG. In this case, the corresponding usage record may be notified.

  Specifically, when the usage record processing unit 2116 of the right management terminal 211 receives the usage record notification trigger data via the communication processing unit 2111 and the scenario control unit 2113 (S2001), is there a corresponding license in the terminal DB 2119? It is determined whether or not (S2002).

  Here, the above-described usage record notification trigger data has a data structure as shown in FIG. 21, and has a usage record notification public key certificate and a secret key in association with the license ID. The private key is encrypted with a certificate key.

  At this time, the license and the encrypted content acquired by the right management terminal 211 from the license management server 113 and the content distribution server 115 have a data structure as shown in FIG. 22 or FIG. Prepare. That is, as shown in FIG. 22, the license data structure is a structure in which an encrypted public key certificate (anonymous certificate) and a certificate key that is a key for decrypting the private key are included in the license. It is. As shown in FIG. 23, the content data structure includes a certificate key included in the content, and the content and the certificate key are encrypted with the content key.

  Therefore, when the corresponding license exists (Yes in S2002), the certificate selection processing unit 2112 acquires the certificate key from the license (S2003), and the public key certificate (anonymous certificate) in the usage record notification trigger data. ) And the private key are decrypted with the acquired certificate key (S2004).

  When the decryption is completed, the scenario control unit 2113 of the right management terminal 211 uses the acquired public key certificate and private key to perform authentication processing with the usage record collection server 114, and after forming the SAC, the usage record. Is notified (S2005).

  Therefore, even in this case, since the anonymous certificate and the secret key are selected and the authentication process using the anonymous certificate is performed, it is only possible to know the license ID as a pseudonym and the anonymity is guaranteed. It is also confirmed that the usage record is from the correct right management terminal. Accordingly, it is possible to confirm that the usage information is correct from the terminal device without collecting the terminal device, and collect the usage information.

  Further, in the first embodiment of the present invention, in the description of FIG. 10, it has been described that when executing the usage record notification command, the authentication process is always performed using the public key certificate and private key for usage record notification. However, the present invention is not limited to this, and as shown in FIG. 24, even when the use result notification command is executed (Yes in S2401), the user uses the public key certificate and private key of the normal terminal. It is determined whether or not an authentication process is desired (S2402), and an anonymous certificate is acquired according to the user's request (S2403, S2404), a normal certificate is acquired (S2405), and can be selected. Good.

Accordingly, it is possible to match the degree of privacy awareness of the user.
Further, in the first embodiment of the present invention, in the description of FIG. 10, only when the usage record notification command is executed, authentication processing is performed using a public key certificate and private key for anonymous authentication different from normal. Although described above, the present invention is not limited to this, and as shown in FIG. 25, when executing a command having a problem when a terminal is identified from the viewpoint of privacy protection, an anonymous certificate is necessary. If the command is not executed (No in S2501), that is, if a normal certificate is selected, it is determined whether or not the user desires an authentication process using an anonymous certificate and a private key (S2504). If anonymous authentication is possible (Yes in S2506), authentication may be performed by switching to a public key certificate and a private key for anonymous authentication different from normal (S2503). Also in this case, as described above, the authentication processing method desired by the user may be prioritized.

  This also makes it possible to further match the degree of privacy awareness of the user.

(Embodiment 2)
In the first embodiment, the SAC is established using the same anonymous certificate pair (one type of anonymous certificate pair) regardless of age and gender, but according to attribute information such as age and gender, You may make it establish SAC using a different anonymous certificate pair.

  Specifically, as shown in FIG. 26, the anonymous certificate pair is a bundle of a plurality of anonymous certificates with attribute information (attribute certificate) and private key (= attribute certificate pair) common to each terminal. Each attribute certificate includes attribute information such as age and gender. This attribute information does not specify a user, for example, but indicates a profile of the user. The terminal DB 2119 also stores a profile (user profile) of a user who uses the terminal.

  More specifically, as shown in FIG. 27 (a), the attribute certificate a stores age teenage, gender female, etc., and the attribute certificate b shows in FIG. 27 (b). As such, age 20s and gender women are stored. In addition, as shown in FIG. 27 (c), the user profile stores age 20s and gender women.

  When the terminal is configured in this way, the certificate selection processing unit 2112 of the terminal uses the terminal when selecting the anonymous certificate pair in the certificate selection when communicating with the server. Compared with the user's profile, the corresponding attribute certificate pair in the anonymous certificate pair is identified (in the example of FIG. 27, attribute certificate pair b), and the SAC is established using the attribute certificate pair. .

