WO2001063834A1 - Enregistreur et systeme de distribution utilisant celui-ci - Google Patents

Enregistreur et systeme de distribution utilisant celui-ci Download PDF

Info

Publication number
WO2001063834A1
WO2001063834A1 PCT/JP2001/001349 JP0101349W WO0163834A1 WO 2001063834 A1 WO2001063834 A1 WO 2001063834A1 JP 0101349 W JP0101349 W JP 0101349W WO 0163834 A1 WO0163834 A1 WO 0163834A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
data
encrypted
recording device
content data
Prior art date
Application number
PCT/JP2001/001349
Other languages
English (en)
Japanese (ja)
Inventor
Yoshihiro Hori
Hiroshi Takemura
Takatoshi Yoshikawa
Toshiaki Hioki
Takahisa Hatakeyama
Tadaaki Tonegawa
Takeaki Anazawa
Original Assignee
Sanyo Electric Co., Ltd.
Fujitsu Limited
Hitachi, Ltd.
Nippon Columbia Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sanyo Electric Co., Ltd., Fujitsu Limited, Hitachi, Ltd., Nippon Columbia Co., Ltd. filed Critical Sanyo Electric Co., Ltd.
Priority to AU2001234149A priority Critical patent/AU2001234149A1/en
Publication of WO2001063834A1 publication Critical patent/WO2001063834A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/0021Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier

Definitions

  • the present invention relates to an information distribution system for distributing information for enabling reproduction of content data corresponding to music or the like to a terminal such as a mobile phone;
  • the present invention relates to a recording device, such as a memory card, which can protect copyrights against the like.
  • Such a vending machine sells music data by recording the music data on a writable recording medium, for example, an MD.
  • a writable recording medium for example, an MD.
  • the recording time per song is several tens of seconds
  • a user who intends to purchase about 10 songs at a time must still wait for more than a few minutes to purchase the song.
  • the present invention has been made in order to solve the above problems, and an object of the present invention is to exchange data via an information communication network, for example, an information communication network such as a mobile phone. It is an object of the present invention to provide a recording apparatus capable of easily supplying music data to a possible user while protecting copyright.
  • Another object of the present invention is to provide a user who can exchange data via an information communication network, for example, an information communication network such as a mobile phone, while protecting copyright and easily transmitting music content information.
  • the purpose is to provide a data distribution system that can supply the data.
  • Still another object of the present invention is to provide a data distribution system capable of preventing distributed copyrighted work data from being reproduced or copied without permission from the copyright holder without restriction.
  • a recording device is a recording device for storing encrypted content data and license information enabling decryption of encrypted content data, wherein the encrypted content data is stored in advance.
  • a first storage means that is stored in a nonvolatile manner and is read-only, and a first key for decrypting the license information and the encrypted content data is stored in a nonvolatile manner as needed and is readable and writable.
  • the recording device which is a recording device for storing encrypted content data and license information for permitting decryption of the encrypted content data, wherein the encrypted content data and the encrypted content are stored.
  • a first storage unit which stores in advance in a nonvolatile manner the data obtained by encrypting the first link for decrypting the data with the second key and which is read-only, and license information
  • Second storage means for non-volatilely storing and readable and writable at any time, first key holding means for holding a second key, and a first key based on the second key.
  • First decryption processing means for decrypting and extracting the first key, and outputting the first key decrypted by the first decryption processing means to the outside in accordance with the license information stored in the second storage means.
  • Output means that can be used.
  • a recording device which is a recording device for storing encrypted content data and license information enabling decryption of the encrypted content data, wherein the encrypted content data is stored in a nonvolatile manner in advance. And a read-only first storage means, and a first key for decrypting the license information and the encrypted content data in a non-volatile manner at any time, and a readable and writable first key.
  • a recording device wherein the recording device stores encrypted content data and license information for permitting decryption of the encrypted content data.
  • Non-volatile storage of encrypted content data and encrypted data that allows the first key for decrypting the encrypted content data to be decrypted with the second key and read-only A first storage unit, a second storage unit that stores the license information in a nonvolatile manner at any time and is readable and writable, and a first key holding unit that holds a second key.
  • First decryption processing means for decrypting and extracting the first key based on the second key, and encrypting the first key decrypted and extracted by the first decryption processing means with the third key For outputting the first key encrypted with the third key to the outside in accordance with the license information stored in the second storage means. Force means.
  • the recording device has the configuration of the recording device according to any one of claims 1 to 4, wherein the first storage unit stores additional information in advance, and the additional information is: Contains at least the information necessary to obtain license information for encrypted content data.
  • the recording device has the configuration of the recording device according to any one of claims 1 to 4, and the recording device receives the license information by distribution, and the first storage unit has an additional function.
  • the information is stored in advance, and the additional information includes at least information that can specify the distribution source of the license information for the encrypted content data.
  • the recording device has, in addition to the configuration of the recording device according to claim 3 or 4, a fourth key each time an output of the first key from the outside to the outside of the recording device is requested.
  • the recording device according to claim 8 is a recording device according to claim 7, further comprising a second encryption process for performing an encryption process using a first public encryption key input from outside. Means is further provided, and the third key is given from the outside of the recording device after being subjected to the first public encryption key.
  • the recording device has the configuration of the recording device according to claim 7 or 8, and further includes a key generation unit that is further configured to execute a process for inputting / outputting license information to the outside of the recording device. 4.
  • the recording device generates a second key, and the recording device retains a second public encryption key predetermined for the recording device and outputs the second public encryption key to the outside.
  • a third key holding unit that is asymmetric with the encryption key and holds a first secret decryption key for decrypting data encrypted by the second public encryption key; and a second public key.
  • a second decryption processing means for receiving data encrypted with the open encryption key from outside and decrypting and extracting with the first secret decryption key; and a fifth decryption means externally encrypted with the first public encryption key.
  • the second encryption processing means for receiving the key, encrypting the fourth key with the fifth key decrypted and extracted by the second decryption processing means, and outputting it to the outside, and the fourth key
  • Third decryption processing means for receiving the encrypted data from the outside and decrypting the data, and receiving the license information from the outside as data encrypted with the fourth key, and performing the third decryption processing
  • the license information decrypted and extracted by the means is given to the second storage means.
  • the recording apparatus includes, in addition to the configuration of the recording apparatus according to claim 9, a fourth key holding unit that holds a second public encryption key unique to each recording apparatus, Fifth key holding means which is asymmetric with the second public encryption key and holds a second secret decryption key for decrypting data encrypted by the second public encryption key. And fourth decryption processing means for decrypting and extracting data encrypted with the second public encryption key with the second secret decryption key.
  • the second encryption processing unit further comprises: The fifth key decrypted by the first public encryption key is received, and the fourth key and the third public encryption are decrypted by the fifth key decrypted and extracted by the second decryption processing means.
  • the key is encrypted and output to the outside, and is encrypted as data encrypted from the outside with the second public encryption key and decrypted with the fourth key.
  • the license information encrypted with the second public encryption key decrypted and extracted by the third decryption processing means is further decrypted and extracted by the fourth decryption processing means. Give to the second storage means.
  • the recording device according to claim 11 is the same as the recording device according to any one of claims 1 to 10, wherein the first storage unit is a mask ROM.
  • the recording device according to claim 12 is the recording device according to any one of claims 1 to 10, and the second storage unit is a flash memory.
  • a recording device is the recording device according to any one of the first to thirteenth aspects, and the recording device is a memory card.
  • a distribution system is a distribution system for distributing license information for permitting decryption of encrypted content data.
  • a distribution server for distributing connection information, and a first terminal device for exchanging data with the distribution server, wherein the first terminal device includes a first transmission / reception device, and an encryption / decryption device.
  • a first recording device for receiving and storing license information for permitting decryption of the encrypted content data
  • the first recording device includes: an encrypted content data;
  • the first key for decrypting the encrypted content data is encrypted so that it can be decrypted with the second key unique to the encrypted content data, and the additional information for specifying the distribution source of the license information
  • a read-only first storage unit for pre-recording information in a nonvolatile manner, a read-write writable second storage unit for receiving and storing license information as needed, and a first storage unit for holding a second key Key retention means and a second key
  • first decryption processing means for decrypting and extracting the first key, and first encryption processing for encrypting the first key extracted by the first decryption processing means with the third key Means for outputting the first key encrypted with the third key and the encrypted content data to the outside of the recording device in accordance with the license information stored in the second storage means.
  • Output means for enabling.
  • the distribution system according to claim 15 is the distribution system according to claim 14, wherein the first terminal device includes a session key generation unit for generating a third key, and a third key. Receiving the first key and the encrypted content data from the first recording device, and encrypting the encrypted content data with the session key encrypting means for performing encryption processing with the fourth key.
  • the first recording device further includes a content reproducing unit for decrypting and reproducing the data, wherein the first recording device requests the first terminal device to output the first key and the encrypted content data to the first terminal device. Each time the third key is encrypted by the fourth key, and further generated by the first recording device. Provided by the first terminal.
  • the distribution system according to claim 16 further includes a second terminal device in addition to the configuration of the distribution system according to claim 14, wherein the second terminal device includes a second transmitting / receiving device, The content data encrypted from the recording device, the data obtained by encrypting the first key with the second key unique to the encrypted content data, and the additional information are received and encrypted.
  • a second recording device for receiving and storing license information for permitting decryption of the content data wherein the second recording device comprises: Encrypted content data, and data obtained by encrypting a first key for decrypting the encrypted content data so that the first key can be decrypted by a second key specific to the encrypted content data.
  • Third storage means for storing additional information for specifying the distribution source of license information as needed, fourth storage means for receiving and storing license information as needed, and holding a second key
  • a second key holding unit for holding a second decryption processing unit for decrypting and extracting the first key based on the second key, and a first key extracted by the second decryption processing unit.
  • a second encryption processing means for encrypting with the key of (3), and outputting the first key encrypted with the third key and the encrypted content data to the outside of the recording device, Output means enabling according to license information stored in the fourth storage means Having.
