US20150106954A1 - Content transmission device and content reception device - Google Patents
Content transmission device and content reception device Download PDFInfo
- Publication number
- US20150106954A1 US20150106954A1 US14/575,902 US201414575902A US2015106954A1 US 20150106954 A1 US20150106954 A1 US 20150106954A1 US 201414575902 A US201414575902 A US 201414575902A US 2015106954 A1 US2015106954 A1 US 2015106954A1
- Authority
- US
- United States
- Prior art keywords
- equipment
- content
- authentication
- remote
- content reception
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
- H04L9/3273—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/2803—Home automation networks
- H04L12/283—Processing of data at an internetworking point of a home automation network
- H04L12/2834—Switching of information between an external network and a home network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/258—Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
- H04N21/25866—Management of end-user data
- H04N21/25875—Management of end-user data involving end-user authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/41—Structure of client; Structure of client peripherals
- H04N21/4104—Peripherals receiving signals from specially adapted client devices
- H04N21/4126—The peripheral being portable, e.g. PDAs or mobile phones
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/41—Structure of client; Structure of client peripherals
- H04N21/4104—Peripherals receiving signals from specially adapted client devices
- H04N21/4126—The peripheral being portable, e.g. PDAs or mobile phones
- H04N21/41265—The peripheral being portable, e.g. PDAs or mobile phones having a remote control device for bidirectional communication between the remote control device and client device
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/41—Structure of client; Structure of client peripherals
- H04N21/422—Input-only peripherals, i.e. input devices connected to specially adapted client devices, e.g. global positioning system [GPS]
- H04N21/4227—Providing Remote input by a user located remotely from the client device, e.g. at work
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/432—Content retrieval operation from a local storage medium, e.g. hard-disk
- H04N21/4325—Content retrieval operation from a local storage medium, e.g. hard-disk by playing back content from the storage medium
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/436—Interfacing a local distribution network, e.g. communicating with another STB or one or more peripheral devices inside the home
- H04N21/43615—Interfacing a Home Network, e.g. for connecting the client to a plurality of peripherals
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/436—Interfacing a local distribution network, e.g. communicating with another STB or one or more peripheral devices inside the home
- H04N21/43622—Interfacing an external recording device
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/43—Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
- H04N21/436—Interfacing a local distribution network, e.g. communicating with another STB or one or more peripheral devices inside the home
- H04N21/4367—Establishing a secure communication between the client and a peripheral device or smart card
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/47—End-user applications
- H04N21/475—End-user interface for inputting end-user data, e.g. personal identification number [PIN], preference data
- H04N21/4753—End-user interface for inputting end-user data, e.g. personal identification number [PIN], preference data for user identification, e.g. by entering a PIN or password
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/60—Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client
- H04N21/63—Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
- H04N21/633—Control signals issued by server directed to the network components or client
- H04N21/6332—Control signals issued by server directed to the network components or client directed to client
- H04N21/6334—Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key
- H04N21/63345—Control signals issued by server directed to the network components or client directed to client for authorisation, e.g. by transmitting a key by transmitting keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/162—Authorising the user terminal, e.g. by paying; Registering the use of a subscription channel, e.g. billing
- H04N7/165—Centralised control of user terminal ; Registering at central
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/173—Analogue secrecy systems; Analogue subscription systems with two-way working, e.g. subscriber sending a programme selection signal
- H04N7/17309—Transmission or handling of upstream communications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/16—Analogue secrecy systems; Analogue subscription systems
- H04N7/173—Analogue secrecy systems; Analogue subscription systems with two-way working, e.g. subscriber sending a programme selection signal
- H04N7/17309—Transmission or handling of upstream communications
- H04N7/17318—Direct or substantially direct transmission and handling of requests
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/2803—Home automation networks
- H04L2012/2847—Home automation networks characterised by the type of home appliance used
- H04L2012/2849—Audio/video appliances
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/60—Digital content management, e.g. content distribution
- H04L2209/603—Digital right managament [DRM]
Definitions
- This invention relates to a transmission equipment, a reception equipment and a content transmission method suitable for protection of the copyright of the contents of video and audio signals transmitted or received through a network.
- the capacity of the hard disk drive (hereinafter referred to as the HDD) built in the PC has increased.
- the PC of the rank used in an ordinary home has come to possess the ability to record a TV broadcast program using the HDD and permit the user to view the recorded program on the display of the PC.
- digital AV equipments such as a TV having a built-in digital tuner for receiving the digital broadcasting (hereinafter referred to as the DTV) and a digital recorder for recording/reproducing a digital broadcast program (for example, the HDD recorder, DVD recorder and the BD recorder) have been commercialized in succession.
- the extension of the broadband/internet has made it possible to mount a digital interface such as the wired/wireless LAN (Local Area Network), IEEE1394 or USB in the digital AV equipments and transmit the digital contents through a network.
- a digital interface such as the wired/wireless LAN (Local Area Network), IEEE1394 or USB in the digital AV equipments and transmit the digital contents through a network.
- the data quality is degenerated less during transmission and a copy (duplicate) of the same quality as the contents in the equipment at the transmitting end can be generated at the receiving end.
- a measure is required to prevent the illegal creation of a copy of the contents departing from the range of personal use.
- a copy protection method is employed in which the content is encrypted by the content transmission equipment, and the information for decryption is shared with the content reception equipment, so that even if the content is received correctly by an equipment other than the destination content reception equipment, the decryption of the content is prevented, thereby preventing the unlimited copy creation.
- An example of the copy protection method employed for the digital AV equipments is a Digital Transmission Content Protection (DTCP) method specifying a method of copy protection on the IEEE1394 bus.
- DTCP Digital Transmission Content Protection
- the contents are managed by being classified into the categories of “copy free”, “copy one generation” and “copy never”.
- the recorder records only the contents in the category of “copy free” or “copy one generation”, and the content in the category of “copy one generation”, once recorded, is handled as “copy free”. Except for the contents in the category of “copy free”, all the contents are transmitted on a bus after being encrypted at the transmitting end to prevent the contents from being copied in an unlimited manner.
- a DTCP-IP method further strengthened in security is specified by extensively applying DTCP to the IP network.
- a technique is disclosed to define an in-home network to prevent the unlimited remote distribution of the contents with the copyright thereof to be protected such as a broadcast program recorded in home.
- Patent Document 1 JP-A-2005-5821
- the conventional technique described above incorporates the function to confirm that the equipments at the transmitting and receiving ends are both located inside the same home in the case where the contents requiring copyright protection are transmitted through the wired or wireless LAN.
- the user having an equipment such a notebook-sized PC or a portable terminal used in a mobile environment has a great desire to access the contents in his/her home using this equipment during a trip or from inside a tram car on his/her way to the working place.
- a content transmission equipment including:
- first authentication means for mutually authenticating the content transmission equipment and a content reception equipment connected to an in-home network as legitimate equipments based on a first authentication protocol, and confirming that the content reception equipment is existing in home;
- remote access information sharing means for sharing the information required for access from a remote place with the content reception equipment
- device information management means for holding and managing the information on the content reception equipment successfully authenticated by the first authentication means and the information shared by the remote access information sharing means;
- second authentication means for mutually authenticating the content transmission equipment and the content reception equipment connected to the remote network as legitimate equipments based on a second authentication protocol using the information rendered sharable by the remote access information sharing means;
- encryption means for encrypting the content transmitted to the content reception equipment using first key information rendered sharable with the content reception equipment as the result of the authentication process executed by the first authentication means or second key information rendered sharable as the result of the authentication process executed by the second authentication means;
- the remote access information required for access from a remote place is rendered sharable by the remote access information sharing means, and the information on the content reception equipment and the remote access information are registered using the device information management means;
- the content is encrypted using the encryption means and sent to the remote content reception equipment.
- the normal authentication process and the equipment authentication process for remote access are executed in advance with a content transmission equipment in home, and the equipment authentication process for remote use is executed from a remote place only on the content reception equipment successfully subjected to the authentication processes, so that the in-home contents become viewable.
- the contents in home can be viewed by the legitimate user from a remote place without departing from the range of personal use for an improved user convenience.
- FIG. 1 shows an example of a system configuration.
- FIG. 2 shows an example of a block configuration of a DTV.
- FIG. 3 shows an example of a block configuration of a HDD recorder.
- FIG. 4 shows an example of a block configuration of a PC.
- FIG. 5 shows an example of a block configuration of a mobile phone.
- FIG. 6 shows an example of a configuration of a device information management unit.
- FIG. 7 shows an example of a configuration of equipment information.
- FIG. 8 shows an example of the equipment authentication sequence normally executed between an in-home content transmission equipment and a content reception equipment.
- FIG. 9 shows an example of the equipment authentication sequence for executing the key exchange for remote access between an in-home content transmission equipment and a content reception equipment.
- FIG. 10 shows an example of the configuration of a remote access information table held in a device information management unit of a content reception equipment and brought out to a remote place.
- FIG. 11 shows an example of the sequence for executing the content transfer between an in-home content transmission equipment and a remote content reception equipment.
- FIG. 12 shows an example of the configuration of the equipment information.
- FIG. 13 shows an example of the system configuration.
- FIG. 14 shows an example of the sequence for executing the content transfer from a remote content reception equipment and an in-home content transmission equipment.
- FIG. 15 shows an example of a content transmission equipment list screen of a mobile phone.
- FIG. 16 shows an example of a content list screen of a mobile phone.
- FIG. 17 shows an example of a content reproduction unit list screen of a mobile phone.
- FIG. 18 shows an example of the configuration of the equipment information.
- FIG. 19 shows an example of the sequence for content transfer from a remote content reception equipment to an in-home content transmission equipment.
- the feature of this embodiment lies in that the illegal viewing/copy is prevented without departing from the range of personal use of the contents while at the same time making it possible to view the in-home contents on a remote content reception equipment.
- FIG. 1 shows a system configuration based on the assumption that the user A accesses an in-home equipment from a remote place.
- a DTV 100 In the home 1 of the user A, a DTV 100 , a HDD recorder 200 and a PC 300 owned by the user A are connected to a network 3 by the wired LAN through a hub 11 . Also, the hub 11 is connectable to an internet 3 through a router 12 .
- a mobile phone 500 of the user A can communicate with a wireless access point 22 , and can be connected to the internet 3 through a router 21 .
- the PC 400 of the user B can be connected to the internet 3 in a similar way.
- a DTV 600 installed at a remote place is connectable to the internet 3 through the router 21 .
- IP Internet Protocol
- TCP Transmission Control Protocol
- UDP User Datagram Protocol
- RTP Real-time Transport Protocol
- HTTP Hyper Text Transfer Protocol
- FTP File Transfer Protocol
- IPv4 and IPv6 are available as different IP versions to any of which the invention is not limited.
- the DTV 100 , the HDD recorder 200 , the PCs 300 , 400 , the mobile phone 500 and the routers 12 , 21 connected to the network each have an IP address for identifying themselves on LAN. Also, a 48-bit MAC (Media Access Control) address is assigned to the interface unit of each network communication processing circuit in advance at the time of manufacture.
- the IP address is set for each equipment by DHCP (Dynamic Host Configuration Protocol) widely used in the prior art for automatic address setting in the network in which the routers 12 , 21 , for example, are operated as a DHCP server thereby to distribute the IP address to each equipment.
- DHCP Dynamic Host Configuration Protocol
- each equipment can determine the IP address thereof from the high-order 64 bits of the IP address of the routers 12 , 21 and the MAC address thereof by what is called a stateless automatic setting method.
- the equipments in the home 1 of the user are interconnected by wired LAN in FIG. 1
- the LAN, IEEE1394, USB or Bluetooth through the wireless access point may alternatively be used.
- the hub 11 and the router 12 may be integrated with each other, and so may the wireless access point 22 and the router 21 .
- the routers 12 , 21 are connected to the internet through a modem or a photoelectric converter, not shown, or by a modem or a photoelectric converter built in the router.
- the routers 12 , 21 may be connected to the internet in any types of methods including a high-speed access line such as ADSL (Asymmetric Digital Subscriber Line) or optical fiber, ISDN (Integrated Services Digital Network), an analog telephone line or a mobile communication network for mobile phones.
- ADSL Asymmetric Digital Subscriber Line
- ISDN Integrated Services Digital Network
- the network at the remote place 2 is also configured similarly.
- each equipment in the user home 1 can be accessed through the internet 3 from the remote place 2 using a technique such as the port forward function of the router or VPN (Virtual Private Network).
- VPN Virtual Private Network
- the DTV 600 is similarly configured.
- the DTV 100 is configured of a tuner 101 , a descrambler 102 , a demultiplexer 103 , a decoder 104 , a display/speaker 105 , a digital terminal 106 , an input processing unit 107 , an authentication processing unit 108 , a device information management unit 109 , an encryption/decryption processing unit 110 , a communication processing unit 111 , a digital input/output terminal 112 and a control unit 113 .
