JP5451159B2 - Data transfer method, data transfer system, and data relay program - Google Patents

Description

  The present invention relates to a data transfer method, a data transfer system, and a data relay program, and more particularly, a data transfer method, a data transfer system, and a data relay program for transferring data between a non-network client and a server that mediate a network client. About.

  In recent years, portable electronic devices such as portable audio players and digital cameras have become widespread. Portable electronic devices are often non-network clients that do not have a connection function to a network such as the Internet. On the other hand, there is a need to store data distributed on a network in a non-network client. In this case, first, the network client downloads desired data from a server that distributes data on the network. Then, the network client stores the downloaded data in a non-network client connected to the network client. As described above, the non-network client needs to perform data acquisition or data transmission from the server via the network via the network client.

  Patent Document 1 discloses a technology related to an information processing apparatus that allows a non-network device to function as one device that depends on a network environment. In Patent Document 1, first, a network adapter acquires detailed profile data from the Internet based on simple profile data acquired from the outside. Next, the service data created based on the profile data is registered in the service discovery server. Thereafter, the network adapter reads out and refers to the service data from the service discovery server, thereby executing an operation for realizing the service indicated by the service data using an interface with the non-network device. As a result, the non-network device is provided with a function that cannot be realized unless it is originally connected to the network through the network adapter.

  Patent Document 2 discloses a technology related to a remote device control program that makes a peripheral device connected to another computer appear to be locally connected to its own computer. A remote device control program according to Patent Literature 2 acquires connection information of peripheral devices locally connected to other computers via a network, displays a connection information for the user, and prompts the user to select a connection management unit. A port control unit that switches the control right of the peripheral device driver corresponding to the peripheral device selected by the user, and a tunneling driver that performs data conversion processing between the data structure for the peripheral device and the communication packet data structure for the network.

  Patent Document 3 discloses a technology related to a relay device that relays data communication between communication devices having different communication protocols. The relay device according to Patent Document 3 includes a first communication interface for communicating with the first communication device using the first communication protocol, and a second for communicating with the second communication device using the second communication protocol. The communication interface, protocol conversion means for performing protocol conversion between the first communication protocol and the second communication protocol, and when the first communication device is communicably connected to the first communication interface, If the connection of the second communication device to the second communication interface is not established, the communication setting information supplied from the second communication device to the first communication device is represented on the second communication device as a proxy. Proxy response means for responding to one communication device.

  Patent Document 4 discloses a technology related to a communication network system in which a plurality of communication terminals are connected via a transmission line, and information can be exchanged between the communication terminals by the first transmission unit and the first reception unit of each communication terminal. Is disclosed. In the communication network system according to Patent Document 4, at least one of the plurality of communication terminals is a relay communication terminal, the relay communication terminal includes infrared communication means capable of only one-to-one communication, and the first The information received from the receiving means is transmitted by two infrared communication means, and the reception information transmitting means for transmitting the information received by the two infrared communication means to the first transmission means is provided. .

  Patent Document 5 discloses a technique related to a data transfer method in a content distribution system for alleviating line concentration in content distribution. In Patent Document 5, content is downloaded from the WEB server to the player by performing communication between the WEB server and the PC client, and between the PC client and the player. Then, the content is redistributed to other players within the range of the maximum number of redistributions.

  Patent Document 6 discloses a technique in which a registered user downloads print data from a content server to a printer via a mobile phone, and decrypts and prints image data using a printer ID built in the printer as an encryption key.

  Patent Document 7 discloses a technology related to a content distribution method for appropriately managing the progress of writing content to optical media in real time. In Patent Document 7, the content decrypted with the decryption key is encrypted again using the second encryption key, and the encrypted content is written to the recording medium.

  Patent Document 8 discloses a technology related to a content distribution system in which a portable content playback device and a content distribution device are connected via a network.

JP 2003-115845 A JP 2007-219711 A JP 2007-081566 A Japanese Patent Laid-Open No. 11-088365 JP 2001-175747 A JP 2002-305514 A JP 2006-172041 A JP 2008-310485 A

  However, in Patent Documents 1 to 8 described above, when data transfer between a non-network client and a server is performed via an arbitrary network client, it is realized in a simple manner while ensuring communication safety. There is a problem that cannot be done.

  In Patent Document 1, communication between a non-network device and a network adapter, and communication between a network adapter and a device on a network may be intercepted or tampered with. In Patent Document 2, there is a possibility that the communication between the peripheral device and the computer to which the peripheral device is connected, and the communication between the computer to which the peripheral device is connected and the computer on the network are intercepted or altered. In Patent Document 3, communication between the first communication device and the relay terminal, and communication between the relay terminal and the second communication device may be intercepted or tampered with. In Patent Document 4, communication between a certain communication terminal and a relay terminal, and communication between a relay terminal and another communication terminal may be intercepted or altered.

  Further, in Patent Document 5, since it is necessary to reproduce the content even in the transfer destination player, the secondary encryption reproduction key and the reproduction target player are not linked. Therefore, there is a possibility that reproduction by an unauthorized player cannot be prevented, and it cannot be said that safety is high.

  Moreover, in patent document 6, a server authenticates with respect to the combination of a terminal device and peripheral devices. Therefore, it is necessary to manage the combination of the terminal device and the peripheral device, and there is a possibility that the management target becomes enormous, and it cannot be said that it is a simple method.

  Further, in Patent Document 7, since authentication is not performed for a client terminal that requests data writing, a data writing request from an unauthorized client terminal cannot be prevented, and it cannot be said that safety is high.

  Patent Document 8 cannot cope with a case where the portable content reproduction apparatus does not have a communication protocol that can be connected to the content distribution apparatus.

  The present invention has been made in order to solve such problems, and a data transfer method capable of safely and easily performing data transfer between a non-network client and a server through a network client. An object of the present invention is to provide a data transfer system and a data relay program.

  In the data transfer method according to the first aspect of the present invention, the non-network device is validated between a non-network device connected to a relay terminal and a server connected to the relay terminal via a network. A connection establishing step for establishing a communication connection by mutual authentication using the first certification information to be certified and the second certification information for certifying the validity of the server, and based on the communication connection established by the connection establishing step A transfer relay step of relaying data transfer between the non-network device and the server by encrypted communication using the first certification information and the second certification information.

  The data transfer system according to the second aspect of the present invention has first certification information for certifying its own validity, and certifies its own validity with a non-network device that can communicate with the first communication protocol. And a server capable of communicating with the second communication protocol, and connected to the non-network device so as to be communicable with the first communication protocol. A relay terminal that is communicably connected using the communication protocol, and the relay terminal uses the first certification information and the second certification information between the non-network device and the server. A connection substitution means for substituting the establishment of a communication connection by mutual authentication, and a communication connection established by the connection substitution means between the non-network device and the server. Comprising a transfer relay means for relaying data transfer by encrypted communication using the first certificate and the second certification information.

  The data relay program according to the third aspect of the present invention receives first certification information that proves the validity of the non-network device from a non-network device that is communicably connected based on the first communication protocol, A first authentication substituting process for transmitting the received first certification information to a server that is communicably connected based on a second communication protocol and causing the server to authenticate the non-network device; A second authentication substitution process for receiving the second certification information for proving the validity of the second authentication information, transmitting the received second certification information to the non-network device, and causing the non-network device to authenticate the server; When mutual authentication is performed by the first authentication alternative process and the second authentication alternative process, the first authentication information and the second certification information are encrypted. Receiving the signed first data from the non-network device, transmitting the first data to the server, encrypted and signed by the first certification information and the second certification information. And a data transfer process for receiving the second data from the server and transmitting the second data to the non-network device.

  A data relay program according to a fourth aspect of the present invention performs first authentication with a non-network device connected to be communicable based on a first communication protocol, and generates first authentication information. And, when mutual authentication is performed by the first mutual authentication process, the first certification information for certifying the validity of the non-network apparatus is received from the non-network apparatus, and communication is possible based on the second communication protocol. Transmitting the received first certification information to a server connected to the server, receiving second certification information for certifying the validity of the server from the server, performing mutual authentication with the server, When mutual authentication is performed by the second mutual authentication process for generating authentication information and the second mutual authentication process, the first data encrypted and signed based on the second authentication information Receiving from the server, verifying and decrypting the first data with the second authentication information, encrypting and signing the decrypted first data based on the first authentication information, A computer is caused to execute processing including data transfer processing for generating data and transmitting the second data to the non-network device.

  According to the present invention, it is possible to provide a data transfer method, a data transfer system, and a data relay program for safely and easily transferring data between a non-network client and a server that mediate a network client.