  • the distribution system according to claim 17 further includes a second terminal device in addition to the configuration of the distribution system according to claim 14, wherein the second terminal device includes a second transmission / reception device and a first transmission / reception device.
  • Content data encrypted from the recording device data obtained by encrypting the first key with a second key unique to the encrypted content data, additional information, and encrypted content data
  • a second recording device for receiving and storing license information for permitting decryption of the encrypted content data, wherein the second recording device decrypts the encrypted content data and the encrypted content data.
  • fourth storage means for receiving the license information as needed, and second key holding means for holding the second key; and decrypting the first key based on the second key.
  • a second decryption processing means for extracting, a second encryption processing means for encrypting the first key extracted by the second decryption processing means with a third key, and a third key.
  • Output means for enabling output of the encrypted first key and the encrypted content to the outside of the recording device in accordance with the license information stored in the fourth storage means.
  • the first recording device clears the license information in the second storage device after transferring the license information to the second recording device.
  • the distribution system according to claim 18 is the distribution system according to any one of claims 1 to 17, and the second storage means is a mask ROM.
  • each of the first and second recording devices is a memory card.
  • FIG. 1 is a conceptual diagram for schematically explaining the overall configuration of the data distribution system of the present invention.
  • FIG. 2 is a diagram illustrating characteristics of keys related to encryption used for communication and data to be distributed in the data distribution system shown in FIG.
  • FIG. 3 is a schematic block diagram showing the configuration of the license server 10 shown in FIG.
  • FIG. 4 is a schematic block diagram for explaining the configuration of mobile phone 100 shown in FIG.
  • FIG. 5 is a schematic block diagram for explaining the configuration of memory card 110 shown in FIG.
  • FIG. 6 is a conceptual diagram showing the allocation of the storage area of the license holding unit 144 to the data stored in the memory 144 shown in FIG.
  • FIG. 7 is a first flowchart for illustrating a distribution operation at the time of purchase of license information in the data distribution system according to the first embodiment.
  • FIG. 8 is a second flowchart for describing a distribution operation at the time of purchase of license information in the data distribution system according to the first embodiment.
  • FIG. 9 is a conceptual diagram showing data stored in the memory 1415 in the memory card 110 and the license holding unit 1440 after the distribution operation.
  • FIG. 10 is a flowchart for explaining the operation of each unit during the reproduction session.
  • FIG. 11 is a conceptual diagram illustrating the configuration of the data distribution system according to the second embodiment.
  • FIG. 12 is a diagram showing data and keys used for the RAM type memory card 112.
  • FIG. 13 is a schematic block diagram for explaining the configuration of the memory card 112 shown in FIG.
  • FIG. 14 is a flowchart for explaining the process of copying encrypted content data (duplication session).
  • FIG. 15 is a first flowchart for describing distribution operation at the time of purchase of license data in the data distribution system according to the second embodiment.
  • FIG. 16 is a second flowchart for describing a distribution operation at the time of purchase of license data in the data distribution system according to the second embodiment.
  • FIG. 17 is a conceptual diagram for explaining the movement processing.
  • FIG. 18 is a first flowchart for explaining the transfer processing between the memory card 110 and the memory card 112.
  • FIG. 19 is a second flowchart for explaining the transfer processing between the memory card 110 and the memory card 112.
  • FIG. 20 is a conceptual diagram showing data stored in the memory card 110 after the movement processing.
  • FIG. 1 is a conceptual diagram for schematically explaining the overall configuration of the data distribution system of the present invention.
  • the license data required to reproduce the encrypted music data is distributed to each user who owns the memory card storing the encrypted music data via the mobile phone network.
  • the configuration of the distribution system will be described as an example. However, as will be apparent from the following description, the present invention is not limited to such a case, and other works such as image data, map data, and game programs It can also be applied to the distribution of license data that enables users to reproduce copyrighted works such as, etc., and also to the case of distribution via other digital information communication networks as well as mobile phone networks. It is something.
  • a mobile phone incorporating a data playback function is taken as an example.
  • the present invention is not limited to a mobile phone, but can be connected to an information communication network to obtain license data necessary for reproducing music data. Any data reproducing device can be applied.
  • the data playback function and the function of connecting to a digital information communication network to obtain license data and receiving the distribution of license data may be configured as individual devices. That is, it may be constituted by a reproduction-only device for reproducing data and a distribution terminal device connected to a digital information communication network for obtaining license data.
  • encrypted music data (encrypted music data) is transmitted to user 1 or the like who uses mobile phone 100 and the copyright of the music data and a server described later.
  • a memory card 110 in which plain-text additional information data such as access conditions and the like are recorded in advance exclusively for reading is distributed.
  • the memory card 110 is provided with a read-only memory (ROM: Read Only Memory).
  • ROM Read Only Memory
  • the ROM is not particularly limited. For example, a so-called “mask ROM” can be used.
  • the ROM part can be mass-produced at low cost.
  • the user 1 cannot reproduce the music data as it is.
  • the mobile phone 100 of the user 1 reads, for example, the plaintext additional information data recorded on the memory card 110, and enables the encrypted music data to be reproduced based on the plaintext additional information. Need to receive the distribution of information.
  • the authentication server 12 is a regular memory card that is permitted to receive the distribution from the memory card 110 attached to the mobile phone 100 of the user 1 who has accessed the distribution of the music data. Is Approve or not.
  • the mobile phone company 20 relays a distribution request (delivery request) from each user to the license server 10 through its own mobile telephone network.
  • the license server 10 Upon receiving the distribution request, the license server 10 confirms that the user's memory power is an authorized memory card by the authentication server 12 and encrypts the requested license data, etc. It is distributed to each user's mobile phone via the mobile phone network of the mobile phone company 20.
  • a license server 10 an authentication server 12, and a mobile phone company 20 are collectively referred to as a distribution server 30.
  • the process of transmitting license data and the like from the distribution server 30 to each mobile phone terminal or the like is referred to as “delivery”.
  • the mobile phone 100 of the user 1 can read and write at any time to store the ROM for recording the above-mentioned encrypted music data and the plaintext additional information data, and to store the distributed license data and the like.
  • a non-volatile storage element (for example, flash memory, EEPROM, etc.) is provided to perform decryption processing on the encrypted music data, thereby performing music in a music playback unit (not shown) in the mobile phone 100.
  • a memory card 11 ⁇ that can perform predetermined processing enabling playback can be inserted and removed, and a headphone 130 for the user 1 to listen to the played music can be connected. Yes.
  • the distribution carrier 20 counts the number of times each time one piece of license data is distributed, for example, so that the license fee including the copyright fee can be reduced by the mobile phone company 20 for the corresponding mobile phone. If the call charge is collected at the same time, the copyright holder can easily secure the copyright fee.
  • the system in order for the user to be able to reproduce music data (content data) distributed by encryption, the system requires, first, This is the method of encrypting the content data itself. This is a method for delivering license data required for data reproduction.
  • the third is a configuration that implements data protection to prevent unrestricted access to license data.
  • FIG. 2 is a diagram illustrating characteristics of a key used for encryption processing for copyright protection and data to be distributed in the data distribution system shown in FIG.
  • Data stored in the ROM in the memory card 11 ⁇ is content data such as music data.
  • the content data Data is in the form of encrypted content data ⁇ Data ⁇ Kc that has been encrypted at least by the content decryption link Kc, and is stored in the ROM in the memory card 110. Stored at the time of shipment and distributed to users.
  • the notation ⁇ Y ⁇ X indicates that the data ⁇ is information obtained by converting data ⁇ into a cipher that can be decrypted with the key X.
  • the notation ⁇ ⁇ indicates that the data ⁇ and ⁇ ⁇ ⁇ ⁇ are information obtained by converting each of the data ⁇ and ⁇ into a cipher that can be decrypted with the key X.
  • the ROM in the memory card 110 includes, in addition to the content ID for identifying the content data by the system and the encrypted content data, additional information as plain text data including copyright or server information on the content data. inf is stored at the time of shipment, like the encrypted content data ⁇ Data ⁇ Kc. That is, the additional information Data-inf includes information on the content data such as the title of the content data, information for specifying the content data, information for specifying which server the distribution server 30 is, and the like. Is included.
  • the ROM in the memory card 110 includes a content decryption key Kc for decrypting the encrypted content data, and a playback circuit indicating playback conditions in the content playback circuit in the mobile phone 100.
  • the control information AC2 is stored as data ⁇ Kc ⁇ Ac2 ⁇ K (k) encrypted with the secret common key K (k).
  • the reproduction condition of the content reproduction circuit means a condition such as allowing reproduction of only a predetermined time at the beginning of each content data, for example, when distributing a sample at a low price or for free as a promotion of a new song. I do.
  • the secret common key K (k) is, for example, This is a common key unique to the type of music, for example, a song in a particular album of an artist, and the natural number k represents a number for distinguishing each content type.
  • the memory card 110 forms one album, and that the memory card 111 has one unique common key K (k).
  • the following are keys related to decryption and reproduction processing of content data and authentication of a mobile phone as a content reproduction circuit and a memory card as a recording device.
  • the public encryption key KPp (x) unique to the type of the content reproduction circuit (mobile phone 100) and the public encryption key KPmc (j) unique to the type of the memory card are provided respectively.
  • the data encrypted by the public encryption keys KPp ( ⁇ ) and KPmc (j) are used as the secret decryption key K P (x) unique to the content reproduction circuit (cellular phone 100) and the memory card specific. Each can be decrypted using the secret decryption key Kmc (j).
  • These unique secret decryption keys have different contents for each type of mobile phone and each type of memory card.
  • the types of mobile phones and memory cards are defined based on the types of manufacturers that manufacture them and the differences in the manufacturing time (production lot), and the natural numbers x and j are used for each memory card and content reproduction circuit ( Indicates the number for distinguishing the type (class) of mobile phone.