- the tuner 101 is a part to select the desired one of a plurality of channels received from a broadcast station through an antenna 10 and demodulate the program digitally modulated.
- the descrambler 102 is a part to descramble the program scrambled to make it possible to receive only the channel under contract with a service provider.
- the demultiplexer 103 is a part to extract the audio and video data from a broadcast program.
- the decoder 104 is a part to decode the compressed audio and video data in a broadcast program or received from the digital input/output terminal 112 and decompress the data into the original audio and video signals.
- the display/speaker 105 is a part to reproduce the output signal from the decoder 104 or the signal input from the digital terminal 106 .
- the display/speaker 105 may not be built in but may be remotely attached.
- the digital terminal 106 is a part to input the digital data not compressed, and constituted of, for example, a HDMI (High-Definition Multimedia Interface).
- the input processing unit 107 is a part for the user to operate the DTV 100 using a remote controller or a touch panel.
- the equipment authentication processing unit 108 is a part which in order to transfer the copyright-protected content through LAN, mutually authenticates a particular AV equipment and other AV equipments to confirm the legitimacy thereof based on a specified authentication protocol, and shares the key used for content encryption and decryption.
- the specified authentication protocol is, for example, the DTCP method described above.
- the device information management unit 109 is a part to manage the information on the AV equipments successfully authenticated by the equipment authentication processing unit 108 .
- the encryption/decryption processing unit 110 is a part in which the broadcast program or the contents received through the digital input/output terminal 112 by LAN are encrypted or decrypted using the key shared by the equipment authentication processing unit 108 .
- the communication processing unit 111 is a part to transmit or receive the contents and the control command to or from other AV equipments connected by LAN through the digital input/output terminal 112 .
- the contents are transmitted together with an identification code such as “copy free”, “copy one generation”, “copy never” or “no more copies” indicating the manner in which the transmitted contents are to be handled.
- the digital input/output terminal 112 is a part to input or output the contents and the control command through LAN.
- the control unit 113 is a part for centrally controlling the operation of each part of the DTV 100 .
- the HDD recorder 200 is configured of an input processing unit 201 , an authentication processing unit 202 , a device information management unit 203 , a recording/reproduction processing unit 204 , a HDD 205 , an encryption/decryption processing unit 206 , a communication processing unit 207 , a digital input/output terminal 208 , a decoder 209 , a digital terminal 210 and a control unit 211 .
- the recording/reproduction processing unit 204 is a part for the recording control to record the contents in the HDD 205 and the reproduction control to reproduce the contents recorded in the HDD 205 .
- the HDD 205 is a built-in memory for recording a broadcast program. This may be replaced by other units such as a removable HDD or optical disk, a memory card or a hybrid memory combining any of them.
- the digital terminal 210 is a part in which the non-compressed digital data output from the decoder 209 is output to a remote display or speaker.
- the other parts are similar to the corresponding parts of the DTV 100 .
- the PC 300 is configured of a tuner 301 , a descrambler 302 , a demultiplexer 303 , a decoder 304 , a display/speaker 305 , a digital terminal 306 , an input processing unit 307 , an authentication processing unit 308 , a device information management unit 309 , a recording/reproduction processing unit 310 , a HDD 311 , an encryption/decryption processing unit 312 , a communication processing unit 313 , a digital input/output terminal 314 , a wireless encryption/decryption processing unit 315 , a wireless communication processing unit 316 and a control unit 317 .
- the wireless encryption/decryption processing unit 315 is a part in which the contents received by wireless LAN through the wireless communication processing unit 316 or the contents output from the encryption/decryption processing unit 312 are encrypted/decrypted using a well-known standard encryption method such as WEP (Wired Equivalent Privacy) used as a standard for security protection in wireless LAN.
- WEP Wired Equivalent Privacy
- the wireless communication system for the mobile phone such as 3G or W-CDMA (Wideband Code Division Multiple Access) may be employed.
- the wireless communication processing unit 316 is a part to transmit/receive the contents and the control command to and from a wireless access point 22 or other AV equipments connected by wireless LAN.
- the other parts are similar to the corresponding parts, respectively, of the DTV 100 and the HDD recorder 200 .
- the PC 400 may have a similar configuration.
- the mobile phone 500 is configured of a tuner 501 , a descrambler 502 , a demultiplexer 503 , a decoder 504 , a display/speaker 505 , a digital terminal 506 , a camera imaging unit 507 , a communication processing unit 508 , an input processing unit 509 , an authentication processing unit 510 , a device information management unit 511 , a recording/reproduction processing unit 512 , a record memory 513 , an encryption/decryption processing unit 514 , a wireless encryption/decryption processing unit 515 , a wireless communication processing unit 516 and a control unit 517 .
- the camera imaging unit 507 is a part of a camera to pick up an image.
- the record memory 507 is a nonvolatile memory to store the dynamic or still image picked up by the camera imaging unit 507 , the program received through the tuner 501 and the information such as the personal information and the address book.
- the record memory 507 may be either built in or replaceable.
- the other parts are similar to the corresponding parts, respectively, of the DTV 100 , the HDD recorder 200 and the PC 300 .
- the device information management unit 109 is configured of a timer 1081 , a device information updating unit 1082 and an device information storage unit 1083 .
- the timer 1081 is a part used to count time in the case where the equipment authentication processing unit 108 (similar to the units 202 , 308 , 510 ) confirms whether any equipment to be authenticated exists in home or in the case where the term of validity of the registration information stored in the device information storage unit 1083 described later is managed.
- the device information updating unit 1082 is a part to manage the term of validity of the registration information held in the device information storage unit 1083 described later and to register, update or delete the information as required.
- the device information storage unit 1083 is a part to hold the information on the equipments to be authenticated, in the case where the equipments are successfully authenticated by the equipment authentication processing unit 108 .
- the equipment information 70 is configured of a management table 700 and an equipment information table 710 .
- the management table 700 is configured of a maximum authentication number 701 , a maximum counter value 702 and a maximum remote access number 703 .
- the maximum authentication number 701 is the maximum number of times the equipment can be authenticated between the content transmission equipment and the content reception equipment using the equipment authentication processing unit 108 .
- the maximum counter value 702 is the maximum value on the counter which is set in the timer 1081 .
- the maximum remote access number 703 is the maximum number of times a remote content access request is permitted.
- the device information table 710 is configured of an ID 711 , a device ID 712 , address information 713 , a counter value 714 , a remote access key 715 , a remote access key label 715 A and an access situation 716 .
- the ID 711 indicates the registration number of the table.
- the device ID 712 is an identifier for identifying each equipment uniquely.
- the device ID 712 is the information unique to each equipment such as a unique ID used for IEEE1394, a device ID used for DTCP which is generated by a specified certificate authority and held in a nonvolatile memory in advance at the time of manufacture of each equipment.
- the device ID 712 has a value unique to each equipment and may contain other information such as a public key.
- the address information 713 indicates an IP address or a MAC address of each equipment on the network.
- the counter value 714 is the present value on the counter which is set in the timer 1081 .
- the remote access key 715 is the key information used in the authentication and encryption/decryption process at the time of content transfer between the in-home content transmission equipment and the remote content reception equipment.
- the remote access key label 716 is an identifier used to identify the remote access key 715 .
- the access situation 716 indicates the transfer situation (for example, “off”, “in home” or “remote”) between the content transmission equipment and the content reception equipment.
- An equipment authentication processing procedure 800 executed between the HDD recorder (content transmission equipment) 200 and the DTV (content reception equipment) 100 in the system configuration of FIG. 1 using each equipment and each information described above is explained with reference to FIG. 8 .
- the protocol TCP is used for transmission and reception of the information for the equipment authentication process.
- the acknowledgment of reception of the request is returned from the unit at the other end, so that a communication path which can detect a transmission error is secured.
- the data transmission/reception for establishment or abandonment of TCP connection is not shown in FIG. 8 .
- an authentication request is generated by the content reception equipment 100 .
- the equipment authentication processing unit 108 of the content reception equipment 100 sends the authentication request, through the communication processing unit 111 to the content transmission equipment 200 , together with the information unique to the equipment including the aforementioned device ID and a certificate of the information (S 801 ).
- the equipment authentication processing unit 202 of the content transmission equipment 200 receives the authentication request through the communication processing unit 207 and sends the acknowledgment to the content reception equipment 100 (S 802 ). Then, the equipment authentication processing unit 202 of the content transmission equipment 200 generates an authentication request by itself, and like in the case of the content reception equipment 100 , sends the authentication request to the content reception equipment 100 together with the information unique to the content transmission equipment 200 and a certificate thereof (S 803 ).
- the equipment authentication processing unit 108 of the content reception equipment 100 receives the authentication request and sends the acknowledgment to the content transmission equipment 100 (S 804 ).
- the equipment authentication processing unit 202 of the content transmission equipment 200 verifies each information received in the authentication request, and sends an authentication response to the content reception equipment 100 together with the parameter required for generation of the key information (S 805 ).
- the equipment authentication processing unit 108 of the content reception equipment 100 after receiving the authentication response and sending the acknowledgment to the content reception equipment 200 (S 806 ), generates an authentication response by itself and like in the case of the content transmission equipment 200 , sends it to the content transmission equipment 200 together with the parameter required for generation of the key information (S 807 ) thereby to generate an authentication key shared with the content transmission equipment 200 using the required parameter.
- the equipment authentication processing unit 202 of the content transmission equipment 200 after receiving the authentication response and sending the acknowledgment to the content reception equipment 100 (S 808 ), like the content transmission equipment 100 , generates the authentication key shared with the content reception equipment 100 using the required parameter.
- the equipment authentication processing unit 108 of the content transmission equipment 200 and the equipment authentication processing unit 202 of the content reception equipment 100 generate and share a common authentication key.
- the content transmission equipment 200 In order to confirm whether the content reception equipment 100 is existing in home or not, the content transmission equipment 200 notifies the content reception equipment 100 that the preparation is made for in-home confirmation.
- the equipment authentication processing unit 108 of the content reception equipment 100 after receiving the notification for in-home confirmation preparation and sending the acknowledgment to the content transmission equipment 200 (S 810 ), generates an in-home confirmation preparation notice by itself and sends it to the content transmission equipment 200 (S 811 ).
- the equipment authentication processing unit 202 of the content transmission equipment 200 after receiving the in-home confirmation preparation notice and sending the acknowledgment to the content reception equipment 100 (S 812 ), sends an in-home confirmation setting request to the content reception equipment 100 together with the information required for the in-home confirmation (S 813 ).
- the equipment authentication processing unit 108 of the content reception equipment 100 after receiving the in-home confirmation setting request and making the preparation required for the in-home confirmation, sends the acknowledgment to the content transmission equipment 200 (S 814 ).
- the equipment authentication processing unit 202 of the content transmission equipment 200 that has received the acknowledgment, after starting the timer 1081 in the device information management unit 203 , sends an in-home confirmation execution request to the content reception equipment 100 to confirm whether the content reception equipment 100 exists in home or not (S 815 ).
- the equipment authentication processing unit 108 of the content reception equipment 100 receives the in-home confirmation execution request and sends the acknowledgment to the content transmission equipment 200 (S 816 ).
- the equipment authentication processing unit 202 of the content transmission equipment 200 upon reception of the acknowledgment, stops the timer 1081 and confirms that the measurement time (T1) before reception of the acknowledgment from the issue of the in-home confirmation execution request is not longer than a predetermined value (T). In the case where the measurement value (T1) is not longer than the predetermined value (T), the equipment authentication processing unit 202 judges that the content reception equipment 100 exists in home and is expected to be used within the range of personal use and sends the corresponding in-home confirmation result to the content reception equipment 100 (S 817 ). In the case where the measurement value (T1) is longer than the predetermined value (T), on the other hand, the equipment authentication processing unit 202 judges that the content reception equipment 100 may exist at a remote place, and by suspending the process, terminates the equipment authentication process.
- the equipment authentication processing unit 108 of the content reception equipment 100 that has received the in-home configuration result sends the acknowledgment to the content transmission equipment 200 (S 818 ). Then, the equipment authentication processing unit 202 of the content transmission equipment 200 generates an exchange key used for content encryption, and by encrypting the exchange key using the authentication key, sends it to the content reception equipment 100 together with the ID for identifying the exchange key.
- the equipment authentication processing unit 108 of the content reception equipment 100 decrypts the exchange key sent from the content transmission equipment 200 using the authentication key, and sends the acknowledgment (S 820 ).
- the equipment authentication processing unit 202 of the content transmission equipment 200 upon reception of the acknowledgment, registers the information on the content reception equipment 100 in the device information table 710 in the device information management unit 203 (S 821 ).
- the device ID of the content reception equipment 100 that has been received in step S 801 is set in the device ID 712 , the MAC address of the content reception equipment 100 on the network in the address information 713 , the maximum counter value 702 of the management table 700 in the counter value 714 , and “off” in the access situation 716 .
- the equipment authentication processing unit 202 of the content transmission equipment 200 and the equipment authentication processing unit 108 of the content reception equipment 100 share a common exchange key.
