JP6269798B2 - Remote access content provision system - Google Patents

Description

  The present invention relates to a remote access content providing system for preventing unauthorized use in content transmission, and in particular, transmits encrypted content and uses a predetermined mutual authentication and key exchange (AKE) for a decryption key of the encrypted content. The present invention relates to a remote access content providing system for exchanging according to an algorithm.

  More specifically, the present invention relates to a communication system for safely transmitting content through remote access (RA) via an external network such as a WAN, restrictions on round-trip delay time (RTT), hop count of IP router (TTL), etc. The present invention relates to a remote access content providing system that securely transmits content through remote access.

  Conventionally, broadcast content and content in packaged media are used in places where receiving devices and playback devices are installed, or devices connected to these devices via a home network (hereinafter referred to as “local access ( LA) ") was also basic. For example, a mobile device connected to the above-mentioned receiving device or playback device from outside and using the content with transmission via an external network such as a WAN (Wide Area Network) (hereinafter referred to as “remote access (RA)”) It was difficult from a technical point of view such as a communication channel and a codec. However, in the future, data communication technologies such as LTE (Long Term Evolution) and WiMAX (World Interoperability for Microwave Access), High compression codecs such as H.264 are expected to become widespread, and by using these, the feasibility of remote access can be seen. For example, the user can remotely access the home server from the destination and play the content.

  On the other hand, the digitized content is relatively easy to perform illegal operations such as copying and falsification. In particular, in remote access, there is a need for a mechanism for preventing unauthorized use involved in content transmission, that is, copyright protection, while allowing the use of personal or home content.

  As an industry standard technique regarding transmission protection of digital contents, there is DTCP (Digital Transmission Content Protection) developed by DTLA (Digital Transmission Licensing Administrator). In DTCP, an authentication protocol between devices at the time of content transmission and a transmission protocol for encrypted content are decided. To summarize, the DTCP compliant device does not send out compressed content that is easy to handle in an unencrypted state outside the device, and the key exchange required to decrypt the encrypted content is a predetermined mutual authentication. And the key exchange (Authentication and Key Exchange: AKE) algorithm, and limiting the range of devices that perform key exchange using the AKE command. The server (Source) that is the content provider and the client (Sink) that is the content provider share the key through the authentication procedure by transmitting and receiving the AKE command, encrypt the transmission path using the key, and transmit the content To do. Therefore, an unauthorized client cannot obtain the content because the encryption key cannot be acquired unless the authentication with the server is successful.

  DTCP was originally defined for content transmission on a home network using IEEE 1394 or the like as a transmission path. Recently, as represented by DLNA (Digital Living Network Alliance), a movement to distribute digitized AV content via an IP network has become serious in the home. Therefore, DTCP technology corresponding to the IP network, that is, DTCP-IP (DTCP mapping to IP) is being developed with the intention of distributing digital contents through the IP network even in the home.

  DTCP-IP is a similar technology in which the DTCP technology is transplanted to an IP network. However, the IP network is used as a transmission path, and HTTP (Hyper Text Transfer Protocol) or RTP (Real--) is used for transmission of encrypted content. A content transfer protocol implemented on the IP network, such as Time Transfer Protocol), is used. For example, when content is transmitted according to the HTTP procedure, Source is an HTTP server, Sink is an HTTP client, a TCP / IP connection for HTTP is created, and encrypted content is downloaded and transmitted (however, When upload transmission is performed, Source becomes an HTTP client and Sink becomes an HTTP server).

  The current DTCP-IP (DTCP Volume 1 Specification Supplementation E Revision 1.2) is mainly intended to ensure the use of content only in the home. For this reason, the round trip time (RTT) is limited to a maximum of 7 milliseconds for the AKE command, and the upper limit of the hop count (TTL: Time To Live) of the IP router is set to 3.

  For example, the source continues to monitor each AKE command received from the start of DTCP-IP authentication to immediately before it ends, updates the maximum value of the TTL value, and sets the TTL value immediately before the authentication procedure ends. The maximum value is checked, and if this maximum value is 3 or less, the key exchange is completed to complete the authentication procedure. If the maximum value is exceeded, a proposal has been made for an information communication system that terminates the authentication procedure without performing the final step. (For example, see Patent Document 1).

  However, if RTT or TTL restrictions are imposed, it is not possible to access copyright-protected content on a home network server in a home from a remote location outside the home.

  Considering the convenience of the user, it would conflict with the content owner's interest to allow remote access to the content but protect the copyright.

JP 2007-36351 A

  An object of the present invention is to provide an excellent remote access / access key that can suitably prevent unauthorized use in content transmission by exchanging a decryption key of encrypted content in accordance with a predetermined mutual authentication and key exchange (AKE) algorithm. To provide a content providing system.

  A further object of the present invention is to allow content to be safely transmitted through remote access via an external network such as a WAN while exceeding limitations such as round trip delay time (RTT) and IP router hop count (TTL). It is to provide an excellent remote access content providing system.

The present application has been made in consideration of the above problems, and a first aspect thereof is communication in which communication for content transmission is performed between a content providing device that provides content and one or more content using devices that use the content. A system,
An authentication means for authenticating a content-accessing device to be remotely accessed according to a mutual authentication procedure for remote access that does not impose a restriction on a round-trip delay time of a command;
Identification means for identifying whether or not the content requested by remote access from the content using device is allowed remote access;
Transmission means for transmitting the requested content from the content providing apparatus to the authenticated content using apparatus according to the identification result by the identifying means and the authentication result by the authenticating means;
It is a communication system characterized by comprising.

  However, “system” here refers to a logical collection of a plurality of devices (or functional modules that realize specific functions), and each device or functional module is in a single housing. It does not matter whether or not.

The second aspect of the present application is:
An authentication means for authenticating a content-accessing device to be remotely accessed according to a mutual authentication procedure for remote access that does not impose a restriction on a round-trip delay time of a command;
An identification means for identifying whether or not the content requested by the remote access from the content using device is permitted to be remote access;
Providing means for providing the requested content to the content using device;
Comprising
The providing means provides content to a content use apparatus that requests content by remote access according to the identification result by the identification means and the authentication result by the authentication means.
It is a communication apparatus characterized by this.

  According to the third aspect of the present application, the authentication means of the communication device according to the second aspect is configured not to impose a restriction on the number of hops of the IP router in the remote authentication procedure for remote access. .

  According to the fourth aspect of the present application, the identification unit of the communication device according to the second aspect is based on information indicating whether or not remote access is possible, which is superimposed on a predetermined control descriptor of the requested content. Configured to identify whether or not remote access is permitted.

  According to the fifth aspect of the present application, whether or not the identification means of the communication device according to the second aspect is allowed to access remotely based on the description content of the predetermined control descriptor of the requested content. Is configured to identify.

  According to the sixth aspect of the present application, the identification unit of the communication device according to the second aspect performs remote access based on the content described in the copy control information included in the predetermined control descriptor of the requested content. It is configured to identify whether or not it is allowed.

  According to a seventh aspect of the present application, the communication device according to the second aspect further includes a storage unit capable of storing content, and the identification unit performs remote access to the content copied to the storage unit. Configured to identify as allowed.

  According to an eighth aspect of the present application, the communication device according to the second aspect further includes a receiving unit that receives broadcast content, and the identification unit is configured to determine whether the real-time content being broadcast has elapsed since the end of the broadcast. It is configured to identify whether remote access is allowed based on time.

