WO2004034636A1 - データ管理システム及び データ復号装置 - Google Patents

データ管理システム及び データ復号装置 Download PDF

Info

Publication number
WO2004034636A1
WO2004034636A1 PCT/JP2003/012847 JP0312847W WO2004034636A1 WO 2004034636 A1 WO2004034636 A1 WO 2004034636A1 JP 0312847 W JP0312847 W JP 0312847W WO 2004034636 A1 WO2004034636 A1 WO 2004034636A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
client terminal
key
server device
encrypted
Prior art date
Application number
PCT/JP2003/012847
Other languages
English (en)
French (fr)
Japanese (ja)
Inventor
Yasunori Matsui
Original Assignee
Sony Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sony Corporation filed Critical Sony Corporation
Publication of WO2004034636A1 publication Critical patent/WO2004034636A1/ja

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords

Definitions

  • the present invention relates to a data management system, a data management method, a client terminal, a server device, a data decoding device, a data decoding method, and a recording medium.
  • the present invention relates to a recording medium on which encrypted data suitable for managing such data is recorded, a data decryption device and a data decryption method for decrypting the same.
  • Japanese Patent Application Laid-Open No. 2002-207271 discloses a technique for protecting the copyright by a CBC (Ciphering Block Chaining) system that increases the encryption strength by increasing the encryption strength.
  • CBC Ciphering Block Chaining
  • content data is divided into blocks, and the data is chained and encrypted, thereby increasing the encryption strength and setting the initial value required for the first block at the time of encryption.
  • the loss of the data area is reduced by generating the unique information of the header from the content of the sector.
  • An object of the present invention is to provide a novel data management system, a data management method, a client terminal, a server device, a data decoding device, a data decoding method, and a recording medium that can solve the problems of the conventional technology as described above. Is to provide. Another object of the present invention is to provide a data management system, a data management method, a client terminal, and a server device capable of reducing the damage on the content data provider side and safely managing the content. To provide.
  • Still another object of the present invention is to provide a recording medium on which encrypted data capable of reducing the damage on the provider side of the encrypted data and safely managing the encrypted data, a data decryption apparatus for decrypting the same, and It is to provide a data decoding method.
  • a data management system includes a server connected to a network and sequentially transmitting blocked block data, and a network connected to the network, receiving and reproducing block data from the server.
  • a data management system comprising: a client terminal configured to store block data; and a key generation unit configured to generate an authentication key based on the data stored in the data storage unit.
  • the server device after transmitting the block data, the server device receives the authentication key from the client terminal, and unless the server device performs authentication, the server device does not transmit the next block data. It is possible to prevent the process data from being transmitted to a third party who does not exist, and to safely manage the data transmitted by the server device. Further, the block data is divided into predetermined time units, and the encrypted data is encrypted. The client terminal may have decryption means for decrypting the encrypted data. The security of the data transmitted from the server device is further enhanced by transmitting the data.
  • the key generation means generates a decryption key based on the data stored in the data storage means, and the decryption means decrypts the encrypted data using the decryption key or generates a decryption key based on the authentication key.
  • a decryption key is generated, and the decryption means decrypts the encrypted data using the decryption key, or decrypts the encrypted data using the authentication key generated by the key generation means as the decryption key. Only a client terminal authenticated by the server device can obtain a decryption key for decrypting encrypted data.
  • the data storage means is a VRAM (video memory)
  • the client terminal is a display device for displaying the data written in the VRAM
  • the key generation means is a display device in which the data is written in the VRAM. Displayed on the client terminal, a decryption key can be generated. As a result, a decryption key cannot be generated unless data is expanded in VRAM for display on a display device that is a client terminal. Since the previous data must be reproduced or displayed in order to obtain the same data, the client terminal user does not need to reproduce the data from the middle or skip it and play it back. To reduce damage.
  • VRAM video memory
  • the client terminal is a display device for displaying the data written in the VRAM
  • the key generation means is a display device in which the data is written in the VRAM. Displayed on the client terminal, a decryption key can be generated. As a result, a decryption key cannot be generated unless data is expanded in VRAM for display on a display device that is
  • a data management method includes a server device connected to a network and sequentially transmitting blocked block data, and a server device connected to the network and receiving and reproducing block data from the server device.
  • What is claimed is: 1.
