JP5865939B2 - Content transmitting apparatus and content transmitting method - Google Patents

Description

  The present invention relates to a transmission device and a content transmission method suitable for protecting the copyright of transmitted content when transmitting and receiving content such as video and audio via a network.

  When content is transmitted between digital AV devices, encryption is performed on the content transmission device side, and information for decryption is shared with the content reception device side, thereby being a transmission destination. Copy protection is implemented to prevent the creation of unlimited copies so that the content is not correctly received and decrypted by devices other than the content receiving device.

  As an example of such a copy protection method, there is a method described in Patent Document 1, for example, which is incorporated in a digital AV device. In the method described in Patent Document 1, content is “Copy free (can be copied without restriction)”, “Copy free with EPN asserted (can be copied without restriction with output protection)”, “Copy one generation (possible one generation copy)”, “No” It is classified and managed as “more copies (prohibit re-copying)” and “Copy never (copy-prohibited)”. The recording device records only the contents of “Copy free”, “Copy free with EPN asserted”, and “Copy one generation”. Once the “Copy one generation” content is recorded, it is handled as “No more copies” and is encrypted on the bus except for the “Copy free” content on the bus. By performing transmission by performing processing, so that not be a copy of unlimited content.

  In Patent Document 1 and Patent Document 2, in content transmission in a wired or wireless network, content that is subject to copyright protection such as a broadcast program recorded in the home is not distributed unrestrictedly outside the home. A technique for determining that the network is a home network is disclosed.

JP 2005-269288 A JP2007-36351

  Users who have devices used in mobile environments such as notebook PCs and portable terminals are highly demanded to use these devices to access home content from travel destinations, trains, etc. . On the other hand, the above-described conventional technology incorporates a function for confirming that the device on the transmission side and the device on the reception side are in the same house when the content subject to copyright protection is transmitted via a wired or wireless network. Yes. For this reason, it is not possible to access content that is subject to copyright protection from the outside.

In order to solve the above problem, a first aspect of the present invention, there is provided a content transmission device that transmits content to a connected content receiving apparatus on the network, the content receiving apparatus connected before SL network and data The communication processing unit that transmits / receives and the content receiving device connected to the network based on the authentication request from the content receiving device connected to the network, through the communication processing unit, the first A device authentication processing unit that performs authentication based on a first authentication method for sharing key information or authentication based on a second authentication method for sharing second key information; and the first authentication method. Information about the content receiving device via the communication processing unit from the content receiving device in the house that has performed authentication based on and shared the first key information When receiving the extra-residential access device registration request I, a home access device registration unit for registering the device information on the content receiving apparatus as the registration information, the first key information and the second key information An encryption processing unit that encrypts content to be transmitted to the content receiving device via the communication processing unit, using the key information generated originally; the device authentication processing unit; the encryption processing unit; and the communication processing unit; And a control unit that controls the authentication request received from the content receiving apparatus to which the encrypted content is transmitted is the first authentication method or the second authentication method. determine, the control state of the control unit, when before SL is the first authentication method, service of the content receiving apparatus said content transmission apparatus of the network is connected When it is determined that the content receiver apparatus of premises connected to the same subnet as the Internet, by using the device authentication processing portion, the first authentication method connected content receiving apparatus on the home network based on authenticate, using said encryption processing unit, a first control for controlling so as to transmit from said communication processing unit encrypts the content to be transmitted using the generated key information to the first original key information If the state and a pre-Symbol authentication request of the second authentication method, device information included in the authentication request for the second authentication method, using the home access device registration unit, the extra-residential access In order to enable access from outside the home using the device registration access destination information, it is determined whether or not it is registered as device information of the content receiving device that has been authenticated based on the first authentication method. And when the device information of the content receiving device is registered in the registration information, the device authentication processing unit is used to authenticate the content receiving device based on the second authentication method, using the encryption processing unit, there is a second control state for controlled so by that sends from the communication processing unit encrypts the content using the generated key information to the second based on key information It is characterized by that.

  If the device registration process for home access is executed in advance with the content transmission device in the house, and only the content reception device that has succeeded in these processes, the device authentication process dedicated to the home is executed from outside the home. Can be watched. Thereby, a legitimate user can view the contents in the house from outside the house without exceeding the range of personal use, and the convenience for the user is improved.

It is explanatory drawing which showed the example of 1 structure of the system. It is explanatory drawing which showed the example of 1 structure of the content transmitter. It is explanatory drawing which showed the example of 1 structure of the portable terminal (contents receiver). It is explanatory drawing which showed the example of 1 structure of the apparatus information management part. It is explanatory drawing which showed the example of 1 structure of management information. It is explanatory drawing which showed an example of the apparatus authentication process sequence implemented between a content receiver and a content transmitter. It is explanatory drawing which showed an example of the apparatus registration process sequence for outside access implemented between a content receiver and a content transmitter. It is explanatory drawing which showed the example of 1 structure of the information table for remote access. It is explanatory drawing which showed an example of the apparatus authentication process sequence for the outside access implemented between a content receiver and a content transmitter. It is explanatory drawing which showed an example of the content viewing-and-listening processing sequence from the outside implemented between a content receiver and a content transmitter. It is explanatory drawing which showed an example of the apparatus registration process sequence for outside access implemented between a content receiver and a content transmitter. It is explanatory drawing which showed an example of the apparatus authentication process sequence for the outside access implemented between a content receiver and a content transmitter. It is explanatory drawing which showed an example of the content viewing-and-listening processing sequence from the outside implemented between a content receiver and a content transmitter. It is explanatory drawing which showed an example of the apparatus registration process sequence for outside access implemented between a content receiver and a content transmitter. It is explanatory drawing which showed the example of 1 structure of the management table. It is explanatory drawing which showed an example of the apparatus authentication process sequence for the outside access implemented between a content receiver and a content transmitter. It is explanatory drawing which showed the example of data in the case of transmitting a content using a HTTP protocol in the content viewing process from a house between a content receiver and a content transmitter. For device information stored in the device information storage unit, when device registration processing for access outside the home is performed at home or when it is performed from outside the home, the validity period is managed using different counter values for home use It is an example of 1 structure. It is an example of a configuration when an expiration date is set for an out-of-home access password in a management table in device information stored in the device information storage unit. It is an example of an out-of-home access device registration information deletion process when the content receiving device deletes out-of-home access device information registered in the out-of-home device information table or out-of-home access device (out-of-home registration) information table. It is an example of an out-of-home access device (outside home registration) information table in device information stored in the device information storage unit when an out-of-home access password is set for each registered device. It is an example of the access destination information acquisition process sequence for remote access apparatus registration. It is an example of 1 apparatus information of the content transmission apparatus which supports the access outside a house. This is a configuration example of threshold information 8000 for storing various thresholds and setting values used by the device authentication processing unit 108. Outside the home when the device authentication process for outside access is performed between the content transmitting device 100 at the user home 1 and the content receiving device 200 at the outside location 2 using the same authentication request as the normal device authentication processing Access device authentication process When transmitting content from a content transmission device in the user's home 1 to a content reception device in the same home, check whether remote transmission of the content reception device can be controlled using a remote access flag It is an example of the procedure of the apparatus authentication process with the confirmation of the possibility of outside re-transmission control for performing. It is an example of the remote access flag setting process in the control part of a content transmitter. It is a structural example of a retransmission condition table indicating conditions for permitting retransmission of content outside the house. It is an example of a configuration of an in-home device information table managed by the device information management unit of the content transmission device when controlling remote retransmission of the content of the content reception device using a remote access flag. It is an example of a content transmission processing procedure to a home between a content transmission device and a content reception device when controlling remote retransmission of the content reception device using a remote access flag. It is a configuration example of a packet monitoring table 9100 used when filtering by TTL is performed for each port number in the communication processing unit of the content transmission apparatus. It is an example of the procedure of packet filtering processing S3200 when filtering by TTL is performed for each port number. This is a configuration example of the connection management table 9200 used when the device authentication processing unit of the content transmission apparatus performs filtering of device authentication processing packets by TTL for each TCP connection. It is an example of a procedure of a packet reception process S3400 when filtering a device authentication process packet using a connection management table. It is the block diagram which showed an example of the system configuration | structure and the flow of content. It is an example of a re-transmission control procedure in the case where the content transmitted from the content transmitting apparatus 100 to the content transmitting / receiving apparatus 700 at the user home 1 is further retransmitted to the content transmitting / receiving apparatus 600 of the user-specific home 4 outside the home. Procedure of re-transmission control when the content transmitting apparatus 100 of the user home 1 retransmits the content transmitted to the content transmitting / receiving apparatus 500 of the user-specific home 4 to the content transmitting / receiving apparatus 400 of the outside location 2 that is outside another home. It is an example. After the content transmitted from the content transmitting device 100 of the user home 1 to the content transmitting / receiving device 600 of the user-specific home 4 is transmitted to the content transmitting / receiving device 500 of the user-specific home 4, the content receiving device of the outside location 2 that is further outside the home 4 is a procedure example of retransmission control when transmitting to 400. It is an example of remote access flag setting processing S3900 in the control unit 115 of the content transmitting apparatus 100. FIG. 20 is a configuration diagram illustrating an example of a content flow in Example 12. It is the block diagram which showed an example of the flow of the content in Example 13. It is the block diagram which showed an example of the flow of the content in Example 14. It is the block diagram which showed an example of the flow of the content in Example 15. The content transmitted from the content transmission device 100 of the user home 1 to the content transmission / reception device 700 is further transmitted to the content transmission / reception device 800 of the user home 1, and further retransmitted when attempting to transmit to the content transmission / reception device 600 of the user-specific home 4 It is an example of a control procedure. It is an example of a procedure of an out-of-home access device registration process executed in advance between the content transmitting apparatus 100 and the mobile terminal 200 in advance. The content to be transmitted from the content transmitting apparatus, which is an example of the configuration of retransmission condition table 9 3 00 indicating the condition for permitting re-transmission to the outside the house.

  Embodiments will be described with reference to the drawings.

  FIG. 1 shows a system configuration example. In the user home 1, the content transmission device 100 and the content reception device 300 are connected to the network hub device 11 via a wired LAN cable, and the network hub device 11 is connected to the router 12. The router 12 is connected to the Internet 3 via a modem or a photoelectric converter.

When the user is away (for example, a hotel or a company) 2, the user's mobile terminal 300 can communicate with the wireless access point 22 and can be connected to the Internet 3 via the router 12 . In addition, the content receiving device 400 installed outside the office is connected to the Internet 3 via the router 12 .

  In the user-specific home 4, the content transmission / reception device 500 and the content transmission / reception device 600 are connected to the network hub device 11 via a wired LAN cable, and the network hub device 11 is connected to the router 12. The router 12 is connected to the Internet 3 via a modem or a photoelectric converter.

  In the network, standard IP (Internet Protocol) is used as a network protocol, and TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) are used as upper transport protocols. For transmission of content, higher-level application protocols such as RTP (Real-time Transport Protocol), HTTP (Hyper Text Transfer Protocol), FTP (File Transfer Protocol) and the like are used. Note that IP has IPv4 and IPv6 as the version differences, but is not limited to either.

  The content transmitting apparatus 100, the portable terminal 200, the content receiving apparatus 300, the content receiving apparatus 400, the content transmitting / receiving apparatus 500, the content transmitting / receiving apparatus 600, and the router 12 each have an IP address that identifies itself on the IP network. A 48-bit MAC (Media Access Control) address is given to the interface unit of each network communication processing circuit. For setting the IP address to each device, for example, the router 12 or the router 21 may be operated as a DHCP server by DHCP (Dynamic Host Configuration Protocol), and the IP address of each device may be allocated from here.

  When IPv6 (Internet Protocol Version 6) is used, each device can determine its own IP address from the upper 64 bits of the IP address of the router 12 and the MAC address by a method called stateless automatic setting. Here, in FIG. 1, each device in the user's home 1 is connected by a wired LAN, but a LAN using a wireless access point may be used. Alternatively, the hub 11 and the router 12 may be integrated.

  FIG. 2 is a configuration example of the content transmission apparatus 100. The content receiving device 300, the content transmitting / receiving device 400, the content transmitting / receiving device 500, and the content transmitting / receiving device 600 have the same configuration. The content transmission apparatus 100 includes a tuner 101, a demultiplexer 103, a decoder 104, a display unit / speaker 105, a digital input terminal 106, a digital output terminal 116, an input processing unit 107, a device authentication processing unit 108, a device information management unit 109, a recording / Reproduction processing unit 110, recording unit 111, encryption / decryption processing unit 112, communication processing unit 113, digital input / output terminal 114, control unit 115, and time management unit 120.

  The tuner 101 selects a desired channel from a plurality of channels received via an antenna 10 from a broadcast station or satellite, and demodulates a digitally modulated program. The demultiplexer 103 extracts audio data, video data, program information, data, copy control information, and the like from the broadcast program. Note that after the extraction, the extracted broadcast program may be descrambled.

The decoder 104 decodes the compressed audio data and video data included in the broadcast program input via the tuner 101, the content stored in the recording unit 111 or the content received from the digital input / output terminal 114, and Expands to audio and video signals. The display unit / speaker 105 reproduces the output signal from the decoder 104 and the signal input from the digital input terminal 106. It may be external rather than internal . Digital input terminal 106 inputs the digital data uncompressed from an external device. The digital output terminal 116 outputs uncompressed digital data to an external device. The input processing unit 107 operates the content transmission apparatus 100 by using a remote control or a touch panel by a user.

  The device authentication processing unit 108 is a device that is mutually authorized by a specific authentication protocol with another AV device in order to transmit the content subject to copyright protection via a wired or wireless IP network. Authenticates the existence of a key and shares the key used for content encryption / decryption. The device information management unit 109 manages information regarding the AV device successfully authenticated by the device authentication processing unit 108 and information necessary for the device authentication processing unit 108 to perform device authentication.

  The recording / playback processing unit 110 performs recording control for recording content in the recording unit 111 and playback control for playing back content recorded in the recording unit 111. The recording unit 111 is a memory that records a broadcast program. In addition, a removable HDD, an optical disk, a memory card, and a hybrid form combining these may be used.

  The encryption / decryption processing unit 112 decrypts the broadcast program input via the tuner 101, the content stored in the recording unit 111, and the like according to a predetermined procedure predetermined for each input path and recording medium. In addition, when the broadcast program input via the tuner 101 is recorded in the recording unit 111, the program is encrypted according to a predetermined procedure predetermined for each recording medium. Further, the content received via the digital input / output terminal 114 via the network is encrypted or decrypted using the key shared by the device authentication processing unit 108.

  The communication processing unit 113 is a broadcast program input via the tuner 101 to other devices connected via the digital input / output terminal 114, content stored in the recording unit 111, the device authentication processing unit 108, and control. The control command generated by the unit 115 is transmitted. In addition, content is received from other devices connected via a network via the digital input / output terminal 114.

  Content that has an identification code other than “Copy free”, such as “Copy free”, “Copy one generation”, “No more copies”, or “Copy never”, which indicates how to handle it, is encrypted. Sent and received.

  The digital input / output terminal 114 inputs / outputs contents and control commands via the network. The control unit 115 comprehensively controls the operation of each unit in the content transmission apparatus 100.

  The time management unit 120 manages time using time information included in a broadcast signal input via the tuner 101 and time information provided by an NTP (Network Time Protocol) server existing on the Internet 3. NPT is a protocol for synchronizing a clock held by a device to the correct time in a device connected to a network.

  FIG. 3 is a configuration example of a mobile terminal (content receiving device) 200. The portable terminal 200 includes a tuner 101, a demultiplexer 103, a decoder 104, a display unit / speaker 105, a digital output terminal 116, a camera imaging unit 201, a communication processing unit 113, an input processing unit 107, a device authentication processing unit 108, and device information management. Unit 109, recording / playback processing unit 110, recording unit 111, encryption / decryption processing unit 112, wireless encryption / decryption processing unit 202, wireless communication processing unit 203, control unit 115, and time management unit 120.

  The camera imaging unit 201 is a part that photographs with a camera. The recording unit 111 is a non-volatile memory that stores moving images / still images taken by the camera imaging unit 201, programs received via the tuner 101, information such as personal information and an address book. A built-in or removable memory form is conceivable.

The wireless encryption / decryption processing unit 202 encrypts / receives content received via the wireless network via the wireless communication processing unit 203 or content output from the encryption / decryption processing unit 112 using an encryption algorithm for the wireless network. This is the part to be decrypted . Radio communications processor 203 is a part that transmits and receives contents or control commands to and from the wireless access point 22 or other AV device connected in a wireless LAN. Other parts are the same as those of the content transmitting apparatus 100.

  FIG. 4 is a configuration example of the device information management unit 109 in each device. The device information management unit 109 includes a timer 1091, a device information update unit 1092, and a device information storage unit 1093.

  The timer 1091 is used when the device authentication processing unit 108 confirms whether or not an authentication partner device exists in the house, or when the expiration date of registration information stored in the device information storage unit 1093 described later is managed. This is the part used for time measurement. The device information update unit 1092 is a part that manages the expiration date of registration information held in a device information storage unit 1093 described later and performs registration / update / deletion as necessary. The device information storage unit 1093 is a part that holds information related to the authentication partner device when the device authentication processing unit 109 succeeds in device authentication.

  FIG. 5 is a configuration example of device information 5000 stored in the device information storage unit 1093. The device information 5000 includes a management table 5100 and a device information table 5200. The management table 5100 includes a device authentication maximum number 5101, an out-of-home registration maximum number 5102, an in-home counter maximum value 5103, an out-of-home counter maximum value 5104, a simultaneous access maximum number 5105, and an out-of-home simultaneous access maximum number 5106.

Equipment authentication maximum number 5101 indicates the maximum number of device authentication can be executed between the transmitter and a receiver of the content by using the device authentication processing portion 108. The maximum number of out-of-home registrations 5102 indicates the maximum number of out-of-home access devices that can be registered. The home counter maximum value 5103 indicates the maximum value of the home counter set in the timer 1091.

  The home counter maximum value 5104 indicates the maximum value of the home counter set in the timer 1091. The simultaneous access maximum number 5105 indicates the maximum number that permits a content access request. The maximum number of outside accesses 5106 indicates the maximum number that permits a content access request from outside the house.

  On the other hand, the device information table 5200 includes an ID 5201, a device ID 5202, address information 5203, a home counter value 5204, a remote access key 5205, an access status 5206, and a remote counter value 5207. ID5201 indicates the registration number of the table.

  The device ID 5202 indicates an identifier for uniquely identifying each device. The device ID 5202 is information unique to a device that is generated by a specific certification authority and is stored in advance in a nonvolatile memory when each device is manufactured, and has a unique value for each device. In addition, information such as a public key may be included.

  Address information 5203 indicates the IP address, MAC address, and the like of each device on the network. The home counter value 5204 indicates the current value of the home counter set in the timer 1091.

  An out-of-home access key 5205 indicates key information used in authentication / encryption / decryption processing when content is transmitted among the home, the content transmission device, and the content reception device outside the home. The access status 5206 indicates a transmission status (for example, stop / in-home / out-of-home) between the content transmission device and the reception device. An out-of-home counter value 5207 indicates the current value of the out-of-home counter set in the timer 1091.

  The management table 5100 uses the home counter maximum value 5104 in addition to the home counter maximum value 5103, and the device information table uses the home counter 5207 in addition to the home counter 5204, so Access is managed separately, and restrictions different from in-home access can be applied to out-of-home access.

  1 is an internal network of the user home 1 having the router 12 as a boundary with the outside in the configuration of FIG. 1, an internal network of the destination 2 having the router 12 of the destination 2 as an external boundary, and a router of the user-specific home 4 This is an internal network of the user-specific home 4 having 12 as a boundary with the outside. Here, home has the same meaning as home. The term “outside of the house” refers to a network on the Internet 3 side of the house with the router 12 as a boundary.