  According to a ninth aspect of the present application, the communication device according to the second aspect further includes a receiving unit that receives broadcast content and a storage unit that can store the content, and the identification unit receives the received broadcast content. Are stored in the storage unit and then identified as remote access is permitted.

  According to a tenth aspect of the present application, a communication device according to the second aspect includes a storage unit having a first area for storing remotely accessible content and a second area for storing remotely inaccessible content. Further, each content is classified into the first or second area based on the identification result by the identification means and is stored in the storage unit.

  According to an eleventh aspect of the present application, the communication apparatus according to the second aspect further includes a registration unit that registers the content use apparatus in advance through a mutual authentication procedure for registration that imposes restrictions on a round-trip delay time of the command. The authentication means is configured to perform an authentication procedure only when the content access device to be remotely accessed is registered by the registration means.

  According to the twelfth aspect of the present application, the registration means of the communication device according to the eleventh aspect is configured to further impose a limit on the number of hops of the IP router during the mutual authentication procedure for registration.

  According to the thirteenth aspect of the present application, the registration means of the communication device according to the eleventh aspect provides a user ID, passphrase or key, user biometric information, or other remote access at the time of pre-registration of the content utilization device. The authentication means is also registered, and the authentication means is configured to also perform an authentication process using the pre-registered authentication information when authenticating the content utilization device to be remotely accessed.

  According to the fourteenth aspect of the present application, the authentication means of the communication device according to the thirteenth aspect performs authentication processing using authentication information pre-registered through portable media in which authentication information for remote access is written. It is configured.

  According to the fifteenth aspect of the present application, the authentication means of the communication device according to the eleventh aspect is configured to authenticate a content utilization device that is remotely accessed through a dongle associated with the device.

  According to the sixteenth aspect of the present application, when the registration unit of the communication apparatus according to the eleventh aspect pre-registers the content use apparatus, the content use apparatus also includes one or more contents used at the time of remote access. The registering and providing means is configured to provide only the content pre-registered to be used at the time of the remote access to the content using device to be remotely accessed.

  According to a seventeenth aspect of the present application, the authentication means of the communication device according to the second aspect is the content accessed remotely through a login process to a predetermined authentication server, instead of the mutual authentication procedure for remote access. It is comprised so that the authentication procedure of a utilization apparatus may be performed.

  According to the eighteenth aspect of the present application, the authentication means of the communication device according to the second aspect is based on an information bit indicating whether or not remote access is possible provided in a mutual authentication control command from the content using device. , Configured to authenticate a content utilization device to be remotely accessed.

  According to a nineteenth aspect of the present application, the authentication means of the communication device according to the second aspect is configured to authenticate a content access device to be remotely accessed according to a mutual authentication procedure dedicated to remote access.

  According to the twentieth aspect of the present application, the means for providing a communication device according to any one of the eighteenth and nineteenth aspects is requested by remote access from a content using device using an encryption mode dedicated to remote access. The content is encrypted and transmitted.

  According to the twenty-first aspect of the present application, the means for providing a communication device according to any one of the eighteenth and nineteenth aspects is configured to prohibit re-output of content by remote access.

  According to a twenty-second aspect of the present application, the communication device according to any one of the eighteenth and nineteenth aspects further includes a storage unit capable of storing content, and the providing means applies the content stored in the storage unit. When information indicating that remote access is possible is added, re-output by remote access is prohibited.

  According to a twenty-third aspect of the present application, the communication device according to any one of the eighteenth and nineteenth aspects further includes a storage unit capable of storing content, and the identification means is capable of remote access. When the content to which the indicated information is added is stored in the storage unit, the information is rewritten so that remote access is disabled.

  According to the twenty-fourth aspect of the present application, the identification means of the communication device according to any one of the eighteenth and nineteenth aspects indicates whether or not remote access is possible to the content received according to a predetermined protocol with copyright protection When no information is added, the content is treated as being inaccessible remotely.

  According to the twenty-fifth aspect of the present application, the identification means of the communication device according to any one of the eighteenth and nineteenth aspects indicates whether or not the content received according to a predetermined protocol with copyright protection can be accessed remotely. When no information is added, it is configured to identify whether or not the content is allowed to be accessed remotely based on copy control information set for the content.

  According to a twenty-sixth aspect of the present application, the communication device according to the twenty-fifth aspect further includes a storage unit capable of storing content, and the identification unit is configured to store the content that does not prohibit remote access. After being stored in the storage unit, it is handled as being accessible remotely, and in a state before being stored in the storage unit, it is handled as being inaccessible remotely.

The twenty-seventh aspect of the present application is
An authentication step for authenticating a content access device for remote access according to a mutual authentication procedure for remote access that does not impose restrictions on round-trip delay time of commands;
An identification step for identifying whether the content requested by the remote access from the content using device is permitted to be remote access; and
A providing step of providing the requested content to the content using device;
Have
In the providing step, the content is provided according to the identification result in the identification step and the authentication result in the authentication step to the content use device that requests the content by remote access.
This is a communication method characterized by the above.

A twenty-eighth aspect of the present application is a computer program written in a computer-readable format so as to execute processing for providing content via a network on a computer,
Authentication means for authenticating a content access device to be remotely accessed according to a mutual authentication procedure for remote access that does not impose restrictions on the round-trip delay time of commands,
An identification means for identifying whether or not the content requested by the remote access from the content use device is permitted to be remote access;
Providing means for providing the requested content to the content using device,
Function as
The providing means provides content to a content use apparatus that requests content by remote access according to the identification result by the identification means and the authentication result by the authentication means.
It is a computer program characterized by this.

  The computer program according to the twenty-eighth aspect of the present application defines a computer program described in a computer-readable format so as to realize predetermined processing on a computer. In other words, by installing the computer program according to the twenty-eighth aspect of the present application on a computer, a cooperative operation is exhibited on the computer, and the same operational effects as the communication device according to the second application of the present application are obtained. Can do.

  According to the present invention, content can be safely transmitted through remote access via an external network such as a WAN while exceeding limits such as a round trip delay time (RTT) and the number of hops of an IP router (TTL). An excellent remote access content providing system can be provided.

  According to the present invention, it is possible to provide an excellent remote access content providing system capable of performing remote access by a user while protecting the content only within the range of content permitted by the content owner. it can.

  According to the first, second, and third aspects of the present application, remote access is possible because a mutual authentication procedure that removes the RTT and TTL restrictions is applied to a content utilization device that is remotely accessed. In addition, since only content that allows remote access is provided to a content access device that remotely accesses, the DLNA content copyright-protected by DTCP-IP is remotely accessed from a remote location outside the home, Content can be used safely.

  In addition, according to the fourth to tenth aspects of the present application, since the way of handling the flag for controlling the remote access of the contents is explicitly defined, even in the remote access, in the conventional home Similar to access, it is possible to construct a copyright protection environment for content based on DTCP-IP.

  In addition, according to the first, second, third, 11th to 17th aspects of the present application, since the authentication method (AKE procedure) is explicitly defined when the content utilization device makes remote access, in remote access, Similarly, it is possible to construct a copyright protection environment for contents based on DTCP-IP, as in the case of conventional home access.

  Other objects, features, and advantages of the present invention will become apparent from more detailed description based on embodiments of the present invention described later and the accompanying drawings.