  • a data management method for a data management system having a client terminal comprising: a transmitting step in which a server device transmits a procedure to a client terminal; and a client terminal receiving block data transmitted from the server device.
  • Storing the data in the data storage means a key generation step of generating an authentication key based on the data stored in the data storage means, and transmitting the authentication key generated in the key generation step to the server device.
  • the next block data is transmitted only when the authentication key transmitted from the client terminal is authenticated. Therefore, the block data is transmitted to the client terminal not authenticated by the server device.
  • the data transmitted from the server device can be safely managed without transmitting the data.
  • a client terminal is connected via a network to a server device that sequentially transmits block data that has been blocked, and a block from the server device.
  • a client terminal that receives and reproduces data, a receiving unit that receives block data transmitted from a server device, a data storage unit that stores block data, and an authentication key based on the data stored in the data storage unit.
  • a server device is a server device that sequentially transmits blocked block data to a client terminal via a network, wherein a transmitting unit that transmits a block data, and the client terminal transmits the block data based on the block data. It has a receiving means for receiving the generated authentication key and an authenticating means for authenticating the authentication key received by the receiving means, and the transmitting means performs a block diagram only when the authentication key is authenticated by the authenticating means. Send. ⁇
  • a data management system includes a server connected to a network and transmitting a plurality of encrypted data, and a client terminal connected to the network and receiving encrypted data transmitted from the server.
  • the server device includes at least a transmission means for transmitting the encrypted data
  • the client terminal comprises: a decryption means for decrypting the encrypted data; and a decryption data decrypted by the decryption means.
  • a cryptographic key generation means for generating an encryption key based on the decrypted data stored in the data storage means.
  • the decryption means of the client terminal comprises: An encryption key generated from the first decrypted data obtained by decrypting the encrypted data is supplied, and the first encryption is performed using the encryption key. Decoding the next second encrypted data of the data.
  • the plurality of encrypted data transmitted from the server device is the next encrypted data unless the encryption key generated from the decrypted data obtained by decrypting the previous encrypted data is used as the decryption key. Since the client terminal cannot decrypt the encrypted data, the client terminal cannot decrypt the encrypted data, and can safely manage the data transmitted by the server device.
  • the client terminal has a transmission unit for transmitting the encryption key to the server device
  • the server device has a reception unit for receiving the encryption key from the client terminal
  • the transmitting means of the communication device may transmit the second encrypted data, and may generate the second encrypted data from the previous encrypted data.
  • the encryption key can be used as a decryption key for the next encrypted data, and can be used for authentication of the client terminal, and the data transmitted by the server device can be managed more safely.
  • the data storage means is a VRAM
  • the client terminal is a display device for displaying the data written in the VRAM
  • the key generation means is: the first decryption data is written and displayed in the VRAM. If displayed on the device, an encryption key for decrypting the second encrypted data can be generated, and the client terminal writes the data to VRAM once and plays back or displays the data. Since the encryption key to be decrypted cannot be generated, the user of the client terminal does not play the data from any position or skip the data.
  • a data management method includes a server device connected to a network and transmitting a plurality of encrypted data, and a client terminal connected to the network and receiving encrypted data transmitted from the server device.
  • a data management system data management method wherein a server device transmits encrypted data to a client terminal, and a client terminal receives and decrypts the encrypted data transmitted from the server device.
  • a data storing step in which the client terminal stores the decrypted data decrypted in the decrypting step in the data storing means, and an encryption in which the client terminal generates an encryption key based on the decrypted data stored in the data storing step.
  • a key generation step In the decryption step, an encryption key is generated from the first decryption data obtained by decrypting the first encrypted data. Using a first encryption key generated in step, the second encrypted data is then received in the first encrypted data is decrypted.
  • the second encrypted key is generated by the first encrypted key generated from the first encrypted data. Because the first encrypted data is decrypted, the client terminal that has not obtained the first encrypted data cannot decrypt the second encrypted data, and securely manages the data transmitted by the server device. can do.
  • a client terminal is a server device that transmits a plurality of encrypted data.