  • the public encryption keys KPmc (j) and KPp (X) set for each memory card and content playback unit described above are registered with the certificate authority, respectively, and are used by the certificate authority to certify their validity. Format that can be authenticated by the authentication key KPma
  • ⁇ KPmc (j) ⁇ KPma and ⁇ KPp (x) ⁇ KPma which are recorded on the memory card and mobile phone at the time of shipment.
  • the following information is provided as information for controlling the operation of the devices constituting the system, that is, the mobile phone 10 ⁇ and the memory card 110, which are content reproduction circuits.
  • a purchase agreement transmitted from the mobile phone 100 to the distribution server 30 to specify the purchase conditions is provided.
  • a secret encryption key KPm (i) (i: natural number) set for each recording device called a memory card, and a secret encryption key
  • Km (i) i: natural number
  • the natural number i represents a number for distinguishing each memory card.
  • keys used for data communication.
  • the server 30 and the mobile phone are used every time the “distribution”, “reproduction”, and “move” of the content data are performed as an encryption key for maintaining confidentiality in data transfer between the memory card and the outside of the memory card.
  • the common keys Ks1 to Ks4 generated in the telephone set 100 and the memory card 110 are used.
  • the common keys Ksl to Ks4 are unique common keys generated for each “session” which is a unit of communication or access between the distribution server, the mobile phone, or the memory card.
  • the common keys Ksl to Ks4 of are referred to as “session keys”.
  • These session keys Ksl to Ks4 are generated by the distribution server, the mobile phone, and the memory card by having a unique value for each communication session.
  • the session key Ksl is generated for each distribution session by the license server in the distribution server.
  • the session key Ks 2 is generated for each distribution session and movement (reception side) session by the memory card, and the session key Ks 3 is similarly generated for the playback session and movement (transmission side) 'session on the memory card.
  • the session key Ks4 is generated for each playback session in the playback circuit in the mobile phone.
  • the security strength in the session can be improved.
  • distribution of license data that enables decryption of content data on the mobile phone (for each content data identified by the content ID).
  • There is a license ID which is a management code for specifying the above.
  • license data the license ID, the content ID, the content decryption key Kc, the access control information AC1, and the reproduction circuit control information AC2 are referred to as license data.
  • FIG. 3 is a schematic block diagram showing the configuration of the license server 10 shown in FIG.
  • the license server 10 includes an information database 30 for storing distribution data such as a license ID corresponding to the encrypted music data (content data) and license data for permitting decryption of the encrypted music data. 4, a charging database 302 for holding charging data according to the start of access to music data for each user, and a data bus BS0 for transferring data from the information database 304 and the charging database 302.
  • a data processing unit 310 for receiving data via the network and performing predetermined processing, and a communication device for transmitting and receiving data between the distribution carrier 20 and the data processing unit 310 via the communication network 350.
  • the data processing unit 310 is controlled by a distribution control unit 315 for controlling the operation of the data processing unit 310 according to the data on the data bus BS0, and is controlled by the distribution control unit 315.
  • a session key generator 316 for generating a session key Ksl during a distribution session, and authentication data ⁇ KPmc (j) ⁇ KPma sent from the memory card via the mobile phone to the communication device 350 and
  • the encryption processing unit 318 for outputting the data to the data path BS1 is encrypted by the encryption processing unit 318, and each user is encrypted by the session key Ksl.
  • the transmitted data is received from the data bus BS1.
  • the data processing unit 3 io further encrypts the license data output from the distribution control unit 3 15 with the public encryption key KPra (i) unique to the memory card obtained by the decryption processing unit 3 20.
  • FIG. 4 is a schematic block diagram for explaining the configuration of mobile phone 100 shown in FIG.
  • the mobile phone 100 receives the signal from the antenna 1102 for receiving a signal wirelessly transmitted by the mobile phone network, and converts the signal from the antenna 1102 into a baseband signal.
  • a transmission / reception unit 1104 for modulating data from 00 and providing the data to the antenna 1102, a data bus BS2 for transmitting / receiving data to / from each unit of the cellular phone 100, and a data bus
  • a controller 110 for controlling the operation of the mobile phone 100 via the BS 2.
  • the mobile phone 100 further provides a touch key section 1108 for giving an external instruction to the mobile phone 100, and information output from the controller 1106 and the like to the user as visual information.
  • a sound reproducing unit 111 for reproducing sound based on data received via the data bus BS 2 in a normal call operation.
  • a connector for transmitting and receiving data between the input and output terminals and a converter for converting data from the connector to a signal that can be supplied to the data bus, or converting data from the data bus to the data bus.
  • an external interface unit 112 for converting the signal into a signal which can be given to the connector 111.
  • the mobile phone 100 further includes a removable memory card 110 for storing encrypted music data (encrypted content data) and storing information for decryption processing at any time;
  • a memory interface 1200 for controlling the transfer of data between 10 and the data bus BS 2 and a public encryption key KPp (l) set for each class of mobile phone are used as an authentication key KPma. Encrypted so that it can be decrypted It includes an authentication data holding unit 1500 that holds data.
  • the mobile phone 100 further decrypts the data received from the data bus BS2 with the ⁇ storage unit 1502 that holds the secret decryption key Kp (l) unique to the mobile phone (content reproduction circuit).
  • a decryption processing unit 1504 that decrypts with the key ⁇ (1) and obtains the session key Ks3 generated by the memory card, and in a playback session that plays back content data stored in the memory card 110,
  • a session key generator 1508 for generating a session key Ks 4 for encrypting data exchanged on the data bus BS 2 with the memory card 11 ⁇ by using a random number or the like;
  • the encryption processing unit 15 ⁇ 6 which encrypts the session key Ks 4 with the session key Ks 3 obtained by the decryption processing unit 1504 and outputs it to the data bus BS 2 and the data on the data bus BS 2
  • a decryption processing unit 1510 for decrypting with the session key Ks4 and outputting the content decryption key Kc and the data
  • the mobile phone 100 further receives the encrypted content data ⁇ Data ⁇ Kc from the data bus BS2, decrypts it with the content decryption key Kc obtained from the decryption processing unit 1510, and outputs the content data.
  • Decryption processing section 1516, a music playback section 1518 for receiving the output of the decryption processing section 1516 and playing back content data, a music playback section 1518, and an audio playback section 1 To receive the output of 112 and selectively output it according to the operation mode, and to connect to the headphones 130 and the output of the mixing unit Connection terminal 1530.
  • the reproduction circuit control information AC2 output from the decryption processing section 15010 is supplied to the controller 1106 via the data bus BS2.
  • FIG. 4 for simplicity of description, only blocks related to the distribution and reproduction of music data of the present invention among the blocks constituting the mobile phone are shown, and blocks related to the call function originally provided in the mobile phone are shown. Is partially omitted. .
  • FIG. 5 is a schematic block diagram for explaining the configuration of memory card 110 shown in FIG.
  • KPmc (j) and Kmc (j) are provided as a public encryption key and a secret decryption key specific to the type (class) of the memory card.
  • the memory card 110 stores (KPmc (1) an authentication data storage unit 1400 that stores DlKPma and Kmc (1) that is a unique decryption key set for each type of memory card.
  • Holder 1402 Km (l) holder 1421 that holds a secret decryption key Km (l) uniquely set for each memory card, and data encrypted with the secret decryption key Km (l) can be decrypted
  • It includes a KPm (l) holding unit 1416 holding a public encryption key KPm (l) and a K (l) holding unit 1450 holding a secret key K (l) unique to the type of content data.
  • the natural number k indicating the type of content is assumed to be 1.
  • the authentication data holding unit 1400 uses the authentication key KPma to authenticate the public encryption key KPmc (l) set for each memory card class.
  • the state that can be authenticated by is stored as ⁇ KPm C (l) ⁇ KPma.
  • the memory card 110 further includes, for each type of memory card, a data bus BS3 for transmitting and receiving signals to and from the memory interface 1200 via the terminal 1202, and data supplied from the memory interface 1200 to the data bus BS3.
  • the unique secret decryption key Kmc (1) is received from the Kmc (1) storage unit 1402, and the distribution server 30 contacts the session key Ks1 generated in the distribution session or the session key Ks3 generated in the mobile session by another memory card.
  • the memory card 110 can also be used for distribution, playback and travel sessions.
  • a session key generation unit 1418 that generates a session key Ks2 or Ks3, and a public decryption key KPp (x) or KPrac ( j), an encryption processing unit 1410 that outputs the data to the data bus BS3 and outputs data to the data bus BS3; and a session key generation unit 1418 that receives data encrypted by the session key Ks2 or Ks3 from the BS3.
  • a decryption processing unit 1412 for decrypting with the obtained session key Ks2 or Ks3 and transmitting the decryption result to the data bus BS4.
  • the mobile phone 110 further includes an encryption processing unit 1424 for encrypting data on the data bus BS 4 with a public encryption key KPra (i) (i ⁇ 1) unique to another memory card;
  • a decryption processing unit 1454 for decrypting with the secret key K (l), data ⁇ Kc ⁇ AC2 ⁇ K (l) in which the content decryption key Kc and the reproduction circuit control information AC2 are encrypted with the secret key K (1),
  • a read-only nonvolatile memory 1415 for previously storing the encrypted content data ⁇ Data ⁇ Kc and the additional information Data-inf.
  • the read-only nonvolatile memory 1415 is not particularly limited, but may have any configuration as long as data stored at the time of shipment cannot be erased or rewritten by a user.
  • it is composed of a read-only semiconductor memory represented by a mask ROM.
  • a mask ROM which is a typical read-only nonvolatile memory.
  • the memory card 110 further includes a K (l) holding unit 1450 for storing a secret key K (l) corresponding to the content data held in the mask ROM 1415 when the memory card 110 is manufactured, and a decryption processing unit 1422.
  • a license holding unit 1440 for holding the license ID and access control information AC1 obtained in accordance with the content ID, and exchanging data with the outside via the data bus BS3, and the data buses BS3 and BS4
  • a controller 1420 for controlling the operation of the memory card 110 via the controller.
  • the license holding unit 1440 can exchange data of the distributed content ID, license ID, and access control information AC1 with the data bus BS4. You.
  • the license holding unit 1440 stores a license ID and access control information AC1 for each content ID.
  • FIG. 6 is a conceptual diagram showing the allocation of the storage area of the license holding unit 1440 to the data stored in the memory 1415 shown in FIG.
  • the state shown in FIG. 6 is a state at the time of shipment, no license ID is written in the license holding unit 1440, and the access control information AC1 indicates that the reproduction process of the encrypted content data is prohibited. 0000 "is stored.
  • the memory card 110 holds the content decryption key Kc and the reproduction circuit control information AC2, which are a part of the license data, for each content, in other words, for each content that can be identified by the content ID. It stores data ⁇ Kc2AC2 ⁇ K (l), encrypted content data ⁇ Data ⁇ Kc, and additional information Data-inf, which are encrypted with an album-specific secret common key K (l).
