JP4903028B2 - Content transmission device, content reception device, content transmission method, and content transmission program - Google Patents

Description

  The present invention relates to a content transmission device, a content reception device, a content transmission method, and a content transmission program for transmitting and receiving multimedia content such as moving images and music and a license for the multimedia content via a communication network.

  As the communication infrastructure for the home, ADSL (Asymmetric Digital Subscriber Line) service has been popularized, and the use of optical fiber network high-speed communication service (FTTH; Fiber To The Home) has increased rapidly. Yes. With the development of a high-speed, broadband broadband Internet connection environment (broadband) for homes, the distribution of multimedia content (hereinafter referred to as content) such as moving images and music via public networks to homes has been promoted. Yes. Among the content distribution services that make use of the broadband connection environment for homes, high-quality video streaming distribution services and download services are attracting attention as killer services.

  On the other hand, in order to protect content from infringing acts such as illegal copying of content and illegal secondary and tertiary outflows, and to promote smooth content distribution in network distribution services such as streaming, content rights protection and license management Technology is required.

  Conventionally, DRM (Digital Right Management) technology has been developed as a technology for realizing copyright management protection of digital content distributed via a communication network. The DRM system is a system in which element technologies such as authentication, encryption, digital watermarking, viewing and usage control, and accounting are integrated.

Here, DRM in the conventional streaming distribution system will be described with reference to FIG. FIG. 23 is a configuration diagram schematically showing a streaming delivery system using a conventional DRM. As shown in FIG. 23, the streaming distribution system SS is a packaged content C in which the original content _CO is encrypted and packaged from the content distribution server CDS based on the content request and the license request from the user terminal YT. delivers _P, from the license server LS is a system for distributing a license L comprising the key K used in the decoding of the packaging content C _P. Streaming system SS, and the content server CS which stores a packaged content C _P, and the content distribution server CDS for distributing packaged contents C _P in response to a request from the user, and the license server LS to issue licenses L, requesting and packaging content C _P and the license L to the content distribution server CDS and the license server LS, comprising a user terminal YT for decoding using the key K that contains the packaged content C _P received in the license L.

In the streaming delivery system SS, only authorized user, the key K for decrypting the packaged content C _P, it can be acquired as a license L with other content protection information such as usage conditions. Note that the packaged content _CP and the license L are separated from each other by describing usage conditions such as the viewing time limit and the number of times of viewing in the license L so that a new service can be provided if the license is updated. This is to make it possible.

  Products such as “Windows Media Technologies (WMT)” from Microsoft (registered trademark) and “RealSystem (Real)” from REALNETWORKS (registered trademark) using such DRM can produce, distribute, and play back digital content. Has a large market share in the market as a platform for performing (see Non-Patent Document 1). Each of these products has its own DRM system, but has not yet reached the de facto standard. In addition, international standardization for DRM technology is also in progress, for example, MPEG-2 and MPEG-4 IPMP (Intellectual Properties Management and Protection) in MPEG (Moving Picture Experts Group; ISO / IEC JTC1 SC29 / WG1) and MPEG- 21 is a typical example.

In addition, a representative basic patent relating to DRM has been filed by INTERTRUST (registered trademark). The patent includes items relating to a system and main components for receiving encrypted content, managing content usage safely, transmitting content subjected to copyright management, and the like (see Patent Document 1).
US Pat. No. 6,185,683 Koji Abe, 3 others “Security in Streaming” 2002 Symposium 1 Annual Conference on Video Information Media, Security in Broadcast Media, S1-3 (Aug. 2002)

  In order to further spread and develop content distribution services using high-speed / broadband networks, viewing according to basic user attributes such as user age information and information such as the presence or absence of contracts (hereinafter attribute information) It is indispensable to provide detailed services for individual users such as control and billing settings, and to realize safe management and protection of personal information such as user attribute information in service providers.

  However, the conventional DRM system and the international standard related to DRM technology have a function for controlling whether or not to distribute individual contents according to contract conditions such as individual user attribute information and billing settings managed within the operator. It does not constitute. The technology described in Patent Document 1 relates to DRM technology and security computing, and is a system for receiving encrypted content, content usage management technology, and management technology for delivering content to other companies. When a user uses content, a mechanism in which distribution control is performed according to usage attributes determined according to contract conditions such as individual attribute information and billing settings for the service is not considered. Furthermore, the conventional technology does not attempt to solve the concealment of the usage attribute of the user on the service provider side.

  The present invention is made in order to solve the above-mentioned problems of the prior art, and in a service that provides content such as moving images and music and a license for the content via a communication network, the attribute information of individual users is used. Accordingly, it is possible to control whether or not each content can be used, and the content transmission device, the content reception device, and the content transmission that can be operated while the user's usage attribute is concealed and managed safely on the provider side It is an object to provide a method and a content transmission program.

  In order to solve the above-described problem, the content transmission device according to claim 1 is connected to content request data including a content ID for identifying content and a user ID for identifying a user of the content via a network. A content transmission device that receives content information from a content reception device that is a terminal device of the user and transmits content information that is at least one of the content and the license of the content to the content reception device. A user information storage unit, a content attribute storage unit, a content request data reception unit, a permission level information acquisition unit, a content use permission unit, and a content information transmission unit.

  According to this configuration, the content transmission apparatus stores a plurality of pieces of content information in the content information storage unit, stores the user ID in the user information storage unit, and contents of the plurality of pieces of content information stored in the content information storage unit. Among them, user information associated with usage level information indicating permission level information for specifying which content is allowed to be used by the user indicated by the user ID is stored for a plurality of users. In addition, the content transmitting apparatus causes the content attribute storage unit to use the content ID and the content indicated by the content ID for each of the plurality of pieces of content information stored in the content information storage unit. Content attribute information indicating whether or not to permit and associating with usage target level information corresponding to permission level information is stored.

  Further, the content transmitting apparatus receives content request data including the content ID and the user ID from the content receiving apparatus by the content request data receiving unit, and based on the user ID included in the content request data by the permission level information acquiring unit. Then, the usage level information included in the user information corresponding to the user ID is read from the user information storage means to obtain the permission level information. Further, the content transmission device reads the usage target level information included in the content attribute information corresponding to the content ID from the content attribute storage unit based on the content ID included in the content request data by the content use permission unit, Based on the usage target level information and the permission level information acquired by the permission level acquisition means, it is determined whether or not to allow the user indicated by the user ID included in the content request data to use the content. To do.

  Further, the content transmission device reads content information corresponding to the content ID from the content information storage unit when the content usage permission unit permits the user to use the content by the content information transmission unit, and the content reception device Send to.

  Thus, the content transmission apparatus determines whether to permit the use of the content of the content information requested to be transmitted by the user according to the permission level information set for each user, and the permitted content. Content information can be transmitted to the content receiving device.

Furthermore, content transmitting apparatus, a user information generation means, further comprising a concealment predetermined bit information transmission means, the content request data further comprises a concealment predetermined bit information, said authorization level information acquisition means, said utilization The level information and the concealed predetermined bit information are collated for each bit, and when they match, the value of the corresponding bit in the predetermined value is set as the value of the bit, and when they do not match, the bit value of the corresponding bit in the predetermined value A bit string having the bit value as a value different from the value is obtained as the permission level information.

According to such a configuration, the content transmission device generates permission level information based on the user ID and the attribute information of the user input from the outside by the user information generation unit, and the bit string constituting the permission level information Is divided into bits, different random numbers are combined with each bit value, hashed using a one-way hash function to generate usage level information, and the user ID of the user is associated with the usage level information User information is generated, and the same number of bits as the bit string constituting the permission level information, and a bit string of a predetermined value is divided into bits and used for generating usage level information for each bit value. The same random number is combined, and secret predetermined bit information hashed using a one-way hash function is generated. In addition, the content transmitting apparatus transmits the confidential predetermined bit information generated by the user information generating means to the content receiving apparatus of the user by the confidential predetermined bit information transmitting means. Note that the user attribute information is at least one of information such as the user's basic attributes and whether there is a contract, whether or not the payment of the viewing fee is delinquent, and the membership type, for example, storage means connected to the content transmission device Or may be input from the content receiver via a network.

  Furthermore, the content transmitting apparatus receives content request data including the content ID, the user ID, and the confidential predetermined bit information from the content receiving apparatus by the content request receiving means, and the usage level information and the confidential predetermined information by the permission level information acquisition means. The bit information is checked for each bit, and if they match, the value of the corresponding bit in the predetermined value is set as the value of the bit, and if they do not match, the value of the corresponding bit in the predetermined value is different from the value of the corresponding bit. A bit string having the value of is acquired as permission level information.

  Here, the user information generating means generates usage level information including a hash value obtained by hashing a bit string constituting the permission level information by combining random numbers for each bit, and has a predetermined number of bits equal to the permission level information. In order to generate secret predetermined bit information including a hash value hashed for each bit using the same random number and hash function for the bit string of values, each bit of the permission level information is compared with each bit of the bit string of the predetermined value Thus, for bits having the same bit value, the hash values corresponding to the usage level information and the secret predetermined bit information are the same, and the hash values are also different when the bit values are different. Therefore, the permission level information acquisition unit can acquire the permission level information by collating the corresponding hash values of the usage level information and the secret predetermined bit information.

  As a result, the content transmission apparatus can conceal and manage the permission level information set for each user, and acquires the permission level information by collating with the confidential predetermined bit information included in the content request data. Thus, it can be determined whether or not the use of the content requested to be transmitted by the user is permitted.

Further, the content receiving apparatus according to claim 2, from a content transmitting apparatus according to claim 1 connected via a network, and combines the random number bit string having a predetermined value for each bit a predetermined number of bits hash And transmitting the content request data including the confidential predetermined bit information, the content ID for identifying the content, and the user ID for identifying the user of the content to the content transmitting device, A content receiving device that receives content information that is at least one of the content and the license of the content from the content transmitting device, and includes confidential predetermined bit information receiving means, confidential information storing means, and content request data generating means Content request data transmission means, content information receiver It was configured to include the door.

  According to such a configuration, the content receiving apparatus receives the secret predetermined bit information from the content transmission apparatus via the network by the secret predetermined bit information receiving unit, and stores the secret predetermined bit information in the concealment information storage unit. Further, the content receiving device, based on a content selection command of content information requested to be transmitted to the content transmitting device, which is input from the outside by the content request data generating means, and the content ID of the content indicated by the command Then, content request data including the user ID and the confidential predetermined bit information stored in the concealment information storage unit is generated, and the content request data transmission unit transmits the content request data to the content transmission apparatus via the network. . Further, the content receiving device receives the content information transmitted from the content transmitting device via the network by the content information receiving means.

  As a result, the content receiving device receives the concealment predetermined bit information from the content transmission device via the network, and further stores the content ID, the user ID, and the concealment information storage unit based on an external command. The content request data including the confidential predetermined bit information can be transmitted to the content transmission device to request transmission of the content information, and the content information transmitted from the content transmission device can be received.

The content transmission apparatus according to claim 3 , wherein the terminal device of the user is connected via a network with content request data including a content ID for identifying the content and a user ID for identifying a user of the content. A content transmission device that receives content information that is at least one of the content and the license of the content from the content reception device, the content information storage means, and user information generation Means, concealment use attribute information transmission means, user information storage means, content attribute storage means, content request data reception means, permission level information acquisition means, content use permission means, content information transmission means, It was set as the structure provided with.

According to this configuration, the content transmission device stores a plurality of pieces of content information in the content information storage unit. In addition, the content transmission device is a user information generation unit that uses the user ID and the attribute information of the user input from the outside, based on the user information, and among the contents of the plurality of content information stored in the content information storage unit, Permission level information that specifies what content is allowed to be used for the content, and a random number is combined with the bit string that constitutes the permission level information, and hashed using a one-way hash function to conceal use attribute In addition to generating information, user information in which the random number is associated with the user ID is generated, and the concealment use attribute information transmitting unit transmits the concealment use attribute information to the content receiving device of the user. Further, the content transmitting apparatus stores the user information generated by the user information generating unit for a plurality of users in the user information storing unit.

In addition, the content transmitting apparatus causes the content attribute storage unit to use the content ID and the content indicated by the content ID for each of the plurality of pieces of content information stored in the content information storage unit. Content attribute information indicating whether or not to permit and associating with usage target level information corresponding to permission level information is stored. Furthermore, the content transmission device receives the content request data from the content reception device by the content request data receiving unit, and from the user information storage unit based on the user ID included in the content request data by the permission level information acquisition unit. Read a random number corresponding to the user ID, generate a plurality of bit strings having the same number of bits as the bit string constituting the permission level information, combine the random numbers with the generated bit strings, and use a one-way hash function The hash value thus hashed is compared with the concealment use attribute information further included in the content request data, and a bit string corresponding to the matching hash value is acquired as permission level information.