  • a client terminal connected to the server via a network and receiving encrypted data transmitted from the server device, comprising: a receiving unit for receiving the encrypted data; a decrypting unit for decrypting the encrypted data; and a decrypting unit.
  • Data decryption means for storing decrypted decrypted data; and a cryptographic key generation means for generating an encryption key based on the decrypted data stored in the data storage means.
  • a first encryption key generated from the first decrypted data obtained by decrypting the first encrypted data is supplied, and is received next to the first encrypted data using the first encrypted key. Decrypts the second encrypted data.
  • a data decryption device is a data decryption device that decrypts a plurality of encrypted data that has been divided into predetermined time units and encrypted, and that decrypts the encrypted data.
  • a data storage means for storing the decrypted data, and an encryption key generation means for generating an encryption key based on the decrypted data stored in the data storage means.
  • the first encryption key generated from the first decryption data obtained by decrypting the encrypted data is supplied, and the second encryption following the first encryption data is performed using the first encryption key. Decrypt the encrypted data.
  • a recording medium is a recording medium which is divided into predetermined time units and in which a plurality of encrypted data are recorded, wherein a first decryption key for decrypting second encrypted data is provided.
  • the first encrypted data temporally before the second encrypted data is included in the decrypted data, and the first decryption key is the first encrypted data. It is obtained by decoding and reproducing.
  • FIG. 1A is a block diagram schematically showing a data management system according to a first embodiment of the present invention.
  • FIG. 1B is a diagram showing a data management system distributed from a server device to a client terminal which is a viewing terminal.
  • FIG. 3 is a schematic diagram showing contents to be displayed.
  • FIG. 2 is a diagram showing a data viewing channel of a client terminal according to the first embodiment of the present invention.
  • FIG. 3 is a block diagram illustrating a processing unit.
  • FIG. 3 is a block diagram schematically showing a data management system according to the second embodiment of the present invention.
  • FIG. 4 is a block diagram showing a data viewing management unit of the client terminal according to the second embodiment of the present invention.
  • FIG. 5 is a block diagram schematically showing a data management system according to the third embodiment of the present invention. ⁇ +
  • FIG. 6 is a diagram showing a flow of data in the data management system according to the third embodiment of the present invention.
  • FIG. 7 is a block diagram illustrating a data viewing management unit of the client terminal 10b according to the third embodiment of the present invention.
  • FIGS. 8A and 8B are diagrams showing the operation of the entire data management system according to the third embodiment of the present invention, and are flowcharts showing the operation of the server device side and the operation of the terminal side, respectively. .
  • FIG. 9 is a flowchart illustrating a method for generating an encryption key of a client terminal according to the third embodiment of the present invention.
  • VRAM Video RAM
  • VRAM Video RAM
  • FIG. 1A is a block diagram schematically showing a data management system according to the first embodiment
  • FIG. 1B is a schematic diagram showing contents distributed from a server device to a client terminal which is a viewing terminal.
  • the data management system 100 is composed of a server device 20a managed by a content distributor and a client terminal 10a for viewing the distributed content. Both are connected via a network.
  • the server device 20a is composed of a content distribution server device 21a for actually delivering contents and an authentication management server device 22 for managing an authentication key of the client terminal 10a.
  • the client terminal 10a has a data viewing management unit 11a.
  • the content distribution server device 21a sequentially transmits partial content ⁇ C n ( ⁇ ! ⁇ .) Obtained by dividing the content C, which is video data representing one video, into a plurality of pieces of process data to the client terminal 1.
  • the block length (time length) of the block data may be fixed or variable
  • the client terminal 10a is controlled by the data viewing management unit 11a to transmit a content distribution server device 21a. Play (display) the partial contents C n transmitted from the.
  • the content distribution server device 2 1 a sequentially client portions obtained by dividing the Kontendzu C is a video de Isseki multiple Purodzukudeta showing one image near point Uz C n (. ⁇ ) Send to terminal 10a.
  • the block length (time length) of this block may be constant or variable.
  • the client terminal 1 0 a is the data viewing management unit 1 1 a, are sequentially reproduced (displayed) a partial Kontendzu C n sent from the content distribution server device 2 1 a.
  • the client terminal 10a sends a content viewing permission request R to the authentication management server 22 of the server 20. And this request R. Is accepted by the server device 20, the first content Ci is transmitted from the content distribution server device 21a. Request R.
  • the client terminal 10b may be transmitted together with an identification number or the like capable of identifying the client terminal 10b.