1 is a block diagram showing a configuration of a data transfer system according to a first exemplary embodiment of the present invention. It is a flowchart figure which shows the flow of the data transfer method concerning Embodiment 1 of this invention. It is a block diagram which shows the structure of the data transfer system concerning Embodiment 2 of this invention. It is a sequence diagram which shows the whole flow of the data transfer method concerning Embodiment 2 of this invention. It is a sequence diagram which shows the flow of the session establishment process concerning Embodiment 2 of this invention. It is a sequence diagram which shows the flow of the data transfer process concerning Embodiment 2 of this invention. It is a sequence diagram which shows the flow of the session end process concerning Embodiment 2 of this invention. It is a block diagram which shows the structure of the data transfer system concerning Embodiment 3 of this invention. It is a sequence diagram which shows the whole flow of the data transfer method concerning Embodiment 3 of this invention. It is a sequence diagram which shows the flow of the session establishment process concerning Embodiment 3 of this invention. It is a sequence diagram which shows the flow of the data transfer process concerning Embodiment 3 of this invention. It is a sequence diagram which shows the flow of the session end process concerning Embodiment 3 of this invention. It is a block diagram which shows the structure of the data transfer system concerning Embodiment 4 of this invention. It is a sequence diagram which shows the whole flow of the data transfer method concerning Embodiment 4 of this invention. It is a sequence diagram which shows the flow of the session establishment process concerning Embodiment 4 of this invention. It is a sequence diagram which shows the flow of the data transfer process concerning Embodiment 4 of this invention. It is a sequence diagram which shows the flow of the session end process concerning Embodiment 4 of this invention.

  Hereinafter, specific embodiments to which the present invention is applied will be described in detail with reference to the drawings. In the drawings, the same elements are denoted by the same reference numerals, and redundant description will be omitted as necessary for the sake of clarity.

<Embodiment 1 of the Invention>
FIG. 1 is a block diagram showing a configuration of a data transfer system 1 according to the first exemplary embodiment of the present invention. The data transfer system 1 includes a non-network device 11, a relay terminal 12, a network 13, and a server 14. Here, the network 13 may be a communication network such as the Internet, an intranet, a public network, a dedicated line, or a mobile communication network.

  The non-network device 11 is a device that does not have a communication function with the network 13 and operates by program control. The non-network device 11 has first certification information 17 that proves its validity, and can communicate with the first communication protocol. The non-network device 11 may be a music player that stores and reproduces music content, for example. The first certification information 17 is confirmation information for proving that the non-network device 11 is a valid device. The first certification information 17 is, for example, a digital certificate including attribute information indicating a public key in the non-network device 11 and a use owner of the public key. In that case, the non-network device 11 may have a secret key in the non-network device 11 as a configuration (not shown). Alternatively, the first certification information 17 may be a unique serial number of the non-network device 11 or the like. The first communication protocol may be, for example, USB (Universal Serial Bus), infrared, serial, BlueTooth, Near Field Communication, or the like. The non-network device 11, the first certification information 17 and the first communication protocol are not limited to those described above.

  The server 14 is a computer system that has a communication function with the network 13 and can transmit arbitrary content data via the network 13. The server 14 has the second certification information 18 that proves its validity, and can communicate with the second communication protocol. The server 14 may be a WEB server for distributing music content, for example. The second communication protocol is a protocol that allows communication on the network 13. The second certification information 18 is confirmation information for proving that the server 14 is a legitimate device. The second certification information 18 is, for example, a digital certificate including attribute information indicating a public key in the server 14 and a use owner of the public key. In that case, the server 14 may have a secret key in the server 14 as a configuration (not shown). Alternatively, the second certification information 18 may be a unique serial number of the server 14 or the like.

  The relay terminal 12 is a terminal device that is communicably connected to the non-network device 11 by the first communication protocol, is communicably connected to the server 14 via the network 13 by the second communication protocol, and operates by program control. is there. The relay terminal 12 may be a general-purpose computer system, a personal computer, a portable terminal, or the like, for example.

  The relay terminal 12 includes a connection substitution unit 15 and a transfer relay unit 16. The connection substitute unit 15 substitutes establishment of a communication connection between the non-network apparatus 11 and the server 14 by mutual authentication using the first certification information 17 and the second certification information 18. Based on the communication connection established by the connection alternative means 15, the transfer relay means 16 uses the first certification information 17 and the second certification information 18 between the non-network device 11 and the server 14 to perform encrypted communication. Relay data transfer by.

  FIG. 2 is a flowchart showing the flow of the data transfer method according to the first embodiment of the present invention. First, the connection substitution means 15 of the relay terminal 12 establishes a communication connection by mutual authentication using the first certification information 17 and the second certification information 18 between the non-network apparatus 11 and the server 14 ( S10).

  Next, the transfer relay unit 16 encrypts the first proof information 17 and the second proof information 18 between the non-network device 11 and the server 14 based on the communication connection established in step S10. Relay of data transfer by communication is performed (S20).

  As described above, the data transfer system 1 according to the first exemplary embodiment of the present invention can establish a session between a non-network client and a server and perform encrypted communication. In other words, the authentication between the non-network device 11 and the server 14 is performed without using the certification information in the relay terminal 12 to protect the confidentiality and integrity of the data to be transferred. Therefore, data transfer between a non-network client and a server through a network client can be performed safely and easily.

<Embodiment 2 of the Invention>
FIG. 3 is a block diagram showing a configuration of the data transfer system 10 according to the second exemplary embodiment of the present invention. The data transfer system 10 includes a music player 100, a PC 110, and a music distribution server 120. The music player 100 and the PC 110 are connected by USB, and the music distribution server 120 and the PC 110 are connected by the Internet. The data transfer system 10 transfers the music content stored in the music distribution server 120 to the PC 110 via the PC 110.

  The music player 100 is an example of the non-network device 11 according to the first embodiment of the present invention. The music player 100 includes a data processing device 101, a storage area 105, a storage area 106, and an input device 107.

  The storage area 105 is a volatile storage device that stores connection information 131 and authentication information 132. The connection information 131 is connection information exchanged with the PC 110 in connection processing to the Internet. The connection information 131 includes, for example, a flag indicating a connection state, a connection start time, an upper limit value of a connection time, and the like. Further, the connection information 131 may include connection destination information such as an IP (Internet Protocol) address of the music distribution server 120. The authentication information 132 stores authentication information exchanged in the authentication process. The authentication information 132 includes, for example, certification information X133 that is own certification information, certification information Y137 that is certification information of an authentication partner, a session key, and the like. Here, the session key is a key used for encryption or decryption and signature after mutual authentication between the music player 100 and the music distribution server 120 and establishment of a session.

  The storage area 106 is a nonvolatile storage device that stores the certification information X133 and the content 134. The certification information X133 is equivalent to the first certification information 17 according to the first embodiment of the present invention. The certification information X133 is a digital certificate including, for example, attribute information indicating a public key in the music player 100 and a use owner of the public key. In that case, the storage area 106 stores a secret key corresponding to the public key of the music player 100 as a configuration not shown. The content 134 is data acquired by the data transfer system 10. For example, the content 134 is music content data acquired by the music player 100 from the music distribution server 120.

  The input device 107 is a user interface that receives an input of a request for acquiring music content from the music distribution server 120.

  The data processing apparatus 101 includes connection means 102, authentication means 103, and content reception means 104. The connection unit 102 performs a connection process to the Internet via the PC 110 with the PC 110 to which the USB connection is made. The connection unit 102 stores the connection information 131 in the storage area 105 when the connection process to the Internet is completed with the PC 110.

  The authentication unit 103 performs an authentication process for mutual authentication with the music distribution server 120 via the PC 110. Specifically, the authentication unit 103 transmits the certification information X133 stored in the storage area 106 to the PC 110. At this time, the authentication unit 103 stores the certification information X133 and the session key in the storage area 105 as the authentication information 132. Further, when the authentication unit 103 receives the authentication response from the music distribution server 120 and the certification information Y137 of the music distribution server 120, the authentication unit 103 verifies the certification information Y137 and determines whether or not it is valid. If it is determined that the authentication unit 103 is valid, the authentication information 103 includes the certification information Y137 in the storage area 105 and updates the authentication information 132.

  The content receiving unit 104 receives music content from the music distribution server 120 after mutual authentication is performed with the music distribution server 120. Specifically, the content receiving unit 104 transmits a download request signed by the authentication information 132 to the music distribution server 120. Further, when receiving the response data, the content receiving unit 104 verifies the response data with the authentication information 132 and determines whether it is valid. If the content receiving unit 104 determines that the content is valid, the response data is decrypted into the music content of the plain text content by the authentication information 132, and the decrypted music content is stored in the storage area 106 as the content 134.

  The PC 110 is an example of the relay terminal 12 according to the first exemplary embodiment of the present invention. The PC 110 includes a data processing device 111 and a storage area 114. The storage area 114 is a volatile storage device that stores connection information 135. The connection information 135 is connection information exchanged with the PC 110 in connection processing to the Internet. The connection information 135 is data equivalent to the connection information 131.

  The data processing device 111 includes a connection unit 112 and a communication alternative unit 113. The connection unit 112 performs connection processing to the Internet for the music player 100 with the music player 100 to which the USB connection is made. That is, the connection unit 112 performs start and end procedures for the Internet communication alternative function that the PC 110 provides to the music player 100. The connection unit 112 stores the connection information 135 in the storage area 114 when the connection process to the Internet is completed with the music player 100.

  The communication substitute unit 113 substitutes for authentication between the music player 100 and the music distribution server 120, and relays data transfer when authenticated. Specifically, the communication alternative means 113 transfers the certification information X133 received from the music player 100 to the music distribution server 120. Further, the communication alternative means 113 transfers the certification information Y137 received from the music distribution server 120 to the music player 100. It is assumed that the communication alternative means 113 establishes a communication connection as a result of mutual authentication between the music player 100 and the music distribution server 120.

  Further, the communication alternative means 113 transfers the download request received from the music player 100 to the music distribution server 120. Further, the communication alternative means 113 transfers the response data received from the music distribution server 120 to the music player 100. At this time, the PC 110 is not involved in the content of data exchanged between the music player 100 and the music distribution server 120.