  Further, the content transmission device reads the usage target level information included in the content attribute information corresponding to the content ID from the content attribute storage unit based on the content ID included in the content request data by the content use permission unit, Whether to permit the use of the content to the user indicated by the user ID included in the content request data based on the usage target level information and the permission level information acquired by the permission level information acquisition unit. judge. Further, the content transmission device reads content information corresponding to the content ID from the content information storage unit when the content usage permission unit permits the user to use the content by the content information transmission unit, and the content reception device Send to.

  Thus, the content transmission apparatus determines whether to permit the use of the content of the content information requested to be transmitted by the user according to the permission level information set for each user, and the permitted content. The content information can be transmitted to the content receiving device. Furthermore, the content transmitting apparatus can conceal permission level information set for each user and transmit it to the content receiving apparatus, and is combined with a random number used for concealing permission level information and hashed. The permission level information can be obtained by obtaining a bit string whose hash value matches the concealment use attribute information included in the content request data, and the use of the content of the content information requested to be transmitted by the user is permitted. It can be determined whether or not.

Further, the content receiving device according to claim 4 provides permission level information for specifying which content is allowed to be used by the user from the content transmitting device according to claim 3 connected via a network. Content that includes concealment use attribute information that is hashed by combining a random number with a constituent bit string, and includes the concealment use attribute information, a content ID that identifies the content, and a user ID that identifies the user of the content A content receiving apparatus that transmits request data to the content transmitting apparatus and receives content information that is at least one of the content and the license of the content from the content transmitting apparatus, and includes concealment use attribute information receiving means; , Concealment information storage means, content request data generation means, content And request data transmission means, and configured to include a content information receiving means.

  According to this configuration, the content receiving device receives the concealment use attribute information from the content transmission device via the network by the concealment use attribute information reception unit, and stores the concealment use attribute information in the concealment information storage unit. Remember. Further, the content receiving device, based on a content selection command of content information requested to be transmitted to the content transmitting device, which is input from the outside by the content request data generating means, and the content ID of the content indicated by the command The content request data including the user ID and the concealment use attribute information stored in the concealment information storage unit is generated.

  Further, the content receiving device transmits the content request data to the content transmitting device via the network by the content request data transmitting means. In addition, the content receiving device receives content information transmitted from the content transmitting device via the network by the content information receiving means.

  As a result, the content receiving device receives the concealment use attribute information from the content transmission device via the network, and further stores the content ID, the user ID, and the concealment information storage unit based on an external command. The content request data including the confidential use attribute information thus transmitted can be transmitted to the content transmission device to request transmission of the content information, and the content information transmitted from the content transmission device can be received.

The content transmission method according to claim 5 is a content information storage unit that stores content information that is at least one of a plurality of content and a license of the content, a user ID that identifies a user of the content, Usage level information indicating permission level information for specifying which of the contents of the plurality of content information stored in the content information storage unit is permitted to be used by the user indicated by the user ID; A user information storage unit that stores user information associated with the plurality of users, a content ID that identifies the content for each of the contents of the plurality of content information stored in the content information storage unit, The content to which the user Using a content transmission device comprising content attribute storage means for storing content attribute information indicating whether or not the use of the content indicated by D is permitted and associating with usage target level information associated with the permission level information , Receiving content request data including the content ID and the user ID from a content receiving device that is a terminal device of the user connected via a network, and transmitting the content information to the content receiving device. A content transmission method comprising a usage attribute identification information generation step, a usage attribute identification information generation step, a content request data reception step, a permission level information acquisition step, a content usage permission step, and a content information transmission step It is characterized by that.

According to this method, in the use attribute identification information generation step, the user information generation means generates permission level information based on the user ID and the user attribute information input from the outside, and configures the permission level information. The bit string to be divided is divided into bits, different random numbers are combined with each bit value, hashed using a one-way hash function to generate usage level information, and the user ID of the user is associated with usage level information In the usage attribute data generation step, the user information generation means divides the bit string having the same number of bits as the bit string constituting the permission level information and the predetermined value for each bit, A secret place where the same random number used to generate usage level information is combined with the bit value of, and hashed using a one-way hash function To generate the bit information. In the content request data receiving step, the content request data receiving unit receives the content request data from the content receiving device, and in the permission level information acquiring step, the permission level information acquiring unit is received in the content request data receiving step. Based on the user ID included in the content request data, the usage level information included in the user information corresponding to the user ID is read from the user information storage unit to obtain permission level information. Subsequently, in the content use permission step, the content use permission means sends a content attribute corresponding to the content ID from the content attribute storage means based on the content ID included in the content request data received in the content request data reception step. The usage target level information included in the information is read, and based on the usage target level information and the permission level information acquired in the permission level acquisition step, the user indicated by the user ID included in the content request data It is determined whether or not the use of the content is permitted. Further, in the content information transmission step, the content information transmission unit reads the content information corresponding to the content ID from the content information storage unit and receives the content when the content usage permission step permits the user to use the content. Send to device. Further, in the permission level information acquisition step, the permission level information acquisition means collates the usage level information and the secret predetermined bit information for each hash value, and if they match, the value of the corresponding bit in the predetermined value is set to the bit value. If the values do not match, a bit string having a value different from the corresponding bit value in the predetermined value as the bit value is acquired as permission level information.

  Thus, according to the permission level information set for each user, it is determined whether or not the use of the content of the content information requested by the user is permitted, and the content information about the permitted content is received. Can be sent to the device.

The content transmission method according to claim 6 includes content information storage means for storing content information that is at least one of a plurality of contents and a license for the content, and a plurality of contents stored in the content information storage means. For each of the contents of the information, a content ID for identifying the content, which user is permitted to use the content indicated by the content ID, and which content is permitted for each user A user that identifies the user by using a content transmission device including content attribute storage means that stores content attribute information associated with usage target level information associated with permission level information that specifies Content request data including ID Is transmitted from a content receiving device that is a terminal device of the user connected via a network, and the content information is transmitted to the content receiving device. A content request data receiving step, a permission level information obtaining step, a content use permission step, and a content information transmission step are included.

According to this method, in the user information generation and storage step, the user among the contents of the plurality of content information stored in the content information storage means based on the user ID and the attribute information of the user input from the outside. Permission level information that specifies what content is allowed to be used for the content, and a random number is combined with the bit string that constitutes the permission level information, and hashed using a one-way hash function to conceal use attribute Information is generated, and the concealment use attribute information is transmitted to the user's content receiving device, user information in which the random number is associated with the user ID is generated, and the content transmitting device transmits the user information. Further, it is stored in user information storage means provided.

Subsequently, in the content request data receiving step, the content request data receiving unit receives the content request data from the content receiving device, and in the permission level information acquiring step, the permission level information acquiring unit is received in the content request data receiving step. A random number corresponding to the user ID is read from the user information storage unit based on the user ID included in the content request data, and a plurality of bit strings having the same number of bits as the bit string constituting the permission level information are generated and generated. The random number is combined with each bit string, and the hash value hashed using the one-way hash function is compared with the concealment use attribute information further included in the content request data, and the corresponding hash value is supported. The bit string to be acquired is acquired as permission level information. Further, in the content use permission step, the content use permission means receives content attribute information corresponding to the content ID from the content attribute storage means based on the content ID included in the content request data received in the content request data reception step. The usage target level information included in the content request data is read out based on the usage target level information and the permission level information acquired in the permission level information acquisition step. It is determined whether or not the use of the content is permitted. Then, when the content information transmitting unit permits the user to use the content in the content use permission step, the content information transmitting unit reads the content information corresponding to the content ID from the content information storage unit, Send to the receiving device.

  Thus, according to the permission level information set for each user, it is determined whether or not the use of the content of the content information requested by the user is permitted, and the content information about the permitted content is received. Can be sent to the device. Furthermore, the permission level information set for each user can be concealed and transmitted to the content receiving apparatus, and the hash value when hashed in combination with the random number used to conceal the permission level information Can obtain permission level information by obtaining a bit string that matches the concealment use attribute information included in the content request data, and determines whether or not to permit the use of the content of the content information requested by the user can do.

The content transmission program according to claim 7 , wherein the content request data including a content ID for identifying content and a user ID for identifying a user of the content is connected to the terminal device of the user via a network. The permission level information that identifies the user ID and which of the plurality of contents is permitted to be used by the user indicated by the user ID among the plurality of contents. The user information is read from a user information storage device that stores user information associated with usage level information for a plurality of users, and for each of the plurality of contents, the content ID and to which user For the content indicated by the content ID The content attribute information is read from the content attribute information storage device that stores the content attribute information associated with the usage target level information corresponding to the permission level information and indicates the content to the user. The content information stored in a content information storage device that stores content information that is at least one of the plurality of content and the license of the content is stored in the content reception device. In order to transmit, the computer is caused to function as a content request data receiving unit, a permission level information obtaining unit, a content use permission unit, a content information transmission unit, a user information generation unit, and a secret predetermined bit information transmission unit .

According to such a configuration, the content transmission program receives the content request data from the content receiving device by the content request data receiving unit, and the user based on the user ID included in the content request data by the permission level information acquiring unit. Usage level information included in user information corresponding to the user ID is read from the information storage device to obtain permission level information. Further, the content transmission program reads the usage target level information included in the content attribute information corresponding to the content ID from the content attribute information storage device based on the content ID included in the content request data by the content use permission unit. Whether to permit the use of the content to the user indicated by the user ID included in the content request data based on the usage target level information and the permission level information acquired by the permission level acquisition unit judge. Further, the content transmission program reads content information corresponding to the content ID from the content information storage device when the content information transmission unit permits the user to use the content by the content usage permission unit, and the content reception device Send to. Furthermore, the content transmission program generates permission level information based on the user ID and user attribute information input from the outside by the user information generation means, and divides the bit string constituting the permission level information into bits. Then, different random numbers are combined with each bit value, hashed using a one-way hash function to generate usage level information, and user information is generated by associating the user ID of the user with the usage level information. Along with the same number of bits as the bit string constituting the permission level information, the bit string of the predetermined value is divided for each bit, and the same random number as that used for generating the usage level information is combined with each bit value, The secret predetermined bit information hashed using the one-way hash function is generated, and the secret predetermined bit information transmitting means The confidential predetermined bit information generated by the user information generating means is transmitted to the content receiving device of the user, the content request data further includes the confidential predetermined bit information, and the permission level information acquiring means is configured to use the usage level information and the confidential predetermined information. The bit information is checked for each hash value, and if they match, the value of the corresponding bit in the predetermined value is set as the value of the bit, and if they do not match, the value of the corresponding bit in the predetermined value is different from the value of the corresponding bit. A bit string as a bit value is acquired as permission level information.

  Accordingly, the content transmission program determines whether to permit the use of the content of the content information requested to be transmitted by the user according to the permission level information set for each user, and the permitted content is determined. Content information can be transmitted to the content receiving device.

The content transmission program according to claim 8 , wherein the content request data including a content ID for identifying content and a user ID for identifying a user of the content is connected to the terminal device of the user via a network. For each of a plurality of the contents, the content ID and which user is permitted to use the content indicated by the content ID, for each user The content attribute information is read from the content attribute information storage device that stores the content attribute information associated with the usage target level information corresponding to the permission level information that specifies which content is permitted to be used for the user. Whether to allow the use of the content And using the computer to transmit the content information stored in the content information storage device that stores the content information that is at least one of the plurality of content and the license of the content to the content receiving device. The user information generation means, the concealment use attribute information transmission means, the content request data reception means, the permission level information acquisition means, the content use permission means, and the content information transmission means.

According to such a configuration, the content transmission program can store the contents of a plurality of pieces of content information stored in the content information storage device based on the user ID and the user attribute information input from the outside by the user information generation unit. Among them, permission level information for specifying which content is allowed to be used by the user is generated, a random number is combined with a bit string constituting the permission level information, and hashed using a one-way hash function. Generate confidential use attribute information, generate user information in which the random number is associated with the user ID, store the user information in a user information storage device connected to the outside, and use the confidential information The attribute information transmitting means transmits the confidential use attribute information generated by the user information generating means to the content receiving device of the user. .

Further, the content transmission program receives the content request data from the content receiving device by the content request data receiving unit, and from the user information storage device based on the user ID included in the content request data by the permission level information acquiring unit. Read a random number corresponding to the user ID, generate a plurality of bit strings having the same number of bits as the bit string constituting the permission level information, combine the random numbers with each generated bit string, and use a one-way hash function The hash value thus hashed is compared with the concealment use attribute information further included in the content request data, and a bit string corresponding to the matching hash value is acquired as permission level information. Furthermore, the content transmission program reads the usage target level information included in the content attribute information corresponding to the content ID from the content attribute information storage device based on the content ID included in the content request data by the content use permission unit. Whether to permit the use of the content to the user indicated by the user ID included in the content request data based on the usage target level information and the permission level information acquired by the permission level information acquisition unit Determine. The content transmission program reads the content information corresponding to the content ID from the content information storage device when the content information transmission unit permits the user to use the content by the content usage permission unit, and the content reception device Send to.