  The in-home access is a connection between devices in the internal network in the configuration of FIG. 1, and is an access from a home device to the same in-home device without passing through a router for viewing and listening to content. In addition, the outside access is a connection from outside the house to a device in the house, and is to access the in-home device from the outside device via the Internet via the router to view content.

  Also, by managing the out-of-home access key 5205 for each ID, it is possible to distribute the individual out-of-home access key to each device and perform access management. In addition, by setting the maximum simultaneous access number 5105 and the maximum remote access number 5106 in the management table 5100 and managing the access status for each ID in the device information table, the total number of accesses inside and outside the house, The number of accesses can be limited.

  FIG. 24 is a configuration example of threshold information 8000 for storing various threshold values and setting values used by the device authentication processing unit 108. The threshold information 8000 includes a TTL table 8100 and an in-home confirmation threshold table 8200.

  The TTL table 8100 is composed of an in-home restriction TTL value 8101 and an out-of-home transmission TTL setting value 8102. The home restriction TTL value 8101 is a packet transmitted by the content transmission device and the content reception device in the authentication process when the content transmission device transmits content to the content reception device in the same home and when registering outside the home access device. The TTL value to be set is shown.

  The value of the TTL value 8101 for in-home restriction is that the received packet is sent from outside the house in the authentication process when the content transmitting apparatus transmits the content to the same in-house content receiving apparatus and when registering for outside access. It is also used as a threshold value for determining whether or not the packet is transmitted.

  The TTL setting value 8102 for remote transmission is used as a value to be set in a packet transmitted by the content transmitting apparatus and the content receiving apparatus at the time of remote access device authentication. The TTL setting value 8102 for outside transmission is set to a value larger than the TTL value 8101 for in-house restriction.

  Here, TTL is a value representing the valid period of a packet, and the value decreases by 1 each time the packet passes through a router or the like once. A packet whose TTL is 0 is discarded at that time. Therefore, by setting the TTL to a sufficiently small value, packet transfer outside the home can be prevented.

  The in-home confirmation threshold value table 8200 includes an in-home confirmation timeout value (T) 8201 and an out-of-home registration in-house confirmation timeout value (T ′) 8202. The in-home confirmation timeout value (T) 8201 is used for determination for confirming that the content receiving device is in the same home in the device authentication process when the content transmitting device transmits content to the content receiving device.

  The in-home registration timeout value (T ′) 8202 for out-of-home registration is used for determination for the content transmitting apparatus to confirm that the content receiving apparatus to be registered is in the same house in the out-of-home access device registration processing. By setting the in-home registration timeout value (T ′) 8202 for out-of-home registration smaller than the in-house confirmation timeout value (T) 8201, more accurate in-house confirmation is performed for devices that perform outside access in the authentication process. Can do.

  FIG. 6 shows a device authentication process executed between the content transmitting device 100 and the content receiving device 300 in the user home 1 in the system configuration shown in FIG. 1 using each device and each information described above. It is a procedure. Hereinafter, the authentication process described in FIG. 6 is referred to as normal authentication.

  Here, TCP is used as a protocol for transmission / reception of information for device authentication processing. When various information such as an authentication request to the other device and an authentication response to the other device is transmitted, the reception confirmation is received from the other device. As a result, a communication path capable of detecting a transmission error is secured. In FIG. 6, data transmission / reception for establishing and discarding a connection by TCP is omitted.

  Data transmitted and received between the content transmission device 100 and the content reception device 300 is transmitted as an IP packet. In the device authentication process S600, the content transmitting device 100 and the content receiving device 300 monitor the TTL (Time To Live) of the received packet, and a TTL value exceeding the TTL value 8101 for in-home restriction in the TTL table 8100 is set. The access from outside the user home 1 is prevented by discarding the received packet.

  Therefore, the content transmitting apparatus 100 and the content receiving apparatus 300 set the TTL of the packet to be transmitted to be equal to or less than the TTL value for home restriction 8101 in the TTL table 8100.

  First, an authentication request is created from the content receiving device 300 side. The device authentication processing unit 108 of the content receiving device 300 attaches the device-specific information including the device ID described above to the authentication request and a certificate for the device-specific information to the content transmitting device 100 via the communication processing unit 113. Send (S601).

  When the device authentication processing unit 108 of the content transmission device 100 receives the authentication request via the communication processing unit 113 and sends a reception confirmation to the content reception device 300 (S602), the device authentication processing unit 108 of the content transmission device 100 is An authentication request is generated from the user side, and the unique information of the content transmitting apparatus 100 and its certificate are attached to the content receiving apparatus 300 as in the case of the content receiving apparatus (S603).

  The device authentication processing unit 108 of the content receiving device 300 receives the authentication request and sends a reception confirmation to the content transmitting device 100 (S604). Next, the device authentication processing unit 108 of the content transmitting apparatus 100 verifies each piece of information received in the authentication request, and sends an authentication response with parameters necessary for generating key information to the content receiving apparatus 300 (S605). .

  The device authentication processing unit 108 of the content receiving apparatus 300 receives the authentication response and sends the reception confirmation to the content transmitting apparatus 100 (S606), creates an authentication response from its own side, and is the same as in the case of the content transmitting apparatus. An authentication response with parameters necessary for generating key information is sent to the content transmitting apparatus 100 (S607), and an authentication key common to the content transmitting apparatus 100 is generated using the necessary parameters.

  The device authentication processing unit 108 of the content transmitting apparatus 100 receives the authentication response and sends a reception confirmation to the content receiving apparatus 300 (S608). Similar to the content receiving apparatus, the device authentication processing unit 108 uses the necessary parameters in common with the content receiving apparatus 300. Generate an authentication key. Through the procedure so far, the device authentication processing unit 108 of the content transmission device 100 and the device authentication processing unit 108 of the content reception device 300 generate and share a common authentication key.

  Next, the content transmission device 100 registers the content reception device 300 in the device information table 5200 and sets a value in the home counter value 5204 in order to confirm whether the content reception device 300 is a device existing in the home. Check whether it is. If no value is set in the home counter value 5204 as a result of the confirmation, a message indicating that preparation for home confirmation is made is sent to the content receiving apparatus 300 (S609).

  When the device authentication processing unit 108 of the content receiving device 300 receives the notification of the in-home confirmation preparation and sends the reception confirmation to the content transmitting device 100 (S610), it creates the in-home confirmation preparation notification from its own side and transmits the content. The data is sent to the apparatus 100 (S611).

  When the device authentication processing unit 108 of the content transmitting apparatus 100 receives the notification of the in-home confirmation preparation and sends the reception confirmation to the content receiving apparatus 300 (S612), it sends the in-home confirmation setting request with the information necessary for in-home confirmation to the content. The data is sent to the receiving apparatus 300 (S613). The device authentication processing unit 108 of the content receiving device 300 receives the home confirmation setting request, performs message authentication code generation processing based on data included in the home confirmation setting request as preparation necessary for home confirmation, The data is sent to the transmission device 100 (S614).

  Upon receiving the reception confirmation, the device authentication processing unit 108 of the content transmission device 100 performs message authentication code generation processing based on the data transmitted to the content reception device 300 in S613, and starts the timer 1091 in the device information management unit 109. After that, in order to confirm whether the content receiving device 300 exists in the home, a home confirmation execution request including the message authentication code is sent to the content receiving device 300 (S615).

  The device authentication processing unit 108 of the content receiving apparatus 300 receives the in-home confirmation execution request and sends a reception confirmation including the message authentication code generated in S614 to the content transmitting apparatus 100 (S616).

  Upon receiving the reception confirmation, the device authentication processing unit 108 of the content transmitting apparatus 100 stops the timer 1091 and the measured value (T1) from when the home confirmation execution request is issued until the reception confirmation is received is the home confirmation threshold value. It is confirmed that the in-home confirmation timeout value (T) 8201 in the table 8200 has not been exceeded. Further, it is confirmed whether or not the message authentication code included in the received reception confirmation is correct.

  If the measured value (T1) ≦ the in-home confirmation timeout value (T) 8201 of the in-home confirmation threshold table 8200 and the received message authentication code is correct, the content receiving device 300 exists in the home and is within the range of personal use. It is determined that the device exists, and is sent to the content receiving device 300 as a home confirmation result (S617).

  On the other hand, if the measured value (T1)> in-home confirmation timeout value (T) 8201 in the in-house confirmation threshold table 8200, or if the received message authentication code is invalid, the content receiving apparatus 300 may exist outside the house. It is determined that there is a device or an unauthorized device, the subsequent processing is interrupted, and the device authentication processing is terminated. The device authentication processing unit 108 of the content receiving apparatus 300 that has received the in-home confirmation result confirms whether or not the message authentication code received in S615 is correct, and if it is determined to be correct, sends a reception confirmation to the content transmitting apparatus 100 (S618). ).

  S609 to S618 are home confirmation methods for home access in normal authentication. If the content receiving device 300 is registered in the device information table 5200 and a value is set in the home counter value 5204, the home confirmation process is omitted.

  On the other hand, if the received message authentication code is invalid, the subsequent processing is interrupted and the device authentication processing is terminated. Upon receipt of the receipt confirmation, the device authentication processing unit 108 of the content transmitting apparatus 100 generates an exchange key used when encrypting the content, encrypts the exchange key using the authentication key, and identifies the exchange key Along with the ID, it is sent to the content receiving apparatus 300 (S619).

  The device authentication processing unit 108 of the content receiving device 300 decrypts the exchange key transmitted from the content transmitting device 100 using the authentication key, and sends a reception confirmation (S620). Upon receiving the reception confirmation, the device authentication processing unit 108 of the content transmitting device 100 registers information related to the content receiving device 300 in the device information table 5200 in the device information management unit 109 (S621).

  For example, as shown in the record 5211 of ID 5201 in the device information table 5200, the device ID of the content receiving apparatus 300 received in S601 is set to the device ID 5202, and the IP address of the content receiving apparatus 300 on the network is set as address information. 5203, the home counter maximum value 5103 in the management table 5100 is set as the home counter value 5204, and “stop” is set in the access status 5206.

  With the processing procedure shown in FIG. 6, the device authentication processing unit 108 of the content transmission device 100 and the device authentication processing unit 108 of the content reception device 300 can share a common exchange key. The exchange key is used to generate a common key for encrypting / decrypting the content. Further, the processes of S609 and S613 and the processes of S617 and S619 may be summarized.

  The procedure in FIG. 6 has been described for home device authentication processing executed between the content transmission device 100 and the content reception device 300 when content transmission is performed in the home. By performing the processing procedure shown in FIG. 6, it is possible to confirm that the devices are mutually authorized devices and share a key used for content encryption / decryption.

  FIG. 7 shows an out-of-home access device registration processing procedure executed between the content transmitting apparatus 100 and the portable terminal (content receiving apparatus) 200 in the system configuration shown in FIG. An out-of-home access device is a device that performs out-of-home access from outside the home to a home device for the purpose of viewing, copying, and moving copyright-protected content. In FIG. 7, the portable terminal (content receiving device) 200 is an access device outside the home.

  It is assumed that the portable terminal (content receiving device) 200 is in the user's home 1 when executing this procedure. Further, the content transmitting apparatus 100 and the content receiving apparatus 200 monitor the TTL (Time To Live) of the received packet, and discard the packet in which the TTL value exceeding the in-home restriction TTL value 8101 of the TTL table 8100 is set. Thus, access from outside the user's home 1 is prevented. For this reason, the content transmitting apparatus 100 and the content receiving apparatus 200 set the TTL of the packet to be transmitted to a TTL value for home restriction 8101 or less in the TTL table 8100.

  First, the content transmission device 100 and the content reception device 200 perform the device authentication process S600 described with reference to FIG. Thereafter, the device authentication processing unit 108 of the content receiving device 200 creates an out-of-home access device registration request and sends it to the content transmitting device 100 (S701). The remote access device registration request can include a random number generated using a predetermined calculation algorithm, information unique to the device, a password set by the user for remote access, and the like.

  The device authentication processing unit 108 of the content transmitting apparatus 100 receives the remote access device registration request and is registered for remote access from the values set in the remote access key 5205 and the remote counter 5207 of the device information table 5200. Confirm that the number of registered devices is less than the maximum number 5102 of out-of-home registrations in the management table 5100 (S720), and send the reception confirmation to the content receiving apparatus 200 (S702).

  If the number of devices registered for remote access in the device information table 5200 has reached the maximum number 5102 of remote registrations in the management table 5100, the processing is interrupted. Next, the content transmitting apparatus 100 prepares for in-home confirmation for out-of-home access device registration in order to confirm whether the device that the content receiving device 200 has requested for out-of-home access device registration exists in the home. A message to the effect is sent to the content receiving apparatus 200 (S703).

  When the device authentication processing unit 108 of the content receiving device 200 receives the notification of the in-home access device registration preparation for the remote access device registration and sends the reception confirmation to the content transmitting device 100 (S704), the external access device from its own side A registration home confirmation preparation notification is created and sent to the content transmitting apparatus 100 (S705).

  When the device authentication processing unit 108 of the content transmitting apparatus 100 receives the notification of the in-home access device registration preparation for home confirmation and sends the reception confirmation to the content receiving device 200 (S706), the home authentication for out-of-home access device registration is performed. An in-home access device registration home confirmation setting request with necessary information attached is sent to the content receiving apparatus 200 (S707).

  The device authentication processing unit 108 of the content receiving apparatus 200 receives the in-home access device registration home confirmation setting request, and based on the data included in the out-of-home access device registration home confirmation setting request as preparation necessary for in-home confirmation. A message authentication code generation process is performed, and reception confirmation is sent to the content transmitting apparatus 100 (S708).

  Upon receiving the reception confirmation, the device authentication processing unit 108 of the content transmitting device 100 performs message authentication code generation processing based on the data transmitted to the content receiving device 200 in S707, and starts the timer 1091 in the device information management unit 109. After that, in order to confirm whether or not the content receiving device 200 exists in the home, a home confirmation execution request including the message authentication code is sent to the content receiving device 200 (S709).

  The device authentication processing unit 108 of the content receiving device 200 receives the request for execution of in-home access device registration confirmation, and sends a reception confirmation including the message authentication code generated in S708 to the content transmitting device 100 (S710).

  Upon receiving the reception confirmation, the device authentication processing unit 108 of the content transmitting apparatus 100 stops the timer 1091 and issues a measurement value (from the issuance of the in-home access device registration in-house confirmation execution request to the reception confirmation being received). It is confirmed that T2) does not exceed the in-home registration timeout value (T ′) 8202 for out-of-home registration threshold value table 8200. By setting the in-home registration timeout value (T ′) 8202 for out-of-home registration smaller than the in-house confirmation timeout value (T) 8201, more accurate in-house confirmation is performed for devices that perform outside access in the authentication process. Can do. Further, it is confirmed whether or not the message authentication code included in the received reception confirmation is correct.

  If the measured value (T2) ≦ the in-home registration timeout value (T ′) 8202 for in-home registration threshold value table 8200 and the received message authentication code is correct, the content receiving apparatus 200 exists in the home and is personal It is determined that the device is within the range of use, and is sent to the content receiving device 200 as an in-home access device registration confirmation result (S711).

  On the other hand, if the measured value (T2)> the in-home registration threshold value (T ′) 8202 for the out-of-home registration threshold table 8200, or if the received message authentication code is invalid, the content receiving apparatus 200 is out of the home. The device authentication process is interrupted, and the device authentication process is terminated. The device authentication processing unit 108 of the content receiving apparatus 200 that has received the in-home confirmation result confirms whether or not the message authentication code received in S709 is correct, and if it is determined to be correct, sends a reception confirmation to the content transmitting apparatus 100 (S712). ). S703 to S712 are in-home confirmation methods for registering access devices outside the home.

  On the other hand, if the received message authentication code is invalid, the subsequent processing is interrupted and the device authentication processing is terminated. Upon receipt of the receipt confirmation, the device authentication processing unit 108 of the content transmitting apparatus 100 generates an out-of-home access key for use in device authentication processing and content encryption when using the content from outside the home. The remote access key is encrypted using the authentication key of the remote access device registration process S700 and sent to the content receiving device 200 (S713).

  The device authentication processing unit 108 of the content receiving device 200 decrypts the remote access key transmitted from the content transmitting device 100 using the authentication key, and sends a reception confirmation (S714). Upon receiving the reception confirmation, the device authentication processing unit 108 of the content transmission device 100 registers information related to the content reception device 200 in the device information table 5200 in the device information management unit 109 (S715).

  For example, as shown in the record 5212 in which the value of ID 5201 in the device information table 5200 is 2, the device ID of the content receiving apparatus 200 received in S601 is set to the device ID 5202, and the MAC of the content receiving apparatus 200 on the network is set. The address is set in the address information 5203, the home counter maximum value 5103 in the management table 5100 is set in the home counter value 5204, and the remote access key generated in S713 is registered in the remote access key 5205.

  In addition, “stop” is set in the access status 5206, and the maximum counter value 5104 in the management table 5100 is set in the counter value outside the home. On the other hand, the device authentication processing unit 108 of the content receiving device 200 generates or updates the out-of-home access information table 60000 stored in the device management information unit 109 (S716).

  By performing the processing from S701 to S714 in addition to the device authentication processing S600, the device authentication processing unit 108 of the content transmission device 100 and the device authentication processing unit 108 of the content reception device 200 have succeeded in device authentication for home access. For devices, in addition to a common exchange key, a common out-of-home access key can be shared only with devices that have been successfully verified in-home for registration of out-of-home access devices. Here, in order to simplify the process, the same in-house confirmation (S609 to S618) as the normal apparatus authentication process S600 of FIG. 6 may be used as the in-home confirmation for registration of the outside access device.

  Here, the exchange key is used to generate a common key for encrypting / decrypting content transmitted / received in the home. The outside access key is used for device authentication processing and content encryption when using content from outside the house. Further, by performing the process of S715, it is possible to register in the content transmitting apparatus 100 a device that has been successfully verified in the home for registration of the access device outside the home and can share the access key outside the home, and an unregistered device can be registered. When an access request is made from outside the house, connection control such as refusing the connection can be performed.

  Here, in order to simplify the processing, it is possible to perform control for permitting connection only to a device that has been registered in advance by simply registering the device in the content transmitting apparatus 100 without exchanging an access key outside the home.

  The procedure of FIG. 7 is to share the remote access key between the content transmitting apparatus 100 and the content receiving apparatus 200 and register the content receiving apparatus 200 in the content transmitting apparatus 100 prior to transmitting the content to the device outside the home. The out-of-home access device registration process S700 executed for this purpose has been described.

  FIG. 8 shows an example of the configuration of the out-of-home access information table 60000. The remote access information table 60000 includes an ID 60001, connection destination address information 60002, registration information 60003, and an external access key 60004.

  ID 60001 indicates a registration number of the table. The address information 60002 indicates the IP address and MAC address of each device on the network. The registration information 60003 indicates a user name and password necessary for the content receiving apparatus 200 to log in to the content transmitting apparatus 100 and the router 12 from outside the house. The remote access key 60004 indicates the remote access key information received in S714.

  By performing the processing of the procedure shown in FIG. 6 and FIG. 7, content is confirmed at the time of in-home access only when it is confirmed that each device is a device that is authorized between each other and a device that exists in the home. When the key used for encryption / decryption of the device is shared, at that time, the device authentication process and the remote access key used for content encryption at the time of remote access are shared, and the device that performs the remote access and remote access to the content transmitting device You can register at the same time.