FIG. 1 is a diagram schematically showing a configuration example of a communication system according to the present invention. FIG. 2 is a diagram schematically showing another configuration example of the communication system according to the present invention. FIG. 3 is a diagram schematically illustrating a functional configuration of the content providing apparatus 10. FIG. 4 is a diagram schematically illustrating a functional configuration of the content use apparatus 20. FIG. 5 is a diagram for explaining a mechanism for performing encrypted content transmission between a source and a sink by DTCP-IP. FIG. 6 is a diagram showing an operation sequence of mutual authentication and key exchange using an AKE command performed between the source and the sink according to the current DTCP-IP. FIG. 7 is a diagram showing an example of an authentication sequence when RA-Sink is pre-registered in RA-Source. FIG. 8 is a diagram showing the configuration of the AKE control command. FIG. 9 is a flowchart showing the procedure of “RA-Sink Registrain” processing for RA-Source to pre-register RA-Sink. FIG. 10 is a diagram showing an example of a content acquisition sequence in which RA-Sink acquires an exchange key for remote access from RA-Source by the RA-AKE procedure and requests content from RA-Source. FIG. 11 is a flowchart showing the procedure of “RA-Sink ID confirmation” processing for RA-Source to perform RA-Sink registration confirmation and authentication processing. FIG. 12 is a diagram for explaining a mechanism for controlling the remote access based on the remote access permission information added to the content by the content providing apparatus 10. FIG. 13 is a diagram schematically showing the structure of a TS packet. FIG. 14 is a diagram showing a data structure of the digital copy control descriptor. FIG. 15 shows the detailed structure of the PMT. FIG. 16 is a diagram illustrating a state in which TS packets including PMT are inserted at predetermined intervals in the MPEG TS stream. FIG. 17 is a diagram showing a mechanism for controlling remote access of content on a Blu-ray disc. FIG. 18 is a diagram schematically illustrating an example of a system configuration in which RA-Source and RA-Sink are daisy chain connected to another device and there is a possibility that the received content is further output. FIG. 19 is a diagram schematically illustrating an example of a system configuration in which RA-Source and RA-Sink are daisy chain-connected to another device and the received content may be further output.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

A. System Configuration The present invention relates to a communication system for securely transmitting content through remote access via an external network such as WAN (RA), the communication system basically provides content by remote access Server (RA-Source) and a client (RA-Sink) requesting content by remote access. In the present specification, an AKE procedure performed at the time of remote access will be referred to as “RA-AKE”. Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

  FIG. 1 schematically shows a configuration example of a communication system according to the present invention. In the illustrated communication system, a content providing device 10 corresponding to RA-Source is installed in a home, and a content using device 20 corresponding to RA-Sink is outdoors. Then, the content use device 20 remotely accesses the content providing device 10 by a communication function such as a mobile phone.

  The content providing apparatus 10 is generally connected to an external network such as the WAN 50 via the router 30 and the modem 40. The WAN 50 is, for example, the Internet. An IP address on the WAN 50 side is assigned to the router 30 from an Internet Access Service (IAS) provider 60 to which a user subscribes. Also, the content utilization device 20 basically accesses this IP address. The router 30 assigns a private IP address to the content providing apparatus 10, and relays communication by port forwarding for access from the WAN 50. Note that the IP address assigned to the router 30 may be updated by the IAS provider 60. In such a case, the DDNS service 70 is used, and the DNS 30 (Dynamic DNS (Domain Name System) of the router 30 to the content providing apparatus 10 is used. )) Can be supported by using the function.

  FIG. 2 schematically shows another configuration example of the communication system according to the present invention. In the illustrated communication system, a content utilization device 20 corresponding to RA-Sink is also installed in the home and connected to the WAN 50 via a router 31 and a modem 41. The TCP / IP (Transmission Control Protocol / Internet Protocol) communication transmitted from the content use device 20 is address-converted by the NAT (Network Address Translation) function of the router 31, but the rest is the same as in FIG. .

  FIG. 3 schematically shows a functional configuration of the content providing apparatus 10. The content providing apparatus 10 includes a CPU (Central Processing Unit) 11, a content reception / playback unit 12, a communication unit 13, a storage unit 14, and a timer 15, and functions as a home network server and an RA-Source. To send content with remote access.

  The content reception / playback unit 12 has a broadcast reception function and a package media playback function. The CPU 11 appropriately protects the content obtained by the content receiving / reproducing unit 12 that can be remotely accessed, and then performs mutual authentication and key exchange by RA-AKE through the communication unit 13. (Content use device 20).

  The storage unit 14 stores RA-Sink identification information (Device ID) and authentication information (user ID, passphrase or key for remote access, biometric information of the user, etc.) that are to be stored by a registration process described later. , The exchange key shared with the RA-Sink through the RA-AKE and the identification information thereof are stored. The storage unit 14 can also be used for storing contents obtained by the content receiving / reproducing unit 12.

  The timer 15 is used when time management is required when handling remotely accessible content.

  FIG. 4 schematically shows a functional configuration of the content use apparatus 20. The content utilization device 20 includes a CPU 21, a communication unit 22, a content output unit 23, a storage unit 24, and an authentication information input unit 25, but functions as an RA-Sink and receives content by remote access. .

  The content utilization device 20 as an RA-Sink performs device registration processing to be described later for the RA-Source (content providing device 10) through the communication unit 22, and performs RA-AKE to obtain an exchange key from the RA-Source. Then, the encrypted content obtained from the RA-Source is decrypted with the encryption key calculated based on the key, and the content is output from the content output unit 23. The storage unit 24 is used for storing an exchange key and content received from the RA-Source.

  The authentication information input unit 25 includes an input operation unit for a user to input a passphrase or key, a biometric information reading unit for acquiring the user's biometric information, and a medium to which a portable medium on which the passphrase or key is recorded is mounted. It consists of a mounting part, a dongle mounting part for mounting a hardware key linked to a home network server such as a dongle.

  In the following description, the method for calculating the encryption key from the exchange key is based on DTCP-IP (however, the gist of the present invention is not necessarily limited to this method).

  Here, a mechanism for performing encrypted content transmission by DTCP-IP between the source and the sink will be described with reference to FIG. There are two types of content transmission: a method of copying content on the source to the sink and a method of moving the content from the source to the sink and leaving no content on the source (well-known). The explanation is based on the method.

The Source and Sink first establish one TCP / IP connection and perform authentication (AKE procedure) between devices. A device certificate issued by DTLA (described above) is embedded in the DTCP-compliant device. In the AKE procedure, it is possible to share the authentication key K _auth between the source and the sink after confirming that they are regular DTCP-compliant devices.

When the AKE procedure is successful, Source generates an exchange key K _x as a seed of the content key K _c, and sends it to the Sink encrypted authentication key K _auth. In each Source and Sink, by applying a predetermined arithmetic processing on the exchange key K _x, it is possible to generate a content key K _c which is used to encrypt content when the content transmission.

  Then, after an authentication and key exchange procedure by AKE is completed between DTCP-compliant devices, content transmission is started using a protocol such as HTTP or RTP. In the illustrated example, content transmission is performed according to the HTTP procedure. At this time, a TCP / IP connection for HTTP is created separately from the TCP / IP connection for the AKE procedure (that is, Source and Sink have separate socket information (for the AKE procedure and content transmission, respectively) IP address and port number combination)).