- This exchange key is used for generating a common key to encrypt/decrypt the contents.
- the exchange key and the common key described above the well-known key generation/key exchange algorithm can be used.
- the processes of steps S 809 and S 813 may be combined, and so the processes of steps S 817 and S 819 .
- the foregoing explanation concerns the equipment authentication process executed between the content transmission equipment and the content reception equipment in the content transfer in home.
- the content transmission equipment 200 and the content reception equipment 500 execute the equipment authentication process 800 explained above with reference to FIG. 8 .
- the equipment authentication processing unit 510 of the content reception equipment 500 After that, the equipment authentication processing unit 510 of the content reception equipment 500 generates a remote access authentication request and sends it to the content transmission equipment 200 (S 901 ).
- This remote access authentication request may contain the random number created using a predetermined arithmetic algorithm or the information unique to the equipment.
- the equipment authentication processing unit 202 of the content transmission equipment 200 receives the remote access authentication request and sends the acknowledgment to the content reception equipment 500 (S 902 ). Then, as in the case of the content reception equipment 500 , the equipment authentication processing unit 202 generates a remote access authentication request by itself, and sends it to the content reception equipment 500 (S 903 )
- the equipment authentication processing unit 510 of the content reception equipment 500 receives the remote access authentication request and sends the acknowledgment to the content transmission equipment 200 (S 904 ).
- the equipment authentication processing unit 202 of the content transmission equipment 200 verifies each information received in the remote access authentication request and sends a remote access authentication response to the content reception equipment 500 together with the parameters required for generation of the key information (S 905 ).
- the equipment authentication processing unit 510 of the content reception equipment 500 after receiving the remote access authentication response and sending the acknowledgment to the content transmission equipment 200 (S 906 ), generates a remote access authentication response by itself, and like in the case of the content transmission equipment, sends the remote access authentication response to the content transmission equipment 200 together with the parameters required for generation of the key information (S 907 ), thereby generating an authentication key shared with the content transmission equipment 200 using the required parameters.
- the equipment authentication processing unit 202 of the content transmission equipment 200 which receives the remote access authentication response and sends the acknowledgment to the content reception equipment 500 , generates, like in the content reception equipment 500 , the authentication key shared with the content reception equipment 500 using the required parameters (S 908 ).
- the equipment authentication processing unit 202 of the content transmission equipment 200 generates the remote access key dedicated to the content reception equipment 500 for use in the content encryption and the equipment authentication process at the time of using the remote contents, and by encrypting the remote access key using the authentication key generated in step S 908 , sends it to the content reception equipment 500 (S 909 ).
- the equipment authentication processing unit 510 of the content reception equipment 500 upon reception of the remote access key, sends the acknowledgment to the content transmission equipment 200 (S 910 ) and decrypts the remote access key using the authentication key.
- the equipment authentication processing unit 202 of the content transmission equipment 200 upon reception of the acknowledgment, adds the information on the content reception equipment 500 to equipment information table 710 in the device information management unit 203 (S 911 ).
- equipment information table 710 in the device information management unit 203
- the ID 711 , the device ID 712 , the address information 713 , the counter value 714 and the access situation 716 are set as described above.
- the remote access key sent to the content reception equipment 500 is additionally set in the remote access key 715 .
- the equipment authentication processing unit 510 of the content reception equipment 500 generates or updates the remote access information table 1000 stored in the device information management unit 511 (S 912 ).
- the remote access information table 1000 held in the device information management unit 511 is configured of address information 1001 , registration information 1002 and a remote access common key 1003 .
- the address information such as the MAC address, the IP address or the port number required for the content reception equipment 500 to access the content transmission equipment 200 or the router 12 from a remote place are registered as the address information 1001 .
- the user name or the password required for the content reception equipment 500 to log in to the content transmission equipment 200 or the router 12 from a remote place are registered as the registration information 1002 .
- the remote access key received in step S 910 is set as the remote access common key 1003 .
- the content transmission equipment 200 and the content reception equipment 500 come to share a common key for remote access.
- the remote access key generated by the content transmission equipment 200 is a common key used only for the content reception equipment 500 and cannot be used for other content reception equipments.
- the remote access key is used for the equipment authentication process executed at the time of receiving a content distribution request from a remote place and/or the generation of a common key for content encryption.
- a well-known key generation/key exchange algorithm can be used for generation of the authentication key, the exchange key or the remote access key.
- a method is also available in which by omitting the process of steps S 903 to S 908 , the remote access key is encrypted using the authentication key shared by the normal authentication process 800 and sent to the content reception equipment 500 in step 909 .
- the content transmission equipment 200 is allowed to have the time of accepting the remote access authentication request after the normal authentication process 800 so that the content reception equipment 500 is required to issue the remote access authentication request within a predetermined time.
- the process of steps S 901 and S 902 may be executed immediately before step S 819 in the normal authentication process 800 , in which case steps S 909 and S 910 may be executed after step S 820 or steps S 819 and S 909 may be combined into a single step.
- the user A issues a content viewing command using the input processing unit 509 of the mobile phone 500 .
- the control unit 517 of the mobile phone 500 displays a content transmission equipment list screen ( FIG. 15 ) on the display/speaker 505 .
- a record memory 513 , the content transmission equipment (DTV 600 ) detected to be currently existent on the network and the content transmission equipment 200 registered in the remote access information table 1000 managed by the device information management unit 511 are displayed on the content transmission equipment list screen 1500 (S 1101 ).
- a UDP packet containing “a request to detect an equipment having the content transmission function” is multicast to all the equipments on the network and only an equipment having such a function responds thereby to recognize the content transmission equipment.
- This method can use the conventional technique such as SSDP (Simple Service Discovery Protocol) or DLNA (Digital Living Network Alliance).
- the user A selects the content transmission equipment 200 on the content transmission equipment list screen 1500 .
- the control unit 517 of the content reception equipment 500 by accessing the address information of the content reception equipment 500 registered in the remote access information table 1000 , sends a content information acquisition request to the content transmission equipment 200 in the home 1 of the user A through the internet 3 including a wireless access point 22 and a router 21 from a wireless communication processing unit 516 (S 1102 ).
- the control unit 211 of the content transmission equipment 200 sends the acknowledgment to the content reception equipment 500 through the communication control unit 207 (S 1103 ), so that the information on a part or the whole of the contents (for example, the title, date, copy control information and the recording time) stored in the HDD 205 are sent to the content reception equipment 500 (S 1104 ).
- the control unit 517 of the content reception equipment 500 sends the acknowledgment to the content transmission equipment 200 (S 1105 ), and the content information thus received are displayed on the display/speaker 505 as a content list screen ( FIG. 16 ).
- the content desired to view on the content list screen 1600 is designated by the user A through the input processing unit 509 (S 1106 ).
- the equipment authentication processing unit 510 of the content reception equipment 500 generates a remote authentication request.
- the remote authentication request is sent to the content transmission equipment 200 together with the information unique to the equipment including the device ID, the remote access key or the calculation value generated using the key and a certificate (S 1107 ).
- the equipment authentication processing unit 202 of the content transmission equipment 200 which has received the remote authentication request confirms that the device ID of the content reception equipment 500 is registered in the device information table 710 managed in the device information management unit 203 , and sends the acknowledgment to the content reception equipment 500 (S 1108 ). In the case where the device ID of the content reception equipment 500 is not registered in the device information table 710 , the content transmission equipment 100 suspends the process.
- the equipment authentication processing unit 202 of the content transmission equipment 200 generates a remote authentication request by itself, and as in the case of the content reception equipment, sends it to the content reception equipment 500 together with the information unique to the content transmission equipment 200 , the remote access key or the calculation value generated using the particular key and a certificate (S 1109 ).
- the equipment authentication processing unit 510 of the content reception equipment 500 receives the remote authentication request and sends the acknowledgment to the content transmission equipment 200 (S 1110 ).
- the equipment authentication processing unit 202 of the content transmission equipment 200 verifies each information received in the remote authentication request, and sends a remote authentication response to the content reception equipment 500 together with remote access key or the calculation value generated using the key and the parameter required for generation of the key information (S 1111 ).
- the equipment authentication processing unit 510 of the content reception equipment 500 after receiving the remote authentication response and sending the acknowledgment to the content transmission equipment 200 (S 1112 ), generates a remote authentication response by itself and, as in the case of the content transmission equipment 200 , sends the remote authentication response to the content transmission equipment 200 together with the parameter required for generation of the key information (S 1113 ) thereby to generate the remote authentication key shared with the content transmission equipment 200 using the required parameter.
- the equipment authentication processing unit 202 of the content transmission equipment 200 after receiving the remote authentication response and sending the acknowledgment to the content reception equipment 500 , generates, as in the case of the content reception equipment 500 , an authentication key shared with the content reception equipment 5200 using the required parameter (S 1114 ). After confirming that the counter value 714 of the content reception equipment 500 in the device information table 710 has not reached zero (S 1115 ), the equipment authentication processing unit 202 generates the remote exchange key used for content encryption. The remote exchange key is encrypted using the remote authentication key, and together with the ID for identifying the remote exchange key, sent to the content reception equipment 500 (S 1116 ).
- the remote exchange key transmitted from the content transmission equipment 200 is decrypted using the remote authentication key, and the acknowledgment sent (S 1117 ).
- the equipment authentication processing unit 202 of the content transmission equipment 200 upon reception of the acknowledgment, updates the information on the content reception equipment 500 in the device information table 710 in the device information management unit 203 (S 1118 ). Specifically, the access situation 716 is updated from “off” to “remote”.
- the control unit 517 of the content reception equipment 500 sends the request to view the desired content to the content transmission equipment 200 (S 1119 ).
- the viewing request may be accompanied by the ID for identifying the remote exchange key received in step S 1116 .
- the control unit 211 of the content transmission equipment 200 sends the acknowledgment for reception of the content viewing request (S 1120 ), the equipment authentication processing unit 202 checks to see whether the ID of the remote exchange key is correct or not, and the device information updating unit 1082 starts by setting the timer 1081 in the device information management unit 203 to receive the notice periodically (for example, at intervals of one or ten minutes). Also, the equipment authentication processing unit 202 generates a common key for content encryption using the remote exchange key and sets the common key in the encryption/decryption processing unit 206 .
- the desired content read from the HDD 205 is encrypted by the encryption/decryption processing unit 206 while at the same time being sent to the content reception equipment 500 (S 1121 ).
- the device information updating unit 1082 updates the counter value 714 (decrements the counter value, for example) in the device information table 710 .
- the equipment authentication processing unit 510 of the content reception equipment 500 generates a common key for decrypting the content using the remote exchange key and sets the common key in the encryption/decryption processing unit 514 .
- the content received through the wireless communication processing unit 516 and the wireless encryption/decryption processing unit 515 is decrypted by the encryption/decryption processing unit 514 and while being decoded by the decoder 504 , output to the display/speaker 505 .
- the equipment authentication process 900 for remote access is executed in home beforehand between the content transmission equipment and the content reception equipment. Only in the case where the content reception equipment successfully authenticated is brought out of home and the remote authentication process of steps S 1107 to S 1117 is successfully executed, then the content can be transferred from the in-home content transmission equipment to the remote content reception equipment.
- the content transmission equipment may stop the timer 1081 and discard the remote exchange key so that the content may not be transmitted as long as the remote authentication process is not executed again even if another content viewing request continues to be issued by the content reception equipment.
- the number of the content reception equipments accessible simultaneously from a remote place can be limited by the content transmission equipment using the maximum remote access number 703 in the management table 700 .
- the content transmission equipment 200 receives the “viewing request” in step S 1119 as described above, other requests such as a “copy request” or a “move request”, if received, may be rejected to avoid the illegal use of the contents as far as possible.
- the protocol used to transmit the contents from the content transmission equipment 200 to the content reception unit 500 is not limited to a specified one, but may be any of RTP, HTTP, FTP, etc.
- the contents can be transmitted by containing, in the payload of each transfer protocol, the content encrypted by a predetermined algorithm using a common key.
- the well-known encryption technique AES Advanced Encryption Standard
- AES Advanced Encryption Standard
- the counter value 714 in the device information table 710 to be updated periodically by the content transmission equipment may alternatively be used as different counter values in home and remotely as shown in FIG. 12 .
- a different maximum value can be set as each counter value (i.e. the maximum in-home counter value 702 and the maximum remote counter value 704 in the management table 700 ).
- the normal authentication process and the authentication process for remote access are executed in home beforehand with the content transmission equipment thereby to share the remote access key, while at the same time registering the information on the content reception equipment in the device information table of the content transmission equipment.
- the content reception equipment can be regarded as a personal property after all, and even if brought out of home, the content thereof can be viewed safely without departing from the range of personal content use.
- the feature of this embodiment lies in preventing the illegal viewing and copy while at the same time making it possible to view the in-home contents on an unspecified content reception equipment at a remote place without departing from the range of personal content use.