  The music distribution server 120 is an example of the server 14 according to the first embodiment of the present invention. The music distribution server 120 includes a data processing device 121, a storage area 124, and a storage area 125.

  The storage area 124 is a volatile storage device that stores the authentication information 136. The authentication information 136 stores authentication information exchanged in the authentication process. The authentication information 136 includes, for example, certification information Y137 that is own certification information, certification information X133 that is certification information of the authentication partner, a session key, and the like.

  The storage area 125 is a non-volatile storage device that stores the certification information Y137 and the content 138. The certification information Y137 is equivalent to the second certification information 18 according to the first embodiment of the present invention. The certification information Y137 is a digital certificate including, for example, attribute information indicating a public key in the music distribution server 120 and a use owner of the public key. In that case, the storage area 125 stores a secret key corresponding to the public key of the music distribution server 120 as a configuration not shown. The content 138 is music content data distributed by the music distribution server 120 via a network.

  The data processing device 121 includes an authentication unit 122 and a content transmission unit 123. The authentication unit 122 performs an authentication process for mutual authentication with the music player 100 via the PC 110. Specifically, when receiving the certification information X133 of the music player 100, the authentication unit 122 verifies the certification information X133 and determines whether or not it is valid. If it is determined that the authentication unit 122 is valid, the authentication unit 122 stores the certification information X133 in the storage area 124 as authentication information 132. Further, the authentication unit 122 transmits the certification information Y137 stored in the storage area 125 to the PC 110. At this time, the authentication unit 122 updates the authentication information 132 by including the certification information Y137 and the secret key of the music distribution server 120 in the storage area 124.

  The content transmission unit 123 transmits music content to the music player 100. Specifically, the content transmission unit 123 verifies the download request received from the PC 110 using the authentication information 136 and determines whether or not the request is valid. If the content transmission unit 123 determines that the content is valid, the content transmission unit 123 acquires the content 138 that is the music content of the plaintext content from the storage area 125, encrypts and signs using the authentication information 136, creates response data, Response data is transmitted to the PC 110.

  In other words, the data transfer system 10 according to the second exemplary embodiment of the present invention realizes the following first authentication substitution process, second authentication substitution process, and data transfer process. In the first authentication alternative process, the certification information X133 is received from the music player 100 that is communicably connected based on the first communication protocol, and is transmitted to the music distribution server 120 that is communicably connected based on the second communication protocol. The received certification information X133 is transmitted, and the music distribution server 120 is made to authenticate the music player 100.

  The second authentication alternative process receives the certification information Y137 from the music distribution server 120, transmits the received certification information Y137 to the music player 100, and causes the music player 100 to authenticate the music distribution server 120.

  When the data transfer process is mutually authenticated by the first authentication alternative process and the second authentication alternative process, the download request encrypted and signed by the certification information X133 and the certification information Y137 is sent from the music player 100. Then, the download request is transmitted to the music distribution server 120, the response data encrypted and signed by the certification information X133 and the certification information Y137 is received from the music distribution server 120, and the response data is transmitted to the music player 100.

  As described above, the authentication unit 103 and the authentication unit 122 exchange keys included in the certification information X133 and the certification information Y137 for encrypting data to be transmitted and received by mutual authentication. Accordingly, confidentiality and integrity can be protected by encrypting the subsequent communication using the exchanged key and applying the signature.

  FIG. 4 is a sequence diagram showing an overall flow of the data transfer method according to the second exemplary embodiment of the present invention. First, the input device 107 of the music player 100 accepts an input operation for a content acquisition request from a user (S110).

  Next, the connection unit 102 creates a connection start request for starting Internet communication and transmits it to the connection unit 112 (S121). At this time, the connection unit 102 stores connection information 131, which is information necessary for starting connection, in the storage area 105. Then, the connection unit 112 receives the connection start request from the connection unit 102 and activates the communication alternative unit 113.

  Thereafter, the connection unit 112 creates a connection start response and transmits it to the connection unit 102 (S122). At this time, the connection unit 112 stores connection information 135, which is information necessary for connection, in the storage area 114. For example, the connection unit 112 turns on a flag indicating the connection state of the connection information 135 and records the connection start time.

  Then, the connection unit 102 receives the connection start response and updates the connection information 131 stored in the storage area 105. For example, the connection unit 102 turns on a flag indicating the connection state of the connection information 131 and records the connection start time. Thereafter, communication between the music player 100 and the music distribution server 120 via the PC 110 becomes possible.

  Subsequently, the music player 100 performs a session establishment process with the music distribution server 120 via the PC 110 (S130). This enables authenticated communication between the music player 100 and the music distribution server 120. Details of the session establishment process will be described in detail later with reference to FIG.

  Then, the PC 110 performs a data transfer process of the encrypted data between the music player 100 and the music distribution server 120 (S150). Details of the data transfer process will be described later with reference to FIG. Thereafter, the music player 100 performs a session end process with the music distribution server 120 via the PC 110 (S170). Thereby, the authenticated communication between the music player 100 and the music distribution server 120 ends. Details of the session end process will be described later with reference to FIG.

  Thereafter, the connection unit 102 creates a connection termination request for terminating the Internet communication, and transmits it to the connection unit 112 (S181). Then, the connection unit 112 receives the connection end request from the connection unit 102 and ends the connection with the music player 100. Thereafter, the connection unit 112 creates a connection end response and transmits it to the connection unit 102 (S182). At this time, the connection unit 112 discards the connection information 135 stored in the storage area 114. Thereby, the communication between the music player 100 and the music distribution server 120 ends.

  The content receiving means 104 stores the received music content as the content 134 in the storage area 106 (S190). Note that step S190 may be executed at least after step S150.

  FIG. 5 is a sequence diagram showing a flow of session establishment processing according to the second exemplary embodiment of the present invention. First, the authentication unit 103 acquires the certification information X133 from the storage area 106. Then, the authentication unit 103 creates a session establishment request including the certification information X133, and transmits the session establishment request to the communication alternative unit 113 (S131). At this time, the authentication means 103 stores the certification information X133 included in the session establishment request and the session key stored in the storage area 106 as authentication information 132 in the storage area 105.

  Next, the communication alternative unit 113 transmits the session establishment request received from the authentication unit 103 to the authentication unit 122 (S132). At this time, the communication alternative means 113 does not analyze the received session establishment request and does not hold information included in the session establishment request.

  Subsequently, the authentication unit 122 receives a session establishment request from the communication alternative unit 113, analyzes the session establishment request, and obtains certification information X133. Then, the authentication unit 122 verifies the certification information X133 and determines whether it is valid. If it is determined that the authentication unit 122 is valid, the authentication unit 122 stores the authentication information 136 including the certification information X133 included in the session establishment request as the authentication information 136 in the storage area 124. That is, the authentication unit 122 authenticates the music player 100 and establishes a session with the music player 100 (S133).

  Further, when it is determined that the authentication unit 122 is valid, the authentication unit 122 acquires the certification information Y137 from the storage area 125. Then, the authentication unit 122 creates a session establishment response including the certification information Y137, and transmits the session establishment response to the communication alternative unit 113 (S134). At this time, the authentication unit 122 updates the authentication information 136 stored in the storage area 124 to include the certification information Y137 and the session key stored in the storage area 125.

  Then, the communication alternative unit 113 transmits the session establishment response received from the authentication unit 122 to the authentication unit 103 (S135). At this time, the communication alternative means 113 does not analyze the received session establishment response and does not hold the information included in the session establishment response.

  Thereafter, the authentication unit 103 receives the session establishment response from the communication alternative unit 113, analyzes the session establishment response, and acquires the certification information Y137. Then, the authentication unit 103 verifies the certification information Y137 and determines whether it is valid. If it is determined that the authentication unit 103 is valid, the authentication unit 103 updates the authentication information 132 stored in the storage area 105 to include the certification information Y137. That is, the authentication unit 103 authenticates the music distribution server 120 and establishes a session with the music distribution server 120 (S136).

  Here, as specific authentication means, for example, authentication and key exchange by certificate exchange using a public key infrastructure may be used. In this case, the public keys of the music player 100 and the music distribution server 120 are exchanged. Further, as another authentication means, authentication and key exchange by exchanging random numbers or the like with a prescribed algorithm may be used. In this case, a common key generated by a prescribed algorithm is exchanged. In addition, the authentication means concerning this invention is not limited to what was mentioned above.

  FIG. 6 is a sequence diagram showing the flow of the data transfer process according to the second embodiment of the present invention. First, the content receiving unit 104 creates a content download request, adds a signature with the authentication information 132, and transmits the download request to the communication alternative unit 113 (S151).

  Next, the communication alternative unit 113 transmits a download request from the content reception unit 104 to the content transmission unit 123 (S152). At this time, the communication alternative means 113 does not analyze the received download request and does not hold the information included in the download request.

  Subsequently, the content transmission unit 123 receives the download request from the communication alternative unit 113 and verifies it with the authentication information 136 (S153). If it is determined that the request is valid as a result of the verification, the content transmission unit 123 encrypts the content and adds a signature (S154).