  • the client terminal 10a generates, from the first content C i, a key K i for making a request R i for the next partial content C 2 by a method described later. A part or all of the key Ki is transmitted to the authentication management server device 22 as authentication of the client terminal 10a.
  • the key K i is used to authenticate the client terminal 10 a and to be used as the request Ri for the content C 2. This key is key K. Since it cannot be generated by a client terminal that does not have a client terminal, it can be used as authentication of the client terminal 10a.
  • a request for the subsequent content C 2 is an additional data there Ru, 'Confirm key sent from the client terminal 1 0 a, Check, to con Tendzu distribution server device 2 la Te, and instructs the next content C 2 to the client terminal 1 0 a. to send.
  • the content distribution server device 2 la transmits the next Kontendzu C 2 follow this instruction to the client terminal 1 0 a.
  • This key kappa 2 is used to authenticate the request R 2 and the client terminal Not 1 0 a of the next content C 3 content C 2.
  • Data viewing management unit 1 la is image movies for storing receiver for receiving partial containment emissions Uz Cn consisting of video data transmitted from the content distribution server device 2 1 a (not shown), the partial content C n a display memory unit 2, and the next key generation unit 3 a to generate a key K n on the basis of the image data written in the image display memory unit 2, in order to generate the key K n, de one display memory section 2 And a memory location specifying unit 4 for specifying an evening address.
  • the video display memory unit 2 is a so-called Video RAM or a memory for video display called a frame buffer.
  • This video display memory unit 2 the partial content C n is expanded is supplied, the image is displayed on the video display device (not shown). Display memory section 2 of this, when the partial content C n is supplied, the Adoresu video display memory section 2 is designated by the memory location specified section 4.
  • the next key generation unit 3a is connected to the memory location specification unit 4 in the video display memory unit 2. Generates a key ⁇ ⁇ using the data at the specified address. For example specifies the four addresses Alpha 1 ⁇ Arufa4 in the video data Xi to generate a key kappa eta which spliced data of these addresses ⁇ 1 ⁇ 4.
  • the key ⁇ ⁇ generated here includes information for specifying the address in the video display memory unit 2 for generating the key ⁇ ⁇ +1 from the next partial content C n +1.
  • the key ⁇ ⁇ is supplied to the memory location specifying unit 4.
  • the key kappa eta using the transmission unit, not shown, is transmitted to the authentication management server apparatus 2 2 shown in FIG. 1 Alpha, 'as described above, as a request R n of the next partial content C n + 1 It is also used as an authentication key for authenticating the client terminal 10a.
  • the memory location specifying unit 4 obtains an address for generating the next key ⁇ + 1 from the key K n . .
  • Next partial content C n + 1 is and written in the image display memory unit 2, memory location specifying unit 4, the address acquired from the key K n, to specify the address of the video display memory section 2 it can.
  • the next key generation unit 3a can generate the key K n + 1 . .
  • the partial content Cn is data for a plurality of frames.
  • the next key generation unit 3a may generate a key for every frame. However, when the content is transmitted from the content distribution server device 21a to the real time frame, the next key generation unit 3a generates the key ⁇ ⁇ one frame at a time. Since it is not realistic to generate and transmit this to the authentication management server device 22 as authentication and request the next frame data, for example, it is included in the content C n composed of a plurality of frames, for example, from the first frame. Generate a key.
  • a frame for generating a key is referred to as a key frame.
  • the memory location specification unit 4 specifies the address in the key frame, but does not set the key frame as the first frame included in the partial content Cn, and the key K n includes the information for specifying the address of the key frame. It may include information as to whether the th frame is a key frame. In this manner, data of a specified address in one frame or a main frame can be used for key generation, out of video frames in partial contents transmitted in predetermined time units instead of all frames.
  • the partial content C n is to be displayed image written in the image display memory unit 2 is a VRAM, to generate the Tsugikagi kappa eta Data that cannot be obtained and the next partial content C n + 1 cannot be obtained.
  • a time within the partial content may be specified, and a key may be generated from the data at that time.
  • the client terminal 10a generates a key Kn from the partial content Cn that is divided and transmitted, and transmits the key Kn to the request of the next partial content Cn + 1 .
  • the encryption of the content in the first embodiment is optional, and may or may not be performed.
  • the decryption key used in the encryption is one of the above-mentioned authentication keys. All or part may be used, or a decryption key may be separately prepared.
  • a second embodiment of the present invention will be described. In the first embodiment described above, unless partial content is displayed, a key for authenticating the client terminal cannot be generated, and the next content is not transmitted. In the second embodiment, it is assumed that the server device transmits the encrypted content. Unless one partial content is decrypted, the server device cannot obtain an encryption key for decrypting the next partial content. It provides a mechanism so that the next content cannot be decrypted. In the following embodiment, the same components as those of the first embodiment shown in FIGS. Is omitted.