  There are two ways to perform content transmission according to the HTTP protocol: a download format in which Sink requests content from the source, and an upload format in which content is pushed from the source side to the sink. In the former case, the sink as the HTTP client requests content from the source as the HTTP server by, for example, an HTTP request using the HTTP GET method, and the content as requested is transmitted as an HTTP response from the source. . In the latter case, the Source as the HTTP client starts transmission with the Sink as the HTTP server, for example, by an HTTP request using the HTTP POST method.

The data transmitted from the source is data obtained by encrypting the content using a key shared after the source performs AKE authentication. Specifically, the source generates a nonce N _c using a random number, and generates a content key K _c corresponding to the exchange key K _x , the nonce N _c, and the encryption mode. Then, the content requested by the Sink, encrypted using the content key K _c, the packet comprising a header including the information of payload and nonce N _c and the encryption mode consisting encrypted content placed on TCP stream Send. In the IP protocol, a TCP stream is divided into packet sizes as a predetermined unit, further converted into an IP packet with a header added, and delivered to a designated IP address.

On the sink side, when each IP packet is received from the source, it is assembled into a TCP stream. When the nonce N _c and E-EMI are extracted from this stream, the content key K _c can be calculated using these and the exchange key K _x , and the encrypted content can be decrypted. Then, the reproduction processing can be performed on the plaintext content after decryption. Alternatively, the sink stores the content in the storage unit 24 or passes it to another device without decrypting the encrypted content. When content transmission using the HTTP protocol is completed in this way, the TCP connection used for content transmission is appropriately disconnected from the sink side, for example. (In DTCP-IP, transmission of copy control information associated with content is realized by two mechanisms, E-EMI (Extended Encryption Mode Indicator) and Embedded CCI (Copy Control Information) described in the header of the packet. .)

In DTCP-IP, to update the exchange key K _x periodically (e.g. every two hours) is defined. Sink is to be able to get the latest exchange key K _x from the Source, it becomes unavailable the encrypted content. Further, there are a method in which a source generates a single exchange key K _x and distributes it to a plurality of (legitimate) sinks, and a method in which a different exchange key K _x is generated for each sink. This method shall be adopted.

  FIG. 6 shows an operation sequence (RTT-AKE) of mutual authentication and key exchange using the AKE command performed between the source and the sink according to the current DTCP-IP.

  In the challenge-response portion of AKE procedure, an Rx challenge including an Rx random number and an Rx certificate is first transmitted from a sink requesting content. In response to this, a Tx challenge including a Tx random number and a Tx certificate is returned from the source. Thereafter, the Rx response including the Rx random number, the Tx message, and the Tx signature is transmitted from the source, and the Tx response including the Tx random number, the Rx message, and the Rx signature is transmitted from the sink. The procedure continues. In the command transmitted in the challenge / response portion, each challenge command includes a Device ID that is identification information unique to the device.

  In the above challenge / response response procedure, TTL (IP router hop count) is restricted. That is, in the current DTCP-IP, in the TCP / IP communication in which the sending device sends a command used in AKE, the TTL is set to 3 or less, and when the TTL is larger than 3, the receiving device must invalidate the received data. .

  Thereafter, an EXCHANGE_KEY command is transmitted from the source to the sink through the RTT protection protocol (protected RTT protocol), and a response (not shown) is returned from the sink.

  In the RTT-AKE according to the current DTCP-IP shown in FIG. 6, the round-trip delay time (RTT) and the IP router hop count (TTL) are limited for the AKE command. Under the current situation, it is not possible to access copyright-protected content on a home network server in the home from a remote location outside the home (described above). However, considering the convenience of the user, it is desired that the user remotely access the home server from the destination and play the content. Of course, it is necessary to secure the interest of the content owner who wants to protect the copyright. Therefore, remote access should be limited to the range of content allowed by the content owner, and the content accessed remotely must also be protected.

  On the other hand, in the AKE procedure at the time of remote access proposed as the present invention, that is, RA-AKE, the “Protected RTT Protocol” performed in the RTT-AKE procedure shown in FIG. 6 is not performed. That is, even if the RTT between the source and the sink exceeds 7 milliseconds, the AKE procedure is not canceled. In RA-AKE, the above TTL upper limit is not provided. In other words, in RA-AKE, the RTT and TTL restrictions are not provided, so that the source (content providing apparatus 10) corresponding to remote access and the sink (content using apparatus 20) corresponding to remote access are delayed in response. Even if the time exceeds 7 milliseconds or is separated by more than 3 hops, the AKE procedure can be successfully executed between both devices to share the exchange key for remote access. it can.

  However, in a communication system in which the restrictions on RTT and TTL are removed, content can be transmitted between arbitrary devices, and thus a mechanism for preventing unauthorized use from the viewpoint of copyright protection of content is required. .

  In order to remove the restrictions of RTT and TTL and achieve remote access of the user within the range permitted by the content owner, the present inventors identify the content that is allowed remote access, I think it is necessary to confirm that the accessing device (that is, the content using device 20) is a member of the home network. Hereinafter, each of a remote identification method for content that can be accessed and an authentication method for a remote access terminal will be described in detail.

B. Authentication of Remote Access Terminal First, a method for confirming that a remotely accessed device is a member of a home network will be described.

  In order to restrict connections from unauthorized users, the RA-AKE procedure is performed only with RA-Sinks registered in advance by RA-Source. Specifically, like the current DTCP-IP RTT-AKE, the RA-Source stores and registers the device-specific ID of the RA-Sink only when the AKE procedure with RTT or TTL restriction is successful. . The RA-Sink registration procedure is performed in advance in a home that falls within the limits of RTT and TTL, for example. Therefore, an unauthorized user cannot pre-register from the remote environment, and therefore cannot succeed in the RA-AKE procedure.

  FIG. 7 shows an example of an authentication sequence when RA-Sink is pre-registered in RA-Source.

  This authentication sequence starts when the RA-Sink sends a registration request command “RA_REGI_INIT” to the RA-Source. In the challenge-response portion of AKE of the RA-AKE procedure, first, an Rx challenge including an Rx random number and an Rx certificate is transmitted from the RA-Sink. On the other hand, a Tx challenge including a Tx random number and a Tx certificate is returned from the RA-Source. Thereafter, the Rx response including the Rx random number, the Tx message, and the Tx signature is transmitted from the RA-Source, and the Tx response including the Tx random number, the Rx message, and the Rx signature is transmitted from the RA-Sink.

  Each challenge command includes a Device ID that is identification information unique to the device. However, in the challenge / response portion, “RESPONSE2” may be sent as a response from the sink to the source. This is a case where the device ID is not unique to the device by mounting the common device key and the common device certificate. When RESPONSE2 is sent, IDu, which is device-specific information included in RESPONSE2, is used as device-specific identification information, instead of Device ID. In addition, instead of Device ID and IDu, a MAC (Media Access Control) address for WiFi can also be used as device-specific information.

  The challenge / response part of the RA-AKE procedure in the registration procedure is the same as the RTT-AKE procedure in the current DTCP-IP, and TTL restrictions are imposed. Thereafter, the RTT protection protocol (Protected RTT Protocol) continues, and when the RTT between the RA-Source and the RA-Sink exceeds 7 milliseconds, the RA-AKE procedure is stopped.

  The RA-Source executes an “RA-Sink Register” process for registering an RA-Sink that has succeeded in the procedure so far. The RA-Source additionally registers the RA-Sink ID in the RA registry in the storage unit 14 if there is room to register the RA-Sink ID, and notifies the RA-Sink of the result as a result code with the command “RA_REGI_END”. .