  By adding such attribute information, it is possible for the server to specify the user profile of the SAC establishment partner while protecting the privacy, and to collect usage results targeting age and gender, and to use the user's content The questionnaire regarding can be collected.

  In addition, as a method of distributing the anonymous certificate and the private key including such attribute information, the anonymous certificate is included in the license as in the method of distributing the anonymous certificate not including the attribute information described in the first embodiment. And distribution 1 including the private key, distribution 2 including the anonymous certificate and the private key in the encrypted content, and distribution including the anonymous certificate and the private key in the metadata. Pattern 3, Anonymous certificate and its private key are given in advance in the terminal DB 2119 of the rights management terminal 211. When the user joins this usage record collection system 1, the anonymous certificate and its private key are stored. Any one of the pattern 5 distributed from the server and the pattern 6 periodically transmitting the anonymous certificate and its secret key using broadcast radio waves or the like may be used.

(Embodiment 3)
By the way, in the second embodiment, an anonymous certificate pair including a plurality of attribute certificate pairs is passed to the terminal, and the terminal selects which attribute certificate pair is used when the SAC is established. This method has a problem in that the load on the terminal is increased because the data cost of the anonymous certificate pair increases in proportion to the number of attribute patterns. Therefore, as a new method, instead of passing an attribute certificate including various attribute patterns at the time of distribution, only one of the corresponding attribute certificate pairs may be passed.

  Specifically, as shown in FIG. 28, when a service contract is made, for example, a user profile is inputted on the Web or the like, and as a response, an attribute certificate including corresponding attribute information and a private key attribute certificate Just pass the pair.

  As a result, the terminal does not need to hold a user profile or unnecessary attribute certificate, and only needs to hold a corresponding attribute certificate pair, thereby reducing the load on the terminal.

(Embodiment 4)
In the first embodiment, the anonymous certificate is used when notifying the usage history of the content by the user. However, the usage information is not limited to the usage history, and the usage information regarding the usage of the content is generally used such as when collecting the anonymous questionnaire. You may apply.

  For example, in the case of collecting anonymous questionnaires, when applying the method of the third embodiment, as shown in FIG. 29, when distributing questionnaire sheets, a user's profile is input on the Web or the like, and the response Then, the attribute certificate including the corresponding attribute information, the attribute certificate pair of the private key, and the questionnaire are passed to the terminal.

  Then, the SAC is established between the terminal and the server using the attribute certificate pair, and the questionnaire sheet is collected.

  When the questionnaire sheet is collected, the server can send present information to the terminal as a thank-you to the questionnaire and apply for a present based on the present information.

  Therefore, in this case as well, the server can identify the user profile of the SAC establishment partner while protecting the privacy, and can collect questionnaires targeted for age and gender.

  The usage information system according to the present invention can be applied to various computer devices such as a personal computer and a portable information terminal constituting a system for collecting usage information in a content distribution service.

It is a figure which shows the system configuration | structure of the utilization results collection system which concerns on Embodiment 1 of this invention. It is a figure which shows the module structure of the license management server 113 shown by FIG. It is a figure which shows the module structure of the utilization performance collection server 114 shown by FIG. It is a figure which shows DB structure of the DB group 117 shown by FIG. It is a figure which shows the table structure of member information DB1171 shown by FIG. It is a figure which shows the table structure of license DB1172 shown by FIG. The figure which shows the module structure of the rights management terminal 211 shown by FIG. It is a figure which shows the license issue sequence performed with the utilization performance collection system. 6 is a diagram showing a license list display screen in a right management terminal 211. FIG. 9 is a flowchart showing a subroutine of certificate selection processing (S805) shown in FIG. It is a figure which shows the data structure of the public key certificate (normal certificate) of the normal terminal managed by terminal DB2119. It is a figure which shows the screen in the middle of the license acquisition in the rights management terminal. FIG. 9 is a flowchart showing a subroutine of license issuance processing (S807) shown in FIG. It is a figure which shows the data structure of the license before adding a public key certificate (anonymous certificate) and a private key. It is a figure which shows the data structure of the public key certificate (anonymous certificate) for a utilization performance notification. It is a figure which shows the data structure of the license after adding a public key certificate (anonymous certificate) and a private key. It is a figure which shows the utilization performance notification sequence performed between the rights management terminal 211 and the utilization performance collection server 114. FIG. It is a figure which shows the screen in use record notification in the rights management terminal. It is a figure which shows the data structure of the encryption content based on other embodiment of this invention. It is a flowchart at the time of performing a usage record notification based on the usage record notification trigger data according to another embodiment of the present invention. It is a figure which shows the data structure of the utilization performance notification trigger data which concern on other embodiment of this invention. It is a figure which shows the data structure of the license provided with the certificate key which concerns on other embodiment of this invention. It is a figure which shows the data structure of the encrypted content provided with the certificate key which concerns on other embodiment of this invention. 6 is a flowchart of certificate selection with user selection according to another embodiment of the present invention. It is a flowchart of selection of the certificate with respect to the anonymous authentication command which concerns on other embodiment of this invention. It is a figure which shows the bundle | flux of an attribute certificate pair and user profile which are managed by terminal DB2119 which concerns on Embodiment 2 of this invention. It is a figure which shows the structural example of the attribute certificate and user profile which are shown by FIG. It is a figure which shows the exchange of the user profile and attribute certificate pair which are performed between the terminal and server which concern on Embodiment 3 of this invention. It is a figure which shows the exchange with the user profile, attribute certificate pair, questionnaire sheet etc. which are performed between the terminal and server which concern on Embodiment 4 of this invention.