  Accordingly, the content transmission program determines whether to permit the use of the content of the content information requested to be transmitted by the user according to the permission level information set for each user, and the permitted content is determined. Content information can be transmitted to the content receiving device. Furthermore, the content transmission program can conceal the permission level information set for each user and transmit it to the content receiving apparatus, and is combined with a random number used to conceal the permission level information and hashed The permission level information can be obtained by obtaining a bit string whose hash value matches the concealment use attribute information included in the content request data, and the use of the content of the content information requested to be transmitted by the user is permitted. It can be determined whether or not.

Content transmitting apparatus according to the present invention, the content receiving instrumentation 置及 beauty contents transmission program, excellent effects as follows. According to the invention described in claim 1, claim 5 or claim 7 , according to the basic attribute of each individual user, which content is permitted to be used by the user is specified by the permission level information. Also for content, by specifying which permission level information is set for the user for which the permission level is set by the usage target level information, each user can be determined based on the permission level information and the usage target level information. Thus, it is possible to control whether or not each content information can be distributed.

According to the first aspect of the present invention, the permission level information set based on the user attribute information can be concealed and managed, and the permission level information is transmitted when a request for transmission is received from the content receiving apparatus. Therefore, it is possible to operate the service provider while safely managing the usage attributes of the user. In addition, since the usage attribute of the user can be concealed and managed safely by a simple method without using encryption, the cost for key management and the like can be reduced, and an inexpensive and high-speed system can be constructed.

According to the second aspect of the present invention, the confidential predetermined bit information necessary for reconstructing the permission level information from the usage level information concealing the permission level information managed on the content transmission device side, It can be included in content request data that is a request for transmission of content information to the content transmission device. Therefore, in the content transmission device, the permission level information set based on the user attribute information can be concealed and managed, and the permission level information is again determined based on the confidential predetermined bit information transmitted from the content reception device. Since it can be acquired, it becomes possible to operate while managing the usage attribute of the user safely on the business side.

According to the invention described in claim 3 , claim 6, or claim 8 , according to the basic attribute of each individual user, which content is permitted to be used by the user is specified by permission level information. Also for content, by specifying which permission level information is set for the user for which the permission level is set by the usage target level information, each user can be determined based on the permission level information and the usage target level information. Thus, it is possible to control whether or not each content information can be distributed. Further, the permission level information set based on the user attribute information can be concealed and transmitted to the content receiving apparatus. Therefore, the usage attribute information is not managed on the provider side, and the usage attribute information is transmitted to the content receiving device by concealing the usage level information concealing the permission level information combined with a random number not notified to the user side. It is managed safely. Furthermore, when the concealment use attribute information in which the permission level information is concealed is transmitted from the content receiving apparatus and the transmission of the content information is requested, the permission level information can be reconstructed from the concealment use attribute information. it can. Therefore, it becomes possible to operate while managing the usage attribute of the user safely on the provider side and the user side.

  In addition, since the usage attribute of the user can be concealed and managed safely by a simple method without using encryption, the cost for key management and the like can be reduced, and an inexpensive and high-speed system can be constructed. Furthermore, it is only necessary to manage user information in which a random number and a user ID are associated for each user on the distributor side, and the data size of the information to be managed can be reduced.

According to the fourth aspect of the present invention, the concealment use attribute information in which the permission level information is concealed is received and managed from the content transmission apparatus, and the concealment use attribute information is transmitted to the content transmission apparatus as content information. Can be included in the content request data to be transmitted. Therefore, the permission level information set based on the user attribute information can be concealed and managed, and the content transmission apparatus obtains the permission level information again from the concealment use attribute information transmitted from the content reception apparatus. Therefore, it is possible to operate while managing the usage attributes of the user safely on the provider side and the user side.

Hereinafter, embodiments of the present invention will be described with reference to the drawings.
[Content distribution system configuration]
First, referring to FIG. 1, a configuration of a content distribution system S (SA, SB) including a content transmission device 1 (1A, 1B) and a content reception device 7 (7A, 7B) according to an embodiment of the present invention. explain. FIG. 1 is a block diagram illustrating a configuration of a content distribution system including a content transmission device and a content reception device according to an embodiment of the present invention.

  The content distribution system S (SA, SB) sends service request data (content request data) for requesting transmission of content (content information) designated by the user by the content receiving device 7 (7A, 7B), such as the Internet. It transmits to the content transmission device 1 (1A, 1B) via the communication network (network) N, receives the service request data by the content transmission device 1 (1A, 1B), and transmits it based on the usage attribute of the user In the system, it is determined whether or not the use of the requested content is permitted, and when permitted, the content is distributed to the content receiving device 7 (7A, 7B) via the communication network N.

  The content transmission device 1 (1A, 1B) receives service request data from the content reception device 7 (7A, 7B) via the communication network N, and information such as basic attributes of the user who requested the content and a content reception contract If the use attribute indicating which content is permitted to be used is determined based on the use attribute, and the requested content is determined to be usable based on the use attribute, the content is determined via the communication network N. It is transmitted to the requested content receiving device 7 (7A, 7B).

  The content reception device 7 (7A, 7B) transmits service request data to the content transmission device 1 (1A, 1B) via the communication network N based on a command from the user, and the content transmission device 1 (1A, 1B). ) To receive content.

  Hereinafter, the content transmission device 1 (1A, 1B) and the content reception device 7 (7A, 7B) in the content distribution system S (SA, SB) will be described in detail.

[Configuration of content transmission apparatus (first embodiment)]
First, referring to FIG. 2 (refer to FIG. 1 as appropriate), the configuration of the content transmission apparatus 1 according to the first embodiment of the present invention will be described. FIG. 2 is a block diagram showing the configuration of the content transmission apparatus according to the first embodiment of the present invention. The content transmission apparatus 1 includes user information management means 2 and service provision means 4.

  The user information management means 2 generates and registers or updates user information to be described later based on registration request data received from the content receiving device 7 via the communication network N. The user information management unit 2 includes an authentication processing unit 21, a registration request reception processing unit 22, a usage attribute determination unit 23, a user information registration unit 24, and a user information storage unit 25.

  The registration request data is for requesting the content transmission device 1 to register the user of the content reception device 7. This registration request data includes at least a user ID for identifying a user, which is information necessary for user registration, and further includes information on basic attributes of the user. Here, the registration request data will be described with reference to FIG. FIG. 3 is a schematic diagram schematically showing the structure of registration request data. As shown in FIG. 3, the registration request data R includes a request identification code R0 indicating a request for user registration or update of registration information to the content transmitting apparatus 1 in the header, a user ID R1, and basic user attributes. It consists of information such as a name R2, address R3, and telephone number R4. The basic attribute is not limited to this example, and may be, for example, information on the age of the user, gender, or the like.

  Returning to FIG. 2, the description will be continued. The authentication processing means 21 performs user authentication of registration request data transmitted from the content receiving device 7 via the communication network N. The registration request data authenticated here is output to the registration request reception processing means 22. The authentication processing means 21 applies a general authentication process such as an ID / password authentication method or a personal authentication method using a RSA (Rivest Shamir Adleman) signature or a DSA (Digital Signature Algorithm) signature. Can do.

  The registration request reception processing unit 22 receives the registration request data authenticated by the authentication processing unit 21 and acquires the user ID and basic attribute information. The user ID and basic attribute information acquired here are output to the usage attribute determination means 23 and the user information registration means 24.

  The usage attribute determining unit 23 determines a usage attribute based on the user ID and basic attribute information input from the registration request reception processing unit 22 and generates usage attribute information (permission level information) indicating the usage attribute. To do. The usage attribute information generated here is output to the user information registration means 24 as usage attribute identification information (usage level information). In the first embodiment, the usage attribute information and the usage attribute identification information are the same.

  Here, the usage attribute information specifies which content is allowed to be used by the user. In other words, for example, the use of some contents is restricted according to the user's viewing contract information input from the storage means connected externally based on the user ID, or basic attributes such as the user's address and age. In each content, a usage target level (usage target level information) indicating which contract contents and basic attributes a user is allowed to use is set in advance in each content. Information that specifies which level of content to be used is permitted in accordance with the contract contents and basic attributes is set as usage attribute information for each user.

  Here, as shown in FIG. 4, the usage attribute information (usage attribute identification information S0) can be composed of a bit string of a predetermined number of bits (n bits). FIG. 4 is an explanatory diagram for explaining an example of usage attribute identification information generated by the usage attribute determination means.

  For example, when the usage attribute information is 4-bit information, “1101” is set as usage attribute information for a certain user. Here, for example, when there is content with a usage target level of “> 1100” and content with “1111”, this usage attribute information permits the use of content with “> 1100”, but “1111”. "" Indicates that use of the content is not permitted. Note that “> 1100” indicates “1101”, “1110”, and “1111”, which are values larger than “1100”.

  Then, which usage attribute is set in advance is determined in accordance with the contract contents and basic attributes of the user indicated by the user ID. As shown in FIG. 2, the usage attribute determination means 23 performs registration request reception processing. Based on the user contract information acquired from the outside based on the user ID input from the means 22 and the basic attribute information input from the registration request reception processing means 22, the use attribute can be determined.

  The user information registration unit 24 generates user information in which the user ID and basic attribute information input from the registration request reception processing unit 22 and the usage attribute identification information input from the usage attribute determination unit 23 are associated with each other. Is. The user information generated here is stored in the user information storage means 25. Note that the user information generation means described in the claims corresponds to the use attribute determination means 23 and the user information registration means 24.

  The user information storage means (user information storage device) 25 stores the user information generated by the user information registration means 24, and is a storage means such as a hard disk. The user information stored here is read by the usage level determination means 43 of the service providing means 4.

  Here, the user information T, T,... Stored in the user information storage means 25 will be described using a specific example with reference to FIG. FIG. 5 is an explanatory diagram for explaining the user information stored in the user information storage means. Here, a case where registration request data including information such as a user's name, address, and telephone number as basic attributes is input by the content receiving device 7 will be described.

  As shown in FIG. 5, the user information storage means 25 stores a plurality of user information T, T,. Each user information T includes a user ID R1, information such as name R2, address R3, and telephone number R4, which are basic attributes of the user, and usage attribute identification information S0.

  Returning to FIG. 2, the description will be continued. Based on the service request data received from the content receiving device 7 via the communication network N, the service providing unit 4 determines whether to permit the use of the requested content, and if permitted, the service providing unit 4 The content is transmitted to the content receiving device 7. The service providing unit 4 includes an authentication processing unit 41, a usage request reception processing unit 42, a usage level determination unit 43, a content attribute storage unit 44, a content selection unit 45, a content storage unit 46, and a content transmission unit 47. With.

  The service request data is for requesting the content transmission apparatus 1 to transmit the content selected by the user. This service request data includes at least a user ID and a content ID for identifying the content, and here further includes information on the basic attributes of the user. Here, the service request data will be described with reference to FIG. FIG. 6 is a schematic diagram schematically showing the structure of service request data, (a) is a schematic diagram schematically showing the structure of service request data in the first embodiment of the present invention, and (b). FIG. 4 is a schematic diagram schematically showing the structure of service request data in the second embodiment of the present invention, and FIG. 5C schematically shows the structure of service request data in the third embodiment of the present invention. It is the shown schematic diagram. As shown in FIG. 6A, the service request data U includes, in the header, a request identification code U0 indicating that the content transmission apparatus 1 is requested to transmit content, a user IDR1, and the content requesting transmission. Content IDU2 shown. A description of FIGS. 6B and 6C will be given later.

  Returning to FIG. 2, the description will be continued. The authentication processing means 41 performs user authentication of service request data transmitted from the content receiving device 7 via the communication network N. Further, here, the authentication processing means 41 determines whether or not the service request data transmitted from the content receiving device 7 is within the usage period of the user ID. The service request data that has been authenticated and determined to be within the time limit is output to the use request reception processing means 42.

  The usage request reception processing means (content request data receiving means) 42 receives the service request data authenticated by the authentication processing means 41 and acquires the user ID and content ID. The user ID acquired here is output to the usage level determination unit 43, and the content ID is output to the content selection unit 45.

  The usage level determination unit (permission level information acquisition unit) 43 reads the user information stored in the user information storage unit 25 based on the user ID input from the usage request reception processing unit 42, and uses the service request data. The usage attribute information (permission level information) of the user of the transmitted content receiving device 7 is acquired. The usage attribute information acquired here is output to the content selection means 45.

  The content attribute storage unit (content attribute storage device) 44 stores content attribute information, and is a storage unit such as a hard disk, for example. The content attribute information stored here is read by the content selection means 45.

  The content attribute information indicates which usage attribute of each content is allowed to be used by the user. This content attribute information includes a content ID and a usage target level indicating whether or not the use of the content is permitted. Here, the content attribute information V, V,... Stored in the content attribute storage unit 44 will be described using a specific example with reference to FIG. FIG. 7 is an explanatory diagram for explaining the content attribute information stored in the content attribute storage means. Here, a case where the content is a video of a broadcast program will be described as an example.

  As shown in FIG. 7, the content attribute storage means 44 stores a plurality of content attribute information V, V,. Each content attribute information V includes a content ID V1, information such as a content title V2, a broadcast date V3, and a genre V4, and a usage target level V5.