  • FIG. 3 is a block diagram schematically showing a data management system according to the second embodiment.
  • the server device 20b in the data management system 200 is a key management server device that performs key management of encrypted content instead of the authentication management server device 22 shown in FIG. 2 and 3 are provided.
  • the client terminal 1 ⁇ b has a data viewing management unit 1 lb.
  • the partial content C n transmitted from the content distribution server device 21 b to the client terminal 10 b in the present embodiment is encrypted.
  • Client end Not 1 0 b is the data viewing management unit 1 1 b, sequentially decoding and displaying a portion Kontendzu C n sent from the content distribution server device 2 1 b.
  • the client terminal 10b sends a request R for content viewing permission to the key management server 22 of the server 20. And this request R. Is accepted by the server device 20, the key management server device 22 sends the initial key K to the client terminal 10b. Will be notified.
  • This initial key K. Is a decryption key for decrypting the first content Ci transmitted from the content distribution server device 21b.
  • the initial key K. May be previously owned by the client terminal 10b as a key unique to only the client terminal 10b.
  • Request R. In this case, the client terminal 10b is transmitted together with an identification number capable of identifying the terminal 10b. Then, the content delivery server 2 lb, the content C n are sequentially transmitted.
  • Client terminal 10b has the first content C! The initial key K. To decrypt. Then, the client terminal 1 0 b, at the same time to decrypt the content C i, that generates an encryption key required to decrypt the next portion Kontendzu C 2 by way to be described later.
  • the content distribution server device 2 lb sequentially distributing portion Kontendzu C n.
  • the partial content C n is encrypted and cannot be decrypted by a client terminal having no initial key, so that it is not necessary to authenticate each partial content.
  • FIG. 4 is a block diagram showing the data viewing management unit 11b of the client terminal 10b.
  • Data viewing manager 1 lb Includes a receiving unit for receiving the encrypted video data or Ranaru partial content C n is transmitted from the content distribution server device 2 1 b (not shown), it is partial content C n is supplied from the receiving unit, a decoder 1 for decoding this, a video display memory unit 2 for storing the decoded video data, the next key generation unit for generating a cryptographic key K n on the basis of Isseki video de written in the image display memory section 2 3 and b, and to generate an encryption key K n, Ru and a memory location specifying section 4 that specifies the Adoresu data of the video display memory unit 2. '
  • the decryption unit 1 is supplied with the encryption key Kn- generated by the encryption key generation unit 3b, and the decryption unit 1 uses this encryption key Kn as a decryption key and sends it from the content distribution server device 21b.
  • the decrypted video data D n is transmitted to the video display memory unit 2 by decrypting the content C n which is the encrypted video data to be encrypted.
  • Next key generation unit 3 b in the image display memory unit 2, by using the video data Adoresu designated Te memory location specified portion 4 Niyotsu generates an encryption key K n.
  • the encryption key kappa eta for generating the encryption key kappa eta + 1 of the following parts Kontendzu C n + 1, contains information for specifying an address in the video Display memory unit 2, the encryption key kappa eta is supplied to the memory location specified section 4.
  • the encryption key Kn is supplied to the decryption unit 1 in order to use the encryption key Kn as a decryption key for decrypting the data of the next partial content Cn + 1.
  • the decoding unit 1 is supplied with following partial content c n + 1, ⁇ the encryption key kappa eta and the decryption key Te, decodes the next partial content C n + 1, the video data D n + 1 which is the decoded Is written into the video display memory unit 2, the memory position specifying unit 4 specifies the address of the video display memory unit 2 by the address obtained from the encryption key Kn.
  • the next key generation unit 3b can generate the encryption key K n + 1 .
  • the encrypted partial content Cn is displayed, and if not decrypted, the next partial content n. Because the +1 cannot be decrypted, only the client terminal that has been authenticated first and received the initial key can decrypt the partial content to the end, and cannot decrypt the partial content even if it is obtained in the middle. The copyright of the content provider is protected. As in the first embodiment, if the content is not displayed once, a decryption key for decrypting the next content can be generated. As a result, viewers are prevented from skipping partially viewing the content.
  • This embodiment is a combination of the first embodiment and the second embodiment, in which the server apparatus sequentially distributes the encrypted partial contents, and the client terminal A key generated from the content is used for authentication and also as a decryption key.
  • FIG. 5 is a block diagram schematically showing a data management system according to the third embodiment.