  • the mask ROM 1415 stores a plurality of songs included in a certain album
  • the content ID identifies each song
  • Control information AC2 and additional information Data-inf can be set.
  • the present invention is not limited to such a case.
  • the mask RO Ml 415 contains songs of a plurality of albums, and each album has a content decryption key Kc and a secret common key K (l).
  • the reproduction circuit control information AC2 and the like may be set to different values.
  • a secret common key K (l) may be set for each song.
  • FIG. 6 shows that the content ID is also stored in the license holding unit 1440, the content ID is not necessarily limited to such a configuration.
  • the license holding unit is included in the mask ROM 1415. It is also possible to store in advance a table indicating the storage area allocation of the 1440, and not to store the content ID in the license holding unit 1440.
  • the content decryption keys of all the encrypted content data ⁇ Data ⁇ Kc and the playback circuit control information AC 2 are encrypted in the mask ROM 1415.
  • the content decryption key Kc is stored in the license holding unit 1440. It is also possible to provide an area for storing the reproduction circuit control information AC2 for each content, and to handle the same as other license data.
  • the license holding unit 1440 shows that the content ID and the access control information indicating reproducibility are stored. The same result can be obtained by shipping the area corresponding to the encrypted content data ⁇ Data ⁇ Kc without storing all the license data.
  • the access information AC1 in the license holding unit 1440 for all the encrypted content data ⁇ Data ⁇ Kc stored in the mask ROM1415 at the time of shipment cannot be reproduced.
  • the license data that can be reproduced by several stations or all encrypted content data is stored in the license holding unit in advance.
  • the encrypted content data ⁇ Data ⁇ Kc and its additional information Data-inf and the encrypted data ⁇ Kc ⁇ ACl ⁇ K (l) stored in the mask ROM the encrypted content data ⁇ Data ⁇ Kc
  • the file system management information such as FAT (File Allocation Table), for managing the data and the additional information Data-inf can be stored in the mask ROM 145 in advance.
  • encrypted content data such as FAT (File Allocation Table)
  • a relation table of license data with respect to ⁇ Data ⁇ Kc can be stored in the mask ROM 14 15 in advance.
  • FIGS. 7 and 8 show distribution operations at the time of purchase of license data (license, content ID, content decryption key Kc, access control information AC1, reproduction circuit control information AC2) in the data distribution system according to the first embodiment.
  • FIG. 2 is a first and a second flowchart for explaining a distribution session.
  • FIGS. 7 and 8 illustrate the operation in the case where the user 1 receives the distribution of the license data from the distribution server 30 via the mobile phone 100 by using the memory card 110.
  • a license distribution request is made by the user 1 from the mobile phone 100 of the user 1 by operating the key buttons of the touch key unit 1108 (step S100).
  • the memory card 110 outputs the additional information Data-inf stored in the memory 1415 to the mobile phone 100 (step S101).
  • the mobile phone 100 acquires the content ID requesting license distribution and the telephone number of the license server from the additional information Data-inf (step S102).
  • the user dials based on the telephone number of the license server.
  • authentication data ⁇ KPmc (l) ⁇ KPma is output from authentication data holding unit 1400 in memory card 100 (step S105).
  • the mobile phone 100 stores the authentication data received from the memory card
  • ⁇ KPmc (l) ⁇ KPraa a content ID for designating content data to be distributed, and a license purchase condition AC are transmitted to distribution server 30 (step S106).
  • the distribution server 30 receives the content ID and the authentication data ⁇ KPmc (l) ⁇ KPraa and the license purchase condition AC from the mobile phone 100 (step S107), and the decryption processing unit 312 uses the authentication key KPma. Perform decryption processing.
  • the public encryption key KPmc (l) which has been encrypted with this authentication key KPma, is registered properly with the certification authority that registers and manages the class-specific public encryption key, and the certification authority uses the authentication key KPma. If the approveable encryption is performed, the public encryption key KPnic (l) of the memory card 110 is accepted. On the other hand, if it is not registered properly, the unregistered public encryption key KPmc (l) is not accepted (step S108).
  • the distribution control unit 315 is registered with the certification authority based on the received secret encryption key KPmc (l), and the secure secret decryption key KPc (l), which is a pair, is not broken. An inquiry is made to the authentication server 12 as to whether or not the public encryption key is KPmc (l) (step S110). These public encryption keys are accepted in step 108, and are authenticated. If the key is registered and secure, it is determined to be valid and the next process
  • step S16 If the public encryption key cannot be decrypted, or if it can be decrypted but is not registered or an insecure key, it is determined to be invalid and the process ends (step S16). 0).
  • the authentication certificate is attached to each of the public encryption keys KPtnc (1). It may be configured to be encrypted so that it can be decrypted and transmitted to the distribution server 30.
  • the session key generator 316 When it is recognized as valid as a result of the inquiry, the session key generator 316 generates a session key Ksl for distribution.
  • the session key Ksl is encrypted by the encryption processing unit 318 with the public encryption key KPmc (l) corresponding to the memory card 110 obtained by the decryption processing unit 312.
  • the encrypted session key ⁇ Ks l) Kmc (l) is output to the outside via the data bus BS 1 and the communication device 350 (step S 114).
  • the memory card 110 Upon receiving the encrypted session key ⁇ Ks l ⁇ Km C (l) (step S 118), the memory card 110 receives the encrypted session key ⁇ Ks l ⁇ Km C (l) via the memory interface 120 0
  • the decryption processing unit 1444 decrypts the received data given to the data bus BS3 using the secret decryption key Kmc (1) unique to the memory card 110 stored in the storage unit 1402. Then, the session key Ksl is decrypted and extracted (step S120).
  • the encryption processing unit 1406 is connected to the switching switch 1 444 via the contact Pc of the switching switch 1444 by the session key Ksl provided from the decryption processing unit 1404 via the contact Pa of the switching switch 1442.
  • the public encryption key KPm (l) is encrypted, and ⁇ Ks2 ⁇ KPm (l) ⁇ Ks1 is output to the data bus BS3. Step S 122).
  • the data ⁇ 1 (32 ⁇ 103 ⁇ 4 (1) ⁇ 13 ⁇ 41) output to the data bus 833 is transmitted from the data bus BS 3 to the mobile phone 100 via the terminal 1202 and the memory interface 1200 (step S122). It is transmitted from telephone 100 to distribution server 30 (step S124).
  • Distribution server 30 receives encrypted data ⁇ Ks 2 // KPm (l) ⁇ Ks 1, executes decryption processing by session key Ks 1 in decryption processing section 320, and generates a session key generated by the memory card.
  • the public encryption key KPm (l) unique to the KS 2 and the memory card 110 is received (step S126).
  • distribution control unit 315 generates license, access control information AC1, and reproduction circuit control information AC2 according to the content ID and license purchase condition AC acquired in step S107.
  • the reproduction circuit control information AC 2 itself is stored in the memory 14 15 in the memory card 110, so that when the distribution to the memory card 110 is performed, it is not necessary to generate the reproduction circuit control information AC 2.
  • the O sea urchin, the distribution system to be described later, instead of the mask ROM 141 5, is also acceptable specification of a memory card with at any time read writable nonvolatile memory typified by a flash memory.
  • a memory card provided with the mask ROM 1415 will be referred to as a partial ROM type
  • a memory card provided with a read / write nonvolatile memory typified by a flash memory will be referred to as a RAM type.
  • the RAM type memory card after receiving not only the license information such as the license ID and the access control information AC1 but also the content, the content decryption key Kc, and the reproduction circuit control information AC2 from the distribution server 30, In addition, a distribution operation that enables reproduction of music can be performed by distributing the encoded content data ⁇ Data ⁇ Kc and the additional information Data-inf. For this reason, in the distribution to the partial ROM type memory card 110, similar data is distributed without distinction from the distribution processing to the RAM type memory card.
  • the distribution control unit 315 further The license key Kc for decrypting the data is obtained from the information database 304 (step S132).
  • the distribution control unit 315 converts the acquired content decryption key Kc and reproduction circuit control information AC2 and the license ID, content ID, and access control information AC1 output by the distribution control unit 315 into an encryption processing unit 326. Give to.
  • the encryption processing unit 326 outputs the public encryption key unique to the memory card 110 obtained by the decryption processing unit 320.
  • the KPm (l) encrypts the content decryption key Kc, the reproduction circuit control information AC2, the license, the content ID, and the access control information AC1 (step S136).
  • the encryption processing unit 328 receives the output of the encryption processing unit 326, and encrypts the output using the session key Ks2 generated in the memory card 110.
  • the encrypted data ⁇ Kc ⁇ AC2 ⁇ License ID ⁇ Content ID ⁇ ACl ⁇ Km (l) ⁇ Ks2 output from the encryption processing unit 328 is transmitted to the mobile phone 100 via the data bus BS1 and the communication device 350. Sent (step S138).
  • the session keys generated by the distribution server 30 and the memory card 110 are exchanged, the encryption is performed using the encryption ⁇ received by each other, and the encrypted data is transmitted to the other party.
  • mutual authentication can be effectively performed even when each encrypted data is transmitted and received, and the security of the data distribution system can be improved.
  • the mobile phone 100 receives the transmitted encrypted data ⁇ Kc ⁇ AC2 ⁇ License ID ⁇ Content ID ⁇ ACl ⁇ Km (l) ⁇ Ks2 (step S140), and in the memory card 110, the memory interface 1200
  • the decoding processing unit 1412 decodes the received data supplied to the data bus BS3 via the. That is, decoding processing section 1412 uses the session key Ks2 given from session key generating section 1418 to decode the received data on data bus BS3 and output it to data bus BS4 (step S144).
  • step 2 data that can be decrypted by the secret key Ktn (l) held in the Kra (l) holding unit 1421 is stored in the data bus BS4 ⁇ Kc ⁇ AC2 ⁇ license ID ⁇ content ID ⁇ ACl ⁇ Km (l ) Is output.
  • the data ⁇ Kc ⁇ AC2 ⁇ license ID ⁇ content ID ⁇ ACl ⁇ Km (l)
  • the data, the reproduction circuit control information AC2, the license, the content ID, and the access control information AC1 are received by decryption using the secret decryption key Km (l) (step S146).
  • the license ID, content ID, and access control information AC1 received in this manner are recorded in the license holding unit 144 (step S1).
  • a notification of the reception of the distribution is transmitted from the mobile phone 100 to the distribution server 30 (step S 15 2), and when the distribution server 30 receives the reception of the distribution (step S 15 4), the billing is performed.
  • the processing of the distribution end is executed (step S156), and the entire processing ends (step S1).
  • the content encryption unit Kmc (1) transmitted from the content reproduction unit of the mobile phone 100 and the memory card 110 in response to the distribution request is confirmed to be valid. Only content data can be delivered, so that delivery to unauthorized devices can be prohibited, thereby improving the security of the delivery.
  • the distribution processing of the license data is completed as described above, and the decryption of the encrypted content data and the reproduction of the music can be performed.
  • the mobile phone 100 receives the license data from the distribution server 30 via the mobile phone network
  • the present invention is not limited to the mobile phone network. If the device has communication means that can be connected to the distribution server 30 and writing means to the memory card 110, it is possible to obtain license data and write it to the memory card 110 in the same way. .