Explanation of symbols

31 Transmission path 111 Member management server 112 License sales server 113 License management server 114 Usage record collection server 115 Content distribution server 116 LAN
117 DB group 211 Rights management terminal 1131 DBI / F
1132 Scenario control unit 1133 License processing unit 1134 Communication processing unit 1141 DBI / F
1142 Scenario control unit 1143 Usage result determination processing unit 1144 Communication processing unit 1171 Member information DB
1172 License DB
1173 Purchase Information DB
1174 Usage results DB
1175 Content DB
2111 Communication processing unit 2112 Certificate selection processing unit 2113 Scenario control unit 2114 License processing unit 2115 Content processing unit 2116 Usage result processing unit 2117 Input / output I / F
2118 Content output I / F
2119 Terminal DB

Claims (22)

A rights management terminal that manages the copyright of the content using a license including the content usage conditions,
A first public key certificate including identification information for uniquely identifying at least one of a terminal and a user using the terminal; a first private key paired with a first public key included in the first public key certificate; First certificate management means for managing
A second certificate management means for managing a second public key certificate not including the identification information and a second private key paired with the second public key included in the second public key certificate;
Selection processing means for selecting one of the first public key certificate and the first private key and the second public key certificate and the second private key as a set;
Using the public key certificate and the private key selected by the selection processing means as a set, and an authentication processing means for executing an authentication process when communicating with the server device ,
The selection processing means selects a public key certificate and a private key used in authentication processing as a set according to the type of execution command used for communication with the server device,
The selection processing means selects the second public key certificate and the second secret key as a set when the execution command notifies the server device of usage information related to the use of content by the user. In other cases, the first public key certificate and the first private key are selected as a set,
The right management terminal , wherein the usage information is a usage history of content . The selection processing means selects the second public key certificate and the second secret key as a set when an execution command for notifying the usage record to the server device is instructed by a user using the terminal device. The right management terminal according to claim 1, wherein: The selection processing means selects the second public key certificate and the second secret key as a set when the server device is instructed to execute an execution command for notifying the server device of the usage record. The right management terminal according to claim 1 . The right management terminal further includes usage record management means for managing the usage record,
The usage record management means, when the use record is notified to the server device, rights management terminal according to claim 1, wherein the deleting the use record of managing. A rights management terminal that manages the copyright of the content using a license including the content usage conditions,
A first public key certificate including identification information for uniquely identifying at least one of a terminal and a user using the terminal; a first private key paired with a first public key included in the first public key certificate; First certificate management means for managing
A second certificate management means for managing a second public key certificate not including the identification information and a second private key paired with the second public key included in the second public key certificate;
Selection processing means for selecting one of the first public key certificate and the first private key and the second public key certificate and the second private key as a set;
Authentication processing means for executing authentication processing when communicating with the server device using the public key certificate and private key selected by the selection processing means as a set;
With
The selection processing means selects a public key certificate and a private key used in authentication processing as a set according to the type of execution command used for communication with the server device,
The selection processing means selects the second public key certificate and the second secret key as a set when the execution command notifies the server device of usage information related to the use of content by the user. In other cases, the first public key certificate and the first private key are selected as a set,
The usage information, features and to that rights management terminal that Ru questionnaire der on the use of content. The right management terminal according to claim 1, wherein the second certificate management means manages the second public key certificate and the second secret key in advance as a set. The second certificate management means sets the second public key certificate and the second secret key sent from the server device when a user who uses the terminal device joins a rights management system. The right management terminal according to claim 1, wherein the right management terminal is managed by: The second public key certificate and the second private key are included in the license,
The second certificate management means manages the second public key certificate and the second private key together with the license;
The rights management terminal according to claim 1, wherein the selection processing means acquires the license from the license when the second public key certificate and the second secret key are required as a set. The second public key certificate and the second private key are included in the content,
The second certificate management means manages the second public key certificate and the second private key together with the content,
The rights management terminal according to claim 1, wherein the selection processing means acquires the content from the content when the second public key certificate and the second secret key are required as a set. A rights management terminal that manages the copyright of the content using a license including the content usage conditions,
A first public key certificate including identification information for uniquely identifying at least one of a terminal and a user using the terminal; a first private key paired with a first public key included in the first public key certificate; First certificate management means for managing