- FIG. 13 shows an example of the system configuration in an assumed case where the user A brings out the mobile phone 500 to a remote place and views the content of the in-home HDD recorder 200 on a large-screen DTV 600 installed at the same remote place as where the mobile phone 500 is located.
- the DTV 600 has the same configuration as the DTV 100 .
- the user A executes the remote access equipment authentication 900 in home beforehand between the HDD recorder (content transmission equipment) 200 and the mobile phone 500 to share the remote access key between them.
- the user A who has brought out the mobile phone 500 to a remote place (a hotel, for example) and intends to view the in-home contents on the DTV 600 at the same remote place, first executes the remote authentication process by acquiring the content information between the content transmission equipment 200 and the mobile phone 500 according to the same process as steps S 1101 to S 1118 shown in FIG. 11 .
- a remote place a hotel, for example
- the control unit 517 of the mobile phone (controller) 500 multicasts a UDP packet containing a “request to detect an equipment having the reproduction function” to all the equipments on the network, for example, and only the equipment that has the same function responds.
- the content reproduction unit list screen FIG. 17 is displayed on the display/speaker 505 in the presence of such content reproduction unit.
- the control unit 517 sends a content viewing issue request to the DTV 600 (S 1401 ).
- the content viewing issue request contains the information on the content to be viewed and the address information 1001 of the content transmission equipment 200 registered in the remote access information table 1000 , and in some case, may be accompanied by the registration information 1002 .
- the DTV (content reception equipment) 600 that has received the content viewing issue request sends the acknowledgment to the controller 500 (S 1402 ) and executes the normal authentication process 800 with the controller 500 .
- the equipment authentication processing unit 510 of the controller 500 uses the remote exchange key shared with the content transmission equipment 200 in step S 1116 and the ID thereof as a remote exchange key and an ID thereof, respectively, to be sent to the DTV 600 in step S 819 .
- the same exchange key and the ID thereof have successfully come to be shared among the content transmission equipment 200 , the controller 500 and the content reception equipment 600 .
- the DTV 600 sends a content viewing request to the content transmission equipment 200 (S 1403 ).
- the content viewing request is accompanied by the ID of the remote exchange key.
- the content viewing request may contain the information on the data format (such as MPEG2-TS or H.264) and the image quality (such as HD, SD, 760p or 1080i) reproducible on the DTV 600 . Such information, however, may be contained in another request issued than the content viewing request.
- the control unit 211 of the content transmission equipment 200 upon reception of the content viewing request, sends the acknowledgment to the DTV 600 (S 1404 ).
- the equipment authentication processing unit 202 checks that the ID of the remote exchange key is legitimate, and the device information updating unit 1082 starts by setting the timer 1081 in the device information management unit 203 in such a manner as to receive the notice periodically.
- the equipment authentication processing unit 202 generates a common key for content encryption using the remote exchange key and sets the common key in the encryption/decryption processing unit 206 .
- the desired content read from the HDD 205 is encrypted by the encryption/decryption processing unit 206 while at the same time being sent to the DTV 600 (S 1405 ).
- the device information updating unit 1082 updates the counter value 714 in the device information table 710 .
- the DTV 600 generates a common key for content decryption using the remote exchange key and sets the common key in the encryption/decryption processing unit 110 .
- the contents received through the router 21 and the communication processing unit 111 are decrypted by the encryption/decryption processing unit 110 and output to the display/speaker 105 while being decoded by the decoder 104 .
- the controller can deliver the remote exchange key to the remote content reception equipment successfully authenticated in normal fashion.
- the in-home contents can be safely viewed on the remote reception equipment without departing from the range of personal content use.
- the remote exchange key required for content encryption is sent by the content transmission equipment 200 only to the controller 500 . Therefore, the key exchange (normal authentication process 800 ) between the controller 500 and the content reception equipment 600 is not involved.
- the feature of the third embodiment is that the controller 500 notifies the content transmission equipment 200 that the remote exchange key has been delivered to the content reception equipment 600 .
- the device information table 710 of the content transmission equipment 200 is provided with a substitute device ID 718 for setting the device ID of another equipment which receives the contents on behalf of the equipment indicated by the device ID 712 at the time of remote use. Further, a substitute address information (MAC address, IP address, etc.) and a substitute counter value may be added.
- MAC address, IP address, etc. MAC address, IP address, etc.
- the process up to steps S 1101 to S 118 between the content transmission equipment 200 and the controller 500 is similar to the process shown in FIG. 14 . Also, the process up to steps S 1401 and S 1402 between the controller 500 and the content reception equipment 600 and the process up to the equipment authentication process 800 are also similar to the corresponding processes shown in FIG. 14 .
- the controller 500 issues, to the content transmission equipment 200 , a remote equipment setting request to receive the contents using an authenticated remote equipment (the content reception equipment 600 in this case) in place of the controller 500 (S 1900 ).
- the setting request contains the information on the content reception equipment 600 such as the device ID and the MAC address.
- the content transmission equipment 200 that has received the remote equipment setting request sets the device ID of the content reception equipment 600 contained in the request, in the substitute device ID 718 of the device information table 710 (S 1901 ), and issues the acknowledgment to the controller 500 (S 1902 ).
- the content reception equipment 600 issues a content viewing request to the content transmission equipment 200 (S 1403 ).
- the viewing request contains the device ID of the content reception equipment 600 or the address information (such as the MAC address or the IP address).
- the content transmission equipment 200 that has received the content viewing request, after confirming that the request is issued from the substitute device ID 718 , issues the acknowledgment to the content reception equipment 600 and transfers the encrypted content using the remote exchange key.
- the content transmission to the content reception equipment 600 is suspended or the content viewing request is rejected.
- the content may be sent to only one equipment.
- the in-home contents can be viewed safely on the remote content reception equipment without departing from the range of personal content use.
Abstract
A content reception equipment for accessing an in-home content transmission equipment from a remote place executes a first authentication process with the content transmission equipment in advance, executes the remote access information sharing process required for access from a remote place, and causes the information on the content reception equipment and the remote access information to be registered in an equipment information table of the content transmission equipment.
In the case where the in-home content transmission equipment is accessed by the content reception equipment brought out of home, the content transmission equipment transmits the content to the content reception equipment only in the case where the information on the content reception equipment is registered in the device information table of the content transmission equipment and the second authentication process using the remote access information is successfully executed between the content transmission equipment and the content reception equipment.
Description
- This application is a Continuation application of U.S. Ser. No. 12/746,876 filed Jun. 8, 2010, which is the U.S. National Phase of PCT/JP2009/052504 filed Feb. 16, 2009, which claims priority from Japanese Patent Application No. 2008-066964 filed on Mar. 17, 2008. The subject matter of each is incorporated herein by reference in entirety.
- This invention relates to a transmission equipment, a reception equipment and a content transmission method suitable for protection of the copyright of the contents of video and audio signals transmitted or received through a network.
- With the progress of the processing ability including the computation speed and the storage capacity of the personal computer (hereinafter referred to as the PC), the capacity of the hard disk drive (hereinafter referred to as the HDD) built in the PC has increased. In this situation, even the PC of the rank used in an ordinary home has come to possess the ability to record a TV broadcast program using the HDD and permit the user to view the recorded program on the display of the PC.
- As the result of recent development of the digital video signal processing technique, on the other hand, digital AV equipments such as a TV having a built-in digital tuner for receiving the digital broadcasting (hereinafter referred to as the DTV) and a digital recorder for recording/reproducing a digital broadcast program (for example, the HDD recorder, DVD recorder and the BD recorder) have been commercialized in succession.
- Further, the extension of the broadband/internet has made it possible to mount a digital interface such as the wired/wireless LAN (Local Area Network), IEEE1394 or USB in the digital AV equipments and transmit the digital contents through a network.
- Generally, in the case where the digitally recorded contents are recorded by transmission from one equipment to another through a network, etc. as described above, the data quality is degenerated less during transmission and a copy (duplicate) of the same quality as the contents in the equipment at the transmitting end can be generated at the receiving end. For the contents with the copyright thereof to be protected, therefore, a measure is required to prevent the illegal creation of a copy of the contents departing from the range of personal use.
- In transmitting a content between digital AV equipments, for example, a copy protection method is employed in which the content is encrypted by the content transmission equipment, and the information for decryption is shared with the content reception equipment, so that even if the content is received correctly by an equipment other than the destination content reception equipment, the decryption of the content is prevented, thereby preventing the unlimited copy creation.
- An example of the copy protection method employed for the digital AV equipments is a Digital Transmission Content Protection (DTCP) method specifying a method of copy protection on the IEEE1394 bus. In the DTCP method, the contents are managed by being classified into the categories of “copy free”, “copy one generation” and “copy never”. The recorder records only the contents in the category of “copy free” or “copy one generation”, and the content in the category of “copy one generation”, once recorded, is handled as “copy free”. Except for the contents in the category of “copy free”, all the contents are transmitted on a bus after being encrypted at the transmitting end to prevent the contents from being copied in an unlimited manner.
- Also in the content transmission by wired or wireless LAN, a DTCP-IP method further strengthened in security is specified by extensively applying DTCP to the IP network. According to the DTCP-IP method, a technique is disclosed to define an in-home network to prevent the unlimited remote distribution of the contents with the copyright thereof to be protected such as a broadcast program recorded in home.
- Patent Document 1: JP-A-2005-5821
- The conventional technique described above incorporates the function to confirm that the equipments at the transmitting and receiving ends are both located inside the same home in the case where the contents requiring copyright protection are transmitted through the wired or wireless LAN.
- The user having an equipment such a notebook-sized PC or a portable terminal used in a mobile environment, however, has a great desire to access the contents in his/her home using this equipment during a trip or from inside a tram car on his/her way to the working place.
- Accordingly, it is an object of this invention to provide a content transmission equipment, a content reception equipment and a content transmission method in which the legal viewing of the contents transferred from an in-home equipment to a remote equipment can be limited to the range of personal use.
- In order to solve the problem described above, according to this invention, there is provided a content transmission equipment including:
- first authentication means for mutually authenticating the content transmission equipment and a content reception equipment connected to an in-home network as legitimate equipments based on a first authentication protocol, and confirming that the content reception equipment is existing in home;
- remote access information sharing means for sharing the information required for access from a remote place with the content reception equipment;
- device information management means for holding and managing the information on the content reception equipment successfully authenticated by the first authentication means and the information shared by the remote access information sharing means;
- second authentication means for mutually authenticating the content transmission equipment and the content reception equipment connected to the remote network as legitimate equipments based on a second authentication protocol using the information rendered sharable by the remote access information sharing means; and
- encryption means for encrypting the content transmitted to the content reception equipment using first key information rendered sharable with the content reception equipment as the result of the authentication process executed by the first authentication means or second key information rendered sharable as the result of the authentication process executed by the second authentication means;
- wherein only in the case where the authentication process is successfully executed with the content reception equipment using the first authentication means, the remote access information required for access from a remote place is rendered sharable by the remote access information sharing means, and the information on the content reception equipment and the remote access information are registered using the device information management means; and
- wherein only in the case where the authentication process is successfully executed with the content reception equipment using the second authentication processing means, the content is encrypted using the encryption means and sent to the remote content reception equipment.
- The normal authentication process and the equipment authentication process for remote access are executed in advance with a content transmission equipment in home, and the equipment authentication process for remote use is executed from a remote place only on the content reception equipment successfully subjected to the authentication processes, so that the in-home contents become viewable. As a result, the contents in home can be viewed by the legitimate user from a remote place without departing from the range of personal use for an improved user convenience.
- The other objects, features and advantages of the invention will be made apparent by the following description of embodiments of the invention taken in conjunction with the accompanying drawings.
-
FIG. 1 shows an example of a system configuration. -
FIG. 2 shows an example of a block configuration of a DTV. -
FIG. 3 shows an example of a block configuration of a HDD recorder. -
FIG. 4 shows an example of a block configuration of a PC. -
FIG. 5 shows an example of a block configuration of a mobile phone. -
FIG. 6 shows an example of a configuration of a device information management unit. -
FIG. 7 shows an example of a configuration of equipment information. -
FIG. 8 shows an example of the equipment authentication sequence normally executed between an in-home content transmission equipment and a content reception equipment. -
FIG. 9 shows an example of the equipment authentication sequence for executing the key exchange for remote access between an in-home content transmission equipment and a content reception equipment. -
FIG. 10 shows an example of the configuration of a remote access information table held in a device information management unit of a content reception equipment and brought out to a remote place. -
FIG. 11 shows an example of the sequence for executing the content transfer between an in-home content transmission equipment and a remote content reception equipment. -
FIG. 12 shows an example of the configuration of the equipment information. -
FIG. 13 shows an example of the system configuration. -
FIG. 14 shows an example of the sequence for executing the content transfer from a remote content reception equipment and an in-home content transmission equipment. -
FIG. 15 shows an example of a content transmission equipment list screen of a mobile phone. -
FIG. 16 shows an example of a content list screen of a mobile phone. -
FIG. 17 shows an example of a content reproduction unit list screen of a mobile phone. -
FIG. 18 shows an example of the configuration of the equipment information. -
FIG. 19 shows an example of the sequence for content transfer from a remote content reception equipment to an in-home content transmission equipment. - Embodiments of the invention are explained below.