  Note that “RA_REGI_INIT” and “RA_REGI_END” in FIG. 7 are added to the DTCP-IP AKE control command as remote access commands. FIG. 8 shows a configuration example of an AKE control command for remote access. In the illustrated example, a new value is assigned to the subfunction field, and information can be carried by AKE_Info.

  FIG. 9 shows the procedure of “RA-Sink Registrain” processing for RA-Source registration of RA-Sink in the form of a flowchart.

  The RA-Source first checks whether or not the processing (Challenge-Response port of AKE and Protected RTT Protocol) prior to the start of the processing routine has ended abnormally (step S1).

  Here, if the previous process has ended abnormally (No in step S1), the RA-Source notifies the request source RA-Sink of a result code indicating that the registration process has failed. (Step S9), and this processing routine is terminated.

  If the previous process has been completed normally (Yes in step S1), the RA-Source checks whether RESPONSE2 (described above) has been received (step S2). When RESPONSE2 is received (Yes in Step S2), the RA-Source sets the ID of the requesting RA-Sink as IDu (Step S3). When RESPONSE2 has not been received (No in step S2), the RA-Source uses the device ID of the requesting RA-Sink as an ID (step S4).

  Next, the RA-Source checks whether the requesting RA-Sink ID has already been registered (step S5).

  If the requesting RA-Sink ID has already been registered (Yes in step S5), the RA-Source indicates that the requesting RA-Sink has “successfully” registered. The result code is notified (step S8), and this processing routine is terminated.

  On the other hand, when the RA-Sink ID of the request source has not yet been registered (No in Step S5), the RA-Source additionally registers the ID of the RA-Sink in the storage unit 14 (Step S6). Also, as an option, user authentication information such as a passphrase or key and the user's biometric information is acquired from the RA-Sink, and is registered in association with the RA-Sink ID (step S7). Then, the RA-Source notifies the request source RA-Sink of a result code indicating “success” in the registration process (step S8), and ends this processing routine.

  In addition, when registering information about RA-Sink in step S6 or S7, among the contents that can be accessed remotely through RA-Source, the contents that are the targets of remote access on RA-Sink are also registered. You may do it. In such a case, RA-Sink can use only the registered content during remote access. Registration of content to be accessed remotely is similar to content sharing settings within a home network. By providing such a setting mode, it is possible to prevent content from being remotely accessed more than necessary. In addition, when a large number of contents are provided from RA-Source, the user only needs to register the contents that he is interested in for remote access.

  FIG. 10 shows an example of a content acquisition sequence in which the RA-Sink acquires the remote access exchange key from the RA-Source by the RA-AKE procedure, and requests the content from the RA-Source.

  This content acquisition sequence starts when the RA-Sink transmits a key supply request command “RA_AKE_INIT” to the RA-Source. In the challenge-response portion of AKE of the RA-AKE procedure, first, an Rx challenge including an Rx random number and an Rx certificate is transmitted from the RA-Sink. In contrast, RA-Source returns a Tx challenge including a Tx random number and a Tx certificate. Thereafter, the Rx response including the Rx random number, the Tx message, and the Tx signature is transmitted from the RA-Source, and the Tx response including the Tx random number, the Rx message, and the Rx signature is transmitted from the RA-Sink.

  Each challenge command includes a Device ID that is identification information unique to the device. However, in the challenge / response portion, “RESPONSE2” may be sent as a response from the sink to the source. In this case, IDu included in the RESPONSE2 instead of the device ID is used as the device-specific identification information. Will be used (same as above).

  The TTL restriction is necessary when registering with the RA-Source, but is omitted in the RA-AKE procedure for supplying the exchange key for remote access. The RTT protection protocol (Protected RTT Protocol) is also omitted in the RA-AKE procedure for key supply. As a result, the RA-Sink can request an exchange key for remote access even in a remote environment, that is, the content can be used by remote access.

When the above authentication procedure is successful, the RA-Source executes the “RA-Sink ID confirmation” process. In this process, the RA-Source confirms that the requesting RA-Sink ID has already been registered and performs an authentication process. Then, RA-Source is, RA if could these checks, the exchange key for remote access (RA_K _x), the ID (RA_K _x _label) and result code of the exchange key, the command "RA_EXCHANGE_KEY" -Pass to Sink.

RA-Sink is exchange key for remote access by RA-AKE procedure described above the (RA_K _x) and acquires the ID (RA_K _x _label), followed by an HTTP request using the HTTP GET method (HTTP GET request) To request content data from the RA-Source. At the time of the request, along with the URL of the content, and sends the exchange key ID for remote access output (RA_K _x _label). We define a header field for sending RA-Sink from the exchange key to the _{RA-Source ID (RA_K x _label} ).

  When the RA-Source receives a request for content data, the RA-Source calculates an encryption key using the remote access exchange key specified by the exchange key ID, and uses the encryption key for the content of the specified URL. It encrypts and returns as an HTTP response (HTTP GET response).

  When pre-registering the RA-Sink with the RA-Source, among the contents that can be accessed remotely through the RA-Source, the contents that are the targets of remote access on the RA-Sink were also registered. In the case (described above), RA-Sink can use only the pre-registered content through the processing sequence.

Also, regarding the remote access exchange key (RA_K _x ), it is conceivable to operate according to the rule that the continuous non-use period exceeds a predetermined period, as in DTCP-IP. In addition, an operation mode in which the RA-Sink sends a command (RA_FINISH) for requesting the destruction of the exchange key together with the exchange key ID (RA_K _x _label) at the end of the remote access is also conceivable. This discard request command RA_FINISH is added as a remote access command to the DTCP-IP AKE control command together with “RA-AKE_INIT” and “RA_EXCHANGE_KEY” in FIG.

  FIG. 11 shows the procedure of “RA-Sink ID confirmation” processing in the form of a flowchart for RA-Source to perform RA-Sink registration confirmation and authentication processing.

  First, the RA-Source checks whether or not the processing (Challenge-Response port of AKE, Protected RTT Protocol) prior to starting the processing routine has ended abnormally (step S11).

  Here, if the previous process has ended abnormally (No in step S11), the RA-Source interrupts the RA-AKE procedure for the requesting RA-Sink (step S20), The processing routine ends.

  If the previous processing has been completed normally (Yes in step S11), the RA-Source checks whether RESPONSE2 has been received (step S12). When RESPONSE2 is received (Yes in step S12), the RA-Source sets the ID of the requesting RA-Sink as IDu (step S13). When RESPONSE2 has not been received (No in step S12), the RA-Source uses the device ID of the requesting RA-Sink as an ID (step S14).

  Next, the RA-Source checks whether the requesting RA-Sink ID has already been registered in the storage unit 14 (step S15).

  Here, when it cannot be confirmed that the requesting RA-Sink ID has been registered (No in step S15), the RA-Source interrupts the RA-AKE procedure for the requesting RA-Sink. (Step S19), this processing routine is terminated.

  On the other hand, when it is confirmed that the ID of the requesting RA-Sink has been registered (Yes in Step S15), the RA-Source subsequently performs an RA-Sink user authentication process (Step S16). .

When the RA-Sink user authentication process is successful (Yes in step S17), the RA-Source displays a result code indicating that the confirmation process is “successful” and a remote access exchange key (RA_K _x ). and together with the ID (RA_K _x _label), and notifies the requesting RA-Sink (step S18), and terminates the processing routine.