  • a license vending machine provided with a writing device for the memory card 110, purchase the license data from the license vending machine, and write the license data to the memory card 110.
  • the processing is performed in place of the mobile phone 100 and the distribution server 30 in FIGS. 7 and 8, and the processing is performed by the vending machine.
  • FIG. 9 shows the state of the memory card 110 after the distribution operation described in FIG. 7 and FIG.
  • FIG. 7 is a conceptual diagram showing data stored in a memory 1415 and a license holding unit 1440, and is a diagram compared with FIG.
  • the lower-order “01” indicates “reproduction permitted”.
  • a reproduction operation (hereinafter, also referred to as a reproduction session) for reproducing music from the encrypted content data stored in the memory card 110 and outputting the music to the outside in the mobile phone 100 'will be described.
  • FIG. 10 is a flowchart for explaining the operation of each unit during a reproduction session.
  • a reproduction request is generated according to an instruction of user 1 from touch key unit 1108 of mobile phone 100 (step S200).
  • mobile phone 100 In response to generation of the reproduction request, mobile phone 100 outputs authentication data ⁇ KPp (l) ⁇ KPma, which can be decrypted with authentication key KPma, to data bus BS 2 from authentication data holding unit 1500 (step S 202). .
  • the authentication data ⁇ KPp (l) ⁇ KPma is transmitted to the memory card 110 via the data bus BS2 and the memory interface 1200.
  • the decryption processing unit 144 executes decryption processing of the data on the data bus BS3 (step S204).
  • the public encryption key KPp (l) encrypted with this authentication key KPma is registered in the certificate authority and is properly encrypted, that is, it can be decrypted with the authentication key KPttia, which occurs at the time of decryption If the dependent data can be approved, the decrypted public encryption key KPp (l) is accepted. On the other hand, if decoding cannot be performed, or if dependent data generated in the decoding process cannot be approved, the obtained data is not accepted (step S206).
  • the controller 144 In response to receiving the public encryption key KPp (l), the controller 144 checks the access control information AC 1 having the corresponding content ID in the license holding unit 144 (step S 220). 8).
  • step S 208 the access control information AC 1, which is information relating to the restriction on the memory access, is checked, and if the playback is not possible, the playback session is terminated (step S 240). If the reproduction is possible but the number of times of reproduction is limited, the access control information AC1 is updated and the number of times of reproduction is updated, and then the process proceeds to the next step S212 (step S210). On the other hand, when the number of times of reproduction is not limited by the access control information AC1, the step S210 is skipped, and the process proceeds to the next step S212 without updating the access control information AC1. Transition.
  • step S240 even when the content ID of the requested music does not exist in the license holding unit 144, it is determined that reproduction is impossible, and the reproduction session is ended (step S240).
  • the controller 1420 sends the playback to the session key generation unit 1418.
  • the generation of the session key Ks 3 in the session is instructed via the data bus BS 4.
  • Generated by the session key generator 1 4 1 8 The obtained session key Ks 3 is sent to the encryption processing unit 1410.
  • the encryption processing unit 1410 encrypts the session key Ks3 with the public encryption key KPp (1) of the mobile phone 100 obtained by the decryption processing unit 1408, and converts the encrypted data ⁇ Ks3 ⁇ Kp (1) into data.
  • Output to the bus BS3 step S212).
  • Mobile phone 100 receives encrypted data ⁇ Ks3 ⁇ Kp (l) on data bus BS2 via terminal 1202 and memory interface 12 ° 0.
  • the encrypted data ⁇ Ks3 ⁇ Kp (l) is decrypted by the decryption processing unit 1504, and the session key Ks3 generated by the memory card 110 is received (step S214).
  • Controller 1106, in response to receiving session key Ks3, instructs session key generation unit 1508 via data bus BS2 to generate session key Ks4 generated by mobile phone 100 in the playback session. I do.
  • the generated session key Ks4 is sent to the encryption processing unit 1506, and ⁇ Ks4 ⁇ Ks3 encrypted by the session key Ks3 obtained by the decryption processing unit 1504 is transmitted to the data bus. Output to BS2 (step S216).
  • the encrypted session key ⁇ Ks4 ⁇ Ks3 is transmitted to the memory card 110 via the memory interface 1200.
  • the encrypted session key ⁇ Ks4 ⁇ Ks3 transmitted to the data bus BS3 is decrypted by the decryption processing unit 1412, and the session key Ks4 generated by the mobile phone 100 is received (step S218). ).
  • a decryption process for acquiring the content decryption key Kc and the playback circuit control information AC2 of the playback request music recorded in the memory is executed.
  • the decryption processing unit 1454 decrypts the encrypted data ⁇ Kc ⁇ AC2 ⁇ K (l) read from the memory 1415 onto the data bus BS4, Decryption is performed using the secret key K (l) (step S222).
  • the obtained data Kc and AC2 are sent to the encryption processing unit 1406 through the contact point Pd of the switching switch 1444.
  • the encryption processing unit 1406 further encrypts the data Kc and AC 2 received from the data bus BS4 by using the session key Ks 4 received from the decryption processing unit 1412 via the contact Pb of the switch 1442, ⁇ Kc ⁇ AC2 ⁇ Ks4 is output to the data bus BS3 (step S224).
  • the encrypted data output to the data bus BS3 is transmitted to the mobile phone 100 via the memory interface 1200.
  • the encrypted data ⁇ Kc2AC2 ⁇ Ks4 transmitted to the data bus BS2 via the memory interface 1200 is decrypted by the decryption processing unit 1510, and the content decryption key Kc and the reproduction circuit control are performed.
  • Information AC2 is received (step S226).
  • Decryption processing section 1510 transmits content decryption key Kc to decryption processing section 1516, and outputs reproduction circuit control information AC2 to data bus BS2. .
  • the controller 1 106 receives the reproduction circuit control information AC2 via the data bus BS2 and confirms whether or not reproduction is possible (step S230).
  • step S230 If it is determined in step S230 that the reproduction cannot be performed by the reproduction circuit control information AC2, the reproduction session is terminated (step S240).
  • the encrypted content data ⁇ Data ⁇ Kc of the requested music recorded in the memory from the memory card 110 is output to the data bus BS 3, and the mobile phone 100 (Step S232).
  • the encrypted content data ⁇ Data ⁇ Kc output from the memory card 110 and transmitted to the data bus BS2 is decrypted by the decryption processing unit 1516 using the license key Kc, and the plaintext content is decrypted.
  • Data can be obtained (Step S234).
  • the decrypted plaintext content data Data is reproduced as music by the music reproduction unit 1518 (step S236), and the process is terminated by outputting the music reproduced outside via the mixing unit 1525 and the terminal 1530. Yes (step S240).
  • the encryption keys generated by the mobile phone 100 and the memory card 110 are exchanged, and encryption is performed using the encryption keys received by each other. , And sends the encrypted data to the other party.
  • mutual authentication can be performed for each transmission and reception of data in the playback session as well as in the distribution session. Security can be improved.
  • the encrypted content data ⁇ Data ⁇ Kc, the content decryption key Kc, and the license information are distributed from the distribution server 30 and the music is reproduced. Can also be reproduced.
  • the user 2 directly receives content data having a considerable amount of information from the distribution server 30, a relatively long time may be required for the reception. is there.
  • the content data can be copied from the user 1 who already has the memory card 110 in which the encrypted content data is stored, convenience for the user is provided. However, at this time, from the viewpoint of protecting the rights of the copyright holder, it is not allowed in the system configuration to leave free copies of free content data.
  • FIG. 11 is a conceptual diagram for explaining the configuration of such a data distribution system according to the second embodiment.
  • Copying only the encrypted content data itself as shown in Fig. 11 is called "duplication". Since copying does not involve copying the license data, User 2 cannot play back the content data. Therefore, by performing a new distribution that distributes only the license data, the user 2 can reproduce the content data.
  • the encrypted content data stored in the partial ROM type memory card 110 can be flexibly used on the user side.
  • the mobile phones 100 and 102 are PHS (Personal Handy Phones)
  • a so-called transceiver mode call is possible, so that such a function can be used to communicate with the user 1. It is possible to duplicate information with User 2.
  • the information must be duplicated by installing both the Persianolae ROM-type memory card 110 and the RAM-type memory card 112 on the mobile phone. Is also possible.
  • FIG. 12 is a diagram showing data and links used in the data distribution system described in FIG. 11 with respect to the RAM type memory card 112, and is a diagram compared with FIG.
  • the difference from the partial ROM type memory card 110 shown in FIG. 2 is that the key K (i) is not unique to the type of content data, but a common key unique to each memory card. It is.
  • the other points are the same as those in FIG. 2, and the description thereof will not be repeated.
  • FIG. 13 is a schematic block diagram for explaining the configuration of memory card 112 shown in FIG. 11, and is a diagram to be compared with FIG. 5 showing the configuration of memory card 110.
  • the difference between the configuration of the memory card 110 shown in Fig. 5 and the configuration of the memory card 112 shown in Fig. 13 is that i) the memory 14 15 'is not a mask ROM but a flash memory.
  • K (2) The common key K (2) held by the holding unit 1450 is a unique secret common to each memory card as described above.
  • An encryption processing unit 1442 for encrypting data on the data bus BS4 with the common key K (2) is provided.
  • the memory 14 15 is a flash memory which is a typical nonvolatile memory that can be read and written at any time.
  • FIG. 14 is a flowchart for explaining a process of copying encrypted content data from the partial ROM type memory card 110 of the user 1 to the RAM type memory card 112 of the user 2 (duplication session). It is.
  • step S 300 when the user 1 makes a content data copy request on the mobile phone 100 (step S 300), the encrypted content data ⁇ Data ⁇ Kc and additional information Data-inf from the memory 141 5 of the partial ROM type memory card 110. Is output (step S302).
  • the encrypted content data ⁇ Data ⁇ Kc and the additional information Data-inf are stored in the flash memory 1415 '(step S304).
  • the mobile phone 102 Upon completion of the storage in the flash memory 141 5 ′, the mobile phone 102 transmits a content data copy acceptance (step S 306).
  • step S308 When the mobile phone 100 receives the content data copy acceptance (step S308), the copy session ends (step S310).
  • FIGS. 15 and 16 are first and second flowcharts for explaining the distribution operation at the time of purchasing license information (license ID) in the data distribution system according to the second embodiment. It is a figure compared.
  • step S148 is added between step S146 and step 150 in FIG.
  • the content decryption key Kc, license ID, content ID, access control information AC1, and reproduction circuit control information AC2 received in step S146 The key Kc and the reproduction circuit control information AC2 are encrypted by the common key K (2) and stored in the flash memory 1415 ′ as data ⁇ Kc ⁇ AC2 ⁇ K (2) (step S148). Further, the license, the content ID, and the access control information AC1 are recorded in the license holding unit 1440.
  • step S146 the content decryption key Kc and the reproduction circuit control information AC2 are decrypted by the secret decryption key Km (2), and then in step S148, the reproduction private key K (2) is decrypted.
  • the data is encrypted and stored in the memory 14 15 ′ for the following reason.
  • the combination of the public encryption key KPm (2) and the secret decryption key Km (2) which is a public key scheme using an asymmetric key, may increase the time required for decryption processing.