- The feature of this embodiment lies in that the illegal viewing/copy is prevented without departing from the range of personal use of the contents while at the same time making it possible to view the in-home contents on a remote content reception equipment.
-
FIG. 1 shows a system configuration based on the assumption that the user A accesses an in-home equipment from a remote place. - In the
home 1 of the user A, aDTV 100, aHDD recorder 200 and a PC 300 owned by the user A are connected to anetwork 3 by the wired LAN through ahub 11. Also, thehub 11 is connectable to aninternet 3 through arouter 12. - In the remote place (for example, a hotel or a company) where the user A is located, a
mobile phone 500 of the user A can communicate with awireless access point 22, and can be connected to theinternet 3 through arouter 21. Also, thePC 400 of the user B can be connected to theinternet 3 in a similar way. Further, aDTV 600 installed at a remote place is connectable to theinternet 3 through therouter 21. - In the LAN, the standard IP (Internet Protocol) is used as a network protocol, and TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) are used as a high-layer transport protocol. For content transfer, on the other hand, a higher-layer application protocol such as RTP (Real-time Transport Protocol), HTTP (Hyper Text Transfer Protocol), FTP (File Transfer Protocol), etc. is used. Incidentally, IPv4 and IPv6 are available as different IP versions to any of which the invention is not limited.
- The
DTV 100, theHDD recorder 200, thePCs mobile phone 500 and therouters routers - Incidentally, in the case where IPv6 is used, each equipment can determine the IP address thereof from the high-order 64 bits of the IP address of the
routers - Although the equipments in the
home 1 of the user are interconnected by wired LAN inFIG. 1 , the LAN, IEEE1394, USB or Bluetooth through the wireless access point may alternatively be used. Also, thehub 11 and therouter 12 may be integrated with each other, and so may thewireless access point 22 and therouter 21. - Also, the
routers routers remote place 2 is also configured similarly. - Further, each equipment in the
user home 1 can be accessed through theinternet 3 from theremote place 2 using a technique such as the port forward function of the router or VPN (Virtual Private Network). - Next, an example of the configuration of the
DTV 100 is explained with reference toFIG. 2 . Incidentally, theDTV 600 is similarly configured. - The
DTV 100 is configured of atuner 101, adescrambler 102, ademultiplexer 103, adecoder 104, a display/speaker 105, adigital terminal 106, aninput processing unit 107, an authentication processing unit 108, a deviceinformation management unit 109, an encryption/decryption processing unit 110, acommunication processing unit 111, a digital input/output terminal 112 and acontrol unit 113. - The
tuner 101 is a part to select the desired one of a plurality of channels received from a broadcast station through anantenna 10 and demodulate the program digitally modulated. - The
descrambler 102 is a part to descramble the program scrambled to make it possible to receive only the channel under contract with a service provider. - The
demultiplexer 103 is a part to extract the audio and video data from a broadcast program. - The
decoder 104 is a part to decode the compressed audio and video data in a broadcast program or received from the digital input/output terminal 112 and decompress the data into the original audio and video signals. - The display/
speaker 105 is a part to reproduce the output signal from thedecoder 104 or the signal input from thedigital terminal 106. The display/speaker 105 may not be built in but may be remotely attached. - The
digital terminal 106 is a part to input the digital data not compressed, and constituted of, for example, a HDMI (High-Definition Multimedia Interface). - The
input processing unit 107 is a part for the user to operate theDTV 100 using a remote controller or a touch panel. - The equipment authentication processing unit 108 is a part which in order to transfer the copyright-protected content through LAN, mutually authenticates a particular AV equipment and other AV equipments to confirm the legitimacy thereof based on a specified authentication protocol, and shares the key used for content encryption and decryption. The specified authentication protocol is, for example, the DTCP method described above.
- The device
information management unit 109 is a part to manage the information on the AV equipments successfully authenticated by the equipment authentication processing unit 108. - The encryption/
decryption processing unit 110 is a part in which the broadcast program or the contents received through the digital input/output terminal 112 by LAN are encrypted or decrypted using the key shared by the equipment authentication processing unit 108. - The
communication processing unit 111 is a part to transmit or receive the contents and the control command to or from other AV equipments connected by LAN through the digital input/output terminal 112. The contents are transmitted together with an identification code such as “copy free”, “copy one generation”, “copy never” or “no more copies” indicating the manner in which the transmitted contents are to be handled. - The digital input/
output terminal 112 is a part to input or output the contents and the control command through LAN. - The
control unit 113 is a part for centrally controlling the operation of each part of theDTV 100. - Next, an example of the configuration of the
HDD recorder 200 is explained with reference toFIG. 3 . - The
HDD recorder 200 is configured of aninput processing unit 201, anauthentication processing unit 202, a deviceinformation management unit 203, a recording/reproduction processing unit 204, aHDD 205, an encryption/decryption processing unit 206, acommunication processing unit 207, a digital input/output terminal 208, adecoder 209, adigital terminal 210 and acontrol unit 211. - The recording/
reproduction processing unit 204 is a part for the recording control to record the contents in theHDD 205 and the reproduction control to reproduce the contents recorded in theHDD 205. - The
HDD 205 is a built-in memory for recording a broadcast program. This may be replaced by other units such as a removable HDD or optical disk, a memory card or a hybrid memory combining any of them. - The
digital terminal 210 is a part in which the non-compressed digital data output from thedecoder 209 is output to a remote display or speaker. - The other parts are similar to the corresponding parts of the
DTV 100. - Next, an example of the configuration of the
PC 300 is explained with reference toFIG. 4 . - The
PC 300 is configured of atuner 301, adescrambler 302, ademultiplexer 303, adecoder 304, a display/speaker 305, adigital terminal 306, aninput processing unit 307, anauthentication processing unit 308, a deviceinformation management unit 309, a recording/reproduction processing unit 310, aHDD 311, an encryption/decryption processing unit 312, acommunication processing unit 313, a digital input/output terminal 314, a wireless encryption/decryption processing unit 315, a wirelesscommunication processing unit 316 and acontrol unit 317. - The wireless encryption/
decryption processing unit 315 is a part in which the contents received by wireless LAN through the wirelesscommunication processing unit 316 or the contents output from the encryption/decryption processing unit 312 are encrypted/decrypted using a well-known standard encryption method such as WEP (Wired Equivalent Privacy) used as a standard for security protection in wireless LAN. In place of the wireless LAN, the wireless communication system for the mobile phone such as 3G or W-CDMA (Wideband Code Division Multiple Access) may be employed. - The wireless
communication processing unit 316 is a part to transmit/receive the contents and the control command to and from awireless access point 22 or other AV equipments connected by wireless LAN. - The other parts are similar to the corresponding parts, respectively, of the
DTV 100 and theHDD recorder 200. Also, thePC 400 may have a similar configuration. - Next, an example of the configuration of the
mobile phone 500 is explained with reference toFIG. 5 . - The
mobile phone 500 is configured of atuner 501, adescrambler 502, ademultiplexer 503, adecoder 504, a display/speaker 505, adigital terminal 506, acamera imaging unit 507, acommunication processing unit 508, aninput processing unit 509, anauthentication processing unit 510, a deviceinformation management unit 511, a recording/reproduction processing unit 512, arecord memory 513, an encryption/decryption processing unit 514, a wireless encryption/decryption processing unit 515, a wirelesscommunication processing unit 516 and acontrol unit 517. - The
camera imaging unit 507 is a part of a camera to pick up an image. - The
record memory 507 is a nonvolatile memory to store the dynamic or still image picked up by thecamera imaging unit 507, the program received through thetuner 501 and the information such as the personal information and the address book. Therecord memory 507 may be either built in or replaceable. - The other parts are similar to the corresponding parts, respectively, of the
DTV 100, theHDD recorder 200 and thePC 300. - Next, an example of the configuration of the device information management unit 109 (similar to 203, 309, 511) in each of the equipments described above is explained with reference to
FIG. 6 . - The device
information management unit 109 is configured of atimer 1081, a deviceinformation updating unit 1082 and an deviceinformation storage unit 1083. - The
timer 1081 is a part used to count time in the case where the equipment authentication processing unit 108 (similar to theunits information storage unit 1083 described later is managed. - The device
information updating unit 1082 is a part to manage the term of validity of the registration information held in the deviceinformation storage unit 1083 described later and to register, update or delete the information as required. - The device
information storage unit 1083 is a part to hold the information on the equipments to be authenticated, in the case where the equipments are successfully authenticated by the equipment authentication processing unit 108. - Next, an example of the configuration of the
equipment information 70 stored in the deviceinformation storage unit 1083 is explained with reference toFIG. 7 . - The
equipment information 70 is configured of a management table 700 and an equipment information table 710. - The management table 700 is configured of a
maximum authentication number 701, amaximum counter value 702 and a maximumremote access number 703. - The
maximum authentication number 701 is the maximum number of times the equipment can be authenticated between the content transmission equipment and the content reception equipment using the equipment authentication processing unit 108. - The
maximum counter value 702 is the maximum value on the counter which is set in thetimer 1081. - The maximum
remote access number 703 is the maximum number of times a remote content access request is permitted. - The device information table 710, on the other hand, is configured of an
ID 711, adevice ID 712, addressinformation 713, acounter value 714, aremote access key 715, a remote accesskey label 715A and anaccess situation 716. - The
ID 711 indicates the registration number of the table. - The
device ID 712 is an identifier for identifying each equipment uniquely. Thedevice ID 712 is the information unique to each equipment such as a unique ID used for IEEE1394, a device ID used for DTCP which is generated by a specified certificate authority and held in a nonvolatile memory in advance at the time of manufacture of each equipment. Thedevice ID 712 has a value unique to each equipment and may contain other information such as a public key. - The
address information 713 indicates an IP address or a MAC address of each equipment on the network. - The
counter value 714 is the present value on the counter which is set in thetimer 1081. - The
remote access key 715 is the key information used in the authentication and encryption/decryption process at the time of content transfer between the in-home content transmission equipment and the remote content reception equipment. - The remote access
key label 716 is an identifier used to identify theremote access key 715. - The
access situation 716 indicates the transfer situation (for example, “off”, “in home” or “remote”) between the content transmission equipment and the content reception equipment. - An equipment
authentication processing procedure 800 executed between the HDD recorder (content transmission equipment) 200 and the DTV (content reception equipment) 100 in the system configuration ofFIG. 1 using each equipment and each information described above is explained with reference toFIG. 8 . The protocol TCP is used for transmission and reception of the information for the equipment authentication process. Upon transmission of various information such as an authentication request to an equipment at the other end or an authentication response to the request, the acknowledgment of reception of the request is returned from the unit at the other end, so that a communication path which can detect a transmission error is secured. Incidentally, the data transmission/reception for establishment or abandonment of TCP connection is not shown inFIG. 8 . - First, an authentication request is generated by the
content reception equipment 100. The equipment authentication processing unit 108 of thecontent reception equipment 100 sends the authentication request, through thecommunication processing unit 111 to thecontent transmission equipment 200, together with the information unique to the equipment including the aforementioned device ID and a certificate of the information (S801). - The equipment
authentication processing unit 202 of thecontent transmission equipment 200 receives the authentication request through thecommunication processing unit 207 and sends the acknowledgment to the content reception equipment 100 (S802). Then, the equipmentauthentication processing unit 202 of thecontent transmission equipment 200 generates an authentication request by itself, and like in the case of thecontent reception equipment 100, sends the authentication request to thecontent reception equipment 100 together with the information unique to thecontent transmission equipment 200 and a certificate thereof (S803). - The equipment authentication processing unit 108 of the
content reception equipment 100 receives the authentication request and sends the acknowledgment to the content transmission equipment 100 (S804). - Next, the equipment