  When the RA-Sink user authentication process fails (No in Step S17), the RA-Source interrupts the RA-AKE procedure for the requesting RA-Sink (Step S19), and this process is performed. End the routine.

  In the user authentication process performed in step S16, for example, the user inputs the user ID, passphrase or key for remote access, or the user's biometric information from the RA-Sink authentication information input unit 25, and the RA- When biometric information that is collated with that registered in the Source is used for authentication, for example, a biometric authentication system “mofilia” that detects a finger vein pattern can be used. Alternatively, hardware associated with a home network server such as a dongle that attaches a portable medium in which a user ID, passphrase or key for remote access is written to the RA-Sink instead of a user input operation. -User authentication can also be performed through a method of attaching the key to the RA-Sink.

  As a method of associating the dongle with the home network server, an SD memory card CPRM (Content Protection for Recordable MEDIA) or a Memory Stick MagicGate authentication method can be used. Alternatively, the user's content access right can be linked to the home network server using an authentication method dedicated to remote access.

  Further, in the processing sequence examples shown in FIGS. 7 and 10, the user needs to perform device setting called pre-registration at home before going out to a remote place. As an example of a method for enabling remote access of content without performing pre-registration procedures, an information terminal such as a personal computer connected to the home network is used as an authentication server on the home network, and its login ID and password are used. A method of substituting the login work used for the RA-AKE procedure can be given.

C. Method for Identifying Remotely Accessible Content Next, a method for identifying content that allows remote access will be described with reference to FIG.

  Here, it is assumed that information indicating whether or not remote access is possible is added to each content provided by RA-Source.

  The content providing apparatus 10 as RA-Source sorts broadcast content received by the content receiving / reproducing unit 12, content reproduced from a recording medium, or content acquired through the communication unit 13 based on remote access permission information. Only the content assigned as remote accessible can be remotely accessed from the content utilization device 20 as the RA-Sink in the remote environment.

  As a method of adding remote access permission information to content, a method of superimposing information bits on a content control descriptor can be cited. Alternatively, instead of superimposing information bits, a method of substituting the remote access permission information with existing information included in a control descriptor such as copy control information (CCI) can be considered.

  In the following, a method for adding remote access permission information will be described taking the MPEG2 system widely used for transmission and storage of digital contents as an example.

  The MPEG2 system stipulates a method for multiplexing individual streams such as encoded video, audio, and additional data and reproducing them in synchronization with each other. MPEG2-PS (Program Stream) and MPEG2-TS There are two types of (Transport Stream). Among these, MPEG2-TS is assumed to be applied to an environment in which data transmission errors occur, such as broadcasting and communication networks, and a plurality of programs can be configured in one stream. Used for digital broadcasting. MPEG2-PS is used for DVDs and the like.

  In MPEG2-TS, a plurality of TS (Transport Stream) packets having a fixed length of 188 bytes are collected to form a transport stream. The length of the 188-byte TS packet is determined in consideration of consistency with an ATM (Asynchronous Transfer Mode) cell length.

  FIG. 13 schematically shows the structure of a TS packet. One TS packet includes a 4-byte fixed-length packet header, a variable-length adaptation field, and a payload. In the packet header, PID (packet identifier) and various flags are defined. The type of the payload portion of the TS packet is identified by the PID. A PES (Packetized Elementary Stream) packet in which individual streams such as video and audio are stored is divided into a plurality of TS packets having the same PID number and transmitted.

  The transport stream includes a packet in which information described in a table in a section format such as PSI (Program Specific Information) or SI (Service Information) is placed on the payload.

  PSI is information (control information for channel selection) necessary for a system that selects and receives a desired broadcast channel, and includes PAT (Program Association Table), PMT (Program Map Table), NIT ( There is a section having a data structure such as a network information table (CAT) or a CAT (condition access table). The PAT describes the PMT PID corresponding to the program number. In the PMT, video, audio, additional data, and PCR PID included in the corresponding program are described. The NIT describes detailed information about the entire broadcasting system, for example, information on all programs included in the network and the carrier frequency at which the target program is transmitted. In the CAT, information related to individual information such as identification of conditional access system and contract information is described.

  On the other hand, SI is a section used for a broadcaster's service. The SI includes sections such as EIT (Event Information Table) and SDT (Service Description Table). The EIT describes detailed information of the program, broadcast time, and the like.

  In the MPEG2 system, in order to put detailed information in each section, a descriptor (descriptor) is defined and inserted into the section, whereby fine information can be transmitted. The descriptors used in digital terrestrial television broadcasting defined by ARIB STD-B10 are summarized in the following table.

  In ARIB STD-B10, digital_copy_control_descriptor (digital copy control descriptor) and content_availability_descriptor (content usage descriptor) are inserted and inserted into the PMT in order to transmit copy control information related to content copyright protection. Defines content copy control information. The data structure of the digital copy control descriptor is shown in FIG.

  Two bits of digital_recording_control_data (digital recording control data) in the digital copy control descriptor are for copy control (copy generation management). If these two bits are “00”, copy free is permitted, if “11”, copy is prohibited, and if “10”, only one generation is permitted to be copied. That is, these 2 bits are used for copy control of CGMS (Copy Generation Management System).

  In short, content copy control information is one type of data included as a payload of a TS packet that constitutes a stream for transmitting content, and has a data structure called PMT. The detailed structure of the PMT is shown in FIG.

  The MPEG TS stream is composed of repetitions of fixed-length TS packets as described above, but not all TS packets contain copy control information, and are contained only in specific TS packets. For example, in ARIB, it is determined that a packet for transmitting a PMT describing copy control information is included at an interval of 100 milliseconds in an MPEG TS stream. FIG. 16 shows a state in which TS packets including PMT are inserted at predetermined intervals in the MPEG TS stream. According to the configuration shown in the figure, the content supply apparatus can specify content attributes such as copy control information related to content protection in the transmission stream. The content processing apparatus that receives the content can set the encryption mode of the content and restrict copying and recording according to the copy control information.

  Whether or not to permit remote access of content is closely related to copyright protection of content. Therefore, the present inventors propose a method that uses a digital copy control descriptor to identify content that is allowed to be accessed remotely.

  As one method, a reserved area (reserved_future_use) in the digital copy control descriptor shown in FIG. 14 is defined as a flag (hereinafter referred to as “RA-flag”) indicating whether or not remote access is possible. When = 1, remote access is permitted, and when RA = 0, remote access is prohibited.

  As another method, copy control information (CCI) included in the digital copy control descriptor shown in FIG. 14 is also used as a remote access control descriptor. For example, remote access is prohibited for copy-prohibited (Never Copy) content, and remote access is permitted for copy-free content that is copy-free without control conditions and copy-only generation (Copy One Generation) content.

  The identification method described above can be applied mainly to broadcast content. Of course, recording media such as Blu-ray, DVD (Digital Versatile Disc) and flash memory, and contents distributed via the Internet, AACS (Advanced Access Content System), CSS, which is a copyright protection technology for recording media. A similar identification method can be realized by using a digital copy control descriptor defined by (Content Scramble System), CPRM or the like.

  In the case of remote access to a Blu-ray disc, it is controlled by AACS, which is a copyright protection technology, copied to a storage unit 14 (such as an HDD) in the content providing apparatus 10, and then passed to DTCP-IP. Provided for remote access.