  • the server device 20c in the data management system 300 performs key management of the encrypted content instead of the authentication management server device 22 shown in Fig. 1, and A key management server device 24 for authenticating the client terminal is provided.
  • the client terminal 10c has a data viewing management unit 11c.
  • Kontendzu distribution server device 2 1 c, as shown in FIG. 1 B, 'encrypted one content C is a video data indicating a video, portions divided into predetermined time units each predetermined block each) Kontendzu C n ( ) are sequentially transmitted to the client terminal 10c.
  • the client terminal 10c sequentially decodes and displays the partial content Cn transmitted from the content distribution server device 21c by the data viewing management unit 11c.
  • FIG. 6 is a diagram showing a data flow in the data management system according to the present embodiment.
  • the ten client terminals 10c make a request R for content viewing permission to the key management server device 22 of the server device 20c. And this request R. Is accepted by the server device 20c, the key management server device 24 sends the initial key K to the client terminal 10c. Is notified, and the first content 0 is transmitted from the content distribution server device 21c.
  • the client terminal 10c uses the initial content C as the initial key K. To decrypt. Then, the client terminal 10c decrypts the content C i and, at the same time, generates an encryption key K i necessary for decrypting the next partial content C 2 by the same method as in the second embodiment. Next, the client terminal 1 0 c, with respect to the server device 2 0 c, a key management performs the following Kontendzu C 2 request R!, Part or all of the encryption key K as the authentication of the terminal 1 0 c Send it to server device 24. In this embodiment Te, along with the encryption key and authentication of the client terminal 1 ⁇ c, of the content C 2 request R! It is assumed that The encryption key, the client end Not without initial key K D for impossible generation, can be used as an authentication of the client terminal 1 ⁇ c.
  • the key management server 2 4, the subsequent content C 2 is an additional data request R: If there is, check the encryption key transmitted from Cry and terminal 1 0 c, Check, co Nten' distribution server device 2 1 c to instruct to send the next Kontendzu C 2 to the client terminal 1 0 c.
  • the content distribution server device 2 .1 c transmits the Tsugiko Ntendzu C 2 in accordance with this instruction to the client terminal 1 0 c.
  • the client terminal 10c decrypts the encryption key K i obtained from the first content C i as a decryption key for decrypting the next content C.2, and simultaneously generates the encryption key K 2 .
  • the encryption key kappa 2 together are used to request R 2 of the next content C 3 of near point Tsu C 2, recovery of Kontendzu C 3 - used to issue.
  • the client terminal 1 c sequentially decrypts and outputs the partial content ⁇ C n that is divided and transmitted, generates the encryption key K n , and uses this to generate the next partial content C n + with use one of the request R n, used as a decryption key for the next part partial content C n + 1.
  • the server device 20c sequentially transmits the partial contents Cn in accordance with a request from the client terminal 10C.
  • FIG. 7 is a block diagram showing the data viewing management unit 11c of the client terminal 10c.
  • the encryption key K n generated by the next key generation unit 3c is transmitted from a transmission unit (not shown) to the key management server device 24 shown in FIG. This is different from the data viewing management unit 1 lb shown in Fig. 4.
  • the configuration is the same as that of the overnight viewing management section 11b in the second embodiment.
  • FIG. 8A and 8B are diagrams showing the operation of the entire data management system, and are flowcharts showing the operation of the server device side and the operation of the terminal side, respectively.
  • the client terminal 10c shown in FIG. 8A first sends a content viewing request R to the key management server device 24. And the initial key K. Acquires, thereby, the client terminal 1 0 c generates an encryption key K n with requests sequentially content C n.
  • the distribution request Kontendzu C n is issued, which according to the content distribution server device 2 1 c sequentially content Cn to the client terminal 1 0 c To deliver.
  • the content distribution server device 2 1 c distributes the partial content Cn is encrypted video data to the client terminal 1 0 c (stearyl Tsu Bed S 1), the partial content C n after finishing sending the waits from the client terminal 1 O'C until receiving the next content request R n.
  • the next content request Rn is received before the transmission of the previous partial content Cn is completed so that continuous viewing is possible (step S2).
  • the key management server device 24 determines whether or not the encryption key ⁇ ⁇ (authentication key), which is the next content request sent from the client terminal, is a correct authentication key (step S 3). At this point, the content distribution server device 21c is instructed to stop the distribution of the content. On the other hand, if the authentication key is authenticated as being correct, the process returns to step S1, and the content distribution server device 21c sends the next content Cn + 1 .
  • the client terminal 10c receives the content Cn that is the encrypted video data overnight (step S11), and when the content is the first content Ci, the client terminal 10c returns to FIG.
  • the initial key transmitted from the key management server device 24 in the decryption unit 1 shown in FIG. And writes it to the video display memory unit 2 to display the video.
  • the key management server device 24 in the decryption unit 1 shown in FIG. And writes it to the video display memory unit 2 to display the video.
  • the first other than the partial content C n using a cryptographic key K n -i generated by the key generation unit 3 c, decrypts the content C n, writes it to the image display memory unit 2, a video Is displayed (Step S12).
  • FIG. 9 is a flowchart showing a method of generating an encryption key of the client terminal 10c. As shown in FIG. 9, when the decryption unit 1 shown in FIG.
  • the decryption unit 1 acquires the encryption key K n ⁇ obtained from the previous partial content C n ⁇ i. decoding the i as a decryption key and sends the decoded video data D n of their video display memory unit 2 (step S 2 2).
  • the memory position designation unit 4 determines whether or not the frame of the decoded video data transmitted to the video display memory unit 2 is a key frame (step S23).
  • the video data of the address (address) designated by the memory location designation unit 4 among the video data written in the display memory unit 2 is sent to the next key generation unit 3c (step S24).
  • the next key generation unit 3C uses this value to generate the next encryption key Kn (step
  • the encryption key ⁇ ⁇ is sent to the decryption unit 1 for use as a decryption key for the next content C n + 1 , and is necessary for generating the next encryption key ⁇ ⁇ + 1 from the encryption key K n.
  • An address value that specifies the correct address is obtained and supplied to the memory location specifying unit 4 (step S26).
  • the encryption key kappa eta is sent to the key management server device 24, while being used as a request R n of the next partial content C n + 1, is used as an authentication of the client terminal 1 0 c (Sutedzupu S 27) . Thereafter, the processing of steps S21 to S27 is repeated until the last content is decoded.
  • the address for generating a cryptographic key kappa eta the simplest case, always it is also possible to specify the same Adoresu, it is also possible to specify different Adore scan for each position of the keyframe is there.
  • an encryption key kappa eta generated, by notifying to the key management server device 24, and a request for partial Kontendzu Cn +1 is the next video Detapurodzuku was that received by the key management server equipment 24 side encryption
  • the partial content cn + 1 which is the next video data access port, is transmitted, and the partial content Cn is actually displayed on the client terminal IOC. Only in this case can the next content ⁇ cn + 1 be obtained.
  • This certification may be the encryption key ⁇ ⁇ , but the Isseki de generated from a portion or the encryption key ⁇ ⁇ of the encryption key ⁇ ⁇ may be sent to the authentication.
  • the generated encryption key K n may be assumed to be encrypted, and the decryption of the encryption key ⁇ ⁇ with this unique key may be used as authentication.
  • the use of the encryption key kappa eta as a decryption key, the data generated part or from the encryption key kappa eta in a predetermined manner encryption key kappa eta may be a decryption key.
  • the present invention is not limited to only the above-described embodiment, and it is needless to say that various changes can be made without departing from the gist of the present invention.
  • the content is transmitted from the server device to the client terminal via the network, and the decryption key for decrypting the encrypted data is the content of the encrypted data immediately before the encrypted data.
  • the provider stores the encrypted data that is included in the decrypted data, and whose decryption key is obtained by decrypting and reproducing the previous encrypted data on a recording medium or the like. It can be provided to the client, and the client can use the terminal as shown in FIG. 7 as a decryption device to decrypt the encrypted data. Since such encrypted data cannot be decrypted unless it is actually displayed, it is possible to protect the interests of the provider that provides the encrypted data. In this case, the receiving means described in FIG. 7 is unnecessary.
  • the hardware configuration has been described.
  • the present invention is not limited to this, and arbitrary processing may be realized by causing a CPU (Central Processing Unit) to execute a computer program. It is possible.
  • the computer program can be provided by being recorded on a recording medium, and can also be provided by being transmitted via the Internet or other transmission media.
  • audio data can be managed in a similar manner. That is, for example, the server device transmits the encrypted audio data every predetermined time unit (each process), decrypts the data with an encryption key, and writes the audio data into the audio reproduction memory area to reproduce the audio. Then, the data at the designated address in the voice memory area is used for generating the next key, and the generated key is notified to the server device to request the next voice data block, and the server device receives the received voice data block. By transmitting the next audio data block by confirming that the encryption key is correct, audio data can be handled in the same way as video data.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
PCT/JP2003/012847 2002-10-09 2003-10-07 データ管理システム及び データ復号装置 WO2004034636A1 (ja)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2002-296782 2002-10-09
JP2002296782A JP3861790B2 (ja) 2002-10-09 2002-10-09 データ管理システム、データ管理方法、クライアント端末、及びサーバ装置

Publications (1)

Publication Number Publication Date
WO2004034636A1 true WO2004034636A1 (ja) 2004-04-22

Family

ID=32089246

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2003/012847 WO2004034636A1 (ja) 2002-10-09 2003-10-07 データ管理システム及び データ復号装置

Country Status (2)

Country Link
JP (1) JP3861790B2 (enrdf_load_stackoverflow)
WO (1) WO2004034636A1 (enrdf_load_stackoverflow)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102415049A (zh) * 2009-04-28 2012-04-11 住友电气工业株式会社 加密密钥生成装置
US8634553B2 (en) 2007-11-05 2014-01-21 Sumitomo Electric Industries, Ltd. Encryption key generation device

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006279406A (ja) * 2005-03-29 2006-10-12 Hitachi Information Technology Co Ltd 暗号化および復号化方法並びにその装置
JP4816067B2 (ja) * 2005-12-26 2011-11-16 株式会社ケンウッド 音声データベース製造装置、音声データベース、音片復元装置、音声データベース製造方法、音片復元方法及びプログラム
CN101719894B (zh) * 2009-05-21 2013-08-07 中兴通讯股份有限公司 一种安全发送延迟媒体的实现系统及方法

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4697209A (en) * 1984-04-26 1987-09-29 A. C. Nielsen Company Methods and apparatus for automatically identifying programs viewed or recorded
JPH0965321A (ja) * 1995-08-18 1997-03-07 Hitachi Ltd ビデオ・オン・デマンド装置
JP2002156905A (ja) * 2000-11-20 2002-05-31 Nippon Telegr & Teleph Corp <Ntt> 映像暗号化方法、装置、プログラム記録媒体および映像再生方法、装置、プログラム記録媒体

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4697209A (en) * 1984-04-26 1987-09-29 A. C. Nielsen Company Methods and apparatus for automatically identifying programs viewed or recorded
JPH0965321A (ja) * 1995-08-18 1997-03-07 Hitachi Ltd ビデオ・オン・デマンド装置
JP2002156905A (ja) * 2000-11-20 2002-05-31 Nippon Telegr & Teleph Corp <Ntt> 映像暗号化方法、装置、プログラム記録媒体および映像再生方法、装置、プログラム記録媒体

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8634553B2 (en) 2007-11-05 2014-01-21 Sumitomo Electric Industries, Ltd. Encryption key generation device
CN102415049A (zh) * 2009-04-28 2012-04-11 住友电气工业株式会社 加密密钥生成装置
CN102415049B (zh) * 2009-04-28 2014-08-06 住友电气工业株式会社 加密密钥生成装置

Also Published As

Publication number Publication date
JP3861790B2 (ja) 2006-12-20
JP2004135005A (ja) 2004-04-30

Similar Documents

Publication Publication Date Title
KR101127194B1 (ko) 무효화 가능 접근을 이용한 보안 콘텐트 제공 시스템 및 방법
CN102625151B (zh) 流处理系统和流处理方法
US7995763B2 (en) User apparatus and program
US7620813B2 (en) Method to authenticate a data processing apparatus having a recording device and apparatuses therefor
US20090003592A1 (en) Content delivery system, delivery server, terminal, and content delivery method
KR20050119122A (ko) 보안 장치상에서 뷰잉가능한 콘텐트의 보안 제공 시스템,방법 및 장치
US20070094736A1 (en) License management method, information processing apparatus, information processing method, and program
KR20030015899A (ko) 송신된 콘텐트의 사전-암호화를 위한 시스템 및 방법
JP4585460B2 (ja) 同一コンテンツから派生した形式の異なるコンテンツを複数個所で同時に利用することを防ぐ記憶装置、システム及び方法
KR20020075568A (ko) 암호화된 데이터를 포함한 데이터의 전송 및 수신 제어 방법
JP2010192944A (ja) コンテンツ配信装置、コンテンツ利用装置、コンテンツ配信システム、コンテンツ配信方法、およびプログラム
KR20060101788A (ko) 컨텐트 보호를 위한 조건적 접속 방법 및 시스템
JP4644850B2 (ja) ビデオシーケンス供給方法、ビデオストリーム送信装置、ビデオストリーム受信装置、カード型ビデオストリーム受信装置、およびビデオストリーム伝送システム
JP4764505B2 (ja) 情報送信装置
US9058837B2 (en) Method and apparatus for managing contents
JP2003318874A (ja) コンテンツ著作権保護装置、そのプログラム及びその方法
WO2004034636A1 (ja) データ管理システム及び データ復号装置
US20060045478A1 (en) Method and apparatus for transmitting and receiving protected contents at home
JP2010220093A (ja) 放送受信装置、放送設備、放送システム、及び放送受信方法
JP2007174491A (ja) 映像情報暗号化装置、復号鍵情報作成装置、映像情報復号装置、映像再生装置およびネットワークシステム
JP3630406B2 (ja) パケット処理装置、パケット処理方法及びその記憶媒体
WO2015063933A1 (ja) コンテンツ再生装置、コンテンツ再生方法及びコンテンツ再生システム
JP2002344440A (ja) データ再生装置、データ再生方法、データ再生プログラム、およびビデオ・オン・デマンド・システム
JP2001156771A (ja) 暗号化情報伝送方法、暗号化情報伝送装置、及び伝送媒体
JP2001156772A (ja) 暗号化情報再生方法及び暗号化情報再生装置

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): CN KR US