  Also, by using different in-home confirmation methods for normal authentication processing and out-of-home access device registration, it is possible to request a shorter in-home confirmation response time, for example, when registering out-of-home access devices. Individual access restrictions can be performed, such as setting more severe restrictions. In addition, by using the management table and the device information table shown in FIG. 5, it is possible to manage the home access and the outside access separately and perform individual access restrictions.

  Here, instead of the processing of S701 to S702, device authentication processing as in S601 to S608 is performed to share another authentication key, and the remote access key is encrypted using this to the content receiving device 200. There is also a way to send. In addition, after the normal device authentication process S600 is completed, a time is provided in which the content transmitting apparatus 100 can accept the authentication request for outside access, and the content receiving apparatus 200 is out of the house within a predetermined time (for example, 24 hours). It may be necessary to issue an access authentication request.

  Further, the processing of S701 to S712 may be performed immediately before S619 in the normal device authentication processing S600. In this case, S713 to S716 are executed after S620, or one of the processing of S619 and S713 is performed. You may put together.

  9 is for viewing, copying, and moving copyright-protected content input or stored in the content transmitting apparatus 100 from a portable terminal (content receiving apparatus) 200 outside the home in the system configuration shown in FIG. In addition, this is a device authentication processing procedure for out-of-home access executed between the content transmission device 100 and the mobile terminal 200. It is assumed that the portable terminal (content receiving device) 200 is outside the home when executing this procedure.

  Here, the content transmission device 100 and the content reception device 200 do not monitor the TTL of the received packet. In addition, the content transmitting apparatus 100 and the content receiving apparatus 200 can reach the user home 1 from the outside location 2 via the Internet, instead of the TTL of the packet to be transmitted being equal to or less than the TTL value 8101 for in-home restriction in the TTL table 8100. In this way, the TTL setting value 8102 for remote transmission in the TTL table 8100 is set. The TTL setting value 8102 for outside transmission is set to a value larger than the TTL value 8101 for in-house restriction.

  First, the device authentication processing unit 108 of the content receiving device 200 creates an out-of-home authentication request. The remote authentication request is sent to the content transmitting apparatus 100 with the device-specific information including the device ID, the calculated value generated using the remote access key or key, and a certificate (S901).

  Upon receiving the out-of-home authentication request, the device authentication processing unit 108 of the content transmission device 100 registers the device ID of the content reception device 200 in the device information table 5200 managed in the device information management unit 109. And confirming that the number of records whose access status 5206 in the device information table 5200 is “outside the house” is smaller than the value of the maximum number of outside accesses 5106 in the management table 5100, the contents confirmation is received. The data is sent to the device 200 (S902).

  If the device ID of the content receiving apparatus 200 is not registered in the device information table 5200, or the number of records in which the access status 5206 of the device information table 5200 is “outside the house” is the outside of the management table 5100 When the value is the same as the value of the maximum access number 5106, the content transmitting apparatus 100 interrupts the subsequent processing.

  Next, the device authentication processing unit 108 of the content transmitting apparatus 100 creates an out-of-home authentication request from its own side, and, as in the case of the content receiving apparatus 200, the unique information of the content transmitting apparatus 100 and the out-of-home access The key or a calculated value generated using the key and a certificate are attached to the content receiving apparatus 200 (S903).

  The device authentication processing unit 108 of the content receiving apparatus 200 receives the out-of-home authentication request and sends a reception confirmation to the content transmitting apparatus 100 (S904). Next, the device authentication processing unit 108 of the content transmitting apparatus 100 verifies each piece of information received in the outside authentication request, and generates the calculated value generated using the outside access key or key and the key information. An out-of-home authentication response with the necessary parameters is sent to the content receiving apparatus 200 (S905).

  The device authentication processing unit 108 of the content receiving apparatus 200 receives the remote authentication response and sends the reception confirmation to the content transmitting apparatus 100 (S906), creates an external authentication response from its own side, and transmits the content. As in the case of the apparatus, an out-of-home authentication response with parameters necessary for generating key information is sent to the content transmitting apparatus 100 (S907), and the out-of-house authentication key shared with the content transmitting apparatus 100 using the necessary parameters is sent. Is generated.

  The device authentication processing unit 108 of the content transmitting apparatus 100 receives the outside authentication response and sends a reception confirmation to the content receiving apparatus 200. Similar to the content receiving apparatus, the device authentication processing unit 108 uses the necessary parameters in common with the content receiving apparatus 200. An authentication key is generated (S908). Through the procedure so far, the device authentication processing unit 108 of the content transmitting apparatus 100 and the device authentication processing unit 108 of the content receiving apparatus 200 generate and share a common authentication key.

  Next, after the content receiving device 200 is registered in the device information table 5200 and it is confirmed that the out-of-home counter value 5207 of the content receiving device 200 is not 0 (S909), the out-of-home used for encrypting the content An exchange key is generated, the remote exchange key is encrypted using the remote authentication key, and sent to the content receiving apparatus 200 together with an ID for identifying the remote exchange key (S910).

  The device authentication processing unit 108 of the content receiving device 200 decrypts the remote exchange key transmitted from the content transmitting device 100 using the remote authentication key, and sends a receipt confirmation (S911). Upon receiving the reception confirmation, the device authentication processing unit 108 of the content transmission device 100 updates the information related to the content reception device 200 in the device information table 5200 in the device information management unit 109 (S912). Specifically, the access status 5206 is updated from “stop” to “outside home”.

  The above procedure describes the device authentication process executed between the content transmission device 100 and the content reception device 200 when content is transmitted outside the home. By performing the above procedure, it is possible to confirm that devices are mutually authorized devices and share a key used for content encryption / decryption when transmitting content outside the home it can.

  FIG. 10 shows a broadcast program or recording unit 111 that has been taken out of the home with the mobile terminal (content receiving device) 200 in the system configuration shown in FIG. This is a processing procedure in the case of viewing the content stored in.

  First, when a user instructs content viewing using the input processing unit 107 of the content receiving device 200, the control unit 115 of the content receiving device 200 displays a content transmitting device list on the display unit / speaker 105. In the content transmission device list, the content transmission device 100, which is a device registered in the out-of-home access information table 60000, is displayed (S1001).

  Here, the content receiving apparatus 200 may detect a device existing on the network and display it on the content transmitting device list. As a method for detecting a content transmission device existing on the network, for example, a UDP packet including a “request for detecting a device having a content transmission function” is multicast-transmitted to all devices on the network, and a function is provided. There are a method of recognizing the content transmission device by only the device replying, and a method of recognizing the content transmission device by receiving a network participation notification notified from the content transmission device connected to the network.

  Next, when the user selects the content transmission device 100 from the displayed content transmission device list, the control unit 115 of the content reception device 200 displays the content transmission device 100 registered in the out-of-home access information table 60000. With reference to the address information, the wireless communication processing unit 203 sends a content information acquisition request to the content transmitting apparatus 100 in the user's home 1 via the wireless access point 22 and the router 12 of the destination 2 via the Internet 3 ( S1002).

  Here, without displaying the content transmission device list, the user inputs the address information of the content transmission device 100 via the input processing unit 107, and the content reception device 200 accesses the content transmission device 100 based on the input information. May be.

  The control unit 115 of the content transmission apparatus 100 sends a reception confirmation to the content reception apparatus 200 via the communication processing unit 113 (S1003), and information about part or all of the content stored in the recording unit 111 (for example, title, Date, copy control information, recording time, etc.) are sent to the content receiving apparatus 200 (S1004).

The control unit 115 of the content receiving device 200 sends a reception confirmation to the content transmitting device 100 (S1005), and displays the received content information on the display unit / speaker 105 as a content list. When the user instructs the content to be viewed from the content list via the input processing unit 107 (S1006), the device authentication processing unit 108 of the content receiving device 200 communicates with the device authentication processing unit 108 of the content transmitting device 100. An access device authentication process S900 is performed. (S1007)
Thereafter, the control unit 115 of the content receiving apparatus 200 sends a request for viewing desired content to the content transmitting apparatus 100 (S1008). At this time, an ID for identifying the remote exchange key received in the remote access device authentication process S900 may be added to the viewing request.

  The control unit 115 of the content transmitting apparatus 100 sends a reception confirmation in response to the content viewing request (S1009), and then performs remote access flag setting processing S2700 or S3900 (S1013). The remote access flag setting process will be described later. Thereafter, the content encrypted by the encryption / decryption processing unit 112 is transmitted to the content receiving apparatus 200 using the key shared in S900. As a method for separately managing in-home access and out-of-home access using the management table and the device information table shown in FIG. 5 and restricting individual access, a response rejecting a request from the access status of the management table 5200 is used here. Can also be returned.

  After starting the content transmission, the device authentication processing unit 108 of the content receiving device 200 transmits a key confirmation request to the content transmitting device 100 at an arbitrary timing (S1011). Upon receiving the key confirmation request, the device authentication processing unit 108 of the content transmitting apparatus 100 transmits a reception confirmation to the content receiving apparatus 200 according to the confirmation result (S1012).

  The device authentication processing unit 108 checks whether the identification ID of the outside exchange key is correct, and the device information update unit 1092 periodically sets the timer 1091 in the device information management unit 109 (for example, at intervals of 1 minute or 10 minutes). Etc.) Set to receive notifications and start up. In addition, the device authentication processing unit 108 generates a common key for encrypting content using the remote exchange key, and sets the common key in the encryption / decryption processing unit 112.

  Then, the desired content read from the recording unit 111 is sent to the content receiving apparatus 200 in the format shown in FIG. 17 while being encrypted by the encryption / decryption processing unit 112 (S1010). Here, every time a notification is received from the timer 1091 during content transmission, the device information update unit 1092 updates the counter value 5207 for outside the house in the device information table 5000 (for example, the counter value is decremented). When the out-of-home counter value 5207 reaches 0, information on the corresponding device in the device information table 5000 is deleted.

  If the home counter value 5204 is also registered and is not 0, only the information of the outside access key 5205 is deleted. Here, an example is shown in which only the counter value 5207 for outside the house is updated. However, if the counter value 5204 for the house is also updated at the same time, the receiving device can be managed in the same way outside the house.

  The device authentication processing unit 108 of the content receiving apparatus 200 generates a common key for decrypting the content using the remote exchange key, and sets the common key in the encryption / decryption processing unit 112. Then, for the data received via the wireless communication processing unit 203 and the wireless encryption / decryption processing unit 202, the encryption / decryption processing unit 112 extracts and decrypts the encrypted content included in the payload from the format shown in FIG. The data is output to the display unit / speaker 105 while being decoded by the decoder 104.

  As described above, the remote access device only when the remote access device registration processing S700 is performed in advance between the content transmission device and the content reception device in the home and the content reception device that has been successfully authenticated is taken out of the home. If the authentication / authentication process S900 is executed successfully, the content can be transmitted from the home content transmitting device to the content receiving device outside the home.

  FIG. 17 shows an example of data when content is transmitted using the HTTP protocol in encrypted content transmission processing S1010 of content viewing processing procedure S1000 from outside the house. Here, TCP is used as the transport layer protocol, but the TCP header is omitted.

  Transmission data 1700 when content is transmitted using the HTTP protocol includes an HTTP header 1701 and a content transmission packet 1702. The content transmission packet 1702 includes a header part 17021 and a payload part 17022.

  The header part 17021 includes reserved areas (Reserved) 170211 and 170213, a remote access flag (RA) 170212, an encryption method (C_A) 170214, an encryption mode (E-EMI) 170215, an exchange key label (Exchange_Key_Label) 170216, copy control information ( (PCP-UR) 170217, random number value (SNc) 170218, and payload size (Byte Length of Payload) 170219.

  Reserved areas (Reserved) 170211 and 170213 are reserved areas, each of which is set to 0. A remote access flag (RA) 170212 indicates whether or not the content of the payload part can be retransmitted outside the house, and is set to 1 if retransmission is possible and set to 0 if retransmission is not possible. This area is normally set to 0 when content is transmitted to a receiving device in the home. For this reason, when transmitting content to an existing receiving device that cannot be transmitted outside the home, by setting this area to 0 and transmitting the content, the receiving device side can decrypt the content as in the conventional case. Can play.

  On the other hand, when content is transmitted from an existing receiving device to another receiving device in the house that can be retransmitted outside the home, 0 is set. It can be controlled not to perform re-transmission outside the home.

  The re-transmission outside the home is, for example, transmitting the content transmitted from the device in the user home 1 to the device in the destination 2 from the destination 2 to the user-specific home 4. In the remote access flag (RA) 170212, the value determined in the remote access flag setting process S2700 or S3900 of FIG. 10 is set. The encryption method (C_A) 170214 indicates the encryption method of the payload part. For example, it is clearly indicated that encryption is performed with AES having a key length of 128 bits.

  The encryption mode (E-EMI) 170215 indicates the encryption mode of the payload portion, and is used for calculating the content key together with the copy control information (PCP-UR) 170217 and the random value (SNc) 17018. The exchange key label (Exchange_Key_Label) 170216 sets a label for identifying the key exchanged in the authentication procedure 600.

  The copy control information (PCP-UR) 170217 indicates the copy control information of the payload portion, the copy control information mode (UR Mode) indicating the type of the copy control information, the content type (Content Type) indicating the type of the payload portion, analog It is composed of an APS for limiting output and ICT for limiting resolution.

  The payload size (Byte Length of Content) 170219 sets the size of the payload portion 17022 of the content transmission packet 1702. The payload portion 17022 is composed of encrypted content.

  By adding a remote access flag (RA) to the content transmission packet 1702, it is possible to transmit whether or not the content to be transmitted is content that can be accessed outside the home. Further, by adding a remote access flag (RA) 170212 to the header portion 17021, it is possible to determine whether or not access outside the home is possible before decoding.

  For example, when content is transmitted using the RTP protocol, the content can be transmitted with the same configuration as in FIG. 17 by replacing the HTTP header 1701 with the RTP header. Alternatively, if both the RTP header and the content transmission packet 1702 are stored for each RTP packet, the copy control information including the remote access flag 170212 can be reliably transmitted.

  When the content transmission is completed, the content transmission device stops the timer 1091, discards the remote exchange key, and performs a remote authentication process again even if the content reception device continuously issues another content viewing request. You may make it not transmit unless it performs. In addition, the content transmitting apparatus can limit the number of content receiving apparatuses that can be accessed from outside the house at the same time by using the maximum outside access number 5106 in the management table 5100.

  In S1008, the content transmission apparatus 100 has received a “view request” for the content. However, if other requests such as “copy request” or “move request” are received from outside the house, the content is illegally used. You may make it refuse to avoid as much as possible. Here, the protocol used for transmitting content from the content transmitting apparatus 100 to the content receiving apparatus 200 is not limited to a specific protocol, and it is possible to use FTP or the like in addition to HTTP and RTP.

  By using the device information shown in FIG. 5 and using the procedure shown in FIG. 7, the content receiving device that accesses the home device from outside the home can perform normal device authentication processing with the content transmitting device in the home beforehand. Performs device authentication processing for remote access, shares the remote access key only with devices that have been successfully verified in the home, which is different from normal device authentication processing, and registers information related to the content reception device in the device information table of the content transmission device do that for me.

  As a result, the content receiving apparatus can be regarded as a personally owned device, and even if it is taken out of the house, it can be safely viewed without exceeding the range of personal use of the content according to the procedure shown in FIGS. can do.

  In the first embodiment described above, the outside access device registration processing S700 is performed simultaneously with the home device authentication processing S600. In the present embodiment, a case will be described in which in-home confirmation different from in-home authentication is performed and only device registration processing for outside access is performed in order to shorten the device authentication processing time.

  11 is for viewing, copying, and moving copyright-protected content input to or stored in the content transmitting apparatus 100 from a portable terminal (content receiving apparatus) 200 outside the home in the system configuration illustrated in FIG. Furthermore, this is an out-of-home access device registration process S1100 that is executed in advance between the content transmitting apparatus 100 and the portable terminal 200 in the home. It is assumed that the portable terminal (content receiving device) 200 is in the user home 1 when this procedure is executed.

  Further, the content transmitting apparatus 100 and the content receiving apparatus 200 monitor the TTL (Time To Live) of the received packet, and discard the packet in which the TTL value exceeding the in-home restriction TTL value 8101 of the TTL table 8100 is set. Thus, access from outside the user's home 1 is prevented. For this reason, the content transmitting apparatus 100 and the content receiving apparatus 200 set the TTL of the packet to be transmitted to a TTL value for home restriction 8101 or less in the TTL table 8100.

  First, an authentication request for registering an external access device is created from the content receiving device 200 side. The device authentication processing unit 108 of the content receiving device 200 attaches the device-specific information including the device ID described above to the authentication request and a certificate for the information, and sends the information to the content transmitting device 100 via the communication processing unit 113 (S1101). ).

  When the device authentication processing unit 108 of the content transmitting device 100 receives the authentication request for registration outside the home device via the communication processing unit 113 and sends a reception confirmation to the content receiving device 200 (S1102), the device of the content transmitting device 100 The authentication processing unit 108 creates an authentication request for registering an external access device from its own side, and sends it to the content receiving apparatus 200 with the unique information of the content transmitting apparatus 100 and its certificate as in the case of the content receiving apparatus. (S1103).

  The device authentication processing unit 108 of the content receiving device 200 receives the remote access device registration authentication request and sends a reception confirmation to the content transmitting device 100 (S1104). Next, the device authentication processing unit 108 of the content transmitting apparatus 100 verifies each piece of information received in the authentication request, and sends an authentication response with parameters necessary for generating key information to the content receiving apparatus 200 (S1105). .

  The device authentication processing unit 108 of the content receiving apparatus 200 receives the authentication response and sends the reception confirmation to the content transmitting apparatus 100 (S1106), and then creates an authentication response from its own side, as in the case of the content transmitting apparatus. Is sent to the content transmitting apparatus 100 with a parameter necessary for generating key information (S1107), and an authentication key common to the content transmitting apparatus 100 is generated using the necessary parameter.

  The device authentication processing unit 108 of the content transmission device 100 receives the authentication response and sends a reception confirmation to the content reception device 200 (S1108). Similar to the content reception device, the device authentication processing unit 108 uses the necessary parameters in common with the content reception device 200. Generate an authentication key.

  Through the procedure so far, the device authentication processing unit 108 of the content transmitting apparatus 100 and the device authentication processing unit 108 of the content receiving apparatus 200 generate and share a common authentication key. Next, the device authentication processing unit 108 of the content transmission apparatus 100 manages the device registered for remote access from the values set in the remote access key 5205 and the remote counter 5207 of the device information table 5200. Confirming that the maximum number of out-of-home registrations 5102 in the table 5100 is less than 5102 (S1130), and preparing for in-home confirmation for out-of-home access device registration to confirm that the content receiving device 200 exists in the home Is sent to the content receiving apparatus 200 (S1109). If the number of devices registered for remote access in the device information table 5200 has reached the maximum number 5102 of remote registrations in the management table 5100, the processing is interrupted.

  When the device authentication processing unit 108 of the content receiving device 200 receives the notification of the in-home access device registration preparation for the out-of-home access device registration and sends the reception confirmation to the content transmitting device 100 (S1110), the out-of-home access device from its own side A registration home confirmation preparation notification is created and sent to the content transmitting apparatus 100 (S1111).

  When the device authentication processing unit 108 of the content transmitting apparatus 100 receives the notification of the preparation for in-home confirmation for registration of the out-of-home access device and sends the reception confirmation to the content receiving device 200 (S1112), the information necessary for the in-home confirmation is attached. An in-home confirmation setting request for registration outside the home device is sent to the content receiving apparatus 200 (S1113).

  The device authentication processing unit 108 of the content receiving apparatus 200 receives the in-home access device registration home confirmation setting request, and based on the data included in the out-of-home access device registration home confirmation setting request as preparation necessary for in-home confirmation. Message authentication code generation processing is performed, and reception confirmation is sent to the content transmission apparatus 100 (S1114).