  A “remote access control file” that controls remote access of content is described in an XML (extensible Markup Language) language. The remote access control file includes a “Managed Copy and Remote Access Manifest File” for the main part of the Blu-ray disc and a “Remote Access Manifest File” for the portable file. These files are read into a JAVA virtual machine MCRAM (Managed Copy and Remote Access Machine) or RAM (Remote Access Machine) and executed.

  Assuming that the portable file for remote access is stored in the directory “PARTIALDB” on the Blu-ray disc, it is copied to the directory on the HDD specified by dest (destination) for remote access. An example of the assumption is given below.

  FIG. 17 illustrates a mechanism for controlling remote access of content on a Blu-ray disc. The content providing apparatus 10 serving as an RA-Source reads a JAVA application from a Blu-ray disc by the content receiving / reproducing unit 12, loads the JAVA application into the system memory of the CPU 11, executes the JAVA virtual machine, and executes the Blu-ray disc. The remote access to the remote access content read from is controlled.

  Up to this point, the method for identifying whether or not remote access is possible based on information such as copyright protection attached to content has been described. In addition, a method for identifying whether or not remote access is possible based on the state of content is also conceivable.

  For example, all the content stored in the storage unit 14 (HDD or the like) of the content providing apparatus 10 operating as a home network server by removing restrictions on copy control is a duplicate, in other words, content that is permitted to be copied. Therefore, according to Table 3 above, it can be handled as remote access is permitted.

  However, in the case where the broadcast content is received by the content reception / reproduction unit 12 and recorded in the storage unit 14, real-time content being broadcast is considered in consideration of the broadcast business model such as broadcast area restrictions. It is preferable to impose restrictions on remote access. Specifically, the broadcast content is temporarily stored in the storage unit 14, and after a predetermined time has elapsed, remote access is permitted. For example, remote access of content is permitted 30 minutes after the broadcast, or remote access is permitted after the end of the broadcast. Alternatively, it is possible to set time constraints such as 6 hours, 12 hours,... After the next day, after the next day, after one week, etc. after the broadcast ends.

  In addition, either one of the method for identifying whether or not remote access is possible based on information such as copyright protection accompanying the content, and the method for identifying whether or not remote access is possible based on the state of the content is used alone. Instead, a method of identifying whether or not remote access is possible by combining these two methods for the content stored in the content providing apparatus 10 is also conceivable. In addition to the copy control information added to the content stored in the storage unit 14, an RA-flag indicating whether or not remote access is possible is additionally defined to allow remote access when RA = 1, and RA = When 0, remote access is prohibited. When remote access to content is requested from the content use device 20, the content providing device 10 controls remote access with reference to the RA-flag of the requested content.

  In addition, the content providing apparatus 10 does not define RA-flag additionally, but is dedicated for storing the content permitted for remote access and the content prohibited for remote access in the storage unit 14 respectively. File / folder (or partition) may be provided, and for example, whether or not remote access is possible at the time of content acquisition is determined and sorted into each file / folder. In such a case, the content use device 20 can freely access the content stored in the file / folder for the remote access permitted content, whereas the content use device 20 can access the file / You cannot remotely access content stored in a folder.

D. Remote Access Identification Method The content providing apparatus 10 operating as an RA-Source, such as a home network server, allows the content using apparatus 20 to remotely access the RA-Sink to which remote access is permitted by the method described so far. As well as whether or not the content that the content utilization device 20 requests for remote access is permitted for remote access.

  However, the content providing apparatus 10 needs to accurately identify whether or not the access from the content using apparatus 20 is remote access in the first place. This is because the use of content by the content use device 20 in the normal DTCP-IP home network is a legitimate use from the viewpoint of copyright protection, and if the access is denied, the user's profit is unfairly used. It will be harmful.

  In the following, the AKE procedure requested from the content using apparatus 20 is an authentication procedure (RTT-AKE) in a normal DTCP-IP home network, or an authentication procedure (RA-AKE) by remote access from a remote location. A method for identifying which one of these will be described.

  The configuration of the AKE control command is as shown in FIG. In the normal AKE control command of DTCP-IP, the upper 4 bits of Control (0) are reserved (ZERO). For example, if this 4-bit length field is defined as all 1 and defined as an authentication mode for remote access (Authentication Mode), it can be distinguished from a normal DTCP-IP AKE procedure in a normal home network. is there. The following AKE procedure is an AKE procedure (RA-AKE) for remote access different from the AKE procedure (RTT-AKE) in the normal home network of DTCP-IP. Further, it is also possible to distinguish the AKE control command for remote access using a value that is not currently defined as the subfunction of Control (2).

  Alternatively, instead of providing a control bit as to whether or not remote access is provided in the AKE control command as described above, an authentication procedure dedicated to remote access may be newly defined. The AKE_procedure assigned to the control (3) of the normal AKE control command of DTCP-IP is currently the fourth bit from the lower order (Bit 3), whereas the normal AKE procedure is performed by the full authentication. It is defined as a flag for identifying whether or not to perform authentication. The upper 4 bits are a reserved area for the invitation extension. Therefore, it is also conceivable to newly define a full authentication for remote access in this upper 4 bits reserved area.

  If the remote access AKE procedure (RA-AKE) is established as described above, the remote access is performed between the content providing apparatus 10 as the RA-Source and the content using apparatus 20 as the RA-Sink. The exchange key for is shared. Then, content transmission may be performed using an encryption mode newly provided for remote access.

  In DTCP-IP, transmission of copy control information associated with content is realized by two mechanisms of E-EMI (Extended Encryption Mode Indicator) and Embedded CCI (Copy Control Information) described in the header of the packet. Table 5 below shows a list of current DTCP-IP encryption modes (EMI).

  Since remote access is connected via an external network, the content protection level is also required to have a different encryption mode from that used in a normal home network. For example, in addition to copy prohibition (CN) in a home network and copy permission only for one generation (COG), encryption such as copy prohibition in remote access (RA-CN) and copy permission only for one generation (RA-COG) A mode is required. These new remote access encryption modes are then defined using the reserved values in Table 5 above.

  In the description so far, it has been assumed that the communication system includes only a pair of RA-Source and RA-Sink. However, RA-Source and RA-Sink are each connected to another device in a daisy chain format and may transmit content. The transmission range of copyright-protected content should be originally kept in the home, and it is not preferable that the content is repeatedly received and retransmitted in many steps. For this reason, it is necessary to technically prevent the reception and retransmission of content.

  In the present embodiment, an RA-flag indicating whether or not the content can be accessed remotely is added to each content (described above), and the retransmission of the content is restricted using this flag.

  For example, when an RA-flag indicates “remote access is possible” for a content stored in the content providing apparatus 10 as RA-Source, a certain device has already been transferred (that is, received as RA-Sink). It is understood that the content should be retransmitted.

  Alternatively, when the content providing apparatus 10 temporarily caches the content received as RA-Sink and stores it in the storage unit 14 or tries to retransmit without recording at all, it is added to the received content. The RA-flag is rewritten to “remote access impossible” to prevent retransmission by remote access.

  In the system configuration example shown in FIG. 18, RA-Sink # 1 connected to RA-Source # 0 further has a function as RA-Source # 1 and is connected to another device RA-Sink # 2. In such a case, the content provider can prohibit the remote access output from RA-Sink # 1 to the RA-Sink # 2 again as the content received by remote access as RA-Sink # 1. It operates so as to prevent remote access where it is not possible to manage certain RA-Source # 0.