  Returning to FIG. 2, the description will be continued. The content selection means (content usage permission means) 45 reads the content attribute information stored in the content attribute storage means 44 based on the content ID input from the usage request reception processing means 42, and determines the content attribute information and the usage level. Based on the use attribute information input from the means 43, it is determined whether or not use of the requested content is permitted. The determination result and the content ID determined here are output to the content transmission unit 47.

  Here, the content attribute information includes information on the usage target level, and the content selection unit 45 makes a request when the usage target level condition matches the usage attribute information input from the usage level determination unit 43. Allow use of the content that has been made.

  The content storage means (content information storage means, content information storage device) 46 stores contents, and is a storage means such as a hard disk, for example. The content stored here is read by the content transmission means 47.

  The content transmission unit (content information transmission unit) 47 receives the requested content based on the content ID input from the content selection unit 45 when the determination result permitting the use of the content is input by the content selection unit 45. Is read from the content storage means 46 and transmitted to the content receiving device 7 via the communication network N.

  As described above, the content transmission device 1 determines the use attribute based on the registration request data received from the content reception device 7 via the communication network N and the information such as the user contract content input from the outside. Thus, user information including a user ID and usage attribute identification information is generated and stored. Further, the content transmission device 1 receives service request data from the content reception device 7 via the communication network N, and uses the content based on the user's usage attribute information and the content attribute information of the content requested to be transmitted. It can be determined whether or not to permit, and the content can be transmitted only when permitted.

[Configuration of content receiving apparatus (first embodiment)]
Next, referring to FIG. 8 (refer to FIG. 1 and FIG. 2 as appropriate), the configuration of the content receiving apparatus 7 according to the first embodiment of the present invention will be described. FIG. 8 is a block diagram showing the configuration of the content receiving apparatus according to the first embodiment of the present invention. The content receiving device 7 includes basic attribute input means 71, registration request transmission means 72, service request data generation means 73, usage request transmission means 74, content reception means 75, and content display means 76.

  The basic attribute input means 71 inputs a user ID and a basic attribute from the outside. Here, the basic attribute input means 71 can input a user ID and a basic attribute from a user, for example using a keyboard etc. which are not shown in figure. The information input here is output to the registration request transmission means 72.

  The registration request transmission unit 72 generates registration request data including the user ID and basic attributes input from the basic attribute input unit 71 and transmits the registration request data to the content transmission apparatus 1 via the communication network N.

  The service request data generating unit 73 generates service request data including a user ID and a content ID based on an external command. The service request data generation unit 73 can generate service request data including the selected content ID by selecting content to be transmitted by the user with a mouse or the like (not shown), for example. The service request data generated here is output to the usage request transmission means 74.

  The usage request transmission unit (content request data transmission unit) 74 transmits the service request data generated by the service request data generation unit 73 to the content transmission apparatus 1 via the communication network N.

  The content receiving means (content information receiving means) 75 receives content from the content transmitting apparatus 1 via the communication network N. The content received here is output to the content display means 76.

  The content display means 76 converts the content received by the content receiving means 75 into a displayable format and outputs it to a display device (not shown) such as a liquid crystal display.

  As described above, when the user ID and basic attribute information are input from the outside, the content reception device 7 generates registration request data and transmits the registration request data to the content transmission device 1 via the communication network N. In addition, when content to be transmitted is selected from the outside, the content receiving device 7 generates service request data for requesting the content and transmits the service request data to the content transmitting device 1 via the communication network N. Furthermore, the content receiving device 7 can receive content from the content transmitting device 1 via the communication network N and display it on a display device (not shown).

  Note that the content transmitting apparatus 1 and the content receiving apparatus 7 can also realize each unit as a function program in a computer, and can also be operated as a content transmission program and a content reception program by combining the function programs. Is possible.

[Operation of content distribution system]
Next, referring to FIG. 9 and FIG. 10 (refer to FIG. 1, FIG. 2 and FIG. 8 as appropriate), an operation (user registration operation) in which the content transmission apparatus 1 in the present invention registers the user of the content reception apparatus 7 as a user. Next, an operation (content transmission operation) of transmitting content to the user content reception device 7 registered by the user registration operation will be described. FIG. 9 is a sequence diagram of a user registration operation and a content transmission operation between the content transmission apparatus and the content reception apparatus according to the first embodiment of the present invention, and (a) is a user of the content transmission apparatus and the content reception apparatus. (B) is a sequence diagram of the content transmission operation of the content transmission device and the content reception device.

<User registration operation>
First, with reference to FIG. 9A, a user registration operation between the content transmission device 1 and the content reception device 7 will be described. The content receiving apparatus 7 inputs a user ID and a basic attribute from the outside by the basic attribute input means 71 (step S11). Then, the content reception device 7 generates registration request data including the user ID and the basic attribute input in step S11 by the registration request transmission unit 72 and transmits the registration request data to the content transmission device 1 via the communication network N. (Step S12).

  Subsequently, the content transmission device 1 performs user authentication of the registration request data transmitted from the content reception device 7 in step S12 by the authentication processing unit 21 (step S13), and the registration request reception processing unit 22 performs registration request data. Is received (step S14). Then, the content transmission apparatus 1 acquires the user ID and basic attribute information from the registration request data received in step S14 by the registration request reception processing unit 22, and determines the usage attribute of the user by the usage attribute determination unit 23. Usage attribute identification information is generated (step S15). Then, the content transmitting apparatus 1 associates the user ID and basic attribute information included in the registration request data received in step S14 with the usage attribute identification information generated in step S15 by the user information registration unit 24. User information is stored in the user information storage means 25 (step S16).

<Content transmission operation>
Next, with reference to FIG. 9B, the content transmission operation between the content transmission device 1 and the content reception device 7 will be described. In the content receiving device 7, the service request data generating means 73 inputs a command for selecting the content to be transmitted from the outside (step S21). Then, the content receiver 7 generates service request data by the service request data generator 73 and transmits it to the content transmitter 1 via the communication network N by the usage request transmitter 74 (step S22).

  Subsequently, the content transmitting apparatus 1 performs user authentication of the service request data transmitted from the content receiving apparatus 7 in step S22 by the authentication processing unit 41 (step S23), and whether the service request data is within the user ID usage time limit. It is determined whether or not (step S24). If it is not within the usage period of the user ID (No in step S24), the process proceeds to a user registration operation sequence (FIG. 9A). If the user ID is within the usage period (Yes in step S24), the content transmitting apparatus 1 receives service request data by the usage request reception processing means 42 (step S25; content request data receiving step). .

  Then, the content transmitting apparatus 1 reads out the content when the requested content can be used based on the usage attribute of the user by the usage level determination operation described later, and the content receiving apparatus 7 via the communication network N (Step S26). Further, the content receiver 7 receives the content transmitted from the content transmitter 1 in step S26 by the content receiver 75 (step S27), and converts the content into a displayable format by the content display 76. Then, it outputs to the display means (not shown) (step S28).

<Use level judgment operation>
Next, the usage level determination operation (step S26 in FIG. 9B) of the content transmission device 1 will be described with reference to FIG. FIG. 10 is a flowchart for explaining the usage level determination operation in the sequence of the content transmission operation of the content transmission device.

  The content transmission apparatus 1 acquires the user ID and the content ID from the service request data received in step S25 of FIG. 9B by the usage request reception processing unit 42, and uses the user level ID by the usage level determination unit 43. Based on this, the user information stored in the user information storage means 25 is read out in step S16 of FIG. 9A to acquire usage attribute information (step S31; permission level information acquisition step).

  Furthermore, the content transmitting apparatus 1 reads the content attribute information from the content attribute storage unit 44 based on the content ID by the content selection unit 45, and the usage target level condition matches the usage attribute information acquired in step S31. (Step S32; content use permission step). If they do not match (No in step S32), the operation is terminated as it is. On the other hand, if they match (Yes in step S32), the content transmission device 1 reads the content from the content storage unit 46 by the content transmission unit 47 and transmits the content to the content reception device 7 via the communication network N (step S33). Content information transmission step).

  As described above, the content receiving device 7 generates registration request data and transmits the registration request data to the content transmitting device 1. The content transmitting device 1 receives the received registration request data, the contract contents of the user input from the outside, and the like. User information can be determined based on the information and user information can be generated and stored. Further, the content receiving device 7 generates service request data and transmits it to the content transmitting device 1, and the content transmitting device 1 is based on the received service request data and the user's usage attribute information and the content requested to be transmitted. The content attribute information is acquired, and it is determined whether or not the use of the content is permitted based on whether or not these match, and the content can be transmitted to the content receiving device 7 only when the content is permitted. Accordingly, the content transmission device 1 can control whether or not to permit the distribution of individual content according to the basic attribute for each user and the usage attribute determined according to the contract details.

  Then, the content transmission apparatus 1 determines whether or not the service can be used and charging settings for each individual user according to usage attributes determined by, for example, the payment status of the user's viewing fee, the usage record of the service, the number of acquired points, and the like. It can be set in detail and can be applied to various services such as preferential services for members and point services. Furthermore, the content transmission apparatus 1 can update the user's basic attributes that dynamically change, such as the user's residence, and can implement viewing control that flexibly responds to changes in the basic attributes. Here, the usage attribute information and the usage target level have been described as continuous numerical values, but each bit of the usage attribute information and the usage target level may be made independent to control whether or not the corresponding content can be viewed. . For example, by focusing on the content genre, the content transmission apparatus 1 can realize viewing control for each genre by making the first bit correspond to drama, the second bit music, and the third bit animation. .

[Configuration of Content Transmission Device (Second Embodiment)]
Next, referring to FIG. 11 (refer to FIG. 1 as appropriate), the configuration of a content transmission apparatus 1A according to the second embodiment of the present invention will be described. FIG. 11 is a block diagram showing a configuration of a content transmission apparatus according to the second embodiment of the present invention.

  As shown in FIG. 11, the content transmission device 1A receives service request data from the content reception device 7A via the communication network N, determines the usage attribute of the user, and requests the requested content based on the usage attribute. When the content is determined to be usable, the content is transmitted to the content receiving device 7A that requested the content via the communication network N. The content transmission device 1A includes a user information management unit 2A instead of the user information management unit 2 of the content transmission device 1 (see FIG. 2), and a service provision unit 4A instead of the service provision unit 4.

  The user information management means 2A generates and registers or updates user information to be described later based on registration request data received from the content receiving device 7A via the communication network N. The user information management unit 2A uses the usage attribute determination unit 23A instead of the usage attribute determination unit 23 of the user information management unit 2 (see FIG. 2) of the content transmission device 1 instead of the user information registration unit 24. The user information registration unit 24A is provided, and the usage attribute processing unit 26A and the usage attribute data transmission unit 27A are additionally provided. Since the configuration other than the usage attribute determination unit 23A, the user information registration unit 24A, the usage attribute processing unit 26A, and the usage attribute data transmission unit 27A in the user information management unit 2A is the same as that shown in FIG. The same reference numerals are given and description thereof is omitted. Note that the content transmitting apparatus 1A conceals the use attribute information as use attribute identification information, and generates user information including the user identification information, the user ID, and the basic attribute.

  The usage attribute determining unit 23A determines a usage attribute based on the user ID and basic attribute information input from the registration request reception processing unit 22, and generates usage attribute information (permission level information) indicating the usage attribute. To do. The usage attribute information and the user ID generated here are output to the user information registration unit 24A. Note that the use attribute determining unit 23A functions as compared with the use attribute determining unit 23 (FIG. 2) by outputting the use attribute information to the user information registering unit 24A and further outputting the user ID. Are the same.

  The use attribute processing unit 26A generates concealment use attribute information obtained by hashing the use attribute information (permission level information) generated by the use attribute determining unit 23A by combining the user ID and a random number for each bit. Usage attribute identification information (use level information) including concealment usage attribute information and a random number is generated. Further, the use attribute processing means 26A combines the data having the same number of bits as the concealment use attribute information with the same random number used for generating the user ID and the concealment use attribute information for each bit and hashing the data. The generated concealment information (confidential predetermined bit information) is generated, and use attribute data including the concealment information is generated. The usage attribute identification information generated here is output to the user information registration means 24. Further, the usage attribute data is output to the usage attribute data transmission unit 27A.

  Here, referring to FIG. 12 (refer to FIG. 11 as appropriate), using the specific examples of the concealment use attribute information, the use attribute identification information, the concealment information, and the use attribute data generated by the use attribute processing unit 26A. explain. FIG. 12 is an explanatory diagram for explaining a method in which the use attribute processing unit generates the concealment use attribute information, the use attribute identification information, the concealment information, and the use attribute data, and (a) shows an example of the use attribute information. (B) is a schematic diagram schematically showing an example of the concealment usage attribute information, (c) is a schematic diagram schematically showing an example of the usage attribute identification information, (D) is the schematic diagram which showed typically the example of concealment information, (e) is the schematic diagram which showed typically the example of utilization attribute data.