  Upon receiving the reception confirmation, the device authentication processing unit 108 of the content transmission device 100 performs message authentication code generation processing based on the data transmitted to the content reception device 200 in S1113, and starts the timer 1091 in the device information management unit 109. After that, in order to confirm whether or not the content receiving device 200 exists in the home, a home confirmation execution request including the message authentication code is sent to the content receiving device 200 (S1115).

  The device authentication processing unit 108 of the content receiving device 200 receives the request for execution of in-home access device registration confirmation, and sends a reception confirmation including the message authentication code generated in S1114 to the content transmitting device 100 (S1116).

  Upon receiving the reception confirmation, the device authentication processing unit 108 of the content transmitting apparatus 100 stops the timer 1091 and issues a measurement value (from the issuance of the in-home access device registration in-house confirmation execution request to the reception confirmation being received). It is confirmed that T2) does not exceed the in-home registration timeout value (T ′) 8202 for out-of-home registration threshold value table 8200. By setting the in-home registration timeout value (T ′) 8202 for out-of-home registration smaller than the in-house confirmation timeout value (T) 8201, more accurate in-house confirmation is performed for devices that perform outside access in the authentication process. Can do. Further, it is confirmed whether or not the message authentication code included in the received reception confirmation is correct.

  If the measured value (T2) ≦ the in-home registration timeout value (T ′) 8202 for in-home registration threshold value table 8200 and the received message authentication code is correct, the content receiving apparatus 200 exists in the home and is personal It is determined that the device exists within the range of use, and is sent to the content receiving device 200 as a home confirmation result (S1117).

  On the other hand, if the measured value (T2)> the in-home registration threshold value (T ′) 8202 for the out-of-home registration threshold table 8200, or if the received message authentication code is invalid, the content receiving apparatus 200 is out of the home. The device authentication process is interrupted, and the device authentication process is terminated.

  The device authentication processing unit 108 of the content receiving apparatus 200 that has received the in-home confirmation result confirms whether or not the message authentication code received in S1115 is correct, and if it is determined to be correct, sends a reception confirmation to the content transmitting apparatus 100 (S1118). ). S1109 to S1118 are in-home confirmation methods for registering access devices outside the home.

  On the other hand, if the received message authentication code is invalid, the subsequent processing is interrupted and the device authentication processing is terminated. Upon receipt of the reception confirmation, the device authentication processing unit 108 of the content transmitting apparatus 100 generates an out-of-home access key used for device authentication processing and content encryption when using content from outside the home, and uses the authentication key as the authentication key. Using this, the access key outside the house is encrypted and sent to the content receiving apparatus 200 (S1119).

  The device authentication processing unit 108 of the content receiving device 200 decrypts the remote access key transmitted from the content transmitting device 100 using the authentication key, and sends a reception confirmation (S1120). Upon receiving the reception confirmation, the device authentication processing unit 108 of the content transmission device 100 registers information related to the content reception device 200 in the device information table 5200 in the device information management unit 109 (S1121).

  For example, as shown in the record 5213 in which the ID 5201 in the device information table 5200 is 3, the device ID of the content receiving device 200 received in S1101 is set to the device ID 5202, and the MAC address of the content receiving device 200 on the network is set. The address information 5203 is set, and the remote access key generated in S1119 is registered in the remote access key 5205.

  In addition, “stop” is set in the access status 5206, and the maximum counter value 5104 in the management table 5100 is set in the counter value outside the home. On the other hand, the device authentication processing unit 108 of the content receiving device 200 generates or updates the out-of-home access information table 60000 stored in the device management information unit 109 (S1122).

  If T2 in the success / failure determination S1117 of the home access device registration process S1100 is equal to or less than the home confirmation timeout value (T) 8201 of the home confirmation threshold table 8200 in the success / failure determination S617 of the home confirmation of the normal device authentication process S600, Successful confirmation in the in-home confirmation S1117 for outside access device registration may be successful in both in-home authentication and in-home access device registration authentication. At this time, the home exchange key is shared with the outside access key.

  In the device information table update process S1121, the device ID of the content receiving apparatus 200 received in S601 is set as the device ID 5202 as shown in the record 5212 in which the value of the ID 5201 in the device information table 5200 is 2. The MAC address of the content receiving device 200 on the network is set in the address information 5203, the home counter maximum value 5103 in the management table 5100 is set in the home counter value 5204, and the remote access key 5205 is generated in S713 Register a remote access key.

  In addition, “stop” is set in the access status 5206, and the maximum counter value 5104 in the management table 5100 is set in the counter value outside the home.

  From the above, the device authentication processing unit 108 of the content transmitting apparatus 100 and the device authentication processing unit 108 of the content receiving apparatus 200 share a common outside access key. The remote access key is used for device authentication processing and content encryption when using content from outside the home.

  In addition to the normal device authentication and key exchange shown in FIG. 6, by performing the device authentication and registration processing of the remote access device in the procedure of S1101 to S1120, the device authentication processing for normal access and the normal authentication are performed. A common remote access key can be shared only with a device that has been successfully verified in the home for registration of a remote access device that is different from the remote access device.

  Further, by performing only the out-of-home access device registration processing, the time required for the out-of-home access device registration processing can be shortened. By performing the processing of S1121, it is possible to register in the content transmitting apparatus 100 a device that has been successfully confirmed in the home for registering the access device outside the home and can share the access key outside the home. It is possible to perform connection control when an access request is received from the network.

  Further, when T2 in the in-home confirmation success / failure determination S1117 of the out-of-home access device registration processing S1100 is less than or equal to the in-home restriction TTL value 8101 in the TTL table 8100 in the in-home confirmation success / failure determination S617 of the normal device authentication processing S600, Upon successful confirmation in the in-house confirmation S1117 for device registration, the in-house counter value 5204 of the device information management table 5200 is also set at the same time as both in-home confirmation and in-home access device registration authentication. With this processing, normal device authentication processing and outside access device registration authentication processing are performed at once, in-home access confirmation processing for home access is omitted in device authentication processing S600 at home access, and the time required for device authentication is reduced. It can be shortened.

  Only when the outside access device registration processing S1100 is performed between the content transmitting device and the content receiving device in advance in the house according to the procedure of FIG. 11 and the content receiving device that has been successfully authenticated is taken out of the home. If the access device authentication process S900 is successfully executed, the content can be transmitted from the content transmitting apparatus in the house to the content receiving apparatus outside the house according to the procedure of the content viewing process procedure S1000 from outside the house shown in FIG.

  When the content transmission is completed, the content transmission device stops the timer 1091, discards the remote exchange key, and performs a remote authentication process again even if the content reception device continuously issues another content viewing request. You may make it not transmit unless it performs.

  In addition, the content transmitting apparatus can limit the number of content receiving apparatuses that can be accessed from outside the house at the same time by using the maximum outside access number 5106 in the management table 5100.

  A content receiving device that accesses a home device from outside the home in accordance with the procedure of FIG. 11 performs device authentication processing for home access with the content transmitting device in the home in advance and shares the access key at the same time as the content. Have the information about the content receiving device registered in the device information table of the transmitting device. Thereby, the content receiving apparatus can be regarded as a personally owned device, and even when taken out of the house, it can be safely viewed without exceeding the range of personal use of the content.

  FIG. 45 is a diagram for viewing, copying, and moving copyright-protected content input to or stored in the content transmission apparatus 100 from the portable terminal (content reception apparatus) 200 outside the home in the system configuration illustrated in FIG. In addition, this is an out-of-home access device registration process S4500 executed in advance between the content transmitting apparatus 100 and the portable terminal 200 in the home.

  First, an authentication start request for registration outside the home access device is created from the content receiving device 200 side. The device authentication processing unit 108 of the content receiving device 200 sends an authentication start request for registration outside the home device via the communication processing unit 113 to the content transmitting device 100 (S4501).

  The device authentication processing unit 108 of the content transmitting apparatus 100 receives an out-of-home access device registration authentication start request via the communication processing unit 113 and sends a reception confirmation to the content receiving device 200 (S4502). The subsequent processing is the same as S1101 to S1122 in FIG.

  In this way, since the content transmitting apparatus 100 can determine the purpose of the session by first receiving the remote access device registration authentication start request in the remote access device registration process, the remote access device registration authentication request, As various commands such as authentication response, preparation for in-house confirmation for registration of outside access device, notification for in-house confirmation preparation for registration of outside access device, request for in-home confirmation setting for registration of outside access device, request for in-home confirmation for registration of outside access device The normal authentication request, authentication response, home check preparation, home check preparation notification, home check setting request, and home check execution request used in the normal authentication process shown in FIG. 6 can be used.

  In the above-described embodiment, the device that receives the content by accessing outside the home performs the outside access registration in advance in the user's home. In the present embodiment, a description will be given of a procedure in which a device that receives content without viewing the content in advance is registered in the user's home in advance.

  FIG. 12 shows the copyright protection content input or stored in the content device 100 in the system configuration shown in FIG. 1 using the information of the portable terminal 200 registered in the content transmission device 100. The remote access device authentication process S1200 is executed between the portable terminal 200 and the content receiving device 400 in order to view, copy, or move from the content receiving device 400. It is assumed that the portable terminal (content receiving device) 200 is in the place 2 when executing this procedure.

  The content receiving device 200 performs an out-of-home access device registration process S700 or an out-of-home access device registration process S1100 in advance with the content transmitting device 100, and acquires an out-of-home access key from the content transmitting device of the transmission source (S1201). .

  First, an authentication request for outside access is created from the content receiving device 400 side. The device authentication processing unit 108 of the content receiving device 400 attaches the device-specific information including the device ID described above to the authentication request and a certificate for the device-specific information to the content receiving device 200 via the communication processing unit 113. Send (S1202).

  When the device authentication processing unit 108 of the content receiving apparatus 200 receives the authentication request for outside access via the communication processing unit 113 and sends the reception confirmation to the content receiving device 400 (S1203), the device authentication processing of the content receiving device 200 is performed. The unit 108 creates an authentication request for remote access from its own side, attaches the unique information of the content receiving device 200 and its certificate, and sends it to the content receiving device 400 as in the case of the content receiving device 400 (S1204). .

  The device authentication processing unit 108 of the content receiving apparatus 400 receives the remote access authentication request and sends a reception confirmation to the content receiving apparatus 200 (S1205). Next, the device authentication processing unit 108 of the content receiving device 200 verifies each piece of information received in the authentication request, and sends an authentication response with parameters necessary for generating key information to the content receiving device 400 (S1206). .

  The device authentication processing unit 108 of the content receiving device 400 receives the authentication response and sends the reception confirmation to the content receiving device 200 (S1207), and then creates an authentication response from its own side, as in the case of the content transmitting device. Is sent to the content receiving apparatus 200 (S1208), and an authentication key common to the content receiving apparatus 200 is generated using the necessary parameters.

  The device authentication processing unit 108 of the content receiving device 200 receives the authentication response and sends a reception confirmation to the content receiving device 400 (S1209). Similar to the content receiving device, the device authentication processing unit 108 uses the necessary parameters to share the authentication response. Generate an authentication key. Through the procedure so far, the device authentication processing unit 108 of the content receiving device 200 and the device authentication processing unit 108 of the content receiving device 400 generate and share a common authentication key.

Next, in order to confirm that the content receiving device 400 exists in the home, the content receiving device 200 transmits to the content receiving device 400 that preparation for home check for outside access is made (S1210).
When the device authentication processing unit 108 of the content receiving device 400 receives the notification of the in-home access preparation for the out-of-home access and sends the reception confirmation to the content receiving device 200 (S1211), the in-home confirmation for the out-of-home access from its own side. A preparation notification is created and sent to the content receiving apparatus 200 (S1212).

  When the device authentication processing unit 108 of the content receiving apparatus 200 receives the notification of the preparation for in-home confirmation for outside access and sends the reception confirmation to the content receiving apparatus 400 (S1213), the outside of the house with information necessary for in-home confirmation is attached. An access home confirmation setting request is sent to the content receiving apparatus 400 (S1214).

  The device authentication processing unit 108 of the content receiving apparatus 400 receives the in-home access setting request for in-home access, and performs message authentication based on data included in the in-home access device registration in-home confirmation setting request as preparation necessary for in-home confirmation. A code generation process is performed, and a reception confirmation is sent to the content receiving apparatus 200 (S1215).

  Upon receiving the reception confirmation, the device authentication processing unit 108 of the content receiving device 200 performs message authentication code generation processing based on the data transmitted to the content receiving device 400 in S1214, and starts the timer 1091 in the device information management unit 109. After that, in order to confirm whether or not the content receiving device 400 exists in the home, a home check execution request including the message authentication code is sent to the content receiving device 400 (S1216).

  The device authentication processing unit 108 of the content receiving device 400 receives the in-home confirmation execution request and sends a reception confirmation including the message authentication code generated in S1215 to the content receiving device 200 (S1217).

  Upon receiving the reception confirmation, the device authentication processing unit 108 of the content receiving apparatus 200 stops the timer 1091 and measures the measured value (T2) from the issuance of the out-of-home access execution confirmation request until the reception confirmation is received. Confirms that it does not exceed the in-home registration timeout value (T ′) 8202 for out-of-home registration in the in-home confirmation threshold table 8200. By setting the in-home registration timeout value (T ′) 8202 for out-of-home registration smaller than the in-house confirmation timeout value (T) 8201, more accurate in-house confirmation is performed for devices that perform outside access in the authentication process. Can do. Further, it is confirmed whether or not the message authentication code included in the received reception confirmation is correct.

  When the measured value (T2) ≦ the in-home registration timeout value (T ′) 8202 for in-home registration threshold value table 8200 and the received message authentication code is correct, the content receiving device 400 exists in the home and is personal It is determined that the device is within the range of use, and is sent to the content receiving device 400 as a home confirmation result (S1218).

  On the other hand, if the measured value (T2)> the in-home registration threshold value (T ′) 8202 for the out-of-home registration threshold table 8200, or if the received message authentication code is invalid, the content receiving apparatus 400 is out of the home. The device authentication process is interrupted, and the device authentication process is terminated.

  The device authentication processing unit 108 of the content receiving apparatus 400 that has received the in-home confirmation result confirms whether or not the message authentication code received in S1216 is correct, and if it is determined to be correct, sends a reception confirmation to the content receiving apparatus 200 (S1219). ). S1210 to S1219 are the in-home confirmation method for registering an out-of-home access device.

On the other hand, if the received message authentication code is invalid, the subsequent processing is interrupted and the device authentication processing is terminated. Upon receiving the reception confirmation, the device authentication processing unit 108 of the content receiving device 200 encrypts the outside access key acquired in S1201 using the authentication key, and sends it to the content receiving device 400 (S1220).
The device authentication processing unit 108 of the content receiving device 400 decrypts the remote access key transmitted from the content receiving device 200 using the authentication key, and sends a reception confirmation (S1221).

  By performing the procedure shown in S1202 to S1221 in FIG. 12, the content receiving device 400 does not perform the authentication process in the user home 1, and the remote access key shared by the content receiving device 200 with the content transmitting device 100 is obtained. Can be shared. In addition, the content receiving device 200 can share the remote access key shared with the content transmitting device 100 only by a device that has been successfully verified in the home for remote access by performing the processing from S1210 to S1219.

  The above procedure describes the device authentication for remote access and the remote access key exchange process executed between the content receiving device 200 and the content receiving device 400 before transmitting the content to the remote device.

  FIG. 13 shows that the content recorded in the recording unit 111 of the content transmitting device 100 from the content receiving device 400 of the outing destination 2 is taken out from the content receiving device 400 of the outing destination 2 in the system configuration shown in FIG. This is a processing procedure 1300 for viewing.

  The user previously executes the remote access device registration process S700 or S1100 between the content transmitting apparatus 100 and the portable terminal (content receiving apparatus) 200 at the user's home 1 and shares the external access key between them. .

  When the user takes out the mobile terminal (content receiving device) 200 to the outside location 2 and views the content of the content transmitting device 100 in the user home 1 from the content receiving device 400 at the outside location 2, first, from S1001 in FIG. Content information acquisition and remote access device authentication processing S900 are executed between the content transmission device 100 and the content reception device 200 in the same procedure as in S1007.

  After successfully performing the device authentication process dedicated to the outside of the house and sharing the identification key of the exchange key for the outside of the house and the exchange key between the two, the control unit 115 of the content receiving device (controller) 200, for example, transmits to all devices on the network. On the other hand, it is detected whether there is another content playback device on the network, such as multicast transmission of a UDP packet including a “detection request for a device with a playback function”, and only a device with the playback function returns. If it exists, the content reproduction device list is displayed on the display unit / speaker 105.

  When the user selects a content reproduction device (in this case, content reception device 400) from the list via the input processing unit 107, the control unit 115 sends a content viewing / issuance request to the content reception device 400 (S1301). The content viewing issuance request includes information related to the content to be viewed and the address information 60002 of the content transmitting apparatus 100 registered in the outside access information table 60000, and registration information 60003 may be attached in some cases.

  The content receiving device 400 that has received the content viewing issue request sends a reception confirmation to the controller 200 (S1302), and performs an out-of-home access device authentication S1200 with the controller 200 (S1303). At this time, the device authentication processing unit 108 of the controller 200 uses the remote access key shared with the content transmitting apparatus 100 in S1303 as the remote access key sent to the content receiving apparatus 400 in S1220. As a result, the same out-of-home access key can be shared among the content transmitting apparatus 100, the controller 200, and the content receiving apparatus 400.

  After that, the content receiving device 400 executes an out-of-home access device authentication process S900 with the content transmitting device 100 using the access key, and acquires an out-of-home exchange key and its identification ID (S1304). At this time, in the device information table update process of S912, the device information of the content receiving device 400 is newly registered. That is, when receiving the reception confirmation, the device authentication processing unit 108 of the content transmitting device 100 registers information related to the content receiving device 400 in the device information table 5200 in the device information managing unit 109 (S1222).

  For example, as shown in the record 5214 in which the ID 5201 in the device information table 5200 is 4, the device ID of the content receiving apparatus 400 received in S901 is set to the device ID 5202, and the MAC address of the content receiving apparatus 400 on the network is set. The address information 5203 is set, and the remote access key transmitted to the content receiving device 200 is registered in the remote access key 5205. In addition, “stop” is set in the access status 5206, and the maximum counter value 5104 in the management table 5100 is set in the counter value outside the home.

  Thereafter, the content receiving device 400 sends a content viewing request to the content transmitting device 100 (S1305). The identification ID of the outside exchange key is added to the content viewing request. In addition, in order to have the content transmission apparatus 100 perform format conversion or image quality conversion as necessary and transmit the content, a data format that can be played back by the content reception apparatus 400 (for example, MPEG2-TS or H.264). Etc.) and image quality (HD, SD, 760p, 1080i, etc.) information can be included in the content viewing request. It may be issued by a request different from the content viewing request.

  When receiving the content viewing request, the control unit 115 of the content transmitting apparatus 100 sends a reception confirmation to the content receiving apparatus 400 (S1306). Then, the device authentication processing unit 108 checks that the identification ID of the outside exchange key is correct, the device information update unit 109 sets the timer 1091 in the device information management unit 109 so that a notification is periodically received, to start.

  In addition, the device authentication processing unit 108 generates a common key for encrypting content using the remote exchange key, and sets the common key in the encryption / decryption processing unit 112. Then, the desired content read from the recording unit 111 is sent to the content receiving apparatus 400 in the format shown in FIG. 17 while being encrypted by the encryption / decryption processing unit 112 (S1307). Here, every time a notification is received from the timer 1091 during content transmission, the device information update unit 1092 updates the counter value 5207 for outside the house in the device information table 5200.