authentication processing unit 202 of thecontent transmission equipment 200 verifies each information received in the authentication request, and sends an authentication response to thecontent reception equipment 100 together with the parameter required for generation of the key information (S805). - The equipment authentication processing unit 108 of the
content reception equipment 100, after receiving the authentication response and sending the acknowledgment to the content reception equipment 200 (S806), generates an authentication response by itself and like in the case of thecontent transmission equipment 200, sends it to thecontent transmission equipment 200 together with the parameter required for generation of the key information (S807) thereby to generate an authentication key shared with thecontent transmission equipment 200 using the required parameter. - The equipment
authentication processing unit 202 of thecontent transmission equipment 200, after receiving the authentication response and sending the acknowledgment to the content reception equipment 100 (S808), like thecontent transmission equipment 100, generates the authentication key shared with thecontent reception equipment 100 using the required parameter. - Through the steps described above, the equipment authentication processing unit 108 of the
content transmission equipment 200 and the equipmentauthentication processing unit 202 of thecontent reception equipment 100 generate and share a common authentication key. - In order to confirm whether the
content reception equipment 100 is existing in home or not, thecontent transmission equipment 200 notifies thecontent reception equipment 100 that the preparation is made for in-home confirmation. - The equipment authentication processing unit 108 of the
content reception equipment 100, after receiving the notification for in-home confirmation preparation and sending the acknowledgment to the content transmission equipment 200 (S810), generates an in-home confirmation preparation notice by itself and sends it to the content transmission equipment 200 (S811). - The equipment
authentication processing unit 202 of thecontent transmission equipment 200, after receiving the in-home confirmation preparation notice and sending the acknowledgment to the content reception equipment 100 (S812), sends an in-home confirmation setting request to thecontent reception equipment 100 together with the information required for the in-home confirmation (S813). - The equipment authentication processing unit 108 of the
content reception equipment 100, after receiving the in-home confirmation setting request and making the preparation required for the in-home confirmation, sends the acknowledgment to the content transmission equipment 200 (S814). - The equipment
authentication processing unit 202 of thecontent transmission equipment 200 that has received the acknowledgment, after starting thetimer 1081 in the deviceinformation management unit 203, sends an in-home confirmation execution request to thecontent reception equipment 100 to confirm whether thecontent reception equipment 100 exists in home or not (S815). - The equipment authentication processing unit 108 of the
content reception equipment 100 receives the in-home confirmation execution request and sends the acknowledgment to the content transmission equipment 200 (S816). - The equipment
authentication processing unit 202 of thecontent transmission equipment 200, upon reception of the acknowledgment, stops thetimer 1081 and confirms that the measurement time (T1) before reception of the acknowledgment from the issue of the in-home confirmation execution request is not longer than a predetermined value (T). In the case where the measurement value (T1) is not longer than the predetermined value (T), the equipmentauthentication processing unit 202 judges that thecontent reception equipment 100 exists in home and is expected to be used within the range of personal use and sends the corresponding in-home confirmation result to the content reception equipment 100 (S817). In the case where the measurement value (T1) is longer than the predetermined value (T), on the other hand, the equipmentauthentication processing unit 202 judges that thecontent reception equipment 100 may exist at a remote place, and by suspending the process, terminates the equipment authentication process. - The equipment authentication processing unit 108 of the
content reception equipment 100 that has received the in-home configuration result sends the acknowledgment to the content transmission equipment 200 (S818). Then, the equipmentauthentication processing unit 202 of thecontent transmission equipment 200 generates an exchange key used for content encryption, and by encrypting the exchange key using the authentication key, sends it to thecontent reception equipment 100 together with the ID for identifying the exchange key. - The equipment authentication processing unit 108 of the
content reception equipment 100 decrypts the exchange key sent from thecontent transmission equipment 200 using the authentication key, and sends the acknowledgment (S820). - The equipment
authentication processing unit 202 of thecontent transmission equipment 200, upon reception of the acknowledgment, registers the information on thecontent reception equipment 100 in the device information table 710 in the device information management unit 203 (S821). As indicated by therecord 721 of theID 711 in the device information table 710, for example, the device ID of thecontent reception equipment 100 that has been received in step S801 is set in thedevice ID 712, the MAC address of thecontent reception equipment 100 on the network in theaddress information 713, themaximum counter value 702 of the management table 700 in thecounter value 714, and “off” in theaccess situation 716. - In this way, the equipment
authentication processing unit 202 of thecontent transmission equipment 200 and the equipment authentication processing unit 108 of thecontent reception equipment 100 share a common exchange key. This exchange key is used for generating a common key to encrypt/decrypt the contents. For generation of the authentication key, the exchange key and the common key described above, the well-known key generation/key exchange algorithm can be used. Also, the processes of steps S809 and S813 may be combined, and so the processes of steps S817 and S819. - The foregoing explanation concerns the equipment authentication process executed between the content transmission equipment and the content reception equipment in the content transfer in home.
- Next, the equipment authentication processing steps for remote access which are executed between the HDD recorder (content transmission equipment) 200 and the mobile phone (content reception equipment) 500 in the system configuration shown in
FIG. 1 are explained with reference toFIG. 9 . - First, the
content transmission equipment 200 and thecontent reception equipment 500 execute theequipment authentication process 800 explained above with reference toFIG. 8 . - After that, the equipment
authentication processing unit 510 of thecontent reception equipment 500 generates a remote access authentication request and sends it to the content transmission equipment 200 (S901). This remote access authentication request may contain the random number created using a predetermined arithmetic algorithm or the information unique to the equipment. - The equipment
authentication processing unit 202 of thecontent transmission equipment 200 receives the remote access authentication request and sends the acknowledgment to the content reception equipment 500 (S902). Then, as in the case of thecontent reception equipment 500, the equipmentauthentication processing unit 202 generates a remote access authentication request by itself, and sends it to the content reception equipment 500 (S903) - The equipment
authentication processing unit 510 of thecontent reception equipment 500 receives the remote access authentication request and sends the acknowledgment to the content transmission equipment 200 (S904). - Next, the equipment
authentication processing unit 202 of thecontent transmission equipment 200 verifies each information received in the remote access authentication request and sends a remote access authentication response to thecontent reception equipment 500 together with the parameters required for generation of the key information (S905). - The equipment
authentication processing unit 510 of thecontent reception equipment 500, after receiving the remote access authentication response and sending the acknowledgment to the content transmission equipment 200 (S906), generates a remote access authentication response by itself, and like in the case of the content transmission equipment, sends the remote access authentication response to thecontent transmission equipment 200 together with the parameters required for generation of the key information (S907), thereby generating an authentication key shared with thecontent transmission equipment 200 using the required parameters. - The equipment
authentication processing unit 202 of thecontent transmission equipment 200, which receives the remote access authentication response and sends the acknowledgment to thecontent reception equipment 500, generates, like in thecontent reception equipment 500, the authentication key shared with thecontent reception equipment 500 using the required parameters (S908). The equipmentauthentication processing unit 202 of thecontent transmission equipment 200 generates the remote access key dedicated to thecontent reception equipment 500 for use in the content encryption and the equipment authentication process at the time of using the remote contents, and by encrypting the remote access key using the authentication key generated in step S908, sends it to the content reception equipment 500 (S909). - The equipment
authentication processing unit 510 of thecontent reception equipment 500, upon reception of the remote access key, sends the acknowledgment to the content transmission equipment 200 (S910) and decrypts the remote access key using the authentication key. - The equipment
authentication processing unit 202 of thecontent transmission equipment 200, upon reception of the acknowledgment, adds the information on thecontent reception equipment 500 to equipment information table 710 in the device information management unit 203 (S911). As indicated by therecord 722 of theID 711 in the device information table 710, for example, theID 711, thedevice ID 712, theaddress information 713, thecounter value 714 and theaccess situation 716 are set as described above. Further, the remote access key sent to thecontent reception equipment 500 is additionally set in theremote access key 715. - The equipment
authentication processing unit 510 of thecontent reception equipment 500, on the other hand, generates or updates the remote access information table 1000 stored in the device information management unit 511 (S912). - Now, an example of the configuration of the remote access information table 1000 is explained with reference to
FIG. 10 . - The remote access information table 1000 held in the device
information management unit 511 is configured ofaddress information 1001,registration information 1002 and a remote accesscommon key 1003. - The address information such as the MAC address, the IP address or the port number required for the
content reception equipment 500 to access thecontent transmission equipment 200 or therouter 12 from a remote place are registered as theaddress information 1001. - The user name or the password required for the
content reception equipment 500 to log in to thecontent transmission equipment 200 or therouter 12 from a remote place are registered as theregistration information 1002. - The remote access key received in step S910 is set as the remote access
common key 1003. - As described above, in order to use the contents stored in the
content transmission equipment 200 from a remote place in response to the request from thecontent reception equipment 500 after execution of the normal authentication, thecontent transmission equipment 200 and thecontent reception equipment 500 come to share a common key for remote access. The remote access key generated by thecontent transmission equipment 200 is a common key used only for thecontent reception equipment 500 and cannot be used for other content reception equipments. Also, the remote access key is used for the equipment authentication process executed at the time of receiving a content distribution request from a remote place and/or the generation of a common key for content encryption. A well-known key generation/key exchange algorithm can be used for generation of the authentication key, the exchange key or the remote access key. - A method is also available in which by omitting the process of steps S903 to S908, the remote access key is encrypted using the authentication key shared by the
normal authentication process 800 and sent to thecontent reception equipment 500 instep 909. As another alternative, thecontent transmission equipment 200 is allowed to have the time of accepting the remote access authentication request after thenormal authentication process 800 so that thecontent reception equipment 500 is required to issue the remote access authentication request within a predetermined time. As still another alternative, the process of steps S901 and S902 may be executed immediately before step S819 in thenormal authentication process 800, in which case steps S909 and S910 may be executed after step S820 or steps S819 and S909 may be combined into a single step. - Next, with reference to
FIG. 11 , an explanation is given about the procedure in which the user A takes out themobile phone 500 from his/her home and by using the mobile phone (content reception equipment) 500 at a remote place B, views the content recorded in theHDD 205 of the HDD recorder (content transmission equipment) 200. - First, the user A issues a content viewing command using the
input processing unit 509 of themobile phone 500. Then, thecontrol unit 517 of themobile phone 500 displays a content transmission equipment list screen (FIG. 15 ) on the display/speaker 505. Arecord memory 513, the content transmission equipment (DTV 600) detected to be currently existent on the network and thecontent transmission equipment 200 registered in the remote access information table 1000 managed by the deviceinformation management unit 511 are displayed on the content transmission equipment list screen 1500 (S1101). - In a method available to detect the content transmission equipment existing on the network, for example, a UDP packet containing “a request to detect an equipment having the content transmission function” is multicast to all the equipments on the network and only an equipment having such a function responds thereby to recognize the content transmission equipment. This method can use the conventional technique such as SSDP (Simple Service Discovery Protocol) or DLNA (Digital Living Network Alliance).