  Specifically, the content transmission unit 123 analyzes the download request and acquires the content 138 that is the requested music content from the storage area 125. Then, the content transmission unit 123 encrypts the content 138 with the content key, and encrypts the content key with the public key of the music player 100 included in the authentication information 136. Here, the content key may be stored in the storage area 125 in advance. Alternatively, the content key may be generated every time a download request is made in the music distribution server 120.

  Subsequently, the content transmission unit 123 calculates the digest value of the content 138 and the digest value of the content key, and calculates each MAC (Message Authentication Code) value using the public key of the music player 100 described above. Thereafter, the content transmission unit 123 creates a download response including the encrypted content, the encrypted content key, the MAC value of the content, and the MAC value of the content key. Further, the content transmission unit 123 gives a signature to the created download response using the secret key of the music distribution server 120 included in the authentication information 136.

  Thereafter, the content transmission unit 123 transmits a download response to which a signature is given to the communication alternative unit 113 (S155). At this time, the content transmission unit 123 updates that it has been transmitted to the authentication information 136 stored in the storage area 124.

  Then, the communication alternative unit 113 transmits the download response received from the content transmission unit 123 to the content reception unit 104 (S156). At this time, the communication alternative means 113 does not analyze the received download response and does not hold the information included in the download response.

  Thereafter, the content receiving unit 104 receives a download response from the communication alternative unit 113, and verifies and decrypts the content (S157). Specifically, the content receiving unit 104 verifies the download response with the authentication information 132 and determines whether or not it is valid. When the content receiving unit 104 determines that the content is valid, the content receiving unit 104 analyzes the download response and obtains the encrypted content, the encrypted content key, the MAC value of the content, and the MAC value of the content key. get. Then, the content receiving unit 104 decrypts the encrypted content key with the private key of the music player 100 included in the authentication information 132 to obtain the content key. The content receiving unit 104 verifies the MAC value of the content key with the private key of the music player 100 included in the authentication information 132 and confirms that they match. Next, the content receiving unit 104 decrypts the encrypted content with the content key to obtain the content 134. Also, the MAC value of the content is verified with the private key of the music player 100 included in the authentication information 132 to confirm that they match. In this way, the music player 100 can safely acquire content from the music distribution server 120.

  FIG. 7 is a sequence diagram showing a flow of session end processing according to the second exemplary embodiment of the present invention. First, the authentication unit 103 creates a session end request for ending the session between the music player 100 and the music distribution server 120, and transmits it to the communication alternative unit 113 (S171). Then, the communication alternative unit 113 transmits the session end request received from the authentication unit 103 to the authentication unit 122 (S172). At this time, the communication alternative means 113 does not analyze the received session end request and does not hold the information included in the session end request.

  Subsequently, the authentication unit 122 receives the session end request from the communication alternative unit 113, analyzes the session end request, and ends the session with the music player 100 (S173). Specifically, the authentication unit 122 discards the authentication information 136 stored in the storage area 124. Thereafter, the authentication unit 122 creates a session end response and transmits it to the communication alternative unit 113 (S174).

  The communication alternative unit 113 transmits the session end response received from the authentication unit 122 to the authentication unit 103 (S175). At this time, the communication alternative means 113 does not analyze the received session end response and does not hold the information included in the session end response.

  Thereafter, the authentication unit 103 receives a session establishment response from the communication alternative unit 113, analyzes the session end response, and ends the session with the music distribution server 120 (S176). Specifically, the authentication unit 103 discards the authentication information 132 stored in the storage area 105.

  As described above, in the data transfer system 10 according to the second exemplary embodiment of the present invention, authenticated communication is performed between the music player 100 and the music distribution server 120, so that the non-network client and the network client can be connected. Can also be detected when the communication between the server and the server is intercepted or tampered with. Further, in the data transfer system 10 according to the second exemplary embodiment of the present invention, the relay terminal 12 does not store the content in the storage area.

  According to the second embodiment of the present invention, music content can be safely transmitted from the music distribution server 120 to the music player 100. The reason is that the PC 110 substitutes communication, and the music player 100 and the music distribution server 120 mutually authenticate each other, then encrypt the music content, give a signature, and transmit / receive it.

  Further, according to the second embodiment of the present invention, the usage amount of the storage area 105 and the storage area 106 of the music player 100 can be reduced. The reason is that since the music player 100 directly authenticates with the music distribution server 120, it is not necessary to store information for authenticating the PC 110 in the storage area 105 and the storage area 106.

  Further, according to the second embodiment of the present invention, the usage amount and CPU usage amount of the storage area and storage area of the PC 110 can be reduced. The reason is that the PC 110 only replaces communication between the music player 100 and the music distribution server 120, and it is necessary to store information for authenticating the music player 100 and the music distribution server 120 in the storage area and the storage area. This is because there is not. Further, since the PC 110 does not perform authentication processing, the amount of CPU used can be reduced.

  Further, according to the second embodiment of the present invention, the usage amount of the storage area 124 and the storage area 125 of the music distribution server 120 can be reduced. The reason is that the music distribution server 120 directly authenticates with the music player 100, and therefore there is no need to store information for authenticating the PC 110 in the storage area 124 and the storage area 125.

  Further, according to Embodiment 2 of the present invention, the time required for authentication can be shortened. The reason is that only authentication between the music player 100 and the music distribution server 120 is performed, and authentication between the music player 100 and the PC 110 and between the PC 110 and the music distribution server 120 is not necessary.

  Further, according to the second embodiment of the present invention, the entire processing time of the data transfer system 10 can be shortened. The reason is that the network client does not analyze the communication data between the non-network client and the server.

<Third Embodiment of the Invention>
FIG. 8 is a block diagram showing a configuration of the data transfer system 20 according to the third exemplary embodiment of the present invention. The third embodiment of the present invention is a modification of the second embodiment of the present invention. Below, it demonstrates centering around the difference with Embodiment 2 of this invention, and abbreviate | omits detailed description about the structure or process equivalent to Embodiment 2 of this invention suitably.

  The data transfer system 20 includes a music player 200, a PC 210, and a music distribution server 220. The music player 200 and the PC 210 are connected by USB, and the music distribution server 220 and the PC 210 are connected by the Internet. The data transfer system 20 transfers the music content stored in the music distribution server 220 to the music player 200 via the PC 210.

  The music player 200 is an example of the non-network device 11 according to the first embodiment of the present invention. The music player 200 includes a data processing device 201, a storage area 205, a storage area 206, and an input device 207. Note that the music player 200 has lower performance than the music player 100 according to the second embodiment of the present invention, and does not have the performance to perform processing with a heavy processing load such as authentication and key exchange using a public key infrastructure. is there.

  The storage area 205 is a volatile storage device that stores connection information 231 equivalent to the connection information 131 and authentication information A232. The authentication information A232 includes a session key that is a key used for encryption or decryption and signature after the session is established after mutual authentication between the music player 200 and the music distribution server 220, verification information, and the like. Further, the authentication information A 232 is different from the authentication information 132 and does not include the certification information X 233 that is its own certification information and the certification information Y 237 that is the certification information of the music distribution server 220.

  The storage area 206 is a non-volatile storage device that stores certification information X233 equivalent to certification information X133 and content 234 equivalent to content 134. The input device 207 is a user interface equivalent to the input device 107.

  The data processing device 201 includes a connection unit 202 equivalent to the connection unit 102, an authentication unit 203, and a content reception unit 204.

  As a difference from the authentication unit 103, the authentication unit 203 specifically requests establishment of a session with the music distribution server 220, and when receiving an authentication response from the PC 210, establishes a session A with the PC 210. Further, the authentication unit 203 transmits a request for transferring certification information including the certification information X233 to the music distribution server 220 to the PC 210, and receives a certification information transfer response from the PC 210, whereby It is determined that the session has been established. Then, the authentication unit 203 stores the session key, verification information, and the like in the storage area 205 as authentication information A232.

  Similar to the content receiving unit 104, the content receiving unit 204 receives music content from the music distribution server 220. At this time, the content receiving unit 204 verifies and decrypts the response data using the session key, verification information, and the like included in the authentication information A232.

  The PC 210 is an example of the relay terminal 12 according to the first embodiment of the present invention. The PC 210 includes a data processing device 211 and a storage area 215. The storage area 215 is a volatile storage device that stores connection information 235 equivalent to the connection information 135, authentication information A239, and authentication information B240. The authentication information A239 is authentication information between the music player 200 and the PC 210. For example, the authentication information A239 includes a session key, verification information, and the like. Some certification information Y237 is not included. The authentication information B240 is authentication information between the music distribution server 220 and the PC 210, and includes, for example, certification information X233, certification information Y237, a session key, and the like.

  The data processing device 211 includes a connection unit 212 equivalent to the connection unit 112, an authentication substitution unit 213, and a content transmission / reception substitution unit 214. The authentication substitution unit 213 substitutes for authentication between the music player 200 and the music distribution server 220. Specifically, the authentication alternative unit 213 establishes a session A with the music player 200 when the music player 200 requests establishment of a session with the music distribution server 220. At this time, the authentication alternative unit 213 stores the session key, verification information, and the like in the storage area 215 as authentication information A239. Further, when receiving the certification information X233 from the music player 200, the authentication alternative unit 213 verifies the certification information X233 and determines whether it is valid. If it is determined that the authentication alternative unit 213 is valid, the authentication substitution unit 213 includes the certification information X233 in the storage area 215 and stores it as the authentication information B240. Further, the authentication alternative unit 213 transmits the certification information X233 to the music distribution server 220.