  The content receiving device 400 generates a common key for decrypting the content using the remote exchange key, and sets the common key in the encryption / decryption processing unit 112. Then, the content received via the router 21 and the communication processing unit 113 is extracted by the encryption / decryption processing unit 112 from the format shown in FIG. Unit / speaker 105.

  After starting the content transmission, the device authentication processing unit 108 of the content receiving apparatus 400 transmits a key confirmation request to the content transmitting apparatus 100 at an arbitrary timing (S1308). Upon receiving the key confirmation request, the device authentication processing unit 108 of the content transmitting apparatus 100 transmits a reception confirmation to the content receiving apparatus 400 according to the confirmation result (S1309).

  By performing the remote access device authentication process S1200 of S1303, when the controller 200 that has shared the remote access key with the content transmission device in advance is taken out of the home, the content transmission device and the controller Only when the remote access key can be shared between the controllers, the controller can pass the remote exchange key to the remote content receiving apparatus that has been successfully authenticated.

  As a result, the content in the home can be safely viewed by the content receiving device outside the home without exceeding the range of personal use of the content and without bringing the content receiving device to the user home 1.

  In the embodiment described above, the device registration process for access outside the home is performed in the user home 1 in advance. In the present embodiment, an out-of-home access device registration process S1400 when an out-of-home access device registration process is performed from outside the house will be described.

  14 is for viewing, copying, and moving copyright-protected content input or stored in the content transmission apparatus 100 from a portable terminal (content reception apparatus) 200 outside the home in the system configuration shown in FIG. In addition, this is a device registration processing procedure for outside access that is executed in advance between the content transmitting apparatus 100 and the mobile terminal 200 outside the home. It is assumed that the portable terminal (content receiving device) 200 is in the place 2 when executing this procedure.

  Here, the content transmission device 100 and the content reception device 200 do not monitor the TTL of the received packet. In addition, the content transmitting apparatus 100 and the content receiving apparatus 200 can reach the user home 1 from the outside location 2 via the Internet, instead of the TTL of the packet to be transmitted being equal to or less than the TTL value 8101 for in-home restriction in the TTL table 8100. In this way, the TTL setting value 8102 for remote transmission in the TTL table 8100 is set. The TTL setting value 8102 for outside transmission is set to a value larger than the TTL value 8101 for in-house restriction.

  First, when a user issues a password setting instruction for access outside the home to the content transmission apparatus 100 via the input processing unit 107 at the user home 1, the device information management unit 109 of the content transmission apparatus 100 displays the management table shown in FIG. The remote access password requested to be set is set in the remote access password 5107 of 5300 (S1401). The description of FIG. 15 will be described later.

  Next, when the user inputs a password to the content receiving apparatus 200 taken out to the destination 2 via the input processing unit 209 (S1402) and instructs the start of authentication, the device authentication processing unit 108 of the content receiving apparatus 200 moves outside the home. Create an access device registration authentication request. The device authentication processing unit 108 of the content receiving device 200 attaches the device-specific information including the device ID described above to the authentication request and a certificate for the device-specific information to the content transmitting device 100 via the communication processing unit 113. Send (S1403).

  When the device authentication processing unit 108 of the content transmission device 100 receives the authentication request for registration outside the home device via the communication processing unit 113 and sends the reception confirmation to the content reception device 200 (S1404), the device of the content transmission device 100 The authentication processing unit 108 creates an authentication request for registering an external access device from its own side, and sends it to the content receiving apparatus 200 with the unique information of the content transmitting apparatus 100 and its certificate as in the case of the content receiving apparatus. (S1405).

  The device authentication processing unit 108 of the content receiving device 200 receives the remote access device registration authentication request and sends the reception confirmation to the content transmitting device 100 (S1406). Next, the device authentication processing unit 108 of the content transmitting apparatus 100 verifies each piece of information received in the authentication request, and sends an authentication response with parameters necessary for generating key information to the content receiving apparatus 200 (S1407). .

  The device authentication processing unit 108 of the content receiving apparatus 200 receives the authentication response and sends the reception confirmation to the content transmitting apparatus 100 (S1408), creates an authentication response from its own side, and is the same as in the case of the content transmitting apparatus. Is sent to the content transmitting apparatus 100 with a parameter necessary for generating key information (S1409), and an authentication key common to the content transmitting apparatus 100 is generated using the necessary parameter.

  The device authentication processing unit 108 of the content transmission device 100 receives the authentication response and sends a reception confirmation to the content reception device 200 (S1410). Similar to the content reception device, the device authentication processing unit 108 shares the same with the content reception device 200 using necessary parameters. Generate an authentication key.

  Through the procedure so far, the device authentication processing unit 108 of the content transmitting apparatus 100 and the device authentication processing unit 108 of the content receiving apparatus 200 generate and share a common authentication key. Next, the device authentication processing unit 108 of the content transmission apparatus 100 manages the device registered for remote access from the values set in the remote access key 5205 and the remote counter 5207 of the device information table 5200. It is confirmed that the maximum number of registrations outside the house 5102 in the table 5100 is less than the number 5102 (S1430), and in order to confirm that the request from the content receiving apparatus 200 is from the user, the content reception is received from the outside access user confirmation request. The data is sent to the device 200 (S1411). If the number of devices registered for remote access in the device information table 5200 has reached the maximum number 5102 of remote registrations in the management table 5100, the processing is interrupted.

  When the device authentication processing unit 108 of the content receiving apparatus 200 receives the remote access user confirmation request and sends the reception confirmation to the content transmitting apparatus 100 (S1412), the external access password input by the user in S1402 is used. An out-of-home access user confirmation response including information encrypted with the common authentication key is created and sent to the content transmitting apparatus 100 (S1413).

  Upon receiving the remote access user confirmation response, the device authentication processing unit 108 of the content transmitting apparatus 100 checks the management table 5300. If the password included in the transmitted information is equal to the password set in S1401, A reception confirmation is sent to the content receiving apparatus 200 (S1414).

  The device authentication processing unit 108 of the content transmitting apparatus 100 generates an out-of-home access key for use in device authentication processing and content encryption when using content from outside the home, and uses the authentication key to provide an out-of-home access key Is encrypted and sent to the content receiving apparatus 200 (S1415).

If the password included in the transmitted information is different from the password set in S1401 or if the remote access password is not set in the management table 5300, the process is interrupted and the device authentication process is terminated.
The device authentication processing unit 108 of the content receiving device 200 decrypts the remote access key transmitted from the content transmitting device 100 using the authentication key, and sends a reception confirmation (S1416).

  Upon receiving the reception confirmation, the device authentication processing unit 108 of the content transmission device 100 registers information related to the content reception device 200 in the device information table 5200 in the device information management unit 109 (S1417).

  For example, as shown in the record 5213 in which the ID 5201 in the device information table 5200 is 3, the device ID of the content receiving device 200 received in S1101 is set to the device ID 5202, and the MAC address of the content receiving device 200 on the network is set. The address information 5203 is set, and the remote access key generated in S1119 is registered in the remote access key 5205.

  In addition, “stop” is set in the access status 5206, and the maximum counter value 5104 in the management table 5100 is set in the counter value outside the home. On the other hand, the device authentication processing unit 108 of the content receiving device 200 generates or updates the out-of-home access information table 60000 stored in the device management information unit 109 (S1418).

  By executing the processing from S1401 to S1418 in the outside access device registration processing S1400, the device authentication processing unit 108 of the content transmitting device 100 and the device authentication processing unit 108 of the content receiving device 200 are properly connected with each other. Only when it is confirmed that the devices are authorized and the passwords managed by the devices match each other, a common outside access key can be shared.

  The remote access key is used for device authentication processing and content encryption when using content from outside the home. The processes of S1412 and S1413 or the processes of S1414 and S1415 may be combined into one. In addition, by using the management table and the device information table shown in FIG. 5, it is possible to manage the home access and the outside access separately and perform individual access restrictions.

Further, the password used in the content transmission device 100 and the content reception device 200 may be a value generated randomly by the content transmission device 100 instead of being set by the user. The out-of-home access password may be common to all out-of-home access devices, or may be an individual value for each out-of-home access device.
The above procedure has described the remote access device registration process executed between the content transmission device 100 and the content reception device 200 prior to content transmission to a remote device.

  After the outside access device registration process S1400 of FIG. 14 is performed, if the content viewing processing procedure S1000 from outside the house described in FIG. It is possible to view the accumulated content.

FIG. 15 shows a configuration example of the management table 5300 used in the device registration processing procedure from outside the house stored in the device information storage unit 1093.
The management table 5300 includes a device authentication maximum number 5101, a remote registration maximum number 5102, a home counter maximum value 5103, a home counter maximum value 5104, a simultaneous access maximum number 5105, a remote access simultaneous maximum number 5106, a remote access password. 5107. The outside access password 5107 indicates a password that the user uses when accessing from outside the house.

Other components are the same as those of the management table 5100.
Here, an example in which the out-of-home access password is common to all out-of-home access devices has been shown, but an individual value may be used for each out-of-home access device. When the out-of-home access password is an individual value for each out-of-home access device, each value may be registered in the device information table.

  Only when it is possible to confirm that the devices are mutually authorized between the devices by the processing of S1411 to S1414 in FIG. 14 and that the passwords managed by each device match and share the outside access key, If the access device authentication process S900 is successfully executed, the content can be transmitted from the in-home content transmitting apparatus to the out-of-home content receiving apparatus in accordance with the procedure of the content viewing process procedure S1000 from outside the house shown in FIG. . As a result, the content in the house can be safely viewed by the content receiving apparatus outside the house without exceeding the range of personal use of the content.

  In the above-described embodiment, when the device registration process for outside access is performed in the user's home 1, that is, in the case of home registration, and in the case of performing from the outside location 2, that is, in the case of outside registration, the device is the same. Information was registered and the effective period was managed using a common counter value for outside the house. In the present embodiment, device registration is restricted separately when the device registration process for outside access is performed in the user home 1 and when the device is out of the home 2, and different home counter values are used. A table configuration and a device registration process procedure when managing the effective period will be described.

  FIG. 18 shows different home information for the device information 6000 stored in the device information storage unit 1093 shown in FIG. It is an example of a structure in the case of managing an effective period using an external counter value. The device information 6000 includes a management table 5800 and a device information table 5400.

  The management table 5800 includes a device authentication maximum number 5101, an out-of-home access device registration maximum number (in-home registration) 5801, an out-of-home access device registration maximum number (out-of-home registration) 5802, an in-house counter maximum value 5103, and an out-of-home counter maximum value. (In-home registration) 5803, out-of-home counter maximum value (out-of-home registration) 5804, simultaneous access maximum number 5105, simultaneous remote access maximum number 5106, remote access password 5107.

  The maximum number of out-of-home access device registration (in-home registration) 5801 indicates the maximum number of out-of-home access devices that can be registered from outside the home using the device registration processing 700 for outside access or the outside access device registration processing S1100. .

  The maximum number of out-of-home access device registrations (out-of-home registration) 5802 indicates the maximum number of out-of-home access devices that can be registered from outside the home using the out-of-home access device registration process S1400.

  The maximum counter value for home use (home registration) 5803 is used to manage the expiration date of the device information registered from the home using the device registration processing 700 for home access or the device access processing registered outside the home S1100. Indicates the maximum counter value to be set.

The maximum counter value for out-of-home (external registration) 5804 indicates the maximum value of the counter set in the timer 1091 in order to manage the expiration date of the device information registered from outside the home using the external access device registration processing S1400. .
Other portions are the same as those in the management table 5300.
The device information table 5400 includes an in-home device information table 5500, an out-of-home access device (in-home registration) device information table 5600, and an out-of-home access device (out-of-home registration) information table 5700.

  The in-home device information table 5500 is a table for registering devices intended for in-home access, and includes an ID 5201, a device ID 5202, address information 5203, an in-home counter value 5204, and an access status 5206. ID5201, device ID5202, address information 5203, home counter value 5204, and access status 5206 are the same as those in the device information table 5200 of FIG.

  The out-of-home device (in-home registration) information table 5600 includes devices that have been subjected to device registration processing 700 for outside access from home or out-of-home access device registration authentication processing S1100 among devices intended for outside access. This is a table for registration, and is composed of ID 5201, device ID 5202, address information 5203, remote access key 5205, remote counter value 5601, and access status 5206.

  The out-of-home counter value 5601 indicates the current value of a counter for managing the expiration date of the registration information of the device that has performed the device registration processing 700 for outside access from the home or the outside access device registration processing S1100. . Other portions are the same as those in the device information table 5200.

  The out-of-home device (out-of-home registration) information table 5700 is a table for registering a device that has performed the out-of-home access device registration processing S1400 from outside the home among devices intended for out-of-home access. It consists of ID 5202, address information 5203, remote access key 5205, remote counter value 5701, and access status 5206. The out-of-home counter value 5701 indicates the current value of the counter for managing the expiration date of the registration information of the device that has performed the out-of-home access device registration processing S1400. Other portions are the same as those in the device information table 5200.

  In the management table 5800, by using two pieces of information, that is, the maximum number of outside access device registrations (in-house registration) 5801 and the maximum number of outside access device registrations (outside registration) 5802, device registration can be performed separately for each device registration procedure. Restrictions can be made, and restrictions according to the security level of the registration method can be realized.

  Further, by using two tables, an out-of-home device (in-home registration) information table 5600 and an out-of-home device (out-of-home registration) information table 5700, the management table 5800 uses a maximum counter value (in-house registration) 5803 and an out-of-home counter. By using the maximum value (out-of-home registration) 5804, the device registration expiration date can be managed separately for each device registration procedure, and the term management according to the security level of the registration method can be realized.

  In the case where the device information 6000 is used, in the normal device authentication process S600 at home, the device authentication processing unit 108 of the content transmission apparatus 100 in the device information table update process S621, the home device information table 5500 in the device information management unit 109 is used. Information related to the content receiving apparatus 300 is registered.

  For example, the device ID of the content receiving device 300 received in S601 is set to the device ID 5202 as shown in the record 5511 in which the value of ID 5201 in the home device information table 5500 is 1, and the IP of the content receiving device 300 on the network is set. The address is set in the address information 5203, the home counter maximum value 5103 in the management table 5800 is set in the home counter value 5204, and “stop” is set in the access status 5206.

  In addition, in the device registration processing 700 for access outside the home performed in the home, the device authentication processing unit 108 of the content transmitting apparatus 100 performs the device registration in the out-of-home device (home registration) information table 5600 in the device information confirmation in S720. It is confirmed that the number is less than the maximum number of registered outside access devices (in-house registration) 5801 in the management table 5800.

  Further, in the device information table update process of S715, the device authentication processing unit 108 of the content transmission device 100 registers information related to the content receiving device 200 in the external device (in-home registration) information table 5600 in the device information management unit 109.

  For example, as shown in the record 5611 in which the value of the ID 5201 in the external device (in-home registration) information table 5600 is 1, the device ID of the received content receiving device 200 is set to the device ID 5202, and content reception on the network The MAC address of the device 200 is set in the address information 5203, the maximum counter value (in-house registration) 5803 in the management table 5800 is set in the counter value 5601 for outside the house, and the outside access key 5205 generated in S713 The access key is registered, and “stop” is set in the access status 5206.

  In addition, in the remote access device registration process S1100 performed in the home, the device authentication processing unit 108 of the content transmitting apparatus 100 determines that the number of devices registered in the external device (internal registration) information table 5600 in the device information confirmation in S1130. The management table 5800 confirms that the maximum number of registered outside access devices (in-house registration) is less than 5801.

  Further, in the device information table update process of S1121, the device authentication processing unit 108 of the content transmission device 100 registers information related to the content reception device 200 in the external device (in-home registration) information table 5600 in the device information management unit 109. The in-home confirmation of both the in-home authentication and the authentication for registering the outside access device may be successful.

  In the device registration process S1100 for outside access, when the home exchange key is shared with the outside access key, information related to the content receiving device 200 is also registered in the home device information table 5500 as indicated by 5512.

  In the outside access device registration process S1400 from outside the house, in the device information confirmation in S1430, the device authentication processing unit 108 of the content transmission apparatus 100 uses the device registered in the outside access device (outside house registration) information table 5700. The management table 5800 confirms that it is less than the maximum number of outside-access device registrations (out-of-home registration) 5802.

  Also, in the device information table update processing in S1417, the device authentication processing unit 108 of the content transmission device 100 registers information related to the content reception device 200 in the external device (external registration) information table 5700 in the device information management unit 109. .

  For example, the device ID 5202 is set to the device ID of the received content receiving device 200 as shown in the record 5711 in which the value of ID 5201 in the out-of-home device (out-of-home registration) information table 5700 is 1, and the content on the network The MAC address of the receiving device 200 is set in the address information 5203, the maximum counter value outside the house (registration outside the house) 5804 in the management table 5800 is set as the counter value 5701 outside the house, and the outside access key 5205 is generated in S713 The remote access key is registered, and “stop” is set in the access status 5206.

  The outside counter value 5601 and the outside counter value 5701 registered by the above procedure are decremented at a constant interval (for example, once per hour) at the time of content transmission outside the house, and when the counter value becomes 0, Delete the record from the table.

  By confirming the number of records in separate tables of the out-of-home device (in-home registration) information table 5600 and the out-of-home device (out-of-home registration) information table 5700 for each device registration procedure according to the above procedure, each device registration procedure The device registration can be restricted separately, and the restriction according to the security level of the registration method can be realized.

  Also, device information is registered for each device registration procedure in two tables, an out-of-home device (in-home registration) information table 5600 and an out-of-home device (out-of-home registration) information table 5700. By using (in-home registration) 5803 and the maximum counter value for outside home (out-of-home registration) 5804, it is possible to manage the device registration expiration date separately for each device registration procedure, and according to the security level of the registration method. Deadline management can be realized.

  In the present embodiment, an example in which registration is restricted separately for registration from outside the house and registration from outside the house, and the validity period is managed using separate counter values for outside the house, Restrict device registration separately for registration from outside the house and registration from outside the house, or manage the validity period using separate counter values for outside the house for registration from outside the house and registration from outside the house, It is also possible to apply either of these alone.

  In the above-described embodiment, the password for performing the device registration process from outside the house such as the place 2 is not provided with an expiration date. In this embodiment, a case will be described in which an expiration date is set for a password for device registration from outside the house.

  FIG. 19 shows an example of a configuration in which an expiration date is set for an out-of-home access password in the management table 5900 in the device information 6000 stored in the device information storage unit 1093 in FIG.

  The management table 5900 includes a device authentication maximum number 5101, a remote access device registration maximum number (in-home registration) 5801, a remote access device registration maximum number (external registration) 5802, a home counter maximum value 5103, and a home counter maximum value. (In-home registration) 5803, Outside counter maximum value (Outside house registration) 5804, Simultaneous access maximum number 5105, Outside house simultaneous access maximum number 5106, Outside house access password 5107, Outside house access password maximum expiration date 5901, Outside house access It consists of a password unregistered expiration date 5902.

  The outside access password maximum expiration date 5901 indicates the expiration date of the outside access password 5107. The outside access password unregistered expiration date 5902 indicates the expiration date of the outside access password 5107 when the outside access device is not registered from outside the home after the outside access password 5107 is registered. Other portions are the same as those in the management table 5800.

  By providing the remote access password maximum expiration date 5901 in the management table 5900, it is possible to improve the security by deleting information on the device for which a certain time has passed after registration from the table without flowing the content. Also, by providing an outside registration password non-registration expiry date 5902, the period during which the outside access device can be registered from outside the house is limited, and repeated attempts to register outside access from unspecified users can be prevented. Can be improved.