  In the system configuration example shown in FIG. 19, RA-Sink # 1 is connected to RA-Source # 0 by remote access, and also has a function as Source # 1, and another device Sink # 2 by DTCP-IP. Furthermore, Sink # 2 has a function as RA-Source # 2 and is connected to another device RA-Sink # 3. The RA-Sink # 1 can locally transmit the content received by remote access to another device Sink # 2 through DTCP-IP. The local transmission by DTCP-IP is in accordance with the copyright protection mechanism, and there is no problem. Further, by prohibiting the content received by Sink # 2 from being remotely accessed and output again to RA-Sink # 3 as RA-Source # 2, the management of RA-Source # 0, which is the content provider, is extended. Operate to prevent remote access in the absence.

  As described above, the RA-flag is defined to permit remote access when RA = 1 and prohibit remote access when RA = 0. Here, since the RA-flag is not defined in the current DTCP-IP, compatibility with the old DTCP-IP device is a problem when the availability of remote access is controlled using the RA-flag. It becomes.

  For example, instead of newly providing a control bit indicating whether or not remote access is possible or an AKE procedure for remote access in DTCP-IP, all contents received by each device via DTCP-IP are set as remote access impossible. Handle it. Thus, while maintaining compatibility with the conventional DTCP-IP device, the content received via the conventional DTCP-IP device (unknown whether or not remote access is possible) is prohibited from remote access.

  Alternatively, instead of disabling all the contents received via DTCP-IP as described above from remote access, the copy control information (CCI) is also used as a remote access control descriptor, so that the conventional DTCP is used. -Compatibility with IP devices can be maintained.

  Specifically, as shown in the second and third rows of Table 7 below, only the content encoded with No more copy or Never copy is treated as being inaccessible remotely, so that it can be used with the conventional DTCP-IP device. The contents received via the conventional DTCP-IP (unknown whether or not remote access is possible) are prohibited from remote access while maintaining compatibility.

  As for the contents not to be remote-accessible, as shown in the fourth and fifth rows of Table 7 below, the contents are temporarily stored in the storage unit 14 and then treated as remote access. Treat as remote inaccessible.

  According to the communication system according to the present embodiment, DLNA content copyright-protected by DTCP-IP can be accessed remotely from a remote location outside the home, and the content can be used safely.

  Further, in the communication system according to the present embodiment, the handling method of the flag for controlling the remote access of the content and the authentication method (AKE procedure) at the time of remote access are explicitly defined. In the same way as in conventional home access, it is possible to construct a copyright protection environment for contents based on DTCP-IP.

  The present invention has been described in detail above with reference to specific embodiments. However, it is obvious that those skilled in the art can make modifications and substitutions of the embodiment without departing from the gist of the present invention.

  As an application example of the present invention, a communication system that uses a content by remotely accessing a server on a home network to which DTCP-IP is applied from a client outside the home can be cited. It is not limited to. Content that needs to be protected for copyright or other purposes through remote access via an external network such as a WAN while exceeding the limits such as round-trip delay time (RTT) and IP router hop count (TTL) Similarly, the present invention can be applied to any other content transmission system that transmits the content.

  In short, the present invention has been disclosed in the form of exemplification, and the description of the present specification should not be interpreted in a limited manner. In order to determine the gist of the present invention, the claims should be taken into consideration.

10. Content providing device (RA-source)
11 ... CPU
DESCRIPTION OF SYMBOLS 12 ... Content receiving / reproducing part 13 ... Communication part 14 ... Memory | storage part 15 ... Timer 20 ... Content utilization apparatus (RA-sink)
21 ... CPU
DESCRIPTION OF SYMBOLS 22 ... Communication part 23 ... Content output part 24 ... Memory | storage part 25 ... Authentication information input part 30, 31 ... Router 40, 41 ... Modem 50 ... WAN
60 ... IAS service 70 ... DDNS service

Claims (10)

A remote access content providing system that includes a content using device that requests content and a content providing device that provides content, and the content providing device provides content to the content using device that remotely accesses,
The content using device includes:
Perform mutual authentication procedure for remote access device registration that imposes restrictions on the round-trip delay time of commands with the content providing device, and perform remote access in the challenge / response of the mutual authentication procedure for remote access device registration Registration procedure means for transmitting a response including device identification information to the content providing device ;
Remote authentication means for performing a mutual access procedure for remote access without imposing restrictions on the round-trip delay time of commands with the content providing device, and receiving an exchange key for remote access from the content providing device;
The content authentication device requests content by remote access, receives the requested content encrypted and transmitted based on the remote access exchange key from the content providing device, and the remote authentication means Content receiving means for decrypting the received encrypted content based on the received remote access exchange key ;
Equipped with,
The content providing apparatus includes:
Included in the response received from the content using device in the challenge response of the mutual authentication procedure for remote access device registration when registration of the content using device is permitted in the mutual authentication procedure for remote access device registration The content using device identification information registered in advance in the remote access registry,
In the mutual authentication procedure for remote access, when confirming the pre-registration of the identification information in the remote access registry, send a remote access exchange key to the content using device,
Whether the remote access is permitted for the content requested by the remote access from the content using device is superimposed on the control descriptor inserted in the transmission control information of the requested content When the remote access is permitted for the requested content by identifying based on the information indicating whether access is possible, the content requested by the remote access is used as the exchange key for remote access Based on encrypted transmission,
Remote access content provision system. The content providing device identifies whether or not the content is permitted remote access based on copy control information set for the requested content.
The remote access content providing system according to claim 1. The identification information is identification information unique to the device.
The remote access content providing system according to claim 1. The content providing apparatus does not impose a limit on the hop count of an IP (Internet Protocol) router in the mutual authentication procedure for remote access.
The remote access content providing system according to claim 1. The content providing device further imposes a restriction on the number of hops of the IP router during the mutual authentication procedure for registering the remote access device.
The remote access content providing system according to claim 1. A remote access content providing system that includes a content using device that requests content and a content providing device that provides content, and the content providing device provides content to the content using device that remotely accesses,
The content providing apparatus includes:
When a mutual authentication procedure for remote access device registration that imposes restrictions on the round-trip delay time of commands with the content using device is performed and registration of the content using device is permitted, the remote access device registration Registration means for registering in advance in the remote access registry the identification information of the content use device included in the response received from the content use device in the challenge response of the mutual authentication procedure;
When the mutual authentication procedure for remote access that does not impose restrictions on the round-trip delay time of commands with the content using device is performed, and the pre-registration of the identification information in the remote access registry is confirmed, the content Remote authentication means for transmitting an exchange key for remote access to the user device; and
Whether the remote access is permitted for the content requested by the remote access from the content using device is superimposed on the control descriptor inserted in the transmission control information of the requested content An identification means for identification based on information indicating whether access is possible;
Providing means for encrypting and transmitting the content requested by the remote access based on the exchange key for remote access when remote access is permitted for the requested content;
A remote access content providing system comprising: The content providing device identifies whether or not the content is permitted remote access based on copy control information set for the requested content.
The remote access content providing system according to claim 6. The registration means registers device-specific identification information of the content use device;
The remote access content providing system according to claim 6. The remote authentication means does not impose a limit on the number of hops of the IP router in the mutual authentication procedure for the remote access.
The remote access content providing system according to claim 6. The registration means further imposes a limit on the number of hops of the IP router during the registration mutual authentication procedure.
The remote access content providing system according to claim 6.