  Further, when receiving the certification information Y237 from the music distribution server 220, the authentication alternative unit 213 verifies the certification information Y237 and determines whether it is valid. If it is determined that the authentication alternative unit 213 is valid, the authentication substitution unit 213 includes the certification information Y237 in the storage area 215 and updates it as the authentication information B240. It is assumed that the authentication alternative unit 213 has established a communication connection by authenticating the music player 200 and the music distribution server 220.

  The content transmission / reception alternative unit 214 relays the data transfer when the music player 200 and the music distribution server 220 are authenticated by the authentication alternative unit 213. At this time, when the response data received from the music distribution server 220 determines that the response data received from the music distribution server 220 is a legitimate response through verification using the authentication information B240, the content transmission / reception alternative means 214 uses the authentication information B240. The decrypted data is encrypted using the authentication information A239 to recreate the response data, and the recreated response data is transferred to the music player 200.

  The music distribution server 220 is an example of the server 14 according to the first embodiment of the present invention. The music distribution server 220 includes a data processing device 221, a storage area 224, and a storage area 225.

  The storage area 224 is a volatile storage device that stores the authentication information B236. The authentication information B 236 is encrypted after, for example, mutual authentication between the certification information Y 237 as its own certification information, certification information X 233 as the certification information of the music player 200 and the PC 210 and the music distribution server 220, and a session is established. Including a session key which is a key used for encryption or decryption and signature.

  The storage area 225 is a non-volatile storage device that stores certification information Y237 equivalent to the certification information Y137 and content 238 equivalent to the content 138.

  The data processing device 221 includes an authentication unit 222 and a content transmission unit 223. The authentication means 222 differs from the authentication means 122, specifically, when the certification information X233 is received from the PC 210, the certification information X233 is verified to determine whether it is valid. If it is determined that the authentication unit 222 is valid, the authentication unit 222 includes the certification information X233 in the storage area 224 and stores it as authentication information B236. Further, the authentication unit 222 transmits the certification information Y237 stored in the storage area 225 to the PC 210.

  Similar to the content transmission unit 123, the content transmission unit 223 transmits music content to the music player 200.

  In other words, the data transfer system 10 according to the second exemplary embodiment of the present invention realizes the following first mutual authentication process, second mutual authentication process, and data transfer process. In the first mutual authentication process, mutual authentication is performed with the music player 200 that is communicably connected based on the first communication protocol, and first authentication information is generated.

  In the second mutual authentication process, when the mutual authentication is performed by the first mutual authentication process, the certification information X233 is received from the music player 200, and the music distribution connected so as to be communicable based on the second communication protocol is performed. The received certification information X233 is transmitted to the server 220, the certification information Y237 is received from the music distribution server 220, mutual authentication with the music distribution server 220 is performed, and second authentication information is generated.

  The data transfer process receives the response data encrypted and signed based on the authentication information B 236 from the music distribution server 220 and authenticates the received response data when mutual authentication is performed by the second mutual authentication process. The information B240 is decrypted, and the decrypted data is encrypted and signed based on the authentication information A239 and transmitted to the music player 200.

  FIG. 9 is a sequence diagram showing the overall flow of the data transfer method according to the third embodiment of the present invention. In FIG. 9, the same processes as those in FIG. 4 are denoted by the same reference numerals, and detailed description thereof is omitted. First, communication between the music player 200 and the music distribution server 220 becomes possible via the PC 210 through steps S110, S121, and S122.

  Subsequently, the music player 200 performs a session establishment process with the music distribution server 220 via the PC 210 (S230). This enables authenticated communication between the music player 200 and the music distribution server 220. Details of the session establishment process will be described later with reference to FIG.

  Then, the PC 210 performs a data transfer process of the encrypted data between the music player 200 and the music distribution server 220 (S250). Details of the data transfer process will be described later with reference to FIG. Thereafter, the music player 200 performs a session end process with the music distribution server 220 via the PC 210 (S270). Thereby, the authenticated communication between the music player 200 and the music distribution server 220 ends. Details of the session end process will be described later with reference to FIG. Thereafter, similarly to FIG. 4, steps S181, S182, and S190 are performed. Note that, after step S121, the connection unit 212 activates at least the authentication alternative unit 213. Further, after S230 at the latest, the connection unit 212 or the authentication alternative unit 213 activates the content transmission / reception alternative unit 214.

  FIG. 10 is a sequence diagram showing the flow of session establishment processing according to the third embodiment of the present invention. First, the authentication unit 203 creates a session A establishment request and transmits the session A establishment request to the communication alternative unit 113 (S231). Here, it is assumed that the authentication unit 103 includes a session key type such as a random number in the session A establishment request. At this time, the authentication unit 203 stores information necessary for authentication such as a session key calculated from the session key type included in the session A establishment request and verification information in the storage area 205 as authentication information A232.

  Subsequently, the authentication alternative unit 213 receives the session A establishment request from the authentication unit 203, analyzes the session A establishment request, and includes the authentication information A239 including the session key calculated from the session key type included in the session A establishment request. Is stored in the storage area 215. That is, the authentication alternative unit 213 authenticates the music player 200 and establishes a session A between the music player 200 and the PC 210 (S232).

  Further, the authentication alternative unit 213 creates a session A establishment response and transmits a session A establishment response to the authentication unit 203 (S233). At this time, the authentication alternative means 213 stores its own session key in the storage area 215 as authentication information A239.

  Then, the authentication unit 203 receives the session A establishment response from the authentication alternative unit 213, analyzes the session A establishment response, and updates the authentication information A232 stored in the storage area 205. That is, the authentication unit 203 authenticates the PC 210 and establishes a session A with the PC 210 (S234).

  Subsequently, the authentication unit 203 acquires the certification information X233 from the storage area 206. Then, the authentication unit 203 creates a certification information transfer request including the certification information X233, encrypts and signs it with the authentication information A232, and transmits the certification information transfer request to the authentication alternative unit 213 (S235). At this time, the authentication unit 203 updates the authentication information A 232 stored in the storage area 205 including the certification information X 233 included in the certification information transfer request. In the case of the public key cryptosystem, the authentication unit 203 further includes a secret key corresponding to the public key included in the certification information X233 in the certification information transfer request. Further, the authentication unit 203 updates the authentication information A 232 stored in the storage area 205 including the secret key.

  The authentication alternative unit 213 receives the certification information transfer request from the authentication unit 203, and verifies the certification information transfer request with the authentication information A239 (S236). If the authentication alternative means 213 determines that the request is a legitimate request as a result of the verification, the authentication alternative means 213 decrypts and analyzes the proof information transfer request based on the authentication information A239, and acquires the proof information X233. Then, the authentication alternative unit 213 stores the authentication information B240 including the certification information X233 in the storage area 215. In the case of the public key cryptosystem, the authentication alternative unit 213 updates the authentication information B240 stored in the storage area 215 to include the secret key included in the certification information transfer request.

  The authentication alternative unit 213 creates a certification information transfer response, encrypts and signs it with the authentication information A239, and transmits the certification information transfer response to the authentication unit 203 (S237). At this time, the authentication alternative unit 213 updates the authentication information A239 stored in the storage area 215.

  The authentication unit 203 receives the proof information transfer response and verifies the proof information transfer response with the authentication information A232. If the authentication unit 203 determines that the response is valid as a result of the verification, the authentication unit 203 decrypts and analyzes the proof information transfer response using the authentication information A 232 and updates the authentication information A 232 stored in the storage area 205.

  Subsequently, the authentication alternative unit 213 acquires the certification information X233 included in the authentication information B240 from the storage area 215. Then, the authentication alternative unit 213 creates a session B establishment request including the certification information X233, and transmits the session B establishment request to the authentication unit 222 (S238). At this time, the authentication substituting means 213 performs mutual authentication between the PC 210 and the music distribution server 220, and includes a session key used for encryption, decryption, and signature after the session is established, as a storage area 215 as authentication information B240 To store.

  The authentication unit 222 receives the session B establishment request from the authentication alternative unit 213, analyzes the session B establishment request, and obtains certification information X233. Then, the authentication unit 222 verifies the certification information X233 and determines whether it is valid. If it is determined that the authentication unit 222 is valid, the authentication unit 222 stores the authentication information 236 included in the session B establishment request as authentication information 236 in the storage area 224. That is, the authentication unit 222 authenticates the PC 210 with the proof information X233 of the music player 200 and establishes a session B with the PC 210 (S239).

  If the authentication unit 222 determines that the authentication unit 222 is valid, the authentication unit 222 acquires the certification information Y237 from the storage area 225. Then, the authentication unit 222 creates a session B establishment response including the certification information Y237, and transmits a session B establishment response to the authentication alternative unit 213 (S240). At this time, the authentication unit 222 updates the authentication information 236 stored in the storage area 224 to include the certification information Y237 and the session key stored in the storage area 225.

  The authentication alternative unit 213 receives the session B establishment response from the authentication unit 222, analyzes the session B establishment response, and obtains certification information Y237. Then, the authentication alternative unit 213 verifies the certification information Y237 and determines whether it is valid. If it is determined that the authentication alternative unit 213 is valid, the authentication substitution unit 213 updates the authentication information B240 stored in the storage area 215 to include the certification information Y237. That is, the authentication alternative unit 213 authenticates the music distribution server 220 and establishes a session B with the music distribution server 220 (S241).