- Next, the user A selects the
content transmission equipment 200 on the content transmissionequipment list screen 1500. Then, thecontrol unit 517 of thecontent reception equipment 500, by accessing the address information of thecontent reception equipment 500 registered in the remote access information table 1000, sends a content information acquisition request to thecontent transmission equipment 200 in thehome 1 of the user A through theinternet 3 including awireless access point 22 and arouter 21 from a wireless communication processing unit 516 (S1102). - The
control unit 211 of thecontent transmission equipment 200 sends the acknowledgment to thecontent reception equipment 500 through the communication control unit 207 (S1103), so that the information on a part or the whole of the contents (for example, the title, date, copy control information and the recording time) stored in theHDD 205 are sent to the content reception equipment 500 (S1104). - The
control unit 517 of thecontent reception equipment 500 sends the acknowledgment to the content transmission equipment 200 (S1105), and the content information thus received are displayed on the display/speaker 505 as a content list screen (FIG. 16 ). The content desired to view on thecontent list screen 1600 is designated by the user A through the input processing unit 509 (S1106). Then, the equipmentauthentication processing unit 510 of thecontent reception equipment 500 generates a remote authentication request. The remote authentication request is sent to thecontent transmission equipment 200 together with the information unique to the equipment including the device ID, the remote access key or the calculation value generated using the key and a certificate (S1107). - The equipment
authentication processing unit 202 of thecontent transmission equipment 200 which has received the remote authentication request confirms that the device ID of thecontent reception equipment 500 is registered in the device information table 710 managed in the deviceinformation management unit 203, and sends the acknowledgment to the content reception equipment 500 (S1108). In the case where the device ID of thecontent reception equipment 500 is not registered in the device information table 710, thecontent transmission equipment 100 suspends the process. - Next, the equipment
authentication processing unit 202 of thecontent transmission equipment 200 generates a remote authentication request by itself, and as in the case of the content reception equipment, sends it to thecontent reception equipment 500 together with the information unique to thecontent transmission equipment 200, the remote access key or the calculation value generated using the particular key and a certificate (S1109). - The equipment
authentication processing unit 510 of thecontent reception equipment 500 receives the remote authentication request and sends the acknowledgment to the content transmission equipment 200 (S1110). - Next, the equipment
authentication processing unit 202 of thecontent transmission equipment 200 verifies each information received in the remote authentication request, and sends a remote authentication response to thecontent reception equipment 500 together with remote access key or the calculation value generated using the key and the parameter required for generation of the key information (S1111). - The equipment
authentication processing unit 510 of thecontent reception equipment 500, after receiving the remote authentication response and sending the acknowledgment to the content transmission equipment 200 (S1112), generates a remote authentication response by itself and, as in the case of thecontent transmission equipment 200, sends the remote authentication response to thecontent transmission equipment 200 together with the parameter required for generation of the key information (S1113) thereby to generate the remote authentication key shared with thecontent transmission equipment 200 using the required parameter. - The equipment
authentication processing unit 202 of thecontent transmission equipment 200, after receiving the remote authentication response and sending the acknowledgment to thecontent reception equipment 500, generates, as in the case of thecontent reception equipment 500, an authentication key shared with the content reception equipment 5200 using the required parameter (S1114). After confirming that thecounter value 714 of thecontent reception equipment 500 in the device information table 710 has not reached zero (S1115), the equipmentauthentication processing unit 202 generates the remote exchange key used for content encryption. The remote exchange key is encrypted using the remote authentication key, and together with the ID for identifying the remote exchange key, sent to the content reception equipment 500 (S1116). - In the equipment
authentication processing unit 510 of thecontent reception equipment 500, the remote exchange key transmitted from thecontent transmission equipment 200 is decrypted using the remote authentication key, and the acknowledgment sent (S1117). - The equipment
authentication processing unit 202 of thecontent transmission equipment 200, upon reception of the acknowledgment, updates the information on thecontent reception equipment 500 in the device information table 710 in the device information management unit 203 (S1118). Specifically, theaccess situation 716 is updated from “off” to “remote”. - After that, the
control unit 517 of thecontent reception equipment 500 sends the request to view the desired content to the content transmission equipment 200 (S1119). In the process, the viewing request may be accompanied by the ID for identifying the remote exchange key received in step S1116. - The
control unit 211 of thecontent transmission equipment 200 sends the acknowledgment for reception of the content viewing request (S1120), the equipmentauthentication processing unit 202 checks to see whether the ID of the remote exchange key is correct or not, and the deviceinformation updating unit 1082 starts by setting thetimer 1081 in the deviceinformation management unit 203 to receive the notice periodically (for example, at intervals of one or ten minutes). Also, the equipmentauthentication processing unit 202 generates a common key for content encryption using the remote exchange key and sets the common key in the encryption/decryption processing unit 206. - The desired content read from the
HDD 205 is encrypted by the encryption/decryption processing unit 206 while at the same time being sent to the content reception equipment 500 (S1121). Each time the notice is received from thetimer 1081 during the content transmission, the deviceinformation updating unit 1082 updates the counter value 714 (decrements the counter value, for example) in the device information table 710. - The equipment
authentication processing unit 510 of thecontent reception equipment 500 generates a common key for decrypting the content using the remote exchange key and sets the common key in the encryption/decryption processing unit 514. The content received through the wirelesscommunication processing unit 516 and the wireless encryption/decryption processing unit 515 is decrypted by the encryption/decryption processing unit 514 and while being decoded by thedecoder 504, output to the display/speaker 505. - As described above, the
equipment authentication process 900 for remote access is executed in home beforehand between the content transmission equipment and the content reception equipment. Only in the case where the content reception equipment successfully authenticated is brought out of home and the remote authentication process of steps S1107 to S1117 is successfully executed, then the content can be transferred from the in-home content transmission equipment to the remote content reception equipment. - After the content transfer, the content transmission equipment may stop the
timer 1081 and discard the remote exchange key so that the content may not be transmitted as long as the remote authentication process is not executed again even if another content viewing request continues to be issued by the content reception equipment. - Also, the number of the content reception equipments accessible simultaneously from a remote place can be limited by the content transmission equipment using the maximum
remote access number 703 in the management table 700. - Although the
content transmission equipment 200 receives the “viewing request” in step S1119 as described above, other requests such as a “copy request” or a “move request”, if received, may be rejected to avoid the illegal use of the contents as far as possible. - The protocol used to transmit the contents from the
content transmission equipment 200 to thecontent reception unit 500 is not limited to a specified one, but may be any of RTP, HTTP, FTP, etc. The contents can be transmitted by containing, in the payload of each transfer protocol, the content encrypted by a predetermined algorithm using a common key. The well-known encryption technique AES (Advanced Encryption Standard), for example, can be used as the encryption algorithm. - Also, the
counter value 714 in the device information table 710 to be updated periodically by the content transmission equipment, though usable as the same value for the in-home and remote content transmission, may alternatively be used as different counter values in home and remotely as shown inFIG. 12 . In such a case, a different maximum value can be set as each counter value (i.e. the maximum in-home counter value 702 and the maximumremote counter value 704 in the management table 700). - As understood from the foregoing description, in the content reception equipment accessing an in-home equipment from a remote place, the normal authentication process and the authentication process for remote access are executed in home beforehand with the content transmission equipment thereby to share the remote access key, while at the same time registering the information on the content reception equipment in the device information table of the content transmission equipment. As a result, the content reception equipment can be regarded as a personal property after all, and even if brought out of home, the content thereof can be viewed safely without departing from the range of personal content use.
- The feature of this embodiment lies in preventing the illegal viewing and copy while at the same time making it possible to view the in-home contents on an unspecified content reception equipment at a remote place without departing from the range of personal content use.
-
FIG. 13 shows an example of the system configuration in an assumed case where the user A brings out themobile phone 500 to a remote place and views the content of the in-home HDD recorder 200 on a large-screen DTV 600 installed at the same remote place as where themobile phone 500 is located. TheDTV 600 has the same configuration as theDTV 100. - The steps in which the user A views the contents of the in-
home HDD recorder 200 on theDTV 600 at the remote place are explained below with reference toFIG. 14 . - As explained in the first embodiment above, the user A executes the remote
access equipment authentication 900 in home beforehand between the HDD recorder (content transmission equipment) 200 and themobile phone 500 to share the remote access key between them. - The user A, who has brought out the
mobile phone 500 to a remote place (a hotel, for example) and intends to view the in-home contents on theDTV 600 at the same remote place, first executes the remote authentication process by acquiring the content information between thecontent transmission equipment 200 and themobile phone 500 according to the same process as steps S1101 to S1118 shown inFIG. 11 . - After the remote authentication process is successfully executed and the remote exchange key and the exchange key ID come to be shared by the
content transmission equipment 200 and themobile phone 500, thecontrol unit 517 of the mobile phone (controller) 500 multicasts a UDP packet containing a “request to detect an equipment having the reproduction function” to all the equipments on the network, for example, and only the equipment that has the same function responds. By detecting whether other content reproduction unit exists on the network using a well-known technique such as DLNA, the content reproduction unit list screen (FIG. 17 ) is displayed on the display/speaker 505 in the presence of such content reproduction unit. - Once the user A selects a content reproduction unit (the
DTV 600 in the case under consideration) on thelist screen 1700 through theinput processing unit 509, thecontrol unit 517 sends a content viewing issue request to the DTV 600 (S1401). The content viewing issue request contains the information on the content to be viewed and theaddress information 1001 of thecontent transmission equipment 200 registered in the remote access information table 1000, and in some case, may be accompanied by theregistration information 1002. - The DTV (content reception equipment) 600 that has received the content viewing issue request sends the acknowledgment to the controller 500 (S1402) and executes the
normal authentication process 800 with thecontroller 500. In the process, the equipmentauthentication processing unit 510 of thecontroller 500 uses the remote exchange key shared with thecontent transmission equipment 200 in step S1116 and the ID thereof as a remote exchange key and an ID thereof, respectively, to be sent to theDTV 600 in step S819. As a result, the same exchange key and the ID thereof have successfully come to be shared among thecontent transmission equipment 200, thecontroller 500 and thecontent reception equipment 600. - After that, the
DTV 600 sends a content viewing request to the content transmission equipment 200 (S1403). The content viewing request is accompanied by the ID of the remote exchange key. Also, in order to permit thecontent transmission equipment 200 to change the format or the image quality as required for content transmission, the content viewing request may contain the information on the data format (such as MPEG2-TS or H.264) and the image quality (such as HD, SD, 760p or 1080i) reproducible on theDTV 600. Such information, however, may be contained in another request issued than the content viewing request. - The
control unit 211 of thecontent transmission equipment 200, upon reception of the content viewing request, sends the acknowledgment to the DTV 600 (S1404). The equipmentauthentication processing unit 202 checks that the ID of the remote exchange key is legitimate, and the deviceinformation updating unit 1082 starts by setting thetimer 1081 in the deviceinformation management unit 203 in such a manner as to receive the notice periodically. - Also, the equipment
authentication processing unit 202 generates a common key for content encryption using the remote exchange key and sets the common key in the encryption/decryption processing unit 206. The desired content read from theHDD 205 is encrypted by the encryption/decryption processing unit 206 while at the same time being sent to the DTV 600 (S1405). In the process, each time the notice is received from thetimer 1081 during the content transmission, the deviceinformation updating unit 1082 updates thecounter value 714 in the device information table 710. - The
DTV 600 generates a common key for content decryption using the remote exchange key and sets the common key in the encryption/decryption processing unit 110. The contents received through therouter 21 and thecommunication processing unit 111 are decrypted by the encryption/decryption processing unit 110 and output to the display/speaker 105 while being decoded by thedecoder 104. - As described above, only in the case where the remote exchange key can be shared between the content transmission equipment and the controller brought out after being arranged in home beforehand to share the remote access key with the content transmission equipment, the controller can deliver the remote exchange key to the remote content reception equipment successfully authenticated in normal fashion.
- As a result, the in-home contents can be safely viewed on the remote reception equipment without departing from the range of personal content use.
- In the second embodiment described above, the remote exchange key required for content encryption is sent by the
content transmission equipment 200 only to thecontroller 500. Therefore, the key exchange (normal authentication process 800) between thecontroller 500 and thecontent reception equipment 600 is not involved. - The feature of the third embodiment is that the
controller 500 notifies thecontent transmission equipment 200 that the remote exchange key has been delivered to thecontent reception equipment 600. - With reference to
FIGS. 18 and 19 , the viewing process representing the feature of this embodiment is explained. - First, as shown in
FIG. 18 , the device information table 710 of thecontent transmission equipment 200 is provided with asubstitute device ID 718 for setting the device ID of another equipment which receives the contents on behalf of the equipment indicated by thedevice ID 712 at the time of remote use. Further, a substitute address information (MAC address, IP address, etc.) and a substitute counter value may be added. - Next, the process in which the user A views the contents of the in-
home HDD recorder 200 on theDTV 600 at aremote place 2 is explained with reference toFIG. 19 . - The process up to steps S1101 to S118 between the
content transmission equipment 200 and thecontroller 500 is similar to the process shown inFIG. 14 . Also, the process up to steps S1401 and S1402 between thecontroller 500 and thecontent reception equipment 600 and the process up to theequipment authentication process 800 are also similar to the corresponding processes shown inFIG. 14 . - After that, the
controller 500 issues, to thecontent transmission equipment 200, a remote equipment setting request to receive the contents using an authenticated remote equipment (thecontent reception equipment 600 in this case) in place of the controller 500 (S1900). The setting request contains the information on thecontent reception equipment 600 such as the device ID and the MAC address. - The
content transmission equipment 200 that has received the remote equipment setting request sets the device ID of thecontent reception equipment 600 contained in the request, in thesubstitute device ID 718 of the device information table 710 (S1901), and issues the acknowledgment to the controller 500 (S1902). - After that, the
content reception equipment 600 issues a content viewing request to the content transmission equipment 200 (S1403). In the process, the viewing request contains the device ID of thecontent reception equipment 600 or the address information (such as the MAC address or the IP address). - The
content transmission equipment 200 that has received the content viewing request, after confirming that the request is issued from thesubstitute device ID 718, issues the acknowledgment to thecontent reception equipment 600 and transfers the encrypted content using the remote exchange key. - In the case where a content viewing request is received from the
controller 500 of thedevice ID 712 during the content transmission to thecontent reception equipment 600 of thesubstitute device ID 718, then the content transmission to thecontent reception equipment 600 is suspended or the content viewing request is rejected. In the process, the content may be sent to only one equipment. - As described above, the in-home contents can be viewed safely on the remote content reception equipment without departing from the range of personal content use.
- Although embodiments are described above, this invention is not limited to these embodiments, and it is apparent to those skilled in the art that the invention can be variously modified or altered without departing from the spirit and the scope of the appended claim of the invention.