  In the case of using the management table 5900, in the outside access device registration process S1400 from outside the house, in the outside access password registration process in S1401, the user uses the input processing unit 107 via the input processing unit 107 at the user house 1. Instruct password setting for external access.

  The device information management unit 109 of the content transmitting apparatus 100 sets the remote access password requested by the setting instruction in the remote access password 5107 of the management table 5900. Further, registration is performed in the time management unit 120 so as to issue a notification at the time of the maximum outside expiration date 5901 of the access password and the expiration date 5902 of the non-external access password registration.

  When the device information management unit 109 of the content transmission apparatus 100 is notified from the time management unit 120 that the time of the outside access password unregistered expiration date 5902 has been reached, the outside access device (outside registration) information table 5700 Confirm whether there is a registered device with. If there is no registered device as a result of the confirmation, the remote access password 5107 is deleted from the management table 5900.

  If there is a registered device in the out-of-home access device (outside home registration) information table 5700, nothing is done. Further, when the device information management unit 109 of the content transmission device 100 is notified from the time management unit 120 that the time of the maximum outside expiration date 5901 has been reached, the external access password 5107 is deleted from the management table 5900. .

  Security can be improved by deleting the remote access password that has passed a certain period of time after registration based on the maximum remote access password expiration date 5901 of the management table 5900 in the above procedure. Also, after registering based on the expiry date 5902 for non-external access password registration, the external access device is registered from outside the home by deleting the external access password for which a certain period of time has passed without being registered. By limiting the possible period, it is possible to prevent repetitive out-of-home access registration attempts from unspecified users.

  The time limit may be managed based on the relative time from registration using the timer 1091 instead of the time managed by the time management unit 120. At this time, the maximum counter value may be set in the management table in the same way as the home counter value, and a counter value term indicating the password expiration date may be added to the device information table. Further, the time limit may be used as the expiration date of the password, and the restriction may be performed using the number of times of content viewing.

  In addition, the remote access password 5107 is deleted based on the maximum external access password expiration date 5901, and at the same time, the device information registered using the password is deleted from the remote access device (external registration) information table 5700. As a result, it is possible to manage an out-of-home access device linked with the expiration date of the registered password, and it is possible to delete useless registration information that is no longer used.

  In the above-described embodiment, a password common to all registered devices is used as an out-of-home access password when registering an out-of-home access device from outside the home using a password. In the present embodiment, an example in which an out-of-home access password is set for each registered device will be described.

  FIG. 21 is an example of an out-of-home access device (out-of-house registration) information table 7000 in the device information 6000 stored in the device information storage unit 1093 in FIG. 4 when an out-of-home access password is set for each registered device.

  The remote access device (external registration) information table 7000 includes an ID 5201, a device ID 5202, address information 5203, an external access key 5205, an external counter value 5701, a password 7001, a password expiration date 7002, and an access status 5206. A password 7001 is an out-of-home access password corresponding to the device ID registered in the device ID 5202. The password expiration date 7002 indicates the expiration date of the password 7001.

  When this table is used, in the outside access password registration process S1401 of FIG. 14, the user sets the device ID and the corresponding password for the outside access via the input processing unit 107 in the content sending apparatus 100 at the user house 1. When the instruction is given, the device information management unit 109 of the content transmission apparatus 100 is requested to set the device ID 5202 as shown in the record (7012) in which the value of the ID 5201 of the external access device (external registration) information table 7000 is 2. Set the device ID. In addition, the requested access password is set as the password 7001, the expiration date of the predetermined access password is set as the password expiration date 7002, and the access status is updated to “unregistered”.

  Further, in the outside access user confirmation process (S1413 to S1414) in FIG. 14, it is confirmed whether the device ID is the same as the registered one in addition to the outside access password of the content receiving apparatus 200.

In the device information table update process S1417 of FIG. 14, the device information management unit 109 of the content transmitting apparatus 100 uses the remote access key exchanged with the address information and the remote counter as shown in the record (7011) whose ID5201 value is 1. Each value is registered, and the access status 5206 is set to “stop”.

  By using a remote access device (external registration) information table 7000 shown in FIG. 21 and managing passwords for each device ID, the devices that can be accessed are limited, and from outside the home without departing from personal use. Content viewing.

  In the present embodiment, a case will be described in which out-of-home access device information registered in the device information table 5200 or out-of-home access device (out-of-home registration) information table 5700 is deleted from outside the home.

  FIG. 20 shows the remote access device registration information when the content receiving apparatus 200 deletes the remote access device information registered in the device information table 5200 or the remote access device (external registration) information table 5700 from outside the home. It is an example of deletion processing S2000.

  The device authentication processing unit 108 of the content receiving device 200 transmits a registration information deletion request to the content transmitting device 100 (S2001). The registration information deletion request includes the device ID and password of the content receiving device 200. Furthermore, if the content transmitting apparatus 100 includes information for verifying the device ID of the content receiving apparatus 200, it can be prevented from being deleted from an unauthorized device.

  When the device information management unit 109 of the content transmission device 100 receives the registration deletion request from the content reception device 200, the device information management unit 109 confirms that the password included in the received request matches the outside access password of the management table 5300, 5800, or 5900. Then, a reception confirmation is transmitted to the content receiving device 200 (S2002). If the passwords do not match, the process is interrupted without deleting the registered device information.

  The device information management unit 109 of the content transmission apparatus 100 transmits the reception confirmation and transmits the device corresponding to the received device ID among the devices registered in the device information table 5200 or the outside access device (outside home registration) information table 5700. Delete the information.

By deleting the device information registered in the content transmission device 100 using the above procedure,
Even if the registered device becomes full at the place where you are away from home, you can register a new device by deleting information on devices that are not being used.

  In the present embodiment, an example of processing for acquiring access destination information for registration processing of an out-of-home access device is shown. FIG. 23 is a configuration example of the device information 23000 of the content transmission apparatus 100 that supports remote access. The device information 23000 of the content transmitting apparatus 100 that supports remote access includes information related to remote access as indicated by 23001. The remote access information 23001 includes remote access enable / disable information 230011, remote access device registration access destination information 230012 in the home, and remote access device registration access destination information 230013 from outside the home.

  The out-of-home access permission information 230011 indicates whether or not the content transmitting apparatus 100 supports out-of-home access. The access destination information 230012 for outside-home access device registration in the home describes the IP address and port number of the content transmitting apparatus 100 when performing the outside-access device registration from inside the home.

  The access destination information 230013 for registering access devices outside the home describes the IP address and port number of the content transmitting apparatus 100 when registering the access devices outside the home. The IP address described here may be a host name.

  By adding the information on whether or not to allow access outside the home, the access destination information for registering the access device outside the home, and the access destination information for registering the access device from outside the home to the device information, the content receiving device 200 can add the content transmitting device. At the same time that 100 is detected on the network, information necessary for device registration for outside access can be acquired.

  Also, by registering both the access destination information for registering outside access devices at home and the access destination information for registering access devices outside the home as information for outside access, registration and outside access The access destination in the case of registration from can be made independent, ensuring the independence of the registration process and improving the safety. For this purpose, for example, as shown in 230012 and 230013 in FIG. 23, the port number for access is divided by registration from inside the house and registration from outside the house. When a registration packet is received from outside the house, that is, when accessing to 230013, filtering by TTL is not performed, but only the registration packet is accepted.

  On the other hand, when a registration packet is received from the home, that is, when access is made to 230012, filtering by TTL is performed. However, the packet for the normal authentication processing S600, the content transmission device 100 Also accept a packet to get the status.

  FIG. 31 is a configuration example of a packet monitoring table 9100 used when filtering by TTL is performed for each port number in the communication processing unit of the content transmission apparatus. The packet monitoring table 9100 includes an ID 9101, a port number 9102, and a TTL restriction 9103. ID 9101 indicates the registration number of the table. A port number 9102 indicates a destination port number of a TCP or UDP received packet to be monitored.

  The TTL restriction 9103 indicates the upper limit value of the TTL in the filtering process applied to the packet received at the port set to the port number 9102. This value takes a value from 0 to 255. When it is 0, it indicates that TTL restriction, that is, filtering is not performed. For example, a record 9111 having an ID 9101 value of 1 in FIG. 31 indicates that when the destination port number of the received packet is 53219, the received packet is discarded if the TTL value of the received packet is greater than 3. .

  A record 9112 whose ID 9101 value is 2 indicates that when the destination port number of the received packet is 53220, filtering based on the TTL value of the received packet is not performed. Each record of this table may be registered statically or dynamically when used.

  FIG. 32 is an example of the procedure of the packet filtering process S3200 in the case of performing filtering by TTL for each port number. First, the communication processing unit 113 of the content transmission apparatus 100 acquires the destination port number of the received packet (S3201). Next, the registered record of the packet monitoring table 9100 is confirmed (S3202). If there is no record having the same port number 9102 as the destination port number of the received packet in the packet monitoring table 9100 (No in S3203), the received packet is discarded (S3204), and the process ends.

  On the other hand, when there is a record with the same port number 9102 as the destination port number of the received packet in the packet monitoring table 9100 (Yes in S3203), the record with the same port number 9102 as the TTL value of the received packet and the port number of the received packet is stored. The set TTL limit 9103 values are compared, and if the TTL value of the received packet is larger than the TTL limit 9103 of the record (No in S3205), the received packet is discarded (S3204), and the process ends.

  On the other hand, if the TTL value of the received packet is equal to or smaller than the TTL limit 9103 of the record or the value of the TTL limit 9103 of the record is 0 (Yes in S3205), the received packet is processed (S3206), and the process ends.

  As described above, the TTL limit value is set for each port using the packet monitoring table, and the packet is filtered according to the set contents, so that the port can be used for in-home access and access from outside the home. And packet filtering processing corresponding to each can be performed. That is, it is possible to perform filtering by monitoring the TTL at the time of access from inside the house and not to perform the filtering at the time of access from outside the house.

  FIG. 22 shows an example of device information acquisition processing S2200 for registering an access device outside the home. When connected to the network of the user home 1, the control unit 115 of the network transmission device 100 issues a network participation notification to the content reception device 200 (S2201).

  When receiving the network participation notification from the content transmission device 100, the control unit 115 of the content reception device 200 issues a device information acquisition request to the content transmission device 100 (S2202). When receiving the device information acquisition request from the content reception device 200, the control unit 115 of the content transmission device 100 transmits a device information acquisition response including device information as indicated by 23000 in FIG. 23 to the content reception device 200 (S2204). ).

  When the control unit 115 of the content receiving device 200 receives the device information acquisition response from the content transmitting device 100 and determines that the content transmitting device 100 supports the outside access based on the outside access permission information 230011 in FIG. The device authentication processing unit 108 of the receiving device 200 executes an out-of-home access device registration process S2204 with the content transmitting device 100.

  At this time, when the content receiving device 200 exists in the user's home 1, the IP address and the port described in the access destination information 230012 for outside-home device registration in the home in FIG. 23 are accessed. Further, when the content receiving apparatus 200 exists at the outside location 2, the IP address and the port described in the access destination information 230013 for outside access device registration from outside the home are accessed.

  On the other hand, when the content transmitting apparatus 100 is accessed with respect to the IP address and port described in the access destination information 230012 for outside-home access device registration in the house, the content transmission apparatus 100 or the outside access device registration process 700 Registration processing S1100 is performed.

  Further, when the IP address and port described in the access destination information 230013 for registering outside access device from outside the house are accessed, the outside access device registration process S1400 is performed.

  In the above procedure, the content receiving apparatus obtains the out-of-home access enable / disable information included in the device information, the out-of-home access device registration access destination information, and the out-of-home access device registration access destination information from outside the home. 200 can acquire information necessary for device registration for remote access at the same time as detecting the content transmitting apparatus 100 on the network.

  Further, the content transmission apparatus 100 can perform device registration processing separately according to the access destination. At this time, the IP address of the accessed content receiving device 200 is confirmed, and if it does not exist in the same subnet as the address set as the access destination, the security can be improved by interrupting the processing as unauthorized access. .

  In the above-described embodiment, device registration processing for access outside the house is performed in advance, and only registered devices can be viewed from outside the house. In the present embodiment, a procedure for viewing from outside the home only by device authentication and key exchange for outside access without performing device registration processing for outside access in advance will be described.

  FIG. 16 shows an out-of-home access device authentication process S1600 executed between the content transmitting apparatus 100 and the portable terminal (content receiving apparatus) 200 in the system configuration shown in FIG. It is assumed that the portable terminal (content receiving device) 200 is in the place 2 when executing this procedure.

  Here, the content transmission device 100 and the content reception device 200 do not monitor the TTL of the received packet. In addition, the content transmitting apparatus 100 and the content receiving apparatus 200 can reach the user home 1 from the outside location 2 via the Internet, instead of the TTL of the packet to be transmitted being equal to or less than the TTL value 8101 for in-home restriction in the TTL table 8100. In this way, the TTL setting value 8102 for remote transmission in the TTL table 8100 is set. The TTL setting value 8102 for outside transmission is set to a value larger than the TTL value 8101 for in-house restriction.

  First, when a user issues a password setting instruction for access outside the home to the content transmission apparatus 100 via the input processing unit 107 at the user home 1, the device information management unit 109 of the content transmission apparatus 100 displays the management table shown in FIG. The remote access password requested to be set is set in the remote access password 5107 of 5300 (S1601).

  FIG. 16 shows a device authentication processing procedure for access outside the house executed between the content transmitting apparatus 100 and the portable terminal (content receiving apparatus) 200 in the system configuration shown in FIG. It is assumed that the portable terminal (content receiving device) 200 is in the place 2 when executing this procedure.

  Next, when the user inputs a password to the content receiving device 200 taken out to the destination 2 via the input processing unit 209 (S1602) and instructs to start authentication, the device authentication processing unit 108 of the content receiving device 200 moves outside the home. An authentication request is created and transmitted to the content transmission apparatus 100 via the communication processing unit 113 (S901). The procedure from S902 to S908 is the same as that in FIG.

  Through the procedure so far, the device authentication processing unit 108 of the content transmitting apparatus 100 and the device authentication processing unit 108 of the content receiving apparatus 200 generate and share a common authentication key. Next, the content transmitting apparatus 100 sends an out-of-home access user confirmation request to the content receiving apparatus 200 in order to confirm that the request from the content receiving apparatus 200 is from the user (S1603).

  When the device authentication processing unit 108 of the content receiving apparatus 200 receives the remote access user confirmation request and sends the reception confirmation to the content transmitting apparatus 100 (S1604), the remote access password input by the user in S1402 is used as the password. An out-of-home access user confirmation response including information encrypted with the common authentication key is created and sent to the content transmission apparatus 100 (S1605).

  Upon receiving the remote access user confirmation response, the device authentication processing unit 108 of the content transmission apparatus 100 checks the management table 5300. If the password included in the transmitted information is equal to the password set in S1601, 9, the same processing as S910 to S912 is performed. If the password included in the transmitted information is different from the password set in S1401, the process is interrupted and the device authentication process is terminated.

  The above procedure describes the device authentication process for remote access that is executed between the content transmission device 100 and the content reception device 200 before the content transmission to the device outside the home.

  In the content viewing processing procedure S1000 from outside the house described in FIG. 10, if the above-mentioned outside access device authentication processing S1600 is used instead of the outside access device authentication processing S900, the device 2 is not registered in advance and the outside location 2 can be used. The content stored in the recording unit 111 of the content transmission device 100 can be viewed from the content reception device 200.

  The processing from S1601 to S1606 in the content viewing processing procedure S1000 from outside the house shown in FIG. 10 is executed, and it is confirmed that the devices are mutually authorized devices and the passwords managed by each device match. Only when the exchange key is successfully shared, the content can be transmitted from the home content transmission device to the content reception device outside the home. As a result, the content in the house can be safely viewed by the content receiving apparatus outside the house without exceeding the range of personal use of the content.

  (Mechanism to make the same Challenge-Response during normal access) In the above-described embodiment, in the external device authentication process, the home request different from the authentication request in the normal device authentication process is triggered when the device authentication is started. An external authentication request was sent. In the present embodiment, a case will be described in which the remote device authentication process is performed using the same authentication request as the normal device authentication process.

  FIG. 25 shows that a remote access device authentication process is performed between the content transmission device 100 in the user's home 1 and the content reception device 200 in the destination 2 using the same authentication request as the normal device authentication process. This is the procedure of the device authentication process S2500 for access outside the home. It is assumed that the device registration process is completed between the content transmission device 100 and the content reception device 200 using the out-of-home access device registration processing S700 or S1100 prior to this processing.

  Here, the content receiving apparatus 200 does not monitor the TTL of the received packet. In addition, the content receiving apparatus 200 does not set the TTL of the packet to be transmitted to be equal to or less than the in-house restriction TTL value 8101 of the TTL table 8100, but allows the packet to reach the user home 1 from the outside location 2 via the Internet. The TTL setting value 8102 for remote transmission is set.

  First, the device authentication processing unit 108 of the content receiving device 200 creates an out-of-home authentication start request and transmits it to the content transmitting device 100 (S2501). Upon receiving the out-of-home authentication start request, the device authentication processing unit 108 of the content transmitting apparatus 100 thereafter does not monitor the TTL received in the TCP connection and sets the TTL of the packet to be transmitted to the home of the TTL table 8100. The TTL setting value 8102 for outside transmission is set. Also, a reception confirmation is transmitted to the content receiving device 200 (S2502).

  Here, the out-of-home authentication start request may include a calculated value generated based on the device ID of the content receiving apparatus 200 and the out-of-home access key exchanged in S700 or S1100. If the content transmission device 100 calculates a similar value and returns a reception confirmation if there is a matching calculated value, the condition for not monitoring the TTL is strictly enforced, and it is safer. The remote authentication process can be started. Alternatively, instead of confirming the coincidence of the calculated values from the remote access key, confirm that the device ID included in the remote authentication start request is registered in the device information table 5200 and confirm the reception. Even if it is returned, the remote authentication process can be safely started without monitoring the TTL only for the communication with the device having the registered device ID.

  Next, device authentication and authentication key generation are performed in the same procedure as the processing from S601 to S608 of the normal device authentication processing S600. However, in this process, unlike the normal device authentication process S600, the content transmitting apparatus 100 and the content receiving apparatus 200 do not monitor the TTL of the received packet. The process at the time of packet reception will be described later with reference to the drawings.

  In addition, the content transmitting apparatus 100 and the content receiving apparatus 200 can reach the user home 1 from the outside location 2 via the Internet, instead of the TTL of the packet to be transmitted being equal to or less than the TTL value 8101 for in-home restriction in the TTL table 8100. In this way, the TTL setting value 8102 for remote transmission in the TTL table 8100 is set.

  Next, the exchange key outside the house is exchanged in the same procedure as the process from S909 to S912 of the outside access device authentication process S900. However, here, the authentication key is used as a key for encrypting the remote exchange key.

  FIG. 33 is a configuration example of the connection management table 9200 used when the device authentication processing unit of the content transmission apparatus performs filtering of device authentication processing packets by TTL for each TCP connection. The connection management table 9200 includes an ID 9201, a socket descriptor 9202, and a TTL restriction 9203. ID9201 indicates the registration number of the table. The socket descriptor 9202 is an identifier for uniquely identifying the TCP connection in the content transmission apparatus.

  The TTL restriction 9203 indicates the upper limit value of the TTL in the filtering process applied to the device authentication process packet received on the TCP connection indicated by the socket descriptor 9202. This value takes a value from 0 to 255. When it is 0, it indicates that TTL restriction, that is, filtering is not performed. For example, in the record 9211 in which the value of ID 9201 in FIG. 33 is 1 and the value of the socket descriptor 9202 is 2, if the TTL value of the received packet is greater than 3, the device authentication processing packet is discarded. It shows that.