  Here, as a specific authentication means, for example, for session A, first, a lightweight method such as authentication and key exchange by exchanging random numbers or the like with a prescribed algorithm is used. As a result, in session A, certification information such as a public key certificate and a private key is securely transferred. Next, for session B, a method with heavy processing such as authentication and key exchange by certificate exchange using a public key infrastructure is used. In other words, the session B is replaced with the PC 210 that can process at a higher speed than the music player 200, thereby improving the overall processing speed. In addition, the authentication means concerning this invention is not limited to what was mentioned above.

  FIG. 11 is a sequence diagram showing the flow of the data transfer process according to the third embodiment of the present invention. First, the content receiving unit 204 creates a download A request for content, adds a signature with the authentication information A232, and transmits the download A request to the content transmission / reception alternative unit 214 (S251).

  Next, the content transmission / reception alternative unit 214 receives the download A request from the content reception unit 204 and verifies the download A request with the authentication information A239. If the content transmission / reception substitute unit 214 determines that the request is valid as a result of the verification, the content transmission / reception alternative unit 214 analyzes the download A request. At this point, if session B is not established, content transmission / reception alternative section 214 waits until session B is established. After the session B is established, the content transmission / reception alternative unit 214 creates a download B request from the information obtained by analyzing the download A request and the authentication information B240, and transmits it to the content transmission unit 223 (S252). At this time, the content transmission / reception alternative unit 214 updates the authentication information A239 and the authentication information B240 stored in the storage area 215.

  Subsequently, the content transmission unit 223 receives the download B request from the authentication alternative unit 213, and verifies it with the authentication information B236 (S253). As a result of the verification, if it is determined that the request is valid, the content transmission unit 223 encrypts the content and attaches a signature using the authentication information B236 (S254).

  Specifically, the content transmission unit 223 analyzes the download B request and acquires the content 238 that is the requested music content from the storage area 225. Then, the content transmission unit 223 encrypts the content 238 with the content key, and encrypts the content key with the public key of the music player 200 included in the authentication information B236.

  Subsequently, the content transmission unit 223 calculates the digest value of the content 238 and the digest value of the content key, and calculates each MAC value using the public key of the music player 200 described above. After that, the content transmission unit 223 creates a download B response including the encrypted content, the encrypted content key, the content MAC value, and the content key MAC value. Further, the content transmission unit 223 gives a signature to the created download B response using the private key of the music distribution server 220 included in the authentication information B236.

  Thereafter, the content transmission unit 223 transmits a download B response with a signature to the content transmission / reception alternative unit 214 (S255). At this time, the content transmission unit 223 updates that it has been transmitted to the authentication information B 236 stored in the storage area 224.

  Then, the content transmission / reception alternative unit 214 receives the download B response from the content transmission unit 223, and verifies and decrypts the content using the authentication information B240 (S256). Specifically, the content transmission / reception alternative unit 214 verifies the download B response based on the authentication information B240, and determines whether it is valid. If the content transmission / reception alternative unit 214 determines that the content is valid, it analyzes the download B response, and encrypts the content, the encrypted content key, the MAC value of the content, and the MAC value of the content key. And get. Then, the content transmission / reception alternative unit 214 decrypts the encrypted content key with the private key of the music player 200 included in the authentication information B240 to obtain the content key. Further, the content transmission / reception alternative unit 214 verifies the MAC value of the content key with the private key of the music player 200 included in the authentication information B240 and confirms that they match. Next, the content transmission / reception alternative unit 214 decrypts the encrypted content with the content key, and obtains the decrypted content. Also, the MAC value of the content is verified with the private key of the music player 200 included in the authentication information B240, and it is confirmed that they match.

  Next, the content transmission / reception alternative unit 214 encrypts the content and adds a signature based on the authentication information A239 (S257). Specifically, the content transmission / reception alternative unit 214 encrypts the decrypted content with the session key included in the authentication information A239. The content transmission / reception alternative unit 214 calculates the digest value of the decrypted content, and calculates the MAC value using the session key included in the authentication information A239. Thereafter, the content transmission / reception substitute unit 214 creates a download A response including the encrypted content and the MAC value of the content. Further, the content transmission / reception alternative unit 214 gives a signature to the created download A response using the session key included in the authentication information A239.

  Thereafter, the content transmission / reception alternative unit 214 transmits the signed download A response to the content reception unit 204 (S258). At this time, the content transmission / reception alternative unit 214 updates the fact that it has been transmitted to the authentication information A239 stored in the storage area 215.

  Thereafter, the content receiving unit 204 receives the download A response from the content transmission / reception alternative unit 214, and verifies and decrypts the content (S259). Specifically, the content receiving unit 204 verifies the download A response with the authentication information A232, and determines whether it is valid. If the content receiving unit 204 determines that the content is valid, the content receiving unit 204 analyzes the download A response and acquires the encrypted content and the MAC value of the content. Then, the content receiving unit 204 decrypts the encrypted content with the session key included in the authentication information A 232 to obtain the content 234. Further, the MAC value of the content is verified with the session key included in the authentication information A232, and it is confirmed that they match. In this way, the music player 200 can safely acquire content from the music distribution server 220.

  FIG. 12 is a sequence diagram showing the flow of session end processing according to the third embodiment of the present invention. First, the authentication unit 203 creates a session A termination request for terminating the session A between the music player 200 and the PC 210, and transmits it to the authentication alternative unit 213 (S271).

  The authentication alternative unit 213 receives the session A termination request from the authentication unit 203, analyzes the session A termination request, and terminates the session A with the music player 200 (S272). Specifically, the authentication alternative unit 213 discards the authentication information A239 stored in the storage area 215. Thereafter, the authentication alternative unit 213 creates a session A end response and transmits it to the authentication unit 203 (S273).

  The authentication unit 203 receives the session A end response from the authentication alternative unit 213, analyzes the session A end response, and ends the session A with the PC 210 (S274). Specifically, the authentication unit 203 discards the authentication information A232 stored in the storage area 205.

  Next, the authentication alternative unit 213 creates a session B termination request for terminating the session B between the music distribution server 220 and the PC 210, and transmits it to the authentication unit 222 (S275).

  The authentication unit 222 receives the session B end request from the authentication alternative unit 213, analyzes the session B end request, and ends the session B with the PC 210 (S276). Specifically, the authentication unit 222 discards the authentication information B 236 stored in the storage area 224. Thereafter, the authentication unit 222 creates a session B end response and transmits it to the authentication alternative unit 213 (S277).

  The authentication alternative unit 213 receives the session B end response from the authentication unit 222, analyzes the session B end response, and ends the session B with the music distribution server 220 (S278). Specifically, the authentication alternative unit 213 discards the authentication information B240 stored in the storage area 215.

  As described above, according to the third embodiment of the present invention, music content can be safely transmitted from the music distribution server 220 to the music player 200. The reason is that the PC 210 substitutes communication, substitutes mutual authentication between the music player 200 and the music distribution server 220, encrypts the music content, adds a signature, and transmits / receives it.

  Further, according to the third embodiment of the present invention, the usage amount and CPU usage amount of the storage area 205 of the music player 200 can be reduced. The reason is that since the PC 210 substitutes for authentication between the music player 200 and the music distribution server 220, it is not necessary to hold authentication information with the music distribution server 220. Moreover, since the authentication process with the music distribution server 200 is not directly performed, the amount of CPU used can be reduced.

  Further, according to the third embodiment of the present invention, the usage amount of the storage area and storage area of the PC 210 can be reduced. The reason is that the PC 210 only substitutes authentication and content transmission / reception between the music player 200 and the music distribution server 220, and holds information for authenticating itself and the music distribution server 210 in the storage area and the storage area. This is because there is no need.

  Further, according to the third embodiment of the present invention, the usage amount of the storage area and the storage area of the music distribution server 220 can be reduced. The reason is that the music distribution server 220 authenticates with the music player 200 via the PC 210, so that it is not necessary to store information for authenticating the PC 210 in the storage area and the storage area.

  Further, according to the third embodiment of the present invention, the time required for authentication can be shortened. The reason is that the PC 210, which has a higher processing speed than the music player 200, substitutes for authentication based on a heavy processing between the music player 200 and the music distribution server 220.

<Embodiment 4 of the Invention>
FIG. 13 is a block diagram showing a configuration of the data transfer system according to the fourth exemplary embodiment of the present invention. The fourth embodiment of the present invention is a modification of the third embodiment of the present invention. Below, it demonstrates centering around the difference with Embodiment 3 of this invention, and abbreviate | omits detailed description about the structure or process equivalent to Embodiment 3 of this invention suitably.

  The data transfer system 30 includes a music player 300, a PC 310, and a music distribution server 320. The music player 300 and the PC 310 are connected by USB, and the music distribution server 320 and the PC 310 are connected by the Internet. The data transfer system 30 transfers the music content stored in the music distribution server 220 to the music player 300 via the PC 310. However, the PC 310 includes an input device 316 that is a user interface that receives input from the user.

  The music player 300 is an example of the non-network device 11 according to the first embodiment of the present invention. The music player 300 includes a data processing device 301, a storage area 305, and a storage area 306. The storage area 305 and the connection information 331 and authentication information A332 stored in the storage area 305 are equivalent to the storage area 205 and the connection information 231 and authentication information A232 stored in the storage area 205. Further, the certification information X333 and the content 334 stored in the storage area 306 and the storage area 306 are equivalent to the certification information X233 and the content 234 stored in the storage area 206 and the storage area 206.