  • these data are re-encrypted with a common secret key K (2) unique to the memory card using a symmetric key method that can be decrypted at high speed, so that in the reproduction process of the content data corresponding to the encrypted content data, It is possible to speed up the decryption process for the content decryption key (license key) Kc and the playback circuit control information AC2, which are necessary information for the process.
  • a request for distribution of content data is made from the mobile phone 100 to the distribution server 30.
  • the distribution server 30 Upon receiving the content data distribution request, the distribution server 30 obtains the encrypted content data ⁇ Data ⁇ Kc and the additional information data Data-inf from the information database 304, and transmits these data to the data bus BS. Output via 1 and communication device 3 50.
  • the mobile phone 100 receives ⁇ Data ⁇ Kc ⁇ Data-inf and receives the encrypted content data ⁇ Data ⁇ Kc and the additional information Data-inf.
  • the encrypted content data ⁇ Data ⁇ Kc and the additional information Data-inf are transmitted to the data bus BS3 of the memory card 112 via the memory interface 1200 and the terminal 1202.
  • the received encoded content data ⁇ Data ⁇ Kc and the additional information Data-inf are directly recorded in the flash memory 1415 ′.
  • RAS encryption Rat-Sharair-Adleraan cryptosystem
  • elliptic curve encryption are cited as public key systems as described above
  • DES Data Encryption Standard
  • FIG. 17 is a conceptual diagram for explaining such a moving operation.
  • the user 2 having the memory card 112 can receive the distribution of the content data directly from the distribution server 30 using his / her mobile phone 102.
  • the convenience for the user is improved.
  • the content data itself is copied, and the user 1 has the content data.
  • the license information data necessary to make the content data reproducible together with the license data is moved to the memory card 112 of the user 2, the “movement” of the music data is distinguished from the “copy” described above. It is called.
  • the content decryption key Kc that is “license information”, the reproduction circuit control information AC2, Contents, license ID and access control information AC1 are included.
  • FIG. 7 is first and second flowcharts for explaining processing for moving content data and keys between the AM type memory cards 112 via the mobile phones 100 and 102.
  • FIG. 7 is first and second flowcharts for explaining processing for moving content data and keys between the AM type memory cards 112 via the mobile phones 100 and 102.
  • the natural card A natural number i, which is an individual identifier, is set to i 2.
  • FIGS. 18 and 19 it is assumed that the mobile phone 100 and the memory card 110 are the transmitting side, and the mobile phone 102 and the memory card 112 are the receiving side.
  • each component of the memory card 112 will be described using the same reference numerals as those of the corresponding part of the memory card 110.
  • step S400 when user 1 makes a content data copy request on mobile phone 100 (step S400), memory 1 4 15 of memory card 110 The encrypted content data ⁇ Data ⁇ Kc and the additional information Data-inf are output (step S401).
  • the encrypted content data ⁇ Data ⁇ Kc and the additional information data Data-inf are stored in the memory (flash memory) 144 '(step S402).
  • the mobile phone 102 Upon completion of the storage in the memory 1415 ′, the mobile phone 102 transmits a content data copy acceptance (step S403).
  • the license is transferred to the mobile phone 100 by the user operating the key button of the touch key unit 1108 or the like. A request is made. (Step S405).
  • the generated transfer request is transmitted to the memory card 112 via the mobile phone 102 of the user 2 on the receiving side.
  • the public data encryption key KPmc (2) corresponding to the memory card 112 is obtained from the authentication data holding unit 150. Is output as authentication data ⁇ KPmc (2) ⁇ KPtna (step S406).
  • the authentication data ⁇ KPrac (2) ⁇ of the memory card 1 12 is transmitted from the mobile phone 102 of the user 2 and received by the memory card 110 via the mobile phone 100 of the user 1 (step S 407).
  • the decryption processing unit 1408 executes decryption processing
  • KPmc (2) is registered properly and has been properly encrypted, that is, if it can be decrypted with the authentication key KPma and the dependent data generated at the time of decryption can be recognized and recognized, the decrypted public key It accepts the danikey KPmc (2) as the public encryption key of the memory card 112. On the other hand, if decoding is not possible, or if dependent data generated in the decoding process cannot be recognized, the obtained data is not accepted (step S410).
  • the controller 1420 converts the transmitted public encryption key KPmc (2) into It is determined that the public encryption key is assigned to the memory card approved for this data distribution system, and the process proceeds to the next step S412 (step S412). On the other hand, if the access is not accepted, it is determined that the access is unauthorized from an unauthorized device, and the process ends (step S450).
  • the controller 1420 instructs the session key generation unit 1418 to output the session key KS3 generated on the transmission side during the mobile session.
  • the session key Ks 3 generated by the session key generation unit 1418 is transmitted to the encryption processing unit 1410.
  • the encryption processing unit 1410 further receives the public encryption key KPmc (2) of the memory card 112 decrypted by the decryption processing unit 1408 in step S408, and uses the public encryption key KPtnc (2). Encrypt the session key Ks3.
  • the session key ⁇ Ks3 ⁇ Kmc (2) that has been changed is output to the data bus BS3 (step S414).
  • ⁇ Ks3 ⁇ Krac (2) output to data bus BS3 is transmitted to memory card 112 via memory interface 1200, mobile phone 100 and mobile phone 102.
  • the memory card 112 receives ⁇ Ks3 ⁇ Kmc (2) output from the memory card 110, and executes the decryption processing by the decryption processing unit 1404 using the secret decryption key Kmc (2) corresponding to the memory card 112. Then, the session key Ks3 generated by the memory card 110 on the transmitting side is received (step S416).
  • Controller 1420 of memory card 112 instructs session key generating section 1418 to generate session key Ks2 to be generated on the receiving side in the mobile session in response to reception of session key Ks3. .
  • the generated session key Ks2 is transmitted to the encryption processing unit 1406 via the contact Pf in the switching switch 1446 and the contact Pc in the switching switch 1444.
  • the encryption processing unit 1406 receives the session key Ks 3 obtained in step S416 from the decryption processing unit 1404, and receives a session obtained by switching between the contact Pc of the switching switch 1444 and the contact Pf and Pe of the switching switch 1446.
  • the key Ks2 and the public encryption key KPm (2) are encrypted with the session key Ks3, and ⁇ Ks2 // KPra (2) ⁇ Ks3 is output to the data bus BS3 (step S418).
  • the encoded data ⁇ 1 ( 3 2 ⁇ 1 ⁇ 111 (2) ⁇ ⁇ 3 output on the data bus 333 is transmitted to the data bus BS 3 of the memory card 110 via the mobile phones 102 and 100. It is.
  • the encrypted data transmitted to the data bus BS3 is decrypted by the code processing unit 1412 using the session key Ks3, and the session key Ks2 for the memory card 112 and the public encryption are decrypted.
  • the key KPm (2) is accepted (step S420).
  • the controller 1420 of the memory card 1 10 confirms the access control information AC 1 in the license holding unit 1440 in response to receiving the session key Ks 2 and the public encryption key KPm (2) (step S 422). ). As a result of checking the access control information AC1, if the license cannot be transferred, the transfer is stopped at this stage (step S450).
  • the process proceeds to the next step S 424, and the controller 1420 stores the access control information AC 1 of the license holding unit 1440 as “000”. O h " (Step S 4 2 4). Therefore, the access control information AC1 “0000h” corresponding to the content ID that is about to move becomes “00000h”, so that the memory card 110 is prohibited from playing the music corresponding to the content ID. You.
  • the controller 144 obtains the corresponding content ID and license ID from the license holding unit 144 (step S425).
  • the controller 1420 reads out the encrypted content decryption key Kc and the reproduction circuit control information AC2 corresponding to the moving content ID from the mask ROM 1415 and decrypts it with the key K (l). Then, the content decryption key Kc and the reproduction circuit control information AC2 are obtained (step S425).
  • the license ID, content ID, and access control information AC1 obtained from the license holding unit 144 in step S425, the content decryption key Kc and the reproduction circuit control information AC obtained in step S425. 2 is taken from the data bus BS 4 into the encryption processing section 144 2 and is encrypted.
  • the encryption processing unit 1442 4 encrypts these data with the public encryption key KPm (2) unique to the memory card 112 obtained in the decryption processing unit 144 in step S420.
  • ⁇ Kc @ AC2 ⁇ license ID @ content ID @ ACl ⁇ Km (2) is generated (step S428).
  • the encrypted data ⁇ Kc ⁇ AC 2 ⁇ License ID ⁇ Content ID ⁇ AC l ⁇ Km (2) output to the data bus BS 4 is encrypted by the encryption processing unit via the contact Pd in the switching switch 144 4. It is transmitted to 1406.
  • the encryption processing unit 1446 receives the session key Ks2 generated by the memory card 112 obtained by the decryption processing unit 124 via the contact Pb of the switching switch 1442. Then, the data received from the contact Pd is encrypted with the session key Ks2.
  • the encryption processing unit 1406 outputs ⁇ Kc // AC2 ⁇ license ID ⁇ content ID ⁇ ACl ⁇ Km (2) ⁇ Ks2 to the data bus BS3 (step S430).
  • the encrypted data output to the data bus BS3 in step S430 is transmitted to the memory card 112, which is the receiving side of the mobile session, via the mobile phones 100 and 102.
  • the decryption processing section 14 1 2 performs decryption using the session key Ks 2 generated by the session key generation section 14 18, ⁇ Kc ⁇ AC2 ⁇ license ⁇ content 10 ⁇ (: 1) & 11 (2) is accepted (step S432).
  • the received content decryption key Kc is re-encrypted by the encryption processing unit 1452 with the secret key unique to the memory card held in the K (2) holding unit 1450 ⁇ (2), and The converted ⁇ Kc ⁇ AC 2 ⁇ K (2) into the flash memory 1415
  • the license ID, the content ID, and the access control information AC1 received by the decryption processing unit 1422 are recorded in the license holding unit 1440 (step S438).
  • a move acceptance is transmitted via mobile phone 102 (step S440).
  • the mobile phone 100 ends the process (step S450).
  • mobile phone 102 allows encrypted content data ⁇ Data ⁇ Kc and content decryption key recorded on memory card 112 to be stored. It becomes possible to listen to music based on Kc. At this time, the mobile phone 100 equipped with the memory card 110 cannot play back the encrypted content data.
  • the content reproduction circuit (mobile phone) and the memory card on the receiving circuit side are authenticated, and the encrypted data is moved. Security is further enhanced.
  • FIG. 20 shows that after the movement operation described in FIG. 18 and FIG.
  • FIG. 7 is a conceptual diagram showing data stored in a memory 1415 and a license holding unit 1440 in 0, and is a diagram to be compared with FIG.
  • the content data stored in the partial ROM type memory card 110 can be used flexibly on the user side.
  • a mobile phone can be equipped with multiple cards, it is also possible to copy information by installing both a partial RQM type memory card 110 and a RAM type memory card 112 on the mobile phone. is there.
  • the transfer of the license data and the copy of the encrypted content data ⁇ Dat a ⁇ Kc and the additional information Data-inf from the partial ROM type memory card 110 to the RAM type memory card 112 are performed.
  • the same content as the encoded content data ⁇ Data ⁇ Kc stored in the mask ROM 1415 in the partial ROM type memory card is stored in the RAM type memory card 112.
  • the license data can be transferred from the RAM type memory card 112 to the partial ROM type memory card 110 under the condition that the license data managed by the ID is stored.
  • the encrypted content data is stored in the partial ROM type memory card in advance, when the content data is reproduced by the user.
  • it is only necessary to receive distribution of license data it is possible to easily supply music content information while protecting copyrights, and users can play music in a short time. .