  In addition, a record 9212 having an ID 9201 value of 2 indicates that, when the connection has a socket descriptor 9202 value of 4, filtering based on the TTL value of the received device authentication processing packet is not performed. The record 9213 with the ID 9201 value of 3 indicates that, for the connection with the socket descriptor 9202 value of 6, the connection is established, the record is newly registered, and the TTL restriction 9203 is not set. Show. That is, record registration in this table is performed when a connection is established.

  FIG. 34 shows an example of the procedure of the packet reception process S3400 when the device authentication process packet is filtered using the connection management table. The device authentication processing unit 108 of the content transmitting apparatus 100 first receives a device authentication processing packet via the communication processing unit 113 (S3401). Next, the connection management table 9200 is checked (S3402), and it is checked whether a TTL limit value has been registered in the record corresponding to the value of the socket descriptor that has received the received packet (S3403).

  If a TTL limit value has already been set in the record (Yes in S3403), it is confirmed that the TTL value of the received packet is equal to or smaller than the set TTL limit value, or that the set TTL limit value is 0. Confirm (S3408). When the TTL value of the received packet is less than or equal to the set TTL limit value, or when the set TTL limit value is 0 (Yes in S3408), the device authentication processing unit 108 of the content transmitting apparatus 100 The received packet is processed according to the type of packet (S3409), and the process ends.

  On the other hand, when the TTL value of the received packet is larger than the set TTL limit value (No in S3408), the received packet is discarded (S3410), and the process ends. On the other hand, when the TTL limit value is not set in the record (No in S3403), the device authentication processing unit 108 of the content transmitting apparatus 100 checks the type of the received packet (S3404). If the received packet is an out-of-home authentication start request issued in S2501 in FIG. 25 (Yes in S2405), 0 is set in the TTL restriction 9203 of the record in the connection management table 9200 (S3407).

  On the other hand, when the received packet is not the out-of-home authentication start request issued in S2501 in FIG. 25 (No in S2405), 3 is set in the TTL limit 9203 of the record in the connection management table 9200 (S3406), and after S3408 Perform the process.

  As described above, by using the connection management table and setting the TTL limit value according to the type of the device authentication processing packet received first, the TTL is used according to each access from inside the house and from outside the house. Limits can be applied. That is, it is possible to monitor the received TTL and filter the received device authentication packet when accessing from inside the house, and not to filter the received device authentication packet when accessing from outside the house.

  In the above procedure, the TTL restriction is changed for each connection, and when starting out-of-home authentication, an out-of-home authentication start request is transmitted to explicitly notify the start of out-of-home authentication. It is possible to stop TTL monitoring and change the TTL value set in the device authentication processing packet to be transmitted. As a result, device authentication and authentication key sharing can be performed using the authentication request and authentication response used in the normal device authentication processing S600.

  In this embodiment, the type of the received packet is used for the presence / absence of restriction by TTL, but the presence / absence of restriction may be determined by the port number for transmitting and receiving packets using the tables and procedures shown in FIGS. 31 and 32. Good. When determining whether or not there is a restriction based on the port number, it is not necessary to transmit / receive an out-of-home authentication start request, so that the authentication process can be started quickly.

(Operation of remote access flag at home transmission)
In this embodiment, when transmitting content from a content transmission device to a content transmission / reception device in a home, an example of controlling re-transmission of the content received by the content transmission / reception device to the outside using a remote access flag is described. explain.

  The remote access flag is an identifier that determines whether or not the content transmission / reception apparatus permits re-transmission of the content. The remote access flag is used to control the re-transmission of the content of the content transmission / reception apparatus. When the access flag is set to 1, it is determined that the content received by the content transmitting / receiving apparatus can be retransmitted outside the house and transmitted outside the house as necessary. When 0 is set in the remote access flag, it is determined that the content received by the content transmitting / receiving apparatus cannot be retransmitted outside the home and is not transmitted outside the home.

FIG. 35 is a configuration diagram showing an example of a system configuration in the present embodiment. In the user home 1, the content transmission device 100 and the content transmission / reception devices 700 and 800 are connected to the network hub device 11 via a wired LAN cable, and the network hub device 11 is connected to the router 12. The router 12 is connected to the Internet 3 via a modem or a photoelectric converter. Other configurations are the same as those in FIG. The configuration of the content receiving apparatus 700 and 800 are the same as the content transmit device 1 00 shown in FIG.

  FIG. 40 is a configuration diagram showing the flow of content in the present embodiment. The content transmitted from the content transmission device 100 to the content transmission / reception device 700 (35A) at the user home 1 is further transmitted (35B) to the content transmission / reception device 600 of the user-specific home 4 outside the home. Here, out-of-home retransmission refers to transmission of content from the content transmission / reception device 700 to the content transmission / reception device 600.

  FIG. 28 is a configuration example of a retransmission condition table 9000 showing conditions for permitting retransmission outside the home for content transmitted from the content transmission apparatus. This table is used by the content transmission device 100. The retransmission condition table 9000 is made up of the conditions of copy control information 9001 and input media 9002. The copy control information 9001 includes, for example, “Copy free (can be copied without limitation)” “Copy free with EPN asserted (can be copied without limitation with output protection)”, “Copy one generation (possible one generation copy)”, “No more copies” (Recopy prohibited) ”“ Copy never (copy prohibited) ”.

  The input media 9002 includes “broadcast wave”, “HDD”, “optical disk 1”, “optical disk 1”, “semiconductor memory”, “IP broadcast”, and “home network”. The input medium indicates what route the content to be transmitted is originally input. Among these, “broadcast wave” is an input from the antenna of the content transmission apparatus 100, and “HDD”, “optical disk 1”, “optical disk 2”, and “semiconductor memory” are inputs from the recording unit of the content transmission apparatus, “IP “Broadcast” and “home network” are inputs from the digital input / output terminal 114 of the content transmitting apparatus 100.

When using a retransmission condition table 900 0, it determines whether it has been authorized to re-transmission to outside the home content by the input media 9002 and the copy control information 9001. For example, if the copy control information 9001 is “Copy free” and the input medium is “broadcast wave”, it can be determined that retransmission of the content outside the home is “permitted”. However, this table is not used when the input medium is a “home network”.

  By using the re-transmission condition table 9000, the content copy control information and the input medium are used for the determination of the re-transmission condition, and appropriate re-transmission control intended by the content provider can be performed. it can.

  FIG. 29 is a configuration example of the in-home device information table 7100 managed by the device information management unit 109 of the content transmission apparatus 100 when the remote reception flag is used to control the re-transmission of the content of the content reception apparatus. . The in-home device information table 7100 is a table for registering devices intended for in-home access. ID 5201, device ID 5202, address information 5203, in-home counter value 5204, access status 5206, and out-of-home retransmission control enable / disable 7101 Configure.

  Out-of-home retransmission control availability 7101 indicates whether or not the registered content receiving apparatus can perform out-of-home retransmission control using a remote access flag. If out-of-home retransmission control is possible, “permitted” is indicated. If control is not possible, “No” is set. The rest is the same as the home device information table 5500.

  It is possible to manage whether or not the content receiving device can perform re-transmission control outside the home by adding whether or not remote retransmission control is possible to the in-home device information table, and set a remote access flag appropriately at the time of content transmission it can.

  FIG. 26 shows that when transmitting content from the content transmitting apparatus 100 in the user home 1 to the content transmitting / receiving apparatus 700 in the same home, the content transmitting / receiving apparatus 700 controls re-transmission using the remote access flag. This is an example of the procedure of the device authentication process S2600 with confirmation of whether or not to permit remote retransmission control for confirming whether or not the content transmission / reception device 700 has the ability to control remote retransmission.

  First, the device authentication processing unit 108 of the content transmission / reception device 700 transmits a capability notification clearly indicating whether or not the remote retransmission control is possible to the content transmission device 100 (S2601). Upon receiving the capability notification, the content transmission device 100 transmits a reception confirmation to the content transmission / reception device 700. Here, the capability notification may include a random number or a signature to prevent tampering.

  Next, a normal device authentication process S600 is performed between the content transmitting / receiving device 700 and the content transmitting device 100 to perform device authentication and key exchange. However, in this embodiment, in the device information table update process S621 of the content transmitting apparatus 100, the out-of-home retransmission control permission / inhibition 7101 of the content transmitting / receiving apparatus 700 is set using the in-home apparatus information table 7100. When the content transmitting / receiving apparatus 700 notifies the capability notification that the re-transmission control outside the home is possible, “permitted” is set to the out-of-home retransmission control permission 7101.

  On the other hand, when the content transmitting / receiving apparatus 700 notifies that the out-of-home retransmission control is impossible by the capability notification, “no” is set in the out-of-home retransmission control permission / denial 7101. Even when the content transmitting / receiving apparatus 700 performs the normal device authentication process S600 without transmitting the capability notification, “No” is set in the out-of-home retransmission control permission / denial 7101.

  Prior to device authentication, the content transmission / reception device 700 notifies the content transmission device 100 of whether or not remote retransmission control is possible, so that the content transmission device 100 knows the capability of the content transmission / reception device 700 and appropriately transmits a remote access flag at the time of content transmission. Can be set.

  FIG. 27 is an example of the remote access flag setting process S2700 in the control unit 115 of the content transmitting apparatus 100. The control unit 115 of the content transmitting apparatus 100 first confirms the input media and copy control information of the content to be transmitted (S2701). When the input medium of the content to be transmitted is “home network” (Yes in S2702), the remote access flag value set for the input content, that is, the received content is confirmed (S2703).

  On the other hand, if the input medium is other than “home network”, the retransmission condition table 9000 is confirmed (S2704). Next, the control unit 115 of the content transmission device 100 retransmits the content requested to be transmitted out of the house from the value of the remote access flag set for the received content or the content set in the retransmission condition table 9000. It is determined whether or not transmission is permitted (S2705).

  When retransmission is not permitted, that is, when the value of the remote access flag set in the received content is 0, or the value set in the retransmission condition table 9000 is “prohibited” (No in S2705) Then, the control unit 115 of the content transmitting apparatus 100 sets the remote access flag to 0 (S2705) and ends the process. On the other hand, when retransmission is permitted, that is, when the value of the remote access flag set in the received content is 1, or the value set in the retransmission condition table 9000 is “permitted” (S2705). Yes), the control unit 115 of the content transmitting apparatus 100 checks the out-of-home retransmission control 7101 of the content transmitting / receiving apparatus 700 in the in-home device information table 7100 (S2706).

  Next, it is determined from the contents set in the out-of-home retransmission control 7101 of the content receiving apparatus 300 in the in-home device information table 7100 whether or not the content transmitting / receiving apparatus 700 can perform out-of-home retransmission control (S2707). When the remote retransmission control is not possible, that is, when the remote retransmission control 7101 is “No” (No in S2707), the control unit 115 of the content transmitting apparatus 100 sets the remote access flag to 0 (S2708). The process ends. On the other hand, when the remote retransmission control can be performed, that is, when the remote retransmission control 7101 is “Yes” (Yes in S2707), the control unit 115 of the content transmission apparatus 100 sets the remote access flag to 1 (S2709). ), The process is terminated.

  According to the above procedure, stricter control can be performed by setting the value of the remote access flag based on both the content re-transmission condition and whether or not the content receiver can perform re-transmission control outside the home. In addition, by setting the remote access flag to 0 and transmitting to a content reception device that cannot be controlled outside the home, even if the device cannot interpret the remote access flag, the content can be decoded and viewed normally. Can do.

  FIG. 30 is an example of a content transmission processing procedure S3000 to the home between the content transmission device 100 and the content transmission / reception device 700 when controlling remote retransmission of the content reception device using the remote access flag.

  The content information acquisition request S1002 to the viewing content selection S1006 may be performed in the same manner as the content viewing processing procedure S1000 from outside the home. Next, device authentication processing S2600 with confirmation of whether or not to permit re-transmission control outside the home is performed, and device authentication processing unit 108 of content transmission device 100 registers whether or not re-transmission control outside of content transmission / reception device 700 is permitted in home device information table 7100. (S3007).

  Next, the control unit 115 of the content transmission / reception device 700 sends a request for transmission of desired content to the content transmission device 100 (S3008). Here, the content transmission request may be a request for viewing the content or a request for moving the content. Further, an ID for identifying the exchange key received in the device authentication process S2600 may be added to the transmission request. The control unit 115 of the content transmission apparatus 100 sends a reception confirmation in response to the content transmission request (S3009).

  Next, the control unit 115 of the content transmission apparatus 100 performs a remote access flag setting process S2700 (S3010). The control unit 115 of the content transmission device 100 transmits the content transmission / reception device 700 encrypted by the encryption / decryption processing unit 112 using the key shared in the device authentication processing S2600 described above.

  After starting the content transmission, the device authentication processing unit 108 of the content transmitting / receiving apparatus 700 transmits a key confirmation request to the content transmitting apparatus 100 at an arbitrary timing (S3012). Upon receiving the key confirmation request, the device authentication processing unit 108 of the content transmitting apparatus 100 transmits a reception confirmation to the content transmitting / receiving apparatus 700 according to the confirmation result (S3013).

  The device authentication processing unit 108 checks whether the identification ID of the exchange key is correct, and the device information update unit 1092 periodically sets the timer 1091 in the device information management unit 109 (for example, every 1 minute interval, every 10 minute interval, etc.). Set to receive notifications and start up. In addition, the device authentication processing unit 108 generates a common key for encrypting content using the exchange key, and sets the common key in the encryption / decryption processing unit 112.

  Then, while the desired content read from the recording unit 111 or input from the demultiplexer is encrypted by the encryption / decryption processing unit 112, it is sent to the content transmitting / receiving apparatus 700 in the format shown in FIG. 17 (S3011). At this time, the value determined in the above-described remote access flag setting processing S2700 is set in the RA 170212 of the header portion 17021 of the content transmission packet 1702.

  Here, every time a notification is received from the timer 1091 during content transmission, the device information update unit 1092 updates the home counter value 5204 of the home device information table 7100 (for example, decrements the counter value). When the home counter value 5204 reaches 0, information on the corresponding device in the home device information table 7100 is deleted.

  The device authentication processing unit 108 of the content transmitting / receiving apparatus 700 generates a common key for decrypting the content using the remote exchange key, and sets the common key in the encryption / decryption processing unit 112. For the data received via the communication processing unit 113, the encryption / decryption processing unit 112 extracts and decrypts the encrypted content included in the payload from the format shown in FIG. Output to the speaker 105.

  In accordance with the above procedure, the content transmission / reception device 700 notifies the content transmission device 100 of the capability of whether or not to allow remote retransmission control, and the content transmission device 100 stores the capability of whether or not the content transmission / reception device 700 can control the retransmission outside the home and the retransmission condition table. By setting the remote access flag based on the specified conditions and transmitting the encrypted content including the value of the remote access flag in the content transmission packet, it is possible to perform more rigorous out-of-home retransmission control. In addition, by setting the remote access flag to 0 and transmitting to a content reception device that cannot be controlled outside the home, even if the device cannot interpret the remote access flag, the content can be decoded and viewed normally. Can do.

  Here, it is possible to determine whether or not to perform remote retransmission control according to the remote access flag, and to determine whether or not to perform remote retransmission of the received content, and when the content is received together with the remote access flag, When the content is transmitted to the receiving device, the remote access flag can be added and transmitted.

  FIG. 36 shows the content transmitted by the content transmission apparatus 100 at the user home 1 to the content transmission / reception apparatus 700 (35A in FIG. 40) and further retransmitted to the content transmission / reception apparatus 600 at the user-specific home 4 outside the home (35B in FIG. 40). This is an example of a procedure for controlling retransmission.

  In advance, any one of the device registration processes S700, S1100, and S1400 for outside access is performed between the content transmitting / receiving device 700 and the content receiving device 600 (S3601). Thereafter, first, the content transmission processing procedure S3000 to the home is performed between the content transmission device 100 and the content transmission / reception device 700 (S3602). Next, processing similar to the processing in FIG. 10 is performed from the remote access device information table reference S1001 to the content viewing request S1008 between the content transmitting / receiving apparatus 600 and the content transmitting / receiving apparatus 700.

  Here, it is assumed that the content to be selected is content that has been transmitted from the content transmission apparatus 100 to the content transmission / reception apparatus 700 by the process of S3602. The control unit 115 of the content transmitting / receiving apparatus 700 confirms whether or not the remote access flag added to the content requested from the content receiving apparatus 600, that is, the content received from the content transmitting apparatus 100 is 0 (retransmission prohibited) (S3603). When the value of the remote access flag is 0 (Yes in S3603), a reception confirmation indicating that the content viewing request is rejected is transmitted (S3604).

  On the other hand, when the value of the remote access flag is 1 (No in S3603), a reception confirmation indicating that the content viewing request has been accepted is transmitted (S3605), and the encrypted content transmission processing and the like are performed (S3606). The encrypted content transmission processing and the like (S3606) are the same as the processing after S1010 in FIG.

  As described above, when the content transmission / reception device 700 receives a content viewing request from the content receiving device 600 outside the home, the content viewing request is rejected by referring to the value of the remote access flag added to the content. Acceptance determination can be made.

  As described above, when content is transmitted from the content transmitting device to the content transmitting / receiving device in the home, the content provider is not permitted by controlling remote retransmission of the content received by the content receiving device using the remote access flag. It is possible to prevent the content from being retransmitted outside the home.

  In the above-described example, the control of the retransmission of the content transmitted from the content transmission device to the content transmission / reception device in the same home to the content transmission / reception device outside the home has been described. In the present embodiment, a description will be given of a control processing procedure in a case where the content transmitted from the content transmission device to the content transmission / reception device outside the home is further retransmitted to another location outside the home.

  FIG. 41 is a configuration diagram showing the flow of content in the present embodiment. The content (35C) transmitted from the content transmission device 100 of the user home 1 in FIG. 35 to the content transmission / reception device 500 of the user-specific home 4 is further transmitted (35D) to the content reception device 400 of the outside location 2 that is another home. . Here, out-of-home retransmission refers to content transmission from the content transmission / reception device 500 to the content reception device 400.

  FIG. 39 is an example of a remote access flag setting process S3900 in the control unit 115 of the content transmitting apparatus 100. First, the control unit 115 of the content transmission apparatus 100 checks whether the content transmission destination is a home device or a device outside the home (S3901). When the transmission destination is a device outside the home (Yes in S3902), the remote access flag is set to 1 (S3903). On the other hand, if the transmission destination is a home device, remote access flag setting processing S2700 is performed (S3904), and the remote access flag is set.

  As described above, where the content transmission destination exists is also used as the determination material for setting the remote access flag, and when the remote access flag is always set to 1 when the device is outside the home, the content transmitted outside the home is further increased. It can be prevented from being retransmitted to another device outside the house.

  In FIG. 37, the content transmitted by the content transmitting device 100 of the user home 1 to the content transmitting / receiving device 500 of the user-specific home 4 (35C) is retransmitted to the content transmitting / receiving device 400 of the outside location 2 that is still another home (35D). This is an example of a procedure for controlling retransmission.

  In advance, any of device registration processing S700, S1100, and S1400 for outside access is performed between the content transmission device 100 and the content transmission / reception device 500 (S3701). Further, any one of the device registration processes S700, S1100, and S1400 for outside access is performed between the content transmitting / receiving device 500 and the content receiving device 400 (S3702).

  After that, first, the content viewing processing procedure S1000 from outside the house is performed between the content transmitting apparatus 100 and the content transmitting / receiving apparatus 500, and content transmission from the content transmitting apparatus 100 to the content transmitting / receiving apparatus 500 is started (S3703). ). Next, processing similar to the processing in FIG. 10 is performed from the remote access device information table reference S1001 to the content viewing request S1008 between the content transmitting / receiving device 400 and the content transmitting / receiving device 500.