  The data processing device 301 includes a connection unit 302, an authentication unit 303, and a content reception unit 304. As a difference from the connection unit 202, the connection unit 302 makes a connection response in response to a connection request from the PC 310. As a difference from the authentication unit 203, the authentication unit 303 establishes the session A in response to the session A establishment request from the PC 310. Further, the authentication unit 303 transmits the certification information X333 in response to the certification information transfer request from the PC 310.

  The content receiving unit 304, unlike the content receiving unit 204, verifies and decrypts the received content when receiving the content transferred from the PC 310 without transmitting a download request.

  The PC 310 is an example of the relay terminal 12 according to the first embodiment of the present invention. The PC 310 includes a data processing device 311, a storage area 315, and an input device 316. Note that the storage area 315 and the connection information 335, authentication information A339, and authentication information B340 stored in the storage area 315 are equivalent to the connection information 235, authentication information A239, and authentication information B240 stored in the storage area 215 and the storage area 215. It is.

  The data processing device 311 includes a connection unit 312, an authentication substitution unit 313, and a content transmission / reception substitution unit 314. The connection unit 312 makes a connection request to the music player 300 in response to an input from the input device 316 as a difference from the connection unit 212. The authentication alternative means 313 makes a session A establishment request to the music player 300 as a difference from the authentication alternative means 213. The content transmission / reception alternative unit 314 transmits a download request to the music distribution server 320 as a difference from the content transmission / reception alternative unit 214. Further, the content transmission / reception alternative unit 314 transfers the download response received from the music distribution server 320 to the music player 300.

  FIG. 14 is a sequence diagram showing an overall flow of the data transfer method according to the fourth embodiment of the present invention. First, the input device 316 of the PC 310 receives an input operation for a content acquisition request from the user (S310).

  Next, the connection unit 312 creates a connection start request for starting Internet communication, and transmits it to the connection unit 302 (S321). At this time, the connection unit 312 stores connection information 335, which is information necessary for starting connection, in the storage area 315. The connection unit 302 receives the connection start request from the connection unit 312 and analyzes the connection start request. The connection unit 302 creates a connection start response and transmits it to the connection unit 312 (S322). At this time, the connection unit 302 stores connection information 331, which is information necessary for starting connection, in the storage area 305.

  Thereafter, the connection unit 312 receives a connection start response from the connection unit 302 and activates the authentication substitution unit 313 and the content transmission / reception substitution unit 314. At this time, the connection unit 312 updates the connection information 335 stored in the storage area 315. Thereafter, communication between the music player 300 and the music distribution server 320 via the PC 310 becomes possible.

  Subsequently, the PC 310 performs session establishment processing with each of the music player 300 and the music distribution server 320 (S330). This enables authenticated communication between the music player 300 and the music distribution server 320. Details of the session establishment process will be described later with reference to FIG.

  Then, the PC 310 performs a data transfer process of the encrypted data between the music player 300 and the music distribution server 320 (S350). Details of the data transfer process will be described later with reference to FIG. Thereafter, the PC 310 performs a session end process with each of the music player 300 and the music distribution server 320 (S370). Thereby, the authenticated communication between the music player 300 and the music distribution server 320 ends. Details of the session end process will be described later with reference to FIG.

  Thereafter, the connection unit 312 creates a connection termination request for terminating the Internet communication, and transmits it to the connection unit 302 (S381). Then, the connection unit 302 receives the connection end request from the connection unit 312 and ends the communication with the PC 310. At this time, the connection unit 302 discards the connection information 331 stored in the storage area 305. Thereafter, the connection unit 302 creates a connection end response and transmits it to the connection unit 312 (S382).

  Then, the connection unit 312 receives the connection end request from the connection unit 302 and ends the communication with the music player 300. At this time, the connection unit 312 discards the connection information 335 stored in the storage area 315. Thereby, the communication between the music player 300 and the music distribution server 320 ends.

  FIG. 15 is a sequence diagram showing a flow of session establishment processing according to the fourth embodiment of the present invention. First, the authentication alternative unit 313 creates a session A establishment request and transmits the session A establishment request to the connection unit 302 (S331). Here, it is assumed that authentication alternative means 313 includes a session key type such as a random number in the session A establishment request. At this time, the authentication alternative means 313 stores information necessary for authentication such as a session key calculated from the session key type included in the session A establishment request and verification information in the storage area 315 as authentication information A339.

  Subsequently, the authentication unit 303 receives the session A establishment request from the authentication alternative unit 313, analyzes the session A establishment request, and includes the authentication information A332 including the session key calculated from the session key type included in the session A establishment request. Is stored in the storage area 305. That is, the authentication unit 303 authenticates the PC 310 and establishes a session A between the PC 310 and the music player 300 (S332).

  Further, the authentication unit 303 creates a session A establishment response and transmits a session A establishment response to the authentication alternative unit 313 (S333). At this time, the authentication unit 303 updates the authentication information A 332 stored in the storage area 305.

  Subsequently, the authentication alternative unit 313 receives the session A establishment response from the authentication unit 303, analyzes the session A establishment response, and updates the authentication information A239 stored in the storage area 315. That is, the authentication alternative unit 313 authenticates the music player 300 and establishes a session A between the music player 300 and the PC 310 (S334).

  Subsequently, the authentication alternative unit 313 creates a certification information transfer request, encrypts and signs it with the authentication information A339, and transmits the certification information transfer request to the authentication unit 303 (S335). At this time, the authentication alternative unit 313 updates the authentication information A339 stored in the storage area 315.

  The authentication unit 303 receives the certification information transfer request from the authentication alternative unit 313, and verifies the certification information transfer request with the authentication information A332 (S336). If the authentication unit 303 determines that the request is valid as a result of the verification, the authentication unit 303 decrypts and analyzes the proof information transfer request using the authentication information A332, and updates the authentication information A332 stored in the storage area 305.

  Thereafter, the authentication unit 303 acquires the certification information X333 from the storage area 306. Then, the authentication unit 303 creates a certification information transfer response including the certification information X333, encrypts and signs it with the authentication information A332, and transmits the certification information transfer response to the authentication alternative unit 313 (S337). At this time, the authentication unit 303 updates the authentication information A332 stored in the storage area 305 including the certification information X333 included in the certification information transfer response. In the case of the public key cryptosystem, the authentication unit 303 further includes a secret key corresponding to the public key included in the certification information X333 in the certification information transfer request. The authentication unit 303 updates the authentication information A332 stored in the storage area 305 including the secret key.

  The authentication alternative unit 313 receives the proof information transfer response from the authentication unit 303 and verifies the proof information transfer response with the authentication information A339 (S338). As a result of the verification, if the authentication alternative means 313 determines that the response is a legitimate response, the authentication alternative means 313 decrypts and analyzes the proof information transfer response with the authentication information A339, and acquires the proof information X333. Then, the authentication alternative unit 313 stores the authentication information B 340 including the certification information X 333 in the storage area 315.

  Hereinafter, steps S339 to S342 are the same as steps S238 to S241, and thus the description thereof is omitted.

  FIG. 16 is a sequence diagram showing a flow of data transfer processing according to the fourth embodiment of the present invention. First, the content transmission / reception alternative unit 314 creates a content download request, adds a signature with the authentication information B340, and transmits the download request to the content transmission unit 323 (S352). Hereinafter, steps S353 to S357 are the same as steps S253 to S257, and thus description thereof is omitted. However, the download A response is transfer data.

  Thereafter, the content transmission / reception alternative unit 314 transmits the signed transfer data to the content reception unit 304 (S358). At this time, the content transmission / reception alternative means 314 updates the fact that it has been transmitted to the authentication information A339 stored in the storage area 315.

  Thereafter, the content receiving unit 304 receives the transfer data from the content transmission / reception alternative unit 314, and verifies and decrypts the content using the authentication information A332 (S359). Then, the content receiving unit 304 creates a content transfer response, adds a signature with the authentication information A332, and transmits it to the content transmission / reception alternative unit 314 (S360).

  FIG. 17 is a sequence diagram showing a flow of session end processing according to the fourth embodiment of the present invention. First, steps S371 to S374 are the same as steps S275 to S278, and thus description thereof is omitted.

  Next, the authentication alternative unit 313 creates a session A termination request for terminating the session A between the music player 300 and the PC 310, and transmits it to the authentication unit 303 (S375).

  The authentication unit 303 receives the session A termination request from the authentication alternative unit 313, analyzes the session A termination request, and terminates the session A with the PC 310 (S376). Specifically, the authentication unit 303 discards the authentication information A332 stored in the storage area 305. Thereafter, the authentication unit 303 creates a session A end response and transmits it to the authentication alternative unit 313 (S377).

  The authentication alternative unit 313 receives the session A end response from the authentication unit 303, analyzes the session A end response, and ends the session A with the music player 300 (S378). Specifically, the authentication alternative unit 313 discards the authentication information A339 stored in the storage area 315.

  As described above, according to the fourth embodiment of the present invention, music content can be safely transmitted from the music distribution server 320 to the music player 300. The reason is that the PC 310 substitutes communication, substitutes mutual authentication between the music player 300 and the music distribution server 320, encrypts the music content, adds a signature, and transmits / receives it.