  As shown in FIG. 12A, here, a case will be described in which the usage attribute information is composed of four bits S1 to S4 of “1010”. When the usage attribute information as shown in FIG. 12A is input from the usage attribute determination unit 23A, the usage attribute processing unit 26A generates random numbers r1 to r4 having the same number of bits as shown in FIG. 12B. Let Then, the usage attribute processing unit 26A combines, for each bit, the user IDR1 input from the usage attribute determination unit 23A, one bit (S1 to S4), and one random number (r1 to r4) to generate a hash function. Is used to generate concealment use attribute information composed of hash values SA1 to SA4. Further, as shown in FIG. 12C, the use attribute processing unit 26A generates concealment use attribute information composed of hash values SA1 to SA4 and use attribute identification information composed of random numbers r1 to r4.

  Further, the usage attribute processing unit 26A generates a bit string “1111” having the same number of bits (4 bits) as the usage attribute information shown in FIG. Then, as shown in FIG. 12D, the usage attribute processing unit 26A, for each bit, the user IDR1 input from the usage attribute determination unit 23A, one bit (W1 to W4), and one random number ( r1 to r4) are combined and hashed using a hash function to generate concealment information composed of hash values WA1 to WA4. Then, as shown in FIG. 12 (e), the use attribute processing unit 26A includes the concealment use attribute information including the data identification code W0 and user IDR1 indicating the use attribute data in the header, and the hash values WA1 to WA4. Use attribute data consisting of

  The bits S1 and S3 of the usage attribute information are “1” and are the same bit values as the bits W1 and W3 of the bit string for generating the confidential information, so the hash value SA1 of the confidential usage attribute information, The hash value WA1 of the concealment information is the same value, and the hash value SA3 of the concealment use attribute information and the hash value WA3 of the concealment information are the same value. Here, the use attribute processing unit 26A generates the bit string “1111” of all “1” as the bit string of the predetermined value. However, the usage attribute processing unit 26A is not limited to this as long as it is a predetermined value. All the values may be set to “0”, or “1” and “0” may be alternately set.

  Here, the hash value is calculated using a one-way hash function. The one-way hash function is a function that compresses arbitrary length data into fixed length data. When different data is input, the data is converted into different hundreds of bits of compressed data. In this way, the usage attribute processing unit 26A uses the one-way hash function to transform each bit of the usage attribute information into a form that cannot be restored, so that the content transmission device 1A, the content reception device 7A, and the communication path are used. Confidentiality can be maintained. Here, SHA-1 (SHA; Secure Hash Algorithm), SHA-256, MD5 (The MD5 Message-Digest Algorithm), MD2 (The MD2 Message- Digest Algorithm).

  Returning to FIG. 11, the description will be continued. The user information registration unit 24A generates user information in which the user ID and basic attribute information input from the registration request reception processing unit 22 and the usage attribute identification information input from the usage attribute processing unit 26A are associated with each other. Is. The user information generated here is stored in the user information storage means 25. Note that the user information generation means described in the claims corresponds to the use attribute determination means 23A, the user information registration means 24A, and the use attribute processing means 26A. This user information registration means 24A is simply used as the use attribute determination means 23 (FIG. 2) to the use attribute processing means 26A as the input source of the use attribute identification information compared to the user information registration means 24 (FIG. 2). The function is the same.

  Here, the user information TA, TA,... Generated by the user information registration unit 24A and stored in the user information storage unit 25 will be described using a specific example with reference to FIG. FIG. 13 is an explanatory diagram for explaining the user information stored in the user information storage means. Here, a case will be described in which registration request data including information such as the user's name, address, and telephone number is input as basic attributes by the content receiving device 7A. Here, a case will be described in which the usage attribute information is n-bit information.

  As shown in FIG. 13, the user information storage means 25 stores a plurality of user information TA, TA,. Each user information TA includes user IDR1, information such as name R2, address R3, and telephone number R4 that are basic attributes of the user, and concealment use attribute information that is use attribute identification information (hash values SA1 to SAn). And random numbers r1 to rn.

  Returning to FIG. 11, the description will be continued. The usage attribute data transmission means (confidential predetermined bit information transmission means) 27A transmits the usage attribute data input from the usage attribute processing means 26A to the content reception device 7A via the communication network N.

  The service providing unit 4A determines whether to permit the use of the requested content based on the service request data received from the content receiving device 7A via the communication network N. The content is transmitted to the content receiving device 7A. The service providing unit 4A replaces the usage request reception processing unit 42A of the service providing unit 4 (see FIG. 2) of the content transmission device 1 with the usage request reception processing unit 42A, and replaces the usage level determination unit 43 with the usage level determination unit 43. 43A was provided. Since the configuration other than the usage request reception processing unit 42A and the usage level determination unit 43A in the service providing unit 4A is the same as that shown in FIG. 2, the same reference numerals are given and description thereof is omitted.

  Here, the service request data will be described with reference to FIG. As shown in FIG. 6B, the service request data UA includes, in the header, a request identification code U0 indicating that the content transmission apparatus 1A requests content distribution, a user IDR1, and the content requesting distribution. Content IDU2 to be shown and concealment information UA3. The request identification code U0, user IDR1, and content IDU2 are the same as the service request data U in FIG. The concealment information UA3 is information included in the usage attribute data generated by the usage attribute processing unit 26A and transmitted to the content receiving device 7A (FIG. 12E).

  Returning to FIG. 11, the description will be continued. The use request reception processing means (content request data receiving means) 42A receives the service request data authenticated by the authentication processing means 41, and acquires the user ID, content ID, and concealment information. The acquired user ID and concealment information are output to the usage level determination unit 43A, and the content ID is output to the content selection unit 45.

  The usage level determination unit (permission level information acquisition unit) 43A reads out the user information stored in the user information storage unit 25 based on the user ID input from the usage request reception processing unit 42A, and the user information and Based on the concealment information input from the usage request reception processing means 42A, the usage attribute information (permission level information) of the user of the content receiving device 7A that has transmitted the service request data is acquired. The usage attribute information acquired here is output to the content selection means 45.

  The usage level determination unit 43A compares the concealment use attribute information included in the user information read from the user information storage unit 25 with the concealment information input from the use request reception processing unit 42A. , Usage attribute information can be acquired.

  Here, with reference to FIG. 12, a method for the usage level determination unit 43A to acquire the usage attribute information will be described. The user information read from the user information storage unit 25 includes concealment use attribute information including hash values SA1 to SA4 as shown in FIG. On the other hand, the concealment information input from the use request reception processing means 42A is composed of hash values WA1 to WA4 as shown in FIG.

  When the bit value of the usage attribute information is 1, the hash value (SA1, SA3) of the confidential usage attribute information and the hash value (WA1, WA3) of the confidential information are the same for the same value. It matches because it is a hash value generated using a hash function. On the other hand, in the case of 0, the hash values (SA2, SA4) of the concealment use attribute information and the hash values (WA2, WA4) of the concealment information are generated for values having different bit values (W1, W4), respectively. Does not match because it is a hash value. Therefore, the usage level determination unit 43A compares the hash values of the concealment use attribute information and the concealment information, and if they match, the bit value is “1”, and if they do not match, the bit value is “ By setting it to “0”, usage attribute information can be generated.

[Configuration of content receiving apparatus (second embodiment)]
Next, with reference to FIG. 14 (refer to FIG. 1 and FIG. 11 as appropriate), the configuration of the content receiving apparatus 7A according to the second embodiment of the present invention will be described. FIG. 14 is a block diagram showing a configuration of a content receiving apparatus according to the second embodiment of the present invention.

  As shown in FIG. 14, the content receiving device 7A transmits service request data to the content transmitting device 1A via the communication network N based on an instruction from the user, and receives the content from the content transmitting device 1A. . The content receiving device 7A includes a service request data generating unit 73A instead of the service request data generating unit 73 of the content receiving device 7 (see FIG. 8), and further includes a use attribute data receiving unit 77A, a concealment information storage unit 78A, And added. Since the configuration other than the service request data generation unit 73A, the usage attribute data reception unit 77A, and the concealment information storage unit 78A in the content reception device 7A is the same as that shown in FIG. Description is omitted.

  The service request data generation unit (content request data generation unit) 73A generates service request data including a user ID, a content ID, and concealment information based on an external command. The service request data generated here is output to the usage request transmission means 74.

  Here, the concealment information is stored in the concealment information storage unit 78A described later, and the service request data generation unit 73A conceals the concealment information from the concealment information storage unit 78A when the content to be transmitted is selected from the outside. The service information data UA including the request identification code U0, the user IDR1, the content IDU2, and the concealment information UA3 as shown in FIG.

  Usage attribute data receiving means (confidential predetermined bit information receiving means) 77A receives the usage attribute data transmitted from the content transmitting apparatus 1A via the communication network N. The usage attribute data received here is stored in the concealment information storage unit 78A.

  The concealment information storage unit 78A stores the use attribute data received by the use attribute data receiving unit 77A, and is a storage unit such as a memory. The usage attribute data stored here is read out by the service request data generation means 73A.

[Operation of content distribution system]
Next, referring to FIG. 15 and FIG. 16 (see FIG. 1, FIG. 9, FIG. 11 and FIG. 14 as appropriate), the content transmission device 1A according to the present invention registers the user of the content reception device 7A as a user, An operation of transmitting content to the receiving device 7A will be described. FIG. 15 is a sequence diagram of a user registration operation between the content transmission device and the content reception device according to the second embodiment of the present invention.

<User registration operation>
First, a user registration operation between the content transmission device 1A and the content reception device 7A will be described with reference to FIG. The content receiving device 7A inputs the user ID and the basic attribute from the outside by the basic attribute input means 71 (step S41). Then, the content receiving device 7A generates registration request data including the user ID and basic attributes input in step S41 by the registration request transmitting unit 72, and transmits the registration request data to the content transmitting device 1A via the communication network N. (Step S42).

  Subsequently, the content transmitting apparatus 1A performs user authentication of the registration request data transmitted from the content receiving apparatus 7A in step S42 by the authentication processing unit 21 (step S43), and the registration request reception processing unit 22 performs registration request data. Is received (step S44). Then, the content transmission apparatus 1A acquires the user ID and basic attribute information from the registration request data received in step S44 by the registration request reception processing unit 22, and determines the usage attribute of the user by the usage attribute determination unit 23A. The use attribute processing means 26A generates concealment use attribute information to generate use attribute identification information (step S45).

  Furthermore, the content transmitting apparatus 1A generates concealment information by the use attribute processing unit 26A, and generates use attribute data (step S46). Then, the content transmitting apparatus 1A transmits the usage attribute data generated in step S46 to the content receiving apparatus 7A (step S47). Further, the content transmitting apparatus 1A associates the user ID and basic attribute information included in the registration request data received in step S44 with the usage attribute identification information generated in step S45 by the user information registration unit 24A. User information is stored in the user information storage means 25 (step S48).

  Then, the content reception device 7A receives the usage attribute data transmitted in step S48 from the content transmission device 1A (step S49), and stores the usage attribute information received in step S49 in the concealment information storage unit 78A. (Step S50).

<Use level judgment operation>
Next, with reference to FIG. 16, the usage level determination operation (step S <b> 26 in FIG. 9B) of the user content transmission apparatus 1 </ b> A registered by the user registration operation illustrated in FIG. 15 will be described. FIG. 16 is a flowchart for explaining a usage level determination operation in the sequence of the content transmission operation of FIG. 9B of the content transmission apparatus according to the second embodiment of the present invention.

  The content transmission operation of the content transmission device 1A and the content reception device 7A is the same as the content transmission operation (FIG. 9B) of the content transmission device 1 (FIG. 2) and the content reception device 7 (FIG. 8). In addition, when the service request data is generated by the service request data generation unit 73A in step S22 of FIG. 9B, the concealment information stored in the concealment information storage unit 78A is used as the operation of the content receiving device 7A. The service request data further including the concealment information is generated by reading, and the other steps are the same operation, and thus the description thereof is omitted.

(Permission level information acquisition step)
The content transmitting apparatus 1A sets the variable k (k is an integer from 1 to n, n is the number of bits of the usage attribute information) to 1 by the usage level determination unit 43A (step S61). Then, the content transmitting apparatus 1A uses the use request reception processing unit 42A to make the user ID and the content ID from the service request data received in step S25 of FIG. 9B, and the concealment information generated in step S46 of FIG. Based on the user ID, the usage level determination unit 43A reads the user information stored in the user information storage unit 25 in step S48 of FIG. Then, the kth hash values of the concealment use attribute information and the concealment information are compared to determine whether or not they match (step S62). If they match (“=” in step S62), the content transmission apparatus 1A sets the k-th bit value a (k) of the usage attribute identification information to “1” by the usage level determination unit 43A (step S62). S63) If they do not match (“≠” in step S62), the content transmitting apparatus 1A sets the k-th bit value a (k) of the usage attribute identification information to “0” by the usage level determination unit 43A. (Step S64). Subsequently, the content transmitting apparatus 1A determines whether or not k = n by the usage level determination unit 43A (step S65). If k = n is not satisfied (No in step S65), the content transmission device 1A adds 1 to k (step S66) by the usage level determination unit 43A, and returns to step S62 for confidential use. The operations after the operation of comparing the k-th hash values of the attribute information and the concealment information are performed.