  Here, it is assumed that the content to be selected is content that has been transmitted from the content transmitting apparatus 100 to the content transmitting / receiving apparatus 500 by the process of S3703. The control unit 115 of the content transmitting / receiving apparatus 500 confirms whether or not the remote access flag added to the content requested from the content receiving apparatus 400, that is, the content received from the content transmitting apparatus 100 is 0 (retransmission prohibited) (S3603). .

  When the value of the remote access flag is 0 (Yes in S3603), a reception confirmation indicating that the content viewing request is rejected is transmitted (S3604). On the other hand, when the value of the remote access flag is 1 (No in S3603), a reception confirmation indicating that the content viewing request has been accepted is transmitted (S3605), and the encrypted content transmission processing and the like are performed (S3606). The encrypted content transmission processing and the like (S3606) are the same as the processing after S1010 in FIG.

  As described above, when the content transmission / reception device 500 receives a content viewing request from the content receiving device 400 outside the home, the content viewing request is rejected by referring to the value of the remote access flag added to the content. Acceptance determination can be made.

  As described above, when content is transmitted from the content transmission device to the content transmission / reception device outside the home, the remote access flag is used to control retransmission of the content received by the content reception device outside the home to another home. In this way, it is possible to prevent the re-transmission of content that is not permitted by the content provider to the outside of the house.

  In the above-described example, the control of the retransmission of the content transmitted from the content transmission device to the content transmission / reception device in the same home to the content transmission / reception device outside the home has been described. In the present embodiment, a description will be given of a control processing procedure in the case where content transmitted from a content transmission device to a content transmission / reception device outside the home is transmitted to a device at the same location and retransmitted to another location outside the home.

  FIG. 42 is a configuration diagram showing the flow of content in the present embodiment. The content transmitted from the content transmitting device 100 of the user home 1 in FIG. 35 to the content transmitting / receiving device 600 of the user-specific home 4 (35E) is transmitted (35F) to the content transmitting / receiving device 500 of the user-specific home 4, The transmission permission / inhibition control method in the case of transmitting to the content receiving device 400 of the outside destination 2 (35D) is shown. Here, out-of-home retransmission refers to content transmission from the content transmission / reception device 500 to the content reception device 400.

  FIG. 38 shows a case where the content (35E) transmitted from the content transmission device 100 of the user home 1 to the content transmission / reception device 600 of the user-specific home 4 is transmitted (35F) to the content transmission / reception device 500 of the user-specific home 4 and then another home. It is an example of the procedure of re-transmission control in the case of transmitting (35D) to the content receiving device 400 of the outside place 2 that is outside.

  In advance, any one of the device registration processes S700, S1100, and S1400 for outside access is performed between the content transmission device 100 and the content transmission / reception device 600 (S3801). Further, any one of the device registration processes S700, S1100, and S1400 for outside access is performed between the content transmitting / receiving device 500 and the content receiving device 400 (S3802). After that, first, the content viewing processing procedure S1000 from outside the home is performed between the content transmitting apparatus 100 and the content transmitting / receiving apparatus 600, and content transmission from the content transmitting apparatus 100 to the content transmitting / receiving apparatus 600 is started (S3803). ).

  Next, a content transmission processing procedure S3000 is performed between the content transmission / reception device 600 and the content transmission / reception device 500, and content transmission from the content transmission / reception device 600 to the content transmission / reception device 500 is started (S3804). Here, it is assumed that the content transmitted by the content transmission / reception device 600 is content being transmitted from the content transmission device 100 to the content transmission / reception device 600.

  Next, processing similar to the processing in FIG. 10 is performed from the remote access device information table reference S1001 to the content viewing request S1008 between the content transmitting / receiving device 400 and the content transmitting / receiving device 500. Here, it is assumed that the content to be selected is content that has been transmitted from the content transmitting / receiving apparatus 600 to the content transmitting / receiving apparatus 500 by the process of S3804.

  The control unit 115 of the content transmitting / receiving apparatus 500 confirms whether the remote access flag added to the content requested from the content receiving apparatus 400, that is, the content received from the content transmitting / receiving apparatus 600 is 0 (retransmission prohibited) (S3603). When the value of the remote access flag is 0 (Yes in S3603), a reception confirmation indicating that the content viewing request is rejected is transmitted (S3604).

  On the other hand, when the value of the remote access flag is 1 (No in S3603), a reception confirmation indicating that the content viewing request has been accepted is transmitted (S3605), and the encrypted content transmission processing and the like are performed (S3606). The encrypted content transmission processing and the like (S3606) are the same as the processing after S1010 in FIG.

  As described above, by transmitting the remote access flag from the content transmission apparatus 100 to the content transmission / reception apparatus 600 and from the content transmission / reception apparatus 600 to the content transmission / reception apparatus 500, the content transmission / reception apparatus 500 receives the content from the content reception apparatus 400 outside the home. When the viewing request is received, the content viewing request can be rejected or accepted by referring to the value of the remote access flag added to the content.

  As described above, content transmitted from the content transmission device to the content transmission / reception device outside the home is transmitted to the device at the same location, and further re-transmission to another location outside the home is not permitted by the content provider. It is possible to prevent the content from being retransmitted outside the home.

  In the present embodiment, content is transmitted from the content transmission device to a content transmission / reception device that cannot be controlled in the same house, and the content transmission / reception device that cannot be controlled in the home is connected to the content transmission / reception device in the same home. A control processing procedure when the received content is transmitted and the content transmission / reception apparatus is requested to retransmit to another location outside the home will be described.

  FIG. 43 is a configuration diagram illustrating an example of a content flow in the present embodiment. The content transmitted (35A) from the content transmitting device 100 of the user home 1 to the content transmitting / receiving device 700 in FIG. 35 is further transmitted (35G) to the content transmitting / receiving device 800 of the user home 1, and further the content transmitting / receiving device 600 of the user-specific home 4 Try to send (35H) to. Here, it is assumed that the content transmission / reception device 700 is a conventional transmission / reception device that cannot perform out-of-home retransmission control and can only transmit / receive content at home.

  FIG. 44 shows the content transmitted (35A) from the content transmitting device 100 of the user home 1 to the content transmitting / receiving device 700 (35G) to the content transmitting / receiving device 800 of the user home 1, and further the content transmitting / receiving device of the user-specific home 4 6 is a procedure example of re-transmission control when transmitting (35H) to 600.

  In advance, any one of the device registration processes S700, S1100, and S1400 for outside access is performed between the content transmitting / receiving device 800 and the content transmitting / receiving device 600 (S4401). After that, first, the content transmission processing procedure S3000 is performed between the content transmission device 100 and the content transmission / reception device 700, and content transmission from the content transmission device 100 to the content transmission / reception device 500 is started (S4402). .

  However, here, as the device authentication processing in S3007, the content transmitting / receiving device 700 is a conventional device that cannot perform out-of-home retransmission control. Therefore, the device authentication processing S2600 with confirmation of whether or not out-of-home retransmission control is possible is not normal device authentication. Processing S600 is performed. As a result, in content transmission from the content transmission apparatus 100 to the content transmission / reception apparatus 700, the remote access flag is set to 0.

  Next, a content transmission processing procedure S3000 is performed between the content transmission / reception device 700 and the content transmission / reception device 800, and content transmission from the content transmission / reception device 700 to the content transmission / reception device 800 is started (S4403). However, since the content transmission / reception device 700 is a conventional device that cannot perform re-transmission control outside the home as the device authentication processing in S3007, even if the device authentication processing S2600 with confirmation of whether or not re-transmission control is possible is performed, Notification processing is ignored.

  Also, in content transmission from the content transmission / reception 700 to the content transmission / reception device 800, the remote access flag is not explicitly set, but the area is 0, and remote access is performed on the receiving device side where remote transmission control is possible. The flag can be interpreted as 0. Here, it is assumed that the content transmitted by the content transmission / reception device 700 is content being transmitted from the content transmission device 100 to the content transmission / reception device 700. Next, from the remote access device information table reference S1001 to the content viewing request S1008 between the content transmission / reception device 600 and the content transmission / reception device 800, the same processing as in FIG. 10 is performed.

  Here, it is assumed that the content to be selected is content that has been transmitted from the content transmitting / receiving apparatus 700 to the content transmitting / receiving apparatus 800 by the process of S4403. The control unit 115 of the content transmitting / receiving apparatus 800 confirms that the remote access flag added to the content requested from the content transmitting / receiving apparatus 600, that is, the content received from the content transmitting apparatus 700 is 0 (retransmission prohibited) (S3603). Then, a reception confirmation indicating that the content viewing request is rejected is transmitted (S3604).

  According to the above procedure, the remote receiving flag can be set to 0 for a conventional receiving device that cannot perform re-transmission control outside the home and can only transmit and receive content at home. It is possible to play the content received in the previous period. Thereby, mutual connectivity can be secured. Further, if the corresponding area of the header portion is set as a remote access flag as in RA170212 in FIG. 17, the remote access flag of the content transmitted from the conventional receiving device becomes 0, and therefore, the external retransmission from the conventional receiving device. Even when content is transmitted to an in-home receiving device capable of receiving data, control can be performed so that out-of-home retransmission is not performed in the receiving device capable of out-of-home retransmission.

  In performing the re-transmission control, when a receiving device capable of out-of-home re-transmission receives content from the in-home content transmitting device, the capability of the content transmitting device as the transmission source is confirmed in advance, When it is determined that the content transmission apparatus is a conventional device that cannot perform remote retransmission control, control may be performed so as not to perform remote retransmission.

  With the above procedure, even if content is transmitted via a conventional device that does not have the capability of re-transmission outside the home, it is possible to control the re-transmission outside the home at the device that finally transmits outside the home. .

In the above-described embodiment, an example has been shown in which retransmission of content received from a content transmission apparatus via a network is controlled using a remote access flag.
In the present embodiment, an example in which an identifier indicating whether or not transmission outside the home is included in content to be transmitted to the network or content additional information is shown.

  FIG. 46 is a configuration example of a retransmission condition table 9300 indicating conditions for permitting retransmission outside the home for content transmitted from the content transmission apparatus. This table is used by the content transmission device 100. The retransmission condition table 9300 is made up of the conditions of copy control information 9001 and input media 9002. The copy control information 9001 includes, for example, “Copy free (can be copied without limitation)” “Copy free with EPN asserted (can be copied without limitation with output protection)”, “Copy one generation (possible one generation copy)”, “No more copies” (Recopy prohibited) ”“ Copy never (copy prohibited) ”.

  The input media 9002 includes “broadcast wave”, “HDD”, “optical disk 1”, “optical disk 1”, “semiconductor memory”, “IP broadcast”, and “home network”. The input medium indicates what route the content to be transmitted is originally input. Among these, “broadcast wave” is an input from the antenna of the content transmission apparatus 100, and “HDD”, “optical disk 1”, “optical disk 1”, and “semiconductor memory” are inputs from the recording unit of the content transmission apparatus, “IP “Broadcast” and “home network” are inputs from the digital input / output terminal 114 of the content transmitting apparatus 100.

  Further, among the input media 9002, “broadcast wave”, “optical disk 1”, and “IP broadcast” include an identifier presence / absence 9301 indicating whether or not an identifier indicating whether or not re-transmission is possible, and a setting value when the identifier exists. 9302. The presence / absence of identifier 9301 is classified into “with identifier” and “without identifier”. The setting value 9302 includes “permitted” or “prohibited”.

When using a retransmission condition table 9 3 00 determines whether it has been authorized to re-transmission to the outside the house content by setting values 9302 and the copy control information 9001 input media 9002, and the identifier whether 9301. For example, when the copy control information 9001 is “Copy One Generation”, the input medium is “broadcast wave”, the identifier presence / absence 9301 is an identifier, and the setting value 9302 is “prohibited”, the retransmission of the content outside the home is “ It can be determined that it is prohibited.

  By using the re-transmission condition table 9300, the content copy control information and the input media are used for determining the re-transmission condition, and the re-transmission control intended by the content provider is further finely controlled. be able to.

  In addition, this invention is not limited to an above-described Example, Various modifications are included. For example, the above-described embodiments have been described in detail for easy understanding of the present invention, and are not necessarily limited to those having all the configurations described. Further, a part of the configuration of one embodiment can be replaced with the configuration of another embodiment, and the configuration of another embodiment can be added to the configuration of one embodiment. Further, it is possible to add, delete, and replace other configurations for a part of the configuration of each embodiment.

  Each of the above-described configurations, functions, processing units, processing means, and the like may be realized by hardware by designing a part or all of them with, for example, an integrated circuit. Each of the above-described configurations, functions, and the like may be realized by software by interpreting and executing a program that realizes each function by the processor. Information such as programs, tables, and files for realizing each function can be stored in a recording device such as a memory, a hard disk, an SSD (Solid State Drive), or a recording medium such as an IC card, an SD card, or a DVD.

  Further, the control lines and information lines indicate what is considered necessary for the explanation, and not all the control lines and information lines on the product are necessarily shown. Actually, it may be considered that almost all the components are connected to each other.

1 User's house 1
2 ... Where to go 2
3 ... Internet 4 ... User-specific home 4
DESCRIPTION OF SYMBOLS 100 ... Content transmission apparatus 200, 300, 400 ... Content reception apparatus 500, 600, 700, 800 ... Content transmission / reception apparatus 107 ... Input processing part 108 ... Device authentication processing part 109 ... Device information management unit 110 ... Recording / reproduction processing unit 111 ... Recording unit 112 ... Encryption / decryption processing unit 113 ... Communication processing unit 115 ... Control unit 202 ... Wireless encryption / decryption processing Unit 203 ... Wireless communication processing unit 1091 ... Timer 1092 ... Device information update unit 1093 ... Device information storage unit 5100, 5300, 5800, 5900 ... Management table 5200, 5400 ... Device information Table 5500, 7100 ... In-home device information table 5600 ... Outside-access device (in-home registration) information table 5700, 7000 ... External access device (external registration) information table 8000 ... Threshold information 9000, 9300 ... Retransmission condition table 9100 ... Packet monitoring table 9200 ... Connection management table 60000 ... External Information table for access

Claims (4)

A content transmission device that transmits content to a content reception device connected via a network,
A communication processing unit for transmitting and receiving data to and from a content receiving device connected to the network;
A first key for sharing first key information with the content receiving device connected to the network based on an authentication request from the content receiving device connected to the network via the communication processing unit. A device authentication processing unit that performs authentication based on the authentication method of, or authentication based on the second authentication method for sharing the second key information;
An out-of-home access device registration request including information related to the content receiving device from the content receiving device in the home that has been authenticated based on the first authentication method and shared the first key information via the communication processing unit When receiving a remote access device registration unit that registers device information related to the content receiving device as registration information,
Using the first key information or the key information generated based on the second key information, and the encryption processing unit for encrypting a content to be transmitted to the content receiving apparatus via the communication processing unit,
A control unit that controls the device authentication processing unit, the encryption processing unit, and the communication processing unit,
The control unit determines whether an authentication request received from a content receiving apparatus to which encrypted content is transmitted is the first authentication method or the second authentication method ;
The control state of the control section, prior to SL if it is the first authentication method, the content of the previous SL-house content receiver apparatus is connected to the same subnet as that the content transmission device of the network is connected When the device is determined to be a receiving device, the device authentication processing unit is used to authenticate the content receiving device connected to the home network based on the first authentication method, and the encryption processing unit is used to authenticate the content receiving device. , the first control state and, before Symbol second authentication method for controlling so that the transmission from the communication processing unit encrypts the content to be transmitted by using the key information generated in the first basis of key information when an authentication request, the device information contained in the authentication request for the second authentication method, using the home access device registration unit, the home access device registration for the access destination information Based on the first authentication method in order to allow access from outside the home to determine whether it is registered as the device information of the content receiver apparatus that has performed the authentication with, the content received before Symbol registration information when the device information of the device has been registered, by using the device authentication processing unit performs authentication of the content receiving device based on the second authentication method, using a pre-Symbol encryption processing unit, the a second control state in which by controlled so that sends from the communication processing unit encrypts the content using the key information generated based on the second key information, the content transmitting apparatus characterized by there. A content transmission method in a content transmission device for transmitting content to a content reception device connected via a network,
Authentication based on a first authentication method for sharing first key information with a content receiving device connected to the network based on an authentication request from the content receiving device connected to the network; or A device authentication step for performing authentication based on a second authentication method for sharing the second key information;
When receiving an out-of-home access device registration request including information related to the content receiving device from an in-home content receiving device that has performed authentication based on the first authentication method and shared the first key information, A remote access device registration step for registering device information related to the content receiving device as registration information;
A control step for determining whether an authentication request received from a content receiving apparatus to which encrypted content is transmitted is the first authentication method or the second authentication method;
In the control step, when the authentication request when receiving the transmission Sakidea Ru content receiving device or al authentication request content is an authentication request of the first authentication method, the previous SL content receiver A content receiving device that is determined to be a home content receiving device connected to the same subnet as the subnet to which the content transmitting device of the network is connected, and that is connected to the home network based on the first authentication method authenticate, upon the first key information by using the generated key information to the original transmitted by encrypting the content, it receives the transmission Sakidea Ru content receiving apparatus or we authentication request content in the case where the authentication request is an authentication request of the second authentication method, device information included in the authentication request of this second authentication method, the home access device registration In order to enable access from outside the home using access destination information, it is determined whether it is registered as device information of the content receiving device that has been authenticated based on the first authentication method. When the device information of the content receiving apparatus is registered, the content receiving apparatus is authenticated based on the second authentication method, and the key information generated based on the second key information is used. content transmission wherein the benzalkonium be sent encrypted content. A content transmission device that transmits received content to a content reception device connected via a network,
A receiving unit for receiving content;
A communication processing unit for transmitting and receiving data to and from a content receiving device connected to the network;
An encryption processing unit using the key information generated based on the first key information and second key information, encrypts the content to be transmitted to the content receiving apparatus via the communication processing unit,
A control unit that controls the encryption processing unit and the communication processing unit,
Wherein, if the previous SL content receiving apparatus is determined to be the content receiving apparatus of the home where the content transmitting device is connected to the same subnet as the subnet connected to the network, said by the encryption processing unit first encrypts the content to be transmitted by using the key information generated based on the first key information, the content and the encrypted by the communication processing unit transmits to the content receiving apparatus, the front Symbol content receiver of the network When it is determined that the content receiving apparatus is connected to a subnet different from the subnet to which the content transmitting apparatus is connected, the key information generated based on the second key information by the encryption processing unit is used. the content to be transmitted is encrypted Te, the content is the encrypted by the communication processing unit to the content receiving apparatus Content transmission device which is characterized in that by sea urchin control you trust. A content transmission method in a content transmission device for transmitting content to a content reception device connected via a network,
A receiving step for receiving content;
The content receiving device is a home content receiving device connected to the same subnet as the subnet to which the content transmitting device of the network is connected, or the subnet to which the content transmitting device of the network is connected A determination step for determining whether the content reception device is connected to a different subnet;
An encryption step of encrypting the content to be transmitted to the content receiving device using the key information generated based on the first key information or the second key information;
A transmission step of transmitting the encrypted content and,
In the encryption step, the can and the previous SL content receiving apparatus determines that the content transmission device of the network is a content receiving device home connected to the same subnet as the subnet connected by the determination step, the the first key information by using the generated key information based encrypts content to be transmitted to the content receiving apparatus, the subnet which the content transmitting apparatus of the network before Symbol content receiver in the determination step is connected turn into encrypted content to be transmitted to the content receiver apparatus by using the key information generated in the can and is determined that the content receiver apparatus outside the house that are connected to different subnets based on the second key information and The content transmission method characterized by the above-mentioned.