A second certificate management means for managing a second public key certificate not including the identification information and a second private key paired with the second public key included in the second public key certificate;
Selection processing means for selecting one of the first public key certificate and the first private key and the second public key certificate and the second private key as a set;
Authentication processing means for executing authentication processing when communicating with the server device using the public key certificate and private key selected by the selection processing means as a set;
With
The second public key certificate and the second private key are included in metadata indicating an outline of the content or license,
The second certificate management means manages the second public key certificate and the second private key together with the metadata,
The selection processing means, the second when required by the public key certificate and the second set of private key, to that rights management terminal and acquires from the metadata. The second public key certificate and the second private key are included in the broadcast radio wave,
The rights management terminal further comprises broadcast radio wave certificate obtaining means for obtaining the second public key certificate and the second secret key from within the broadcast radio wave,
The right according to claim 1, wherein the second certificate management means manages the second public key certificate and the second private key acquired by the broadcast radio wave certificate acquisition means as a set. Management terminal. The pair of the second public key certificate and the second private key includes an attribute certificate that certifies the attribute of the user who uses the terminal, a third private key paired with the third public key included in the attribute certificate, Consists of a pair of
The selection processing means acquires the attribute certificate and the third private key in pairs when the second public key certificate and the second private key are required as a set. Rights management terminal. A rights management terminal that manages the copyright of the content using a license including the content usage conditions,
A first public key certificate including identification information for uniquely identifying at least one of a terminal and a user using the terminal; a first private key paired with a first public key included in the first public key certificate; First certificate management means for managing
A second certificate management means for managing a second public key certificate not including the identification information and a second private key paired with the second public key included in the second public key certificate;
Selection processing means for selecting one of the first public key certificate and the first private key and the second public key certificate and the second private key as a set;
Authentication processing means for executing authentication processing when communicating with the server device using the public key certificate and private key selected by the selection processing means as a set;
With
The pair of the second public key certificate and the second private key includes an attribute certificate that certifies the attribute of the user who uses the terminal, a third private key paired with the third public key included in the attribute certificate, Consists of a pair of
The selection processing means acquires the attribute certificate and the third secret key in pairs when the second public key certificate and the second secret key are required as a set,
The pair of the second public key certificate and the second secret key is composed of a bundle of a plurality of attribute certificates storing different attributes and a third secret key for each attribute certificate,
The rights management terminal further comprises user profile management means for managing a profile of a user who uses the terminal,
When the selection processing means needs the second public key certificate and the second secret key as a set, the selection processing means pairs the attribute certificate including the attribute matching the profile from the bundle and the third secret key. in to that rights management terminal and acquiring. The second certificate management means uses the second public key certificate and the second private key as a pair of the attribute certificate storing the predetermined attribute transmitted from the server device and the third private key. Manage as
The selection processing means includes an attribute certificate storing the predetermined attribute managed by the second certificate management means when the second public key certificate and the second private key are required as a set. The rights management terminal according to claim 12, wherein the third secret key is acquired in pairs. A server device that handles licenses required for a rights management terminal that uses content,
A certificate pair transmitting means for transmitting a second public key certificate and a second secret key paired with a second public key included in the second public key certificate to the rights management terminal;
And a authentication means for authenticating a communication partner using a public key certificate sent from the rights management terminal when the rights management terminal and data communications,
When the second public key certificate not including identification information for uniquely identifying at least one of the terminal and the user using the terminal is sent from the right management terminal, the authentication unit remains anonymous when the second public key certificate is sent. Authenticate the communicating party using a public key certificate ,
If the second public key certificate transmitted from the certificate pair transmission unit matches the second public key certificate transmitted from the right management terminal, the authentication unit authenticates the right management terminal. Authenticate
The server device further includes:
Command transmission means for transmitting a command for transmitting the usage information from the rights management terminal when usage information regarding the use of the content by the user in the rights management terminal is required;
A server apparatus comprising: usage information collection means for collecting usage information transmitted from the right management terminal that has been authenticated as valid by the authentication means . A usage information collection system comprising the right management terminal according to claim 1 and the server device according to claim 15 . A rights management method used for a rights management terminal that manages a copyright of the content by using a license including a use condition of the content,
A first public key certificate including identification information for uniquely identifying at least one of a terminal and a user using the terminal; a first private key paired with a first public key included in the first public key certificate; A first certificate management step for managing
A second certificate management step of managing a second public key certificate not including the identification information and a second private key paired with the second public key included in the second public key certificate;
A selection processing step of selecting any one of the first public key certificate and the first private key and the second public key certificate and the second private key as a set;
In the selection processing step, using the public key certificate and private key selected in the set,
In communication with the server device, viewed contains an authentication processing step of executing the authentication process,
In the selection processing step, according to the type of execution command used for communication with the server device, a public key certificate and a private key used in the authentication processing are selected as a set,
In the selection processing step, when the execution command is to notify the server device of usage information related to the use of content by the user, the second public key certificate and the second secret key are selected as a set. In other cases, the first public key certificate and the first private key are selected as a set,
The right management method , wherein the usage information is a content usage record . A usage information collection method used in a server device that handles a license required for a right management terminal that uses content,
A certificate pair transmission step of transmitting a second public key certificate and a second private key paired with a second public key included in the second public key certificate to the right management terminal;
And a authentication step of authenticating the communication partner by using the public key certificate sent from the rights management terminal when the rights management terminal and data communications,
In the authentication step, when the second public key certificate not including identification information for uniquely identifying at least one of the terminal and the user using the terminal is sent from the right management terminal, the second public key certificate remains anonymous. Authenticate the communicating party using a public key certificate ,
In the authentication step, if the second public key certificate transmitted by the certificate pair transmitting unit matches the second public key certificate transmitted from the right management terminal, the right management terminal is authorized. Authenticate
The usage information collection method further includes:
A command transmission step of transmitting a command for transmitting the usage information from the right management terminal when the usage information regarding the use of the content by the user in the right management terminal is required;
A usage information collection method comprising: a usage information collection step for collecting usage information transmitted from the right management terminal authenticated as valid in the authentication step . A program used for a rights management terminal that manages the copyright of the content by using a license including the usage conditions of the content,
A first public key certificate including identification information for uniquely identifying at least one of a terminal and a user using the terminal; a first private key paired with a first public key included in the first public key certificate; A first certificate management step for managing
A second certificate management step of managing a second public key certificate not including the identification information and a second private key paired with the second public key included in the second public key certificate;
A selection processing step of selecting any one of the first public key certificate and the first private key and the second public key certificate and the second private key as a set;
Using the public key certificate and the private key selected by the selection processing unit as a set, and causing the computer to execute an authentication process step for executing an authentication process when communicating with the server device ;
In the selection processing step, according to the type of execution command used for communication with the server device, a public key certificate and a private key used in the authentication processing are selected as a set,
In the selection processing step, when the execution command is to notify the server device of usage information related to the use of content by the user, the second public key certificate and the second secret key are selected as a set. In other cases, the first public key certificate and the first private key are selected as a set,
The usage information is a content usage record.
A program characterized by that . A program used in a server device that handles a license required for a rights management terminal that uses content,
A certificate pair transmission step of transmitting a second public key certificate and a second private key paired with a second public key included in the second public key certificate to the right management terminal;
Causing a computer to execute an authentication step of authenticating a communication partner using a public key certificate transmitted from the rights management terminal when performing data communication with the rights management terminal;
In the authentication step, when the second public key certificate not including identification information for uniquely identifying at least one of the terminal and the user using the terminal is sent from the right management terminal, the second public key certificate remains anonymous. Authenticate the communication partner using a public key certificate ,
In the authentication step, if the second public key certificate transmitted by the certificate pair transmitting unit matches the second public key certificate transmitted from the right management terminal, the right management terminal is authorized. Authenticate
The program further includes:
A command transmission step of transmitting a command for transmitting the usage information from the right management terminal when the usage information regarding the use of the content by the user in the right management terminal is required;
Causing the computer to execute a usage information collection step of collecting usage information transmitted from the right management terminal that has been authenticated as valid in the authentication step.
A program characterized by that . A computer-readable recording medium on which the program according to claim 19 is recorded. A computer-readable recording medium on which the program according to claim 20 is recorded.

Images