Claims (1)
1. A content transmission equipment comprising:
first authentication means for executing a first authentication process based on a first authentication method and sharing first key information with a content reception equipment connected to an in-home network;
remote access information sharing means for sharing second key information required for communication from a remote place with said content reception equipment connected to the in-home network;
device information management means for managing the information on said content reception equipment authenticated by said first authentication means and said second key information shared by said remote access information sharing means;
second authentication means for executing a second authentication process using said second key information shared by the remote access information sharing means with said content reception equipment connected to the remote network;
encryption means for executing the encryption process on the content transmitted to the in-home content reception equipment using said first key information or on the content transmitted to the remote content reception equipment using said second key information; and
timer means for counting the time;
wherein
said second key information is shared only with said content reception equipment successfully subjected to said first authentication process by said first authentication means; and
the contents are not sent to the remote content reception equipments other than said content reception equipment registered in said device information management means and successfully subjected to said second authentication process by said second authentication process.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/575,902 US20150106954A1 (en) | 2008-03-17 | 2014-12-18 | Content transmission device and content reception device |
Applications Claiming Priority (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2008-066964 | 2008-03-17 | ||
JP2008066964A JP5331354B2 (en) | 2008-03-17 | 2008-03-17 | Content transmission device and content reception device |
PCT/JP2009/052504 WO2009116338A1 (en) | 2008-03-17 | 2009-02-16 | Content transmission device and content reception device |
US74687610A | 2010-06-08 | 2010-06-08 | |
US14/575,902 US20150106954A1 (en) | 2008-03-17 | 2014-12-18 | Content transmission device and content reception device |
Related Parent Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2009/052504 Continuation WO2009116338A1 (en) | 2008-03-17 | 2009-02-16 | Content transmission device and content reception device |
US12/746,876 Continuation US8984646B2 (en) | 2008-03-17 | 2009-02-16 | Content transmission device and content reception device |
Publications (1)
Publication Number | Publication Date |
---|---|
US20150106954A1 true US20150106954A1 (en) | 2015-04-16 |
Family
ID=41090746
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/746,876 Active 2030-07-09 US8984646B2 (en) | 2008-03-17 | 2009-02-16 | Content transmission device and content reception device |
US14/575,902 Abandoned US20150106954A1 (en) | 2008-03-17 | 2014-12-18 | Content transmission device and content reception device |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/746,876 Active 2030-07-09 US8984646B2 (en) | 2008-03-17 | 2009-02-16 | Content transmission device and content reception device |
Country Status (5)
Country | Link |
---|---|
US (2) | US8984646B2 (en) |
EP (1) | EP2267936B1 (en) |
JP (1) | JP5331354B2 (en) |
CN (1) | CN101889413A (en) |
WO (1) | WO2009116338A1 (en) |
Families Citing this family (31)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP5527815B2 (en) * | 2010-05-07 | 2014-06-25 | 日立コンシューマエレクトロニクス株式会社 | Content transmission device, content reception device, content transmission method, and content reception method |
US8589970B2 (en) | 2009-05-14 | 2013-11-19 | Hitachi Consumer Electronics Co., Ltd. | Content transmitter and receiver apparatus and content transmitting and receiving method |
JP5372595B2 (en) * | 2009-05-14 | 2013-12-18 | 日立コンシューマエレクトロニクス株式会社 | Content transmitting apparatus and content receiving apparatus |
JP5614016B2 (en) * | 2009-09-09 | 2014-10-29 | ソニー株式会社 | COMMUNICATION SYSTEM, COMMUNICATION DEVICE AND COMMUNICATION METHOD, COMPUTER PROGRAM, CONTENT PROVIDING DEVICE, AND CONTENT PROVIDING METHOD |
JP2011082952A (en) * | 2009-09-09 | 2011-04-21 | Sony Corp | Communication system, communication apparatus, communication method, and computer program |
JP5266396B2 (en) * | 2009-10-30 | 2013-08-21 | パナソニック株式会社 | AV data receiving apparatus, AV data receiving method, and AV data transmitting / receiving system |
CN102340496B (en) * | 2010-07-28 | 2014-08-13 | 鸿富锦精密工业(深圳)有限公司 | Digital media controller and method for sharing inter-network media contents by utilizing same |
US9143319B2 (en) * | 2010-09-17 | 2015-09-22 | Certicom Corp. | Mechanism for managing authentication device lifecycles |
US8955078B2 (en) * | 2011-06-30 | 2015-02-10 | Cable Television Laboratories, Inc. | Zero sign-on authentication |
DE102011081804B4 (en) * | 2011-08-30 | 2015-02-12 | Siemens Aktiengesellschaft | Method and system for providing device-specific operator data, which are bound to an authentication credential, for an automation device of an automation system |
WO2013081611A1 (en) * | 2011-11-30 | 2013-06-06 | Intel Corporation | Providing remote access via a mobile device to content subject to a subscription |
JP5774976B2 (en) * | 2011-12-12 | 2015-09-09 | 日立マクセル株式会社 | Content transmitting apparatus and content transmitting method |
TW201327370A (en) * | 2011-12-28 | 2013-07-01 | Amtran Technology Co Ltd | System and method for resource sharing and broadcasting device thereof |
WO2013111174A1 (en) | 2012-01-23 | 2013-08-01 | パナソニック株式会社 | Recording apparatus, terminal apparatus, and content transfer system |
US9571282B1 (en) | 2012-04-03 | 2017-02-14 | Google Inc. | Authentication on a computing device |
JP5373151B2 (en) * | 2012-05-21 | 2013-12-18 | シャープ株式会社 | Information processing apparatus, information processing apparatus control method, controlled apparatus, controlled apparatus control method, server, server control method, pairing system, control program, and recording medium |
JP5856015B2 (en) * | 2012-06-15 | 2016-02-09 | 日立マクセル株式会社 | Content transmission device |
TW201427366A (en) * | 2012-12-28 | 2014-07-01 | Ibm | Method and appliance of decrypting files for data leakage protection in an enterprise network |
US9038142B2 (en) | 2013-02-05 | 2015-05-19 | Google Inc. | Authorization flow initiation using short-term wireless communication |
US11070860B2 (en) | 2013-02-14 | 2021-07-20 | Comcast Cable Communications, Llc | Content delivery |
CN103152624A (en) * | 2013-02-26 | 2013-06-12 | 中兴通讯股份有限公司 | Remote control processing method, device and system |
US9203832B2 (en) | 2013-03-12 | 2015-12-01 | Cable Television Laboratories, Inc. | DTCP certificate authentication over TLS protocol |
JP5865939B2 (en) * | 2014-04-09 | 2016-02-17 | 日立マクセル株式会社 | Content transmitting apparatus and content transmitting method |
US10440499B2 (en) | 2014-06-16 | 2019-10-08 | Comcast Cable Communications, Llc | User location and identity awareness |
US10045090B2 (en) * | 2014-08-11 | 2018-08-07 | Comcast Cable Communications, Llc | Merging permissions and content access |
US20160110555A1 (en) * | 2014-10-21 | 2016-04-21 | Institute For Information Industry | Resource sharing apparatus, method, and non-transitory computer readable storage medium thereof |
CN104320421A (en) * | 2014-11-18 | 2015-01-28 | 上海凌云天博光电科技有限公司 | Method and device for setting MAC quantity limit values for MoCA equipment ports |
JP2016177417A (en) | 2015-03-19 | 2016-10-06 | Nttエレクトロニクス株式会社 | Processing apparatus and remote management system |
JP6039046B2 (en) * | 2015-12-10 | 2016-12-07 | 日立マクセル株式会社 | Content transmission device |
JP6064026B2 (en) * | 2015-12-24 | 2017-01-18 | 日立マクセル株式会社 | Content transmitting / receiving apparatus and content transmitting method applied thereto |
JP6925907B2 (en) * | 2017-08-09 | 2021-08-25 | オムロンヘルスケア株式会社 | Data transmitters, data receivers, methods and programs |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5638448A (en) * | 1995-10-24 | 1997-06-10 | Nguyen; Minhtam C. | Network with secure communications sessions |
US20050210280A1 (en) * | 2004-03-19 | 2005-09-22 | Nokia Corporation | Practical and secure storage encryption |
US20070108019A1 (en) * | 2003-11-13 | 2007-05-17 | Applied Materials, Inc. | Break-away positioning conveyor mount for accommodating conveyor belt bends |
US20080168272A1 (en) * | 2002-11-27 | 2008-07-10 | Kabushiki Kaisha Toshiba | Communication scheme using outside dtcp bridge for realizing copyright protection |
Family Cites Families (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4881538B2 (en) | 2003-06-10 | 2012-02-22 | 株式会社日立製作所 | Content transmitting apparatus and content transmitting method |
JP4369191B2 (en) * | 2003-09-26 | 2009-11-18 | 株式会社ルネサステクノロジ | Terminal device and authentication system |
US20050198506A1 (en) * | 2003-12-30 | 2005-09-08 | Qi Emily H. | Dynamic key generation and exchange for mobile devices |
JP4982031B2 (en) | 2004-01-16 | 2012-07-25 | 株式会社日立製作所 | Content transmission apparatus, content reception apparatus, content transmission method, and content reception method |
JP4608886B2 (en) | 2004-01-16 | 2011-01-12 | 株式会社日立製作所 | Content transmitting apparatus and method |
JP4645049B2 (en) | 2004-03-19 | 2011-03-09 | 株式会社日立製作所 | Content transmitting apparatus and content transmitting method |
JP4421981B2 (en) * | 2004-09-09 | 2010-02-24 | パイオニア株式会社 | Content remote viewing system, content remote viewing server device, content remote viewing recording / playback device, content remote viewing method, and computer program |
JP2006323707A (en) | 2005-05-20 | 2006-11-30 | Hitachi Ltd | Content transmission device, content reception device, content transmission method and content reception method |
KR100703805B1 (en) * | 2006-02-15 | 2007-04-09 | 삼성전자주식회사 | Method and apparatus using drm contents with roaming in device of external domain |
US7822863B2 (en) * | 2006-05-12 | 2010-10-26 | Palo Alto Research Center Incorporated | Personal domain controller |
JP4962117B2 (en) * | 2007-04-25 | 2012-06-27 | コニカミノルタホールディングス株式会社 | Encryption communication processing method and encryption communication processing apparatus |
-
2008
- 2008-03-17 JP JP2008066964A patent/JP5331354B2/en active Active
-
2009
- 2009-02-16 CN CN2009801012910A patent/CN101889413A/en active Pending
- 2009-02-16 US US12/746,876 patent/US8984646B2/en active Active
- 2009-02-16 WO PCT/JP2009/052504 patent/WO2009116338A1/en active Application Filing
- 2009-02-16 EP EP09723087.4A patent/EP2267936B1/en active Active
-
2014
- 2014-12-18 US US14/575,902 patent/US20150106954A1/en not_active Abandoned
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5638448A (en) * | 1995-10-24 | 1997-06-10 | Nguyen; Minhtam C. | Network with secure communications sessions |
US20080168272A1 (en) * | 2002-11-27 | 2008-07-10 | Kabushiki Kaisha Toshiba | Communication scheme using outside dtcp bridge for realizing copyright protection |
US20070108019A1 (en) * | 2003-11-13 | 2007-05-17 | Applied Materials, Inc. | Break-away positioning conveyor mount for accommodating conveyor belt bends |
US20050210280A1 (en) * | 2004-03-19 | 2005-09-22 | Nokia Corporation | Practical and secure storage encryption |
Also Published As
Publication number | Publication date |
---|---|
EP2267936A4 (en) | 2015-01-21 |
WO2009116338A1 (en) | 2009-09-24 |
JP2009225074A (en) | 2009-10-01 |
EP2267936B1 (en) | 2018-11-28 |
US8984646B2 (en) | 2015-03-17 |
JP5331354B2 (en) | 2013-10-30 |
CN101889413A (en) | 2010-11-17 |
EP2267936A1 (en) | 2010-12-29 |
US20100268955A1 (en) | 2010-10-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8984646B2 (en) | Content transmission device and content reception device | |
US10542307B2 (en) | Content transmission device and content transmission method | |
KR100593768B1 (en) | Content sending device, content receiving device and content transmitting method | |
JP5614016B2 (en) | COMMUNICATION SYSTEM, COMMUNICATION DEVICE AND COMMUNICATION METHOD, COMPUTER PROGRAM, CONTENT PROVIDING DEVICE, AND CONTENT PROVIDING METHOD | |
US20150156270A1 (en) | Content transmission device | |
US8589970B2 (en) | Content transmitter and receiver apparatus and content transmitting and receiving method | |
JP6545835B2 (en) | CONTENT TRANSMISSION DEVICE, AND CONTENT TRANSMISSION METHOD THEREOF | |
EP1349343A1 (en) | Communication devices with limited copyright protection range | |
US20150149778A1 (en) | Content reception apparatus and method, and content transmission apparatus and method | |
US20060168292A1 (en) | Apparatus and method for receiving or transmitting contents | |
JP5315542B2 (en) | Content transmission method, content transmission device, content reception method, and content reception device | |
JP6848013B2 (en) | Content transmission device and its content transmission method | |
JP2006155332A (en) | Apparatus and method for outputting contents, and apparatus and method for acquiring contents | |
JP6614279B2 (en) | Remote access content provision method | |
JP5734367B2 (en) | Content transmission device, content reception device, content transmission method, and content reception method | |
JP5163726B2 (en) | Content transmission device, content reception device, and content transmission method | |
JP6065881B2 (en) | Communication device | |
JP2011087156A (en) | Data transmitting apparatus, data receiving apparatus, and data transmitting/receiving system | |
JP2011061644A (en) | Apparatus and method for transmitting content |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |
|
AS | Assignment |
Owner name: MAXELL, LTD., JAPAN Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:HITACHI MAXELL, LTD.;REEL/FRAME:045142/0208 Effective date: 20171001 |