  On the other hand, in the case of k = n (Yes in step S65), the content transmitting apparatus 1A reads the content attribute information from the content attribute storage unit 44 based on the content ID by the content selection unit 45, and uses the usage target level condition. Is matched with the usage attribute information a (1)... A (n) acquired in steps S61 to S65 (step S67; content usage permission step). If they do not match (No in step S67), the operation ends. On the other hand, if they match (Yes in step S67), the content transmission device 1A reads the content from the content storage unit 46 by the content transmission unit 47 and transmits it to the content reception device 7A via the communication network N (step S68). Content information transmission step).

  As described above, the content receiving device 7A generates registration request data and transmits the registration request data to the content transmitting device 1A. The content transmitting device 1A receives the received registration request data, the contract contents of the user input from the outside, and the like. It is necessary to generate usage attribute information based on the information of this, conceal this usage attribute information, generate and store user information, and acquire usage attribute information from the concealed confidential usage attribute information. Can be transmitted to the content receiving device 7A. As a result, the content transmission device 1A and the content reception device 7A can divide the information related to the user's usage attribute into two pieces of information that cannot be used alone and store them internally. It becomes possible to conceal and manage user attribute information.

  Further, the content reception device 7A generates service request data including the concealment information and transmits the service request data to the content transmission device 1A. The content transmission device 1A transmits the user usage attribute information and the transmission based on the received service request data. The content attribute information of the requested content is acquired, it is determined whether or not the use of the content is permitted based on whether or not these match, and the content is transmitted to the content receiving device 7A only when the content is permitted. can do. Thus, the content transmitting apparatus 1A can control whether or not to permit the distribution of individual contents according to the basic attributes for each user and the usage attributes determined according to the contract details. Furthermore, since the content distribution system SA can be concealed by a simple method of hashing the usage attribute information for each bit without using encryption, and can be safely managed in the content transmission device 7A, the cost for key management and the like is reduced. It can be reduced, and an inexpensive and high-speed system can be constructed.

[Configuration of Content Transmission Device (Third Embodiment)]
Next, with reference to FIG. 17 (refer to FIG. 1 as appropriate), the configuration of the content transmission device 1B according to the third embodiment of the present invention will be described. FIG. 17 is a block diagram showing a configuration of a content transmission apparatus according to the third embodiment of the present invention.

  As shown in FIG. 17, the content transmission device 1B receives service request data from the content reception device 7B via the communication network N, determines the usage attribute of the user, and requests the requested content based on the usage attribute. Is determined to be usable, the content is transmitted to the content receiving device 7B that requested the content via the communication network N. The content transmission device 1B includes a user information management unit 2B instead of the user information management unit 2A of the content transmission device 1A (see FIG. 11), and a service provision unit 4B instead of the service provision unit 4A.

  The user information management means 2B generates and registers or updates user information to be described later based on registration request data received from the content receiving device 7B via the communication network N. The user information management unit 2B includes a usage attribute processing unit 26B instead of the usage attribute processing unit 26A of the user information management unit 2A (see FIG. 11) of the content transmission apparatus 1A. Since the configuration other than the usage attribute processing unit 26B in the user information management unit 2B is the same as that shown in FIG. 11, the same reference numerals are given and description thereof is omitted. Note that the content transmitting apparatus 1B conceals the use attribute information as the concealed use attribute information, generates the use attribute data including the concealed user identification information, and the unique random number used for concealment. User information including a user ID and basic attributes is generated.

  The usage attribute processing unit 26B generates concealed usage attribute information obtained by hashing the usage attribute information (permission level information) generated by the usage attribute determination unit 23A with a user ID and a random number, and includes the random number. Use attribute identification information is generated. Further, the usage attribute processing unit 26B generates usage attribute data including the concealment usage attribute information. The usage attribute identification information generated here is output to the user information registration means 24. Also, the usage attribute data is output to usage attribute data transmission means (confidential usage attribute information transmission means) 27A.

  Here, with reference to FIG. 18 (refer to FIG. 17 as appropriate), the concealment usage attribute information, usage attribute identification information, and usage attribute data generated by the usage attribute processing unit 26B will be described using a specific example. FIG. 18 is an explanatory diagram for explaining a method in which the use attribute processing means generates the concealment use attribute information, the use attribute identification information, and the use attribute data, and (a) schematically shows an example of the use attribute information. (B) is a schematic diagram schematically showing an example of concealment usage attribute information, (c) is a schematic diagram schematically showing an example of usage attribute identification information, and (d) is a schematic diagram showing It is the schematic diagram which showed the example of utilization attribute data typically.

  As shown in FIG. 18A, here, a case where the usage attribute information S0 'is 4-bit information of "1010" will be described. When the usage attribute information as shown in FIG. 18A is input from the usage attribute determination unit 23A, the usage attribute processing unit 26B generates a random number ri as shown in FIG. 18B. Then, the usage attribute processing unit 26B combines the user IDR1, the usage attribute information S0 ′, and the random number ri input from the usage attribute determination unit 23A, and uses the hash value obtained by hashing using the hash function. The concealment use attribute information SB is generated. Further, as shown in FIG. 18C, the usage attribute processing unit 26B uses the random number ri as usage attribute identification information.

  Then, as shown in FIG. 12D, the usage attribute processing unit 26B generates usage attribute data including a data identification code W0 and a user IDR1 in the header, and the confidential usage attribute information SB. Note that the user information generation means described in the claims corresponds to the use attribute determination means 23A, the user information registration means 24A, and the use attribute processing means 26B.

  Here, the user information TB, TB,... Generated by the user information registration unit 24A and stored in the user information storage unit 25 will be described using a specific example with reference to FIG. FIG. 19 is an explanatory diagram for explaining the user information stored in the user information storage means. Here, a case will be described in which registration request data including information such as a user's name, address, and telephone number is input as basic attributes by the content receiving device 7B.

  As shown in FIG. 19, the user information storage means 25 stores a plurality of user information TB, TB,. Each user information TB is composed of a user IDR1, information such as name R2, address R3, and telephone number R4 as basic user attributes, and a random number ri as usage attribute identification information.

  Returning to FIG. 17, the description will be continued. Based on the service request data received from the content receiving device 7B via the communication network N, the service providing unit 4B determines whether to permit the use of the requested content. The content is transmitted to the content receiving device 7B. The service providing unit 4B replaces the usage request reception processing unit 42A of the service providing unit 4A (see FIG. 11) of the content transmission apparatus 1A with the usage request reception processing unit 42B, and replaces the usage level determination unit 43A with the usage level determination unit. 43B was provided. Since the configuration other than the usage request reception processing unit 42B and the usage level determination unit 43B in the service providing unit 4B is the same as that shown in FIG. 11, the same reference numerals are given and description thereof is omitted.

  Here, the service request data will be described with reference to FIG. As shown in FIG. 6C, the service request data UB includes, in the header, a request identification code U0 indicating a request for content distribution to the content transmitting apparatus 1B, a user IDR1, and a content requesting distribution. Content IDU2 to be shown, and concealment use attribute information SB. The request identification code U0, the user IDR1, and the content IDU2 are the same as the service request data U shown in FIGS. 6 (a) and 6 (b). Further, the concealment use attribute information SB is generated by the use attribute processing unit 26B and transmitted to the content receiving device 7B.

  Returning to FIG. 17, the description will be continued. The usage request reception processing means (content request data receiving means) 42B receives the service request data authenticated by the authentication processing means 41, and acquires the user ID, content ID, and concealment usage attribute information. . The acquired user ID and concealment usage attribute information are output to the usage level determination unit 43B, and the content ID is output to the content selection unit 45.

  The usage level determination means (permission level information acquisition means) 43B reads the user information stored in the user information storage means 25 based on the user ID input from the usage request reception processing means 42B, and this user information and Based on the concealment use attribute information input from the use request reception processing means 42B, the use attribute information (permission level information) of the user of the content receiving device 7B that has transmitted the service request data is acquired. The usage attribute information acquired here is output to the content selection means 45.

  The usage level determination unit 43B includes a user ID, usage attribute identification information (random number) included in the user information read from the user information storage unit 25, and bit strings of various values having the same number of bits as the usage attribute information. , Hashed using a hash function, and compared with the concealed use attribute information input from the use request reception processing means 42B, the use attribute information can be acquired. Here, the number of bits of the bit string constituting the usage attribute information is predetermined and known information.

  Here, with reference to FIG. 20, a method for the usage level determination unit 43B to acquire usage attribute information will be described using a specific example. FIG. 20 is an explanatory diagram for explaining a method by which the usage level determination unit acquires usage attribute information. Here, a case where the usage attribute information is 4-bit information will be described.

  The user information read from the user information storage means 25 includes usage attribute identification information made up of random numbers ri as shown in FIG. On the other hand, the concealment use attribute information SB as shown in FIG. 20B and the user IDR1 shown in FIG. 20C are input from the use request reception processing means 42B.

  Then, the usage level determination unit 43B combines each of the 4-bit bit strings X1 to X16 of “0000” to “1111” having the same number of bits as the usage attribute information, the user IDR1, and the random number ri. Then, the usage level determining unit 43B hashes each piece of information obtained by the combination using a hash function to generate hash values Y1 to Y16. Then, the usage level determination unit 43B selects the hash value Y11 that matches the hash values Y1 to Y16 and the concealment usage attribute information SB input from the usage request reception processing unit 42B, and before hashing “1010”, which is a 4-bit bit string X11, is acquired as usage attribute information.

[Configuration of Content Receiving Device (Third Embodiment)]
Next, with reference to FIG. 21 (refer to FIG. 1 and FIG. 17 as appropriate), the configuration of the content receiving apparatus 7B according to the third embodiment of the present invention will be described. FIG. 21 is a block diagram showing a configuration of a content receiving apparatus according to the third embodiment of the present invention.

  As shown in FIG. 21, the content reception device 7B transmits service request data to the content transmission device 1B via the communication network N based on an instruction from the user, and receives content from the content transmission device 1B. . The content receiving device 7B includes a service request data generating unit 73B instead of the service request data generating unit 73A of the content receiving device 7A (see FIG. 14). Since the configuration other than the service request data generation unit 73B in the content receiving device 7B is the same as that shown in FIG. 14, the same reference numerals are given and the description thereof is omitted.

  The service request data generation unit (content request data generation unit) 73B generates service request data including a user ID, a content ID, and concealment use attribute information based on an external command. The service request data generated here is output to the usage request transmission means 74.

  Here, the use attribute data including the concealment use attribute information is stored in the concealment information storage unit 78A after being received by the use attribute data receiving unit (the concealment use attribute information receiving unit) 77A. Then, when the content to be transmitted is selected from the outside, the service request data generation unit 73B reads the concealment use attribute information from the concealment information storage unit 78A, and as shown in FIG. Service request data UB including request identification code U0, user IDR1, content IDU2, and concealment use attribute information SB is generated.

[Operation of content distribution system]
Next, referring to FIG. 15 and FIG. 22 (refer to FIG. 1, FIG. 9, FIG. 17 and FIG. 21 as appropriate), the content transmission device 1B according to the present invention registers the user of the content reception device 7B as a user, An operation of transmitting content to the receiving device 7B will be described.

<User registration operation>
First, with reference to FIG. 15, the user registration operation of the content transmission device 1B and the content reception device 7B will be described. The content receiving device 7B inputs a user ID and a basic attribute from the outside by the basic attribute input means 71 (step S41). Then, the content reception device 7B generates registration request data including the user ID and the basic attribute input in step S41 by the registration request transmission unit 72, and transmits the registration request data to the content transmission device 1B via the communication network N. (Step S42).

  Subsequently, the content transmission device 1B performs user authentication of the registration request data transmitted from the content reception device 7B in step S42 by the authentication processing unit 21 (step S43), and the registration request reception processing unit 22 performs registration request data. Is received (step S44).

(User information generation storage step)
Then, the content transmitting apparatus 1B acquires the user ID and basic attribute information from the registration request data received in step S44 by the registration request reception processing unit 22, and determines the usage attribute of the user by the usage attribute determination unit 23A. The usage attribute processing means 26B generates usage attribute identification information (random number) (step S45). Furthermore, the content transmitting apparatus 1B generates concealment use attribute information by the use attribute processing unit 26B, and generates use attribute data (step S46). Then, the content transmission device 1B transmits the usage attribute data generated in step S46 to the content reception device 7B (step S47). Furthermore, the content transmitting apparatus 1B associates the user ID and basic attribute information included in the registration request data received in step S44 with the usage attribute identification information generated in step S45 by the user information registration unit 24B. User information is stored in the user information storage means 25 (step S48).

  Then, the content receiving device 7B receives the usage attribute data transmitted in step S48 from the content transmission device 1B (step S49), and stores the usage attribute information received in step S49 in the concealment information storage unit 78A. (Step S50).

<Use level judgment operation>
Next, with reference to FIG. 22, the usage level determination operation (step S <b> 26 in FIG. 9B) of the user content transmission apparatus 1 </ b> B registered by the user registration operation illustrated in FIG. 15 will be described. FIG. 22 is a flowchart for explaining a usage level determination operation in the sequence of the content transmission operation of FIG. 9B of the content transmission apparatus according to the third embodiment of the present invention.

  The content transmission operations of the content transmission device 1B and the content reception device 7B are the same as the content transmission operation (FIG. 9B) of the content transmission device 1 (FIG. 2) and the content reception device 7 (FIG. 8). In addition, when the service request data is generated by the service request data generation unit 73B in step S22 of FIG. 9B, the concealment use attribute stored in the concealment information storage unit 78A is used as the operation of the content receiving device 7B. The information is read out, and service request data further including the concealment use attribute information is generated. The other steps are the same operation, and thus description thereof is omitted.

<Use level judgment operation>
(Permission level information acquisition step)
The content transmitting apparatus 1B sets the variable j (j is an integer from 1 to 2 ⁿ -1 and n is the number of bits of the usage attribute information) to 0 by the usage level determination unit 43B (step S71). Then, the content transmitting apparatus 1B uses the use request reception processing unit 42B to make the user ID and the content ID from the service request data received in step S25 of FIG. 9B and the concealed use generated in step S46 of FIG. The attribute information is acquired, and the user level stored in the user information storage unit 25 in step S48 in FIG. 15 is read out by the usage level determination unit 43B based on the user ID, and the usage attribute identification information (random number) is obtained. To get. Then, the content transmission apparatus 1B uses the usage level determination unit 43B to hash the hash value Hash (ID‖) obtained by combining the user ID, the n-bit variable j having the same number of bits as the usage attribute information, and the random number ri. j‖ri) is calculated and compared with the concealment use attribute information to determine whether or not they match (step S72). If they do not match (“≠” in step S72), the content transmission device 1B determines whether j = 2 ⁿ −1 by the usage level determination unit 43B (step S73). If j = 2 ⁿ −1 (Yes in step S73), the content transmitting apparatus 1B ends the operation as it is, and if j = 2 ⁿ −1 is not satisfied (No in step S73), the content The transmission apparatus 1B adds 1 to j by the usage level determination unit 43B (step S74), returns to step S72, and the content transmission apparatus 1B uses the hash value Hash (ID‖j by the usage level determination unit 43B. ‖Ri) and the operation after comparing the concealment use attribute information are performed. On the other hand, if they match (“=” in step S72), the content transmitting apparatus 1B uses j as usage attribute information by the usage level determination unit 43B (step S75).

  Then, the content transmission device 1B reads the content attribute information from the content attribute storage unit 44 based on the content ID by the content selection unit 45, and whether the usage target level condition matches the usage attribute information acquired in step S75. (Step S76; content use permission step). If they do not match (No in step S76), the operation is terminated as it is. On the other hand, if they match (Yes in step S76), the content transmission device 1B reads the content from the content storage unit 46 by the content transmission unit 47 and transmits it to the content reception device 7B via the communication network N (step S77). Content information transmission step).

  As described above, the content receiving device 7B generates registration request data and transmits the registration request data to the content transmitting device 1B. The content transmitting device 1B receives the received registration request data, the contract contents of the user input from the outside, and the like. Usage attribute information is generated on the basis of the information, a random number is generated, user information including the random number is stored, and concealed usage attribute information obtained by concealing the usage attribute information using the random number is stored in the content receiving device 7B. Can be sent to. As a result, the content transmission device 1B and the content reception device 7B can divide the information related to the user's usage attribute into two pieces of information that cannot be used alone and store them internally. It becomes possible to conceal and manage user attribute information.

  Further, the content receiving device 7B generates service request data including the concealment usage attribute information and transmits it to the content transmission device 1B, and the content transmission device 1B uses the user usage attribute information based on the received service request data. And the content attribute information of the content requested to be transmitted, it is determined whether or not the use of the content is permitted based on whether or not these match, and the content receiving apparatus 7B receives the content only when the content is permitted. Can be sent. Thus, the content transmitting apparatus 1B can control whether or not to permit the distribution of individual contents according to the basic attributes for each user and the usage attributes determined according to the contract details. Furthermore, the content distribution system SB can be safely managed in the content receiving device 7B by using a simple method of hashing the usage attribute information without using encryption, and the usage attribute in the content transmission device 7A. Since only random numbers used when hashing information are managed, the cost for key management and the like can be reduced, an inexpensive and high-speed system can be constructed, and stored in the content transmission device 1B and the content reception device 7B. The data size of the information (use attribute identification information and concealment use attribute information) to be performed can be reduced as compared with the second embodiment.

  The embodiment of the present invention has been described above, but the content transmitting apparatus and the content receiving apparatus of the present invention are not limited to this, and include design changes and the like without departing from the gist of the present invention. For example, in the present embodiment, the content transmission device 1 (1A, 1B) determines whether or not the content can be used, and the content reception device 7 (7A, 7A, 7B, 7), which is permitted to use the content via the communication network N. 7B), the distribution company transmits the content to the user side in advance via a broadcast wave or the like, and the content transmission device (not shown) of the present invention determines whether or not the content can be used. The license (content information) for viewing the content may be transmitted via the communication network N to a content receiving apparatus (not shown) permitted to use.

  In the description of the present embodiment, there is no particular mention of the concealment of the communication path between the distribution service provider and the user, but the communication path that requires the secret communication is generally a SSL (Secure Socket Layer) or the like. It goes without saying that various means for protecting the communication path may be used.

It is the block diagram which showed the structure of the content delivery system provided with the content transmitter which is embodiment of this invention, and a content receiver. It is the block diagram which showed the structure of the content transmission apparatus which is 1st embodiment of this invention. It is the schematic diagram which showed typically the structure of the registration request data transmitted from the content receiver which is 1st embodiment of this invention. It is explanatory drawing for demonstrating the example of the utilization attribute identification information produced | generated by the utilization attribute determination means of the content transmission apparatus which is 1st embodiment of this invention. It is explanatory drawing for demonstrating the user information memorize | stored in the user information storage means of the content transmission apparatus which is 1st embodiment of this invention. The schematic diagram which showed typically the structure of the service request data transmitted from the content receiver in this invention, (a) showed the structure of the service request data in 1st embodiment of this invention typically Schematic diagram (b) schematically shows the structure of the service request data in the second embodiment of the present invention. (C) shows the service request data in the third embodiment of the present invention. It is the schematic diagram which showed the structure typically. It is explanatory drawing for demonstrating the content attribute information memorize | stored in the content attribute memory | storage means of the content transmission apparatus which is 1st embodiment of this invention. It is the block diagram which showed the structure of the content receiver which is 1st embodiment of this invention. The sequence diagram of the user registration operation and content transmission operation of the content transmission device and the content reception device according to the first embodiment of the present invention, FIG. FIG. 4B is a sequence diagram of the content transmission operation of the content transmission device and the content reception device. It is a flowchart for demonstrating the utilization level determination operation | movement in the sequence of the content transmission operation | movement of the content transmission apparatus which is 1st embodiment of this invention. It is the block diagram which showed the structure of the content transmission apparatus which is 2nd embodiment of this invention. Explanatory drawing for demonstrating the method in which the utilization attribute process means of the content transmission apparatus which is 2nd embodiment of this invention produces | generates concealment utilization attribute information, utilization attribute identification information, concealment information, and utilization attribute data. , (A) is a schematic diagram schematically illustrating an example of usage attribute information, (b) is a schematic diagram schematically illustrating an example of concealment usage attribute information, and (c) is usage attribute identification information. (D) is a schematic diagram schematically illustrating an example of concealment information, and (e) is a schematic diagram schematically illustrating an example of usage attribute data. . It is explanatory drawing for demonstrating the user information memorize | stored in the user information storage means of the content transmission apparatus which is 2nd embodiment of this invention. It is the block diagram which showed the structure of the content receiver which is 2nd embodiment of this invention. It is a sequence diagram of the user registration operation | movement with the content transmitter which is 2nd embodiment of this invention, and a content receiver. It is a flowchart for demonstrating the utilization level determination operation | movement in the sequence of the content transmission operation | movement of FIG.9 (b) of the content transmission apparatus which is 2nd embodiment of this invention. It is the block diagram which showed the structure of the content transmission apparatus which is 3rd embodiment of this invention. Explanatory drawing for demonstrating the method in which the utilization attribute process means of the content transmission apparatus which is 3rd embodiment of this invention produces | generates concealment utilization attribute information, utilization attribute identification information, and utilization attribute data, (a) Is a schematic diagram schematically showing an example of usage attribute information, (b) is a schematic diagram schematically showing an example of concealment usage attribute information, and (c) is a schematic example of usage attribute identification information. (D) is a schematic diagram schematically showing an example of usage attribute data. It is explanatory drawing for demonstrating the user information memorize | stored in the user information storage means of the content transmission apparatus which is 3rd embodiment of this invention. It is explanatory drawing for demonstrating the method in which the utilization level determination means of the content transmission apparatus which is 3rd embodiment of this invention acquires utilization attribute information. It is the block diagram which showed the structure of the content receiver which is 3rd embodiment of this invention. It is a flowchart for demonstrating the utilization level determination operation | movement in the sequence of the content transmission operation | movement of FIG.9 (b) of the content transmission apparatus which is 3rd embodiment of this invention. It is the block diagram which showed typically the streaming delivery system using the conventional DRM.

Explanation of symbols

1, 1A, 1B Content transmission device 23, 23A Usage attribute determination means 24, 24A User information registration means 25 User information storage means (user information storage device)
26A, 26B Usage attribute processing means 27A Usage attribute data transmission means (confidential predetermined bit information transmission means, concealment usage attribute information transmission means)
42, 42A, 42B Usage request reception processing means (content request data receiving means)
43, 43A, 43B Usage level determination means (permission level information acquisition means)
44 Content attribute storage means (content attribute storage device)
45 Content selection means (content use permission means)
46 Content storage means (content information storage means, content information storage device)
47 Content transmission means (content information transmission means)
7, 7A, 7B Content receiving device 73, 73A, 73B Service request data generating means (content request data generating means)
74 Usage request transmission means (content request data transmission means)
75 Content receiving means (content information receiving means)
77A Usage attribute data receiving means (confidential predetermined bit information receiving means, confidential usage attribute information receiving means)
78A Confidential information storage means

Claims (8)

Content request data including a content ID for identifying content and a user ID for identifying a user of the content is received from a content receiving device that is a terminal device of the user connected via a network, and the content is received A content transmission device that transmits content information that is at least one of the content and a license of the content to the device,
Content information storage means for storing a plurality of the content information;
Authorization level information for specifying which of the user ID and the content of the plurality of pieces of content information stored in the content information storage unit is allowed to be used by the user indicated by the user ID. User information storage means for storing user information associated with usage level information indicating a plurality of the users,
For each of the contents of a plurality of pieces of content information stored in the content information storage unit, the content ID and which user is permitted to use the content indicated by the content ID, and the permission Content attribute storage means for storing content attribute information associated with usage target level information corresponding to level information;
Content request data receiving means for receiving the content request data from the content receiving device;
Based on the user ID included in the content request data received by the content request data receiving means, the usage level information included in the user information corresponding to the user ID is read from the user information storage means. Permission level information acquisition means for acquiring the permission level information;
Based on the content ID included in the content request data received by the content request data receiving unit, the usage target level information included in the content attribute information corresponding to the content ID is read from the content attribute storage unit. Based on the usage target level information and the permission level information acquired by the permission level acquisition means, the user indicated by the user ID included in the content request data is permitted to use the content. Content usage permission means for determining whether to do,
Content information transmitting means for reading the content information corresponding to the content ID from the content information storage means and transmitting the content information to the content receiving device when the content use permission means permits the user to use the content; ,
Based on the user ID and user attribute information input from outside, the permission level information is generated, the bit string constituting the permission level information is divided for each bit, and different random numbers are combined with each bit value. And using the one-way hash function to generate usage level information, associating the user ID of the user with the usage level information to generate the user information, and the permission level information A bit string having the same number of bits as a constituent bit string and a bit string of a predetermined value is divided for each bit, and the same random number as that used for generating usage level information is combined with each bit value, and the one-way hash User information generating means for generating secret predetermined bit information hashed using a function;
Confidential predetermined bit information transmitting means for transmitting the confidential predetermined bit information generated by the user information generating means to the content receiving device of the user;
With
The content request data further includes the secret predetermined bit information,
The permission level information acquisition means collates the usage level information and the secret predetermined bit information for each hash value, and if they match, the value of the corresponding bit in the predetermined value is set as the value of the bit, and does not match In this case, the content transmitting apparatus is characterized in that a bit string having a value different from a corresponding bit value in the predetermined value is obtained as the permission level information. From the content transmission device according to claim 1 connected via a network, it receives the secret predetermined bit information hashed by combining random number for each bit bit string having a predetermined value a predetermined number of bits, the secret predetermined Content request data including bit information, a content ID for identifying content, and a user ID for identifying a user of the content are transmitted to the content transmission device, and the content and the license of the content are transmitted from the content transmission device. A content receiving device that receives content information that is at least one of the following:
A concealment predetermined bit information receiving means for receiving the concealment predetermined bit information from the content transmission device via the network;
Concealment information storage means for storing concealment predetermined bit information received by the concealment predetermined bit information receiving means;
Based on a content selection command of content information requested to be transmitted to the content transmission device input from the outside, the content ID of the content indicated by the command, the user ID, and the concealment information storage unit Content request data generating means for generating content request data including the secret predetermined bit information stored in
Content request data transmitting means for transmitting the content request data generated by the content request data generating means to the content transmitting device via the network;
Content information receiving means for receiving the content information transmitted from the content transmitting device via the network;
A content receiving apparatus comprising: Content request data including a content ID for identifying content and a user ID for identifying a user of the content is received from a content receiving device that is a terminal device of the user connected via a network, and the content is received A content transmission device that transmits content information that is at least one of the content and a license of the content to the device,
Content information storage means for storing a plurality of the content information;
Based on the user ID and user attribute information input from outside, the user is allowed to use which content among the contents of the plurality of content information stored in the content information storage means. Generation of permission level information for specifying whether or not, combining a random number with a bit string constituting the permission level information, hashing using a one-way hash function to generate confidential use attribute information, and User information generating means for generating user information associated with the user ID;
Concealment use attribute information transmitting means for transmitting the concealment use attribute information generated by the user information generation means to the content receiving device of the user,
User information storage means for storing the user information generated by the user information generation means for a plurality of the users;
For each of the contents of a plurality of pieces of content information stored in the content information storage unit, the content ID and which user is permitted to use the content indicated by the content ID, and the permission Content attribute storage means for storing content attribute information associated with usage target level information corresponding to level information;
Content request data receiving means for receiving the content request data from the content receiving device;
Based on the user ID included in the content request data received by the content request data receiving means, the random number corresponding to the user ID is read from the user information storage means, and a bit string constituting the permission level information; A plurality of bit strings having the same number of bits are generated, the random numbers are combined with the generated bit strings, and the hash value hashed using the one-way hash function, and the content request data further includes the hash value The permission level information acquisition unit that compares the concealment use attribute information and acquires the bit string corresponding to the matching hash value as the permission level information;
Based on the content ID included in the content request data received by the content request data receiving unit, the usage target level information included in the content attribute information corresponding to the content ID is read from the content attribute storage unit. Based on the usage target level information and the permission level information acquired by the permission level information acquisition means, the content is used for the user indicated by the user ID included in the content request data. Content usage permission means for determining whether to permit,
Content information transmitting means for reading the content information corresponding to the content ID from the content information storage means and transmitting the content information to the content receiving device when the content use permission means permits the user to use the content; ,
A content transmission apparatus comprising: A secret that is hashed by combining a random number with a bit string that constitutes permission level information that specifies which content is allowed to be used by a user from the content transmitting apparatus according to claim 3 connected via a network The content request data is received, the content request data including the concealment usage attribute information, the content ID for identifying the content, and the user ID for identifying the user of the content is transmitted to the content transmission device, and A content receiver that receives content information that is at least one of the content and a license of the content from a content transmitter,
Concealment use attribute information receiving means for receiving the concealment use attribute information from the content transmission device via the network;
Concealment information storage means for storing concealment use attribute information received by the concealment use attribute information receiving means;
Based on the content selection command of the content information requested to be transmitted to the content transmission device, input from the outside, the content ID of the content indicated by the command, the user ID, and the concealment information storage unit Content request data generating means for generating content request data including the concealment use attribute information stored in
Content request data transmitting means for transmitting the content request data generated by the content request data generating means to the content transmitting device via the network;
Content information receiving means for receiving the content information transmitted from the content transmitting device via the network;
A content receiving apparatus comprising: Content information storage means for storing content information that is at least one of a plurality of contents and a license for the contents;
Which content is permitted to be used for the user indicated by the user ID out of the content of the plurality of pieces of content information stored in the content information storage unit and a user ID for identifying the user of the content User information storage means for storing user information associated with usage level information indicating permission level information for identifying a plurality of users;
For each of the contents of a plurality of pieces of content information stored in the content information storage means, a content ID for identifying the content and which user is permitted to use the content indicated by the content ID Content attribute storage means for storing content attribute information associated with usage target level information corresponding to the permission level information;
Using a content transmission device comprising:
Content that receives content request data including the content ID and the user ID from a content receiving device that is a terminal device of the user connected via a network, and transmits the content information to the content receiving device A transmission method,
User information generation means generates the permission level information based on the user ID and user attribute information input from outside, divides the bit string constituting the permission level information into bits, A random number is combined with a bit value, hashed using a one-way hash function to generate usage level information, and the user information is generated by associating the user ID of the user with the usage level information. A use attribute identification information generation step;
The user information generating means uses the same number of bits as the bit string constituting the permission level information and divides a bit string of a predetermined value into bits, and uses each bit value to generate usage level information. A use attribute data generation step of generating the secret predetermined bit information that is combined with the same random number and hashed using the one-way hash function;
A content request data receiving means for receiving the content request data from the content receiving device;
The permission level information acquisition unit is included in the user information corresponding to the user ID from the user information storage unit based on the user ID included in the content request data received in the content request data receiving step. A permission level information acquisition step of reading the usage level information and acquiring the permission level information;
Based on the content ID included in the content request data received in the content request data receiving step, a content use permission unit is included in the content attribute information corresponding to the content ID from the content attribute storage unit. Read usage target level information, and based on the usage target level information and the permission level information acquired in the permission level acquisition step, for the user indicated by the user ID included in the content request data A content use permission step for determining whether or not to permit use of the content;
When the content information transmitting unit permits the user to use the content in the content use permission step, the content information corresponding to the content ID is read from the content information storage unit and transmitted to the content receiving device. Content information transmission step to perform,
Including
In the permission level information acquisition step, the permission level information acquisition means collates the usage level information and the concealment predetermined bit information for each hash value, and if they match, sets the value of the corresponding bit in the predetermined value. A content transmission method characterized in that a bit string having a bit value that is different from a corresponding bit value in the predetermined value is acquired as the permission level information . Content information storage means for storing content information that is at least one of a plurality of contents and a license for the contents;
For each of the contents of the plurality of pieces of content information stored in the content information storage unit, a content ID for identifying the content and which user is permitted to use the content indicated by the content ID Content attribute storage means for storing content attribute information in association with usage target level information corresponding to permission level information for specifying which content is permitted for each user;
Using a content transmission device comprising:
Content request data including the content ID and a user ID for identifying the user is received from a content receiving device that is a terminal device of the user connected via a network, and the content information is transmitted to the content receiving device. A content transmission method for transmitting
Based on the user ID and user attribute information input from outside, the user is allowed to use which content among the contents of the plurality of content information stored in the content information storage means. Generating permission level information that specifies whether to perform the concatenation, combining a random number with the bit string that constitutes the permission level information, hashing it using a one-way hash function, and generating concealment use attribute information User information that transmits usage attribute information to the content reception device of the user, generates user information in which the random number is associated with the user ID, and further includes the user information in the content transmission device A user information generation storage step for storing in the storage means;
A content request data receiving means for receiving the content request data from the content receiving device;
The permission level information acquisition unit reads the random number corresponding to the user ID from the user information storage unit based on the user ID included in the content request data received in the content request data receiving step, and A plurality of bit strings having the same number of bits as the bit string constituting the level information are generated, the random number is combined with each of the generated bit strings, and a hash value hashed using the one-way hash function and the content A permission level information acquisition step of collating the concealment use attribute information further included in the request data and acquiring the bit string corresponding to the matching hash value as the permission level information;
Based on the content ID included in the content request data received in the content request data receiving step, a content use permission unit is included in the content attribute information corresponding to the content ID from the content attribute storage unit. Read usage target level information, and based on the usage target level information and the permission level information acquired in the permission level information acquisition step, for the user indicated by the user ID included in the content request data Content usage permission step for determining whether to permit the use of the content,
The content information transmitting means reads out the content information corresponding to the content ID from the content information storage means and transmits the content information to the content receiving device when the content usage permission step permits the user to use the content. Content information transmission step to perform,
The content transmission method characterized by including. Content request data including a content ID for identifying content and a user ID for identifying a user of the content is received from a content receiving device that is a terminal device of the user connected via a network, and the user ID A plurality of pieces of user information associated with usage level information indicating permission level information for specifying which content is allowed to be used for the user indicated by the user ID among the plurality of contents. The user information is read from a user information storage device that stores information about the user, and the content ID for each of the plurality of contents and the use of the content indicated by the content ID for which user is used. Indicates whether permission is permitted and corresponds to the permission level information. The content attribute information is read from a content attribute information storage device that stores content attribute information associated with the usage target level information, and it is determined whether or not the user is permitted to use the content, and the content reception A computer for transmitting to the device the content information stored in a content information storage device that stores content information that is at least one of the content and a license for the content;
Content request data receiving means for receiving the content request data from the content receiving device;
Based on the user ID included in the content request data received by the content request data receiving means, the usage level information included in the user information corresponding to the user ID is read from the user information storage device. Permission level information acquisition means for acquiring the permission level information;
Based on the content ID included in the content request data received by the content request data receiving means, the usage target level information included in the content attribute information corresponding to the content ID is obtained from the content attribute information storage device. Based on the read target level information and the permission level information acquired by the permission level acquisition means, the content is used for the user indicated by the user ID included in the content request data. Content usage permission means for determining whether to permit,
Content information transmitting means for reading the content information corresponding to the content from the content information storage device and transmitting the content information to the content receiving device when the content usage permission means permits the user to use the content;
Based on the user ID and user attribute information input from outside, the permission level information is generated, the bit string constituting the permission level information is divided for each bit, and different random numbers are combined with each bit value. And using the one-way hash function to generate usage level information, associating the user ID of the user with the usage level information to generate the user information, and the permission level information A bit string having the same number of bits as a constituent bit string and a bit string of a predetermined value is divided for each bit, and the same random number as that used for generating usage level information is combined with each bit value, and the one-way hash User information generating means for generating secret predetermined bit information hashed using a function;
Confidential predetermined bit information transmitting means for transmitting the confidential predetermined bit information generated by the user information generating means to the content receiving device of the user;
And then allowed to function,
The content request data further includes confidential predetermined bit information,
The permission level information acquisition means collates the usage level information and the secret predetermined bit information for each hash value, and if they match, the value of the corresponding bit in the predetermined value is set as the value of the bit, and does not match In this case, the content transmission program is characterized in that a bit string having a value different from the corresponding bit value in the predetermined value is obtained as the permission level information . Content request data including a content ID that identifies content and a user ID that identifies a user of the content is received from a content reception device that is a terminal device of the user connected via a network, and a plurality of the content request data is received. For each content, the content ID and the user indicating to which user the use of the content indicated by the content ID is permitted and the permission for specifying which content is permitted for each user Whether to allow the user to use the content by reading the content attribute information from a content attribute information storage device that stores the content attribute information associated with the usage target level information corresponding to the level information And the content receiving device includes a plurality of the copies. A computer to transmit the content information stored in the content information storage device for storing content information is at least one of the licenses Ceiling and the content,
Based on the user ID and user attribute information input from outside, the user is allowed to use which content among the contents of the plurality of content information stored in the content information storage device. Generation of permission level information for specifying whether or not, combining a random number with a bit string constituting the permission level information, hashing using a one-way hash function to generate confidential use attribute information, and User information generating means for generating user information associated with the user ID and storing the user information in a user information storage device connected to the outside,
Concealment use attribute information transmission means for transmitting the concealment use attribute information generated by the user information generation means to the content receiving device of the user,
Content request data receiving means for receiving the content request data from the content receiving device;
Based on the user ID included in the content request data received by the content request data receiving means, the random number corresponding to the user ID is read from the user information storage device, and a bit string constituting the permission level information; A plurality of bit strings having the same number of bits are generated, the random numbers are combined with the generated bit strings, and the hash value hashed using the one-way hash function, and the content request data further includes the hash value The permission level information acquisition means for checking the concealment use attribute information and acquiring the bit string corresponding to the matching hash value as the permission level information,
Based on the content ID included in the content request data received by the content request data receiving means, the usage target level information included in the content attribute information corresponding to the content ID is obtained from the content attribute information storage device. Read, use of the content for the user indicated by the user ID included in the content request data based on the usage target level information and the permission level information acquired by the permission level information acquisition unit Content use permission means for determining whether or not to permit,
Content information transmitting means for reading the content information corresponding to the content ID from the content information storage device and transmitting the content information to the content receiving device when the content usage permission means permits the user to use the content;
A content transmission program that is made to function as:

Images