  Further, according to the fourth embodiment of the present invention, the usage amount of the storage area and the CPU usage amount of the music player 300 can be reduced. The reason is that 3C210 substitutes for authentication between the music player 300 and the music distribution server 320, so that it is not necessary to hold authentication information with the music distribution server 320. Moreover, since the authentication process with the music distribution server 300 is not directly performed, the usage amount of the CPU can be reduced.

  Further, according to the fourth embodiment of the present invention, the usage amount of the storage area and storage area of the PC 310 can be reduced. The reason is that the PC 310 only substitutes authentication and content transmission / reception between the music player 300 and the music distribution server 320, and holds information for authenticating itself and the music distribution server 310 in the storage area and the storage area. This is because there is no need.

  Further, according to the fourth embodiment of the present invention, the usage amount of the storage area and the storage area of the music distribution server 320 can be reduced. The reason is that the music distribution server 320 authenticates with the music player 300 via the PC 310, so that it is not necessary to store information for authenticating the PC 310 in the storage area and the storage area.

  Further, according to the fourth embodiment of the present invention, the time required for authentication can be shortened. The reason is that the PC 310, which has a higher processing speed than the music player 300, replaces authentication based on a heavy processing between the music player 300 and the music distribution server 320.

<Other embodiments of the invention>

  According to the present invention, a music player having no Internet communication function is connected to a PC, and the present invention can be applied to the usage of acquiring music contents safely from a music distribution server. Further, the present invention can also be applied to an application in which an RFID (Radio Frequency Identification) reader / writer having no Internet communication function is connected to a PC and an RFID protocol program is acquired safely from an RFID protocol distribution server. The present invention can also be applied to applications such as safely transferring mouse acceleration table information to a PC on the Internet. Further, the present invention can also be applied to a use in which keystroke information on a keyboard is securely transferred to a PC on the Internet. Further, the present invention can also be applied to an application in which an update program is securely transferred from a PC on the Internet to a multifunction keyboard. Further, the present invention can also be applied to applications such as safely transferring image content and moving image content captured by a camera to a PC on the Internet. Further, the present invention can also be applied to a purpose of safely outputting audio data from a PC on the Internet to a speaker. Further, the present invention can also be applied to a purpose of safely transferring voice data input with a microphone to a PC on the Internet. Further, the present invention can be applied to a purpose of safely outputting image data from a PC on the Internet to a printer. Further, the present invention can also be applied to applications such as securely transferring image data captured by a scanner to a PC on the Internet. Further, the present invention can also be applied to a purpose of safely outputting image data from a PC on the Internet to a display. Further, the present invention can also be applied to a purpose of safely transferring data from a PC on the Internet to an external storage device. Further, the present invention can also be applied to applications such as securely transferring data from a PC on the Internet to an IC (Integrated Circuit) card reader / writer. Moreover, it is applicable also to the use which transfers safely to PC on the internet input with the biometrics authentication device.

  Furthermore, the present invention is not limited to the above-described embodiments, and various modifications can be made without departing from the gist of the present invention described above.

DESCRIPTION OF SYMBOLS 1 Data transfer system 11 Non-network apparatus 12 Relay terminal 13 Network 14 Server 15 Connection alternative means 16 Transfer relay means 17 1st certification | authentication information 18 2nd certification | authentication information 10 Data transfer system 100 Music player 101 Data processing apparatus 102 Connection means 103 Authentication means 104 Content receiving means 105 Storage area 106 Storage area 107 Input device 110 PC
DESCRIPTION OF SYMBOLS 111 Data processing apparatus 112 Connection means 113 Communication alternative means 114 Storage area 120 Music distribution server 121 Data processing apparatus 122 Authentication means 123 Content transmission means 124 Storage area 125 Storage area 131 Connection information 132 Authentication information 133 Certification information X
134 Content 135 Connection Information 136 Authentication Information 137 Certification Information Y
138 Content 20 Data transfer system 200 Music player 201 Data processing device 202 Connection unit 203 Authentication unit 204 Content reception unit 205 Storage area 206 Storage area 207 Input device 210 PC
211 Data processing device 212 Connection unit 213 Authentication substitution unit 214 Content transmission / reception substitution unit 215 Storage area 220 Music distribution server 221 Data processing unit 222 Authentication unit 223 Content transmission unit 224 Storage area 225 Storage area 231 Connection information 232 Authentication information A
233 certification information X
234 Content 235 Connection information 236 Authentication information B
237 certification information Y
238 Content 239 Authentication information A
240 Authentication information B
DESCRIPTION OF SYMBOLS 30 Data transfer system 300 Music player 301 Data processing apparatus 302 Connection means 303 Authentication means 304 Content reception means 305 Storage area 306 Storage area 310 PC
311 Data processing device 312 Connection means 313 Authentication alternative means 314 Content transmission / reception alternative means 315 Storage area 316 Input device 320 Music distribution server 321 Data processing apparatus 322 Authentication means 323 Content transmission means 324 Storage area 325 Storage area 331 Connection information 332 Authentication information A
333 certification information X
334 Content 335 Connection information 336 Authentication information B
337 Certification Information Y
338 Content 339 Authentication information A
340 Authentication information B

Claims (6)

A first mutual authentication step of performing mutual authentication between a relay terminal and a non-network device connected to the relay terminal, and generating first authentication information;
When mutual authentication is performed in the first mutual authentication step, the relay terminal receives first certification information that proves the validity of the non-network apparatus from the non-network apparatus, and connects the relay terminal and the network. Transmitting the received first certification information to a server connected via the server, receiving second certification information for certifying the validity of the server from the server, between the relay terminal and the server A second mutual authentication step of performing mutual authentication and generating second authentication information;
If it is mutual authentication by the second mutual authentication step, and the non-network device, between the servers, a connection establishment step of establishing a communication connection,
Based on the communication connection established in the connection establishment step, relaying data transfer between the non-network device and the server by encrypted communication using the first certification information and the second certification information. A forwarding relay step to be performed;
Only including,
In the forwarding relay step, the relay terminal verifies and decrypts the first data received from the server with the second authentication information, and uses the decrypted first data as the first authentication information. Encrypting and signing based on it to generate second data, and transmitting the second data to the non-network device;
Data transfer method. The second mutual authentication step includes
Before SL server, if it is determined as valid by verifying the first certificate information transmitted from the relay terminal, to authenticate the relay terminal,
Before SL relay terminals, when it is determined that the authenticity by verifying the second certificate information transmitted from the server, by authenticating the server, a mutual authentication between said relay terminal server Do,
The data transfer method according to claim 1, wherein: A data transmission request step of transmitting a data transmission request signed by the first certification information from the relay terminal to the server based on the established communication connection;
In the server, when the data transmission request received from the relay terminal is determined to be a valid request by verification using the first certification information, the requested data is encrypted using the first certification information. turned into to create a response data, the response sending to said relay terminal, as the first data the response data signed by the second certification information, Ru further comprising a
The data transfer method according to claim 1 or 2, characterized in that A non-network device having first certification information for certifying its own validity and capable of communicating with the first communication protocol;
A server having second certification information for certifying its own validity and capable of communicating with the second communication protocol;
A relay terminal that is communicably connected to the non-network device according to the first communication protocol, and is connected to the server via the network so as to be communicable according to the second communication protocol,
The non-network device includes first authentication means and data reception means,
The relay terminal includes second authentication means, certification information transfer means, third authentication means, connection alternative means, and transfer relay means,
The server includes a fourth authentication unit and a data transmission unit,
The second authentication means generates second authentication information used for authenticated communication with the non-network device by authenticating the non-network device,
The first authentication unit generates first authentication information used for authenticated communication with the relay terminal by authenticating the relay terminal;
The certification information transfer means receives the first certification information from the non-network device when authenticated by the first authentication means and the second authentication means, and receives the first certification information from the non-network device. Send proof of
The fourth authentication means receives the first certification information from the relay terminal and authenticates the relay terminal, thereby generating fourth authentication information used for authenticated communication with the relay terminal. And
The third authentication means receives the second certification information from the server and authenticates the server, thereby generating third authentication information used for authenticated communication with the server,
The connection alternatives, when it is authenticated by the third authentication means and said fourth authentication means, between the non-network device and the server, substitute the establishment of communications connections,
The data transmission means transmits the first data encrypted and signed based on the fourth authentication information to the relay terminal;
The transfer relay means verifies and decrypts the first data received from the server with the third authentication information, and encrypts and decrypts the decrypted first data based on the second authentication information. Signing to generate second data, sending the second data to the non-network device;
The data transfer system , wherein the data receiving means verifies and decrypts the second data received from the relay terminal using the first authentication information . Said fourth authentication unit, when it is determined as valid by examining the first certification information transferred from the relay terminal, to authenticate the relay terminal,
Before Symbol third authentication unit, when it is determined as valid by verifying the second certificate information transmitted from the server, authenticating the server,
Data transfer system according to claim 4, wherein the arc. The relay terminal further includes data transmission request means for transmitting a data transmission request signed by the first certification information to the server based on the established communication connection,
The server encrypts the requested data using the first certification information when the data transmission request received from the relay terminal is determined to be a valid request by verification using the first certification information. It turned into to create a response data, further Ru comprising a response means for transmitting to the relay terminal as the signed first data by the response data and the second certification information,
6. The data transfer system according to claim 4 or 5 , wherein:

Images