Abstract

Dans cette invention, une carte mémoire (110) stocke les données de licences reçus qui permettent le décodage des données de contenu chiffré. Une mémoire morte non volatile (1415) contient de façon permanente les données de contenu chiffré, les données chiffrées pour décoder une clé (Kc) permettant de décoder les données de contenu chiffré avec une clé (K(1)) spécifique aux données de contenu chiffré, ainsi que des informations supplémentaires pour spécifier le distributeur des données de licences. Une unité de support de licences (1440) stocke les données de licences reçues. Un contrôleur (1420) permet à l'enregistreur de fournir la clé (Kc) et les données de contenu chiffré à l'extérieur de l'enregistreur en fonction des données de licences stockées dans la mémoire non volatile (1415).
PCT/JP2001/001349 2000-02-25 2001-02-23 Enregistreur et systeme de distribution utilisant celui-ci WO2001063834A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2001234149A AU2001234149A1 (en) 2000-02-25 2001-02-23 Recorder and distributing system using the same

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2000049454 2000-02-25
JP2000-49454 2000-02-25

Publications (1)

Publication Number Publication Date
WO2001063834A1 true WO2001063834A1 (fr) 2001-08-30

Family

ID=18571394

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2001/001349 WO2001063834A1 (fr) 2000-02-25 2001-02-23 Enregistreur et systeme de distribution utilisant celui-ci

Country Status (3)

Country Link
AU (1) AU2001234149A1 (fr)
TW (1) TW497348B (fr)
WO (1) WO2001063834A1 (fr)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004056794A (ja) * 2002-06-28 2004-02-19 Microsoft Corp コンテンツの権利管理のための領域ベース信用モデル
WO2007061090A1 (fr) * 2005-11-28 2007-05-31 Softbank Bb Corp. Système de visualisation multimédia et méthode de visualisation multimédia
JP2007166536A (ja) * 2005-12-16 2007-06-28 Softbank Bb Corp マルチメディア視聴システム及びマルチメディア視聴方法
JP2014179075A (ja) * 2006-02-24 2014-09-25 Qualcomm Incorporated アプリケーションおよびメディアコンテンツ保護配布のための方法および装置

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH07295674A (ja) * 1994-04-28 1995-11-10 Nippon Telegr & Teleph Corp <Ntt> 情報流通装置および方法
JPH09503322A (ja) * 1993-09-14 1997-03-31 スピラス インコーポレイテッド 小型データ記憶媒体に対するアクセス制御
JP2000048079A (ja) * 1998-07-30 2000-02-18 Daina Ware:Kk 二次コピー管理機能を備えたデジタルコンテンツ蓄積再生装置およびデジタルコンテンツ蓄積専用装置
JP2000048076A (ja) * 1998-07-29 2000-02-18 Nec Corp デジタル著作物流通システム及び方法、デジタル著作物再生装置及び方法、並びに記録媒体

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH09503322A (ja) * 1993-09-14 1997-03-31 スピラス インコーポレイテッド 小型データ記憶媒体に対するアクセス制御
JPH07295674A (ja) * 1994-04-28 1995-11-10 Nippon Telegr & Teleph Corp <Ntt> 情報流通装置および方法
JP2000048076A (ja) * 1998-07-29 2000-02-18 Nec Corp デジタル著作物流通システム及び方法、デジタル著作物再生装置及び方法、並びに記録媒体
JP2000048079A (ja) * 1998-07-30 2000-02-18 Daina Ware:Kk 二次コピー管理機能を備えたデジタルコンテンツ蓄積再生装置およびデジタルコンテンツ蓄積専用装置

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"Kogata memory card de ongaku chosakuken wo mamoru", NIKKEI ELECTRONICS, no. 739, 22 March 1999 (1999-03-22), pages 49 - 53, XP002940696 *
KIYOSHI YAMANAKA ET AL.: "Multimedia on demand service ni okeru joho hogo system", NTT R&D, vol. 44, no. 9, 10 September 1995 (1995-09-10), pages 813 - 818, XP002940697 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004056794A (ja) * 2002-06-28 2004-02-19 Microsoft Corp コンテンツの権利管理のための領域ベース信用モデル
JP4668524B2 (ja) * 2002-06-28 2011-04-13 マイクロソフト コーポレーション コンテンツの権利管理のための領域ベース信用モデル
WO2007061090A1 (fr) * 2005-11-28 2007-05-31 Softbank Bb Corp. Système de visualisation multimédia et méthode de visualisation multimédia
JP2007150764A (ja) * 2005-11-28 2007-06-14 Softbank Bb Corp マルチメディア視聴システム及びマルチメディア視聴方法
JP2007166536A (ja) * 2005-12-16 2007-06-28 Softbank Bb Corp マルチメディア視聴システム及びマルチメディア視聴方法
JP2014179075A (ja) * 2006-02-24 2014-09-25 Qualcomm Incorporated アプリケーションおよびメディアコンテンツ保護配布のための方法および装置
US9628447B2 (en) 2006-02-24 2017-04-18 Qualcomm Incorporated Methods and apparatus for protected distribution of applications and media content

Also Published As

Publication number Publication date
AU2001234149A1 (en) 2001-09-03
TW497348B (en) 2002-08-01

Similar Documents

Publication Publication Date Title
JP3677001B2 (ja) データ配信システムおよびそれに用いられる記録装置
JP3980355B2 (ja) ライセンス情報記憶装置、コンテンツ再生装置およびライセンス情報配信システム
JP3759455B2 (ja) データ再生装置
JP3930321B2 (ja) データ配信システムおよびそれに使用される記録装置
JP3873090B2 (ja) データ記録装置、データ供給装置およびデータ配信システム
US7243242B2 (en) Data terminal device capable of continuing to download encrypted content data and a license or reproduce encrypted content data with its casing in the form of a shell closed
EP1261185A2 (fr) Terminal créant un copie de réserve de contenu numérique
JP2002094499A (ja) データ端末装置およびヘッドホン装置
WO2002075550A1 (fr) Enregistreur de donnees restituant des donnees originales autorisees a n&#39;exister qu&#39;en un seul exemplaire
JP3934941B2 (ja) 記録装置
JP4766762B2 (ja) データ再生装置
JP3782356B2 (ja) 記録装置およびそれを用いたデータ配信システム
JP3851155B2 (ja) ライセンス移動システム、ライセンス管理サーバおよびデータ端末装置
WO2001063834A1 (fr) Enregistreur et systeme de distribution utilisant celui-ci
JP3631186B2 (ja) データ再生装置およびデータ記録装置
JP2002091827A (ja) データ端末装置
JP2002009763A (ja) データ再生装置、それを用いた端末装置、および再生方法
JP2002099509A (ja) 携帯端末装置
JP2002091456A (ja) 携帯電話機およびそれに用いるアダプタ
JP4554801B2 (ja) データ端末装置
WO2001091365A1 (fr) Systeme de distribution de donnees
JP2003101521A (ja) ライセンス管理装置およびそれを用いたデータ端末装置
JP2002026890A (ja) データ記録装置、およびデータ再生装置
JP2002099342A (ja) コンテンツ端末回路および端末装置
JP2002077133A (ja) データ記録装置およびデータ端末装置

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
ENP Entry into the national phase

Ref country code: JP

Ref document number: 2001 562906

Kind code of ref document: A

Format of ref document f/p: F

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase