WO2006011327A1 - 記憶媒体処理方法、記憶媒体処理装置及びプログラム - Google Patents
記憶媒体処理方法、記憶媒体処理装置及びプログラム Download PDFInfo
- Publication number
- WO2006011327A1 WO2006011327A1 PCT/JP2005/011609 JP2005011609W WO2006011327A1 WO 2006011327 A1 WO2006011327 A1 WO 2006011327A1 JP 2005011609 W JP2005011609 W JP 2005011609W WO 2006011327 A1 WO2006011327 A1 WO 2006011327A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- data
- content
- key data
- storage medium
- encrypted
- Prior art date
Links
- 238000003672 processing method Methods 0.000 title claims description 11
- 239000012141 concentrate Substances 0.000 abstract 1
- 238000000034 method Methods 0.000 description 19
- 230000006870 function Effects 0.000 description 14
- 230000005540 biological transmission Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 239000000470 constituent Substances 0.000 description 3
- 230000000694 effects Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 230000007257 malfunction Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
Classifications
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
- G11B20/0021—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/06—Buying, selling or leasing transactions
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
- G11B20/0021—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier
- G11B20/00217—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier the cryptographic key used for encryption and/or decryption of contents recorded on or reproduced from the record carrier being read from a specific source
- G11B20/00224—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier the cryptographic key used for encryption and/or decryption of contents recorded on or reproduced from the record carrier being read from a specific source wherein the key is obtained from a remote server
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
- G11B20/0021—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier
- G11B20/00217—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier the cryptographic key used for encryption and/or decryption of contents recorded on or reproduced from the record carrier being read from a specific source
- G11B20/00253—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier the cryptographic key used for encryption and/or decryption of contents recorded on or reproduced from the record carrier being read from a specific source wherein the key is stored on the record carrier
- G11B20/00362—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier the cryptographic key used for encryption and/or decryption of contents recorded on or reproduced from the record carrier being read from a specific source wherein the key is stored on the record carrier the key being obtained from a media key block [MKB]
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
- G11B20/0021—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier
- G11B20/00485—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier characterised by a specific kind of data which is encrypted and recorded on and/or reproduced from the record carrier
- G11B20/00492—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier characterised by a specific kind of data which is encrypted and recorded on and/or reproduced from the record carrier wherein content or user data is encrypted
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
- G11B20/00731—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a digital rights management system for enforcing a usage restriction
- G11B20/0084—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a digital rights management system for enforcing a usage restriction wherein the usage restriction can be expressed as a specific time or date
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
- G11B20/00731—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a digital rights management system for enforcing a usage restriction
- G11B20/00847—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a digital rights management system for enforcing a usage restriction wherein the usage restriction is defined by a licence file
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
- G11B20/00855—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a step of exchanging information with a remote server
- G11B20/00862—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a step of exchanging information with a remote server wherein the remote server can grant the permission to use a content
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
- G11B20/00855—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a step of exchanging information with a remote server
- G11B20/00869—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a step of exchanging information with a remote server wherein the remote server can deliver the content to a receiving device
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2137—Time limited access, e.g. to a computer or data
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B2220/00—Record carriers by type
- G11B2220/60—Solid state media
- G11B2220/61—Solid state media wherein solid state memory is used for storing A/V content
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/60—Digital content management, e.g. content distribution
- H04L2209/603—Digital right managament [DRM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
Definitions
- Storage medium processing method storage medium processing apparatus, and program
- the present invention can acquire content, etc., of user terminal capability license center apparatus by online connection with a license center apparatus via a user terminal of a storage medium corresponding to the encryption double key method.
- the present invention relates to a storage medium processing method, a storage medium processing apparatus, and a program.
- Non-Patent Document 1 Using a standardized encryption key method (see Non-Patent Document 1, for example).
- the encryption key method adopted in this Non-Patent Document 1 is an encryption key method in which the title key is encrypted with a media unique key.
- FIG. 6 is a schematic diagram showing a configuration of an SD card and a user terminal corresponding to the encryption double key system adopted in MQbic.
- the SD card SDq is an example of a secure storage medium in which data is securely stored.
- the system area (System Area) 1 the hidden area (Hidden Area) 2, the protected area (Protected Area) 3, and the user data area ( User Data Area) 4 and ⁇ decoding unit 5, and data is stored in each of the areas 1 to 4.
- key management information MKB (Media Key Block) and media identifier data IDm are stored in the system area 1, and a media unique key Kmu is stored in the secret area 2.
- the encrypted user key Enc (Kmu, Ku) is stored, and in the user data area 4, the encrypted content key Enc (Ku, Kc) is stored.
- the notation Enc (A, B) means data B encrypted with data A in this specification.
- the user key data Ku is an encryption key Z decryption key for the content key data Kc, and for a plurality of encrypted content keys Enc (Ku, Kcl), Enc (Ku, Kc2),. Can be used in common.
- the subscript q on the SD card SDq indicates that it corresponds to MQbic (registered trademark).
- the system area 1 is a read-only area where the SD card external force can be accessed.
- Hidden area 2 is a read-only area that is referenced by the SD card itself, and access from outside cannot be turned off.
- Protected area 3 is an area where Z can be read from outside the SD card when authentication is successful.
- User data area 4 is an area that can be freely read and written to from the outside of the SD card.
- Decryption unit 5 performs authentication, key exchange, and encrypted communication between protected area 3 and the outside of the SD card, and has an encryption Z decryption function.
- the user terminal 20q for playback operates logically as follows.
- the key management information MKB read from the system area 1 of the SD card SDq is subjected to MKB processing with a preset device key Kd (S1), and the media key Km is obtained.
- the user terminal 20q performs a hash process on the media key Km and the media identifier data IDm read from the system area 1 of the SD force SDq (S2) to obtain a media unique key Kmu.
- the user terminal 20q executes authentication and key exchange (AKE: Authentication Key Exchange) processing with the decryption unit 5 of the SD card SD q based on the media unique key Kmu ( S3), share session key Ks with SD card SDq.
- AKE Authentication Key Exchange
- the authentication and key exchange processing in step S3 is performed when the media unique key Kmu in the secret area 2 referred to by the B sound decryption unit 5 matches the media unique key Kmu generated in the user terminal 10a.
- the session key Ks is shared.
- the user terminal 20q reads the encrypted user key data Enc (Kmu, Ku) through the encrypted communication using the session key Ks (S4), the encrypted user key data Enc (Kmu , Ku) is decrypted with the media unique key Kmu (S5) to obtain user key data Ku.
- the user terminal 20q reads the encryption key content key Enc (Ku, Kc) from the user data area 4 of the SD card SDq
- the user terminal 20q reads the encrypted content key data Enc (Ku, Kc). Decryption is performed with the user key data Ku (S5q), and the content key Kc is obtained.
- the user terminal 10a reads the encrypted content Enc (Kc, C) from the memory l lq, and decrypts the encrypted content Enc (Kc, C) with the content key Kc (S6). Play the obtained content C.
- the encrypted content may be stored in an external storage medium that is stored in the memory 1 lq in the user terminal 20q.
- the encrypted double key method as described above has a larger storage capacity than the protected area 3 and holds the encrypted content key in the user data area 4, and thus a larger amount than the encrypted single key method. There is an advantage that the encrypted content key can be stored. In addition, the encryption double key method is expected to promote the distribution of encrypted content because the encryption content can be held outside the SD card.
- each SD card is given a media identifier as an identifier, and a unique user key (media unique key) is issued for each media identifier.
- the user key is encrypted with this media unique key and stored in the protected area (protect area) of the SD card.
- the encryption of the user key depends on the media identifier and cannot be force-decrypted by a valid player. For this reason, even if the infringer has illegally copied only the content key, the content cannot be obtained.
- Non-Patent Document 1 4C Entity, LLC, [online], Internet URL: http://www.4Centity.com Search June 14, 2004>
- Non-patent document 2 IT information site ⁇ ITmedia-youth [online] ⁇ Internet URL: http: ⁇ www.itmedia.co.jp / news / 0307/18 / njbt— 02.html, June 14, 2004 Search> Disclosure of Invention Problems to be solved by the invention
- medium identifier data medium unique key data that can be generated based on the medium identifier data
- user key data can be decrypted using the medium unique key data.
- a storage medium storing encrypted user key data encrypted and encrypted content key data encrypted so that the content key data can be decrypted by the user key data, and content by the content key data For use with a user terminal that holds encrypted content data that is encrypted so that the data can be decrypted.
- a user terminal connected to the storage medium appropriately accesses the license center to obtain various types of data, and desires distribution of the user terminal force.
- a distribution request step for presenting the medium identifier data to the license center and requesting distribution of the content data, and the content center that the license terminal desires to be distributed by the user terminal.
- a sales start time reference step for referring to the sales start time of the data, and a distribution for distributing either the content data or the content key data desired to be distributed by the user terminal when the sales start time has passed A step.
- the storage medium processing device enables medium identifier data, medium unique key data that can be generated based on the medium identifier data, and user key data to be decrypted using the medium unique key data.
- the content key data is connected to a storage medium storing encrypted user key data encrypted and encrypted content key data encrypted so that the content key data can be decrypted by the user key data.
- the receiving unit Before starting the sales of the desired content data, refer to the receiving unit that receives the content data distribution request accompanied by the presentation of the medium identifier data, and the sales start time data indicating the sales start time of the content data related to the distribution request And a distribution unit that distributes either the content data related to the distribution request or the content key data to the user terminal when the sales start time has elapsed.
- the storage medium processing program includes medium identifier data, medium unique key data that can be generated based on the medium identifier data, and encryption that can decrypt user key data using the medium unique key data.
- a storage medium storing encrypted user key data encrypted and content key data encrypted by the user key data so that the content key data can be decrypted; and the content key Using a user terminal that holds encrypted content data in which content data is encrypted so that it can be decrypted by the data, the user terminal to which the storage medium is connected accesses the license center as needed to obtain various data.
- a distribution request step in which the user terminal presents the medium identifier data to the license center and requests distribution of the content data before starting sales of the content data desired to be distributed;
- a sales start time reference step for referring to the sales start time of the content data desired to be distributed by the user terminal, and the content data desired to be distributed by the user terminal or its content key at the time when the sales start time has passed. It is characterized in that it is configured to be able to execute a distribution step for distributing either of the data.
- the user can request distribution of content before the sales start time, so that the situation where access to the license center is concentrated on the sales date can be alleviated.
- both users and pre-release date licenses are required to purchase content data. Since it is possible to access the center, the access time for obtaining the content data, the download time, etc. can be shortened.
- FIG. 1 is a schematic diagram showing a configuration of a storage medium processing system according to the first embodiment of the present invention. Parts that are the same as those in FIG. 6 are given the same reference numerals, and detailed explanations thereof are omitted. Here, the different parts are mainly described.
- a user terminal 20 that detachably holds an SD card SDq can communicate with a license center device 40 via a network 30.
- the network 30 includes an intranet for mobile phones such as i-mode (registered trademark) and ezweb (registered trademark).
- the user terminal 20 includes a memory 21, a download unit 22, an SD card processing unit 23, a control unit 25, and a mail control unit 26, such as a personal computer, a mobile phone, or a personal digital assistant (PDA).
- SD card Any device can be used as long as it is an electronic device that holds SDq in a removable manner.
- the memory 21 is a storage area that can be read and written from the other units 22 to 25, and stores, for example, encrypted content Enc (Kc, C).
- the download unit 22 has a function of downloading the encrypted content key data Kc and user key data Ku from the license center device 40, which is controlled by the control unit 25, and is used by, for example, a browser It is possible. Further, the download unit 22 has a function of receiving an electronic mail transmitted from the license center device 40, and is given a unique mail address Add! /.
- the SD card processing unit 23 is controlled by the control unit 25, and has an authentication function with respect to the SD card SDq, an encryption communication function, and a function for reading and writing the storage contents of each of the areas 1, 3, and 4.
- the control unit 25 has a normal computer function and a function of controlling the other units 21 to 24 in accordance with a user operation.
- the mail control unit 26 has a function of executing various controls on the electronic mail from the license center device 40 received by the download unit 22.
- the license center device 40 includes a key distribution server 41, a sales server 42, a media identifier database 43, a user key database 44, a content key database 45, a mail address database 46, a sales start time database 47, and rights-issued content.
- An ID database 48 and a content database 49 are provided!
- the key distribution server 41 has a function of distributing the content key data Kc related to the request to the user terminal 20 via the network 30 when the user terminal 20 transmits the content distribution request via the network 30.
- the sales server 42 has a function of receiving a content data distribution request from the user terminal 20 and transferring it to the key distribution server 41.
- the media identifier database 43 holds media identifier data ID m possessed by each SD card.
- the user key database 44 is for storing user key data Ku possessed by each SD card.
- the content key database 45 holds various content key data.
- the mail address database 46 stores the mail address Add assigned to the download unit 22 of the user terminal 20 in association with the media identifier data IDm of each SD card.
- the sales start time database 47 holds data of the sales start time of various content data. Rights
- the issued content ID database 48 stores content key data issued in response to a request from the SD card holder in association with the media identifier data IDm of the SD card.
- the content database 49 holds content data.
- the security module 51 is a device that performs a decryption process of the user key data Ku and the content key data Kc, and includes a management key acquisition unit 52 and a key encryption management unit 53.
- the management key acquisition unit 52 holds a management key so that it can be read from the key distribution server 41.
- the key encryption key management unit 53 has a function for setting a management key from the key distribution server 41, and the management encrypted user key data received from the key distribution server 41 and the management key based on the management key.
- the content key data is decrypted to obtain user key data and content key data, and the content key data and basic metadata are encrypted with the user key data.
- the download unit 22 applies for purchase (reservation purchase) of content data desired to be distributed, and downloads content data.
- S1 Do o This request is accompanied by the media identifier data IDm of the SD card SDq and the mail address Add of the download unit 22).
- the sales sano 2 transmits the content data Enc (Kc, C) encrypted with the corresponding content key data Kc to the user terminal 20 as well as the pre-arrival power of the sales start time (S12).
- the encrypted content data Enc (Kc, C) received by the download unit 22 is transferred to and stored in the memory 21.
- the sales server 42 stores the media identifier data IDm attached to the download request and the mail address Add in the mail address database 46 (S13), and the sales start time of the content data C transmitted in S12 (S14) This sales start time data defines the transmission timing of the mail transmission step (S25) described later.
- the sales server 42 sends the encrypted content key data Enc (Ku, Kc) and the basic metadata (content ID, title, producer, etc.) of the content data to the key distribution server 41. Request (S 15).
- the key distribution server 41 Upon receiving this request, the key distribution server 41 reads from the user key database 44 the management-use encrypted user key data stored in advance for each media identifier data IDm (S16). Then, the management encryption key key data Kc and basic metadata (content ID, title, producer, etc.) related to the specified content ID are stored in the content key. Read from database 45 (S 17).
- the Kc encryption request is transmitted to the key encryption management unit 53 (S20).
- This encryption request includes a management encryption user key, management encryption content key data, and basic metadata.
- the key encryption key management unit 53 decrypts the encrypted content key data for management based on the management key to obtain content key data Kc. After that, the key encryption key management unit 53 encrypts the content key data Kc and the basic metadata with the user key data Ku, and obtains the obtained encrypted content key data Kc (including the basic metadata). (Additional) metadata such as the purchase date is transmitted to the key distribution server 41 (S 21).
- the key distribution server 41 When the key distribution server 41 reads the additional metadata (S22), the key distribution server 41 generates a SOAP (Simple Object Access Protocol) message including the encrypted content key data Kc and the metadata (S23). Thus, the encrypted content key data Kc and the metadata are transmitted to the sales server 42 (S24). At the same time, the key distribution server 41 reads the mail address Add of the user terminal 20 that is the transmission destination from the mail address database 46, and similarly transmits it to the sales server 42 by a SOAP message. Needless to say, the SOAP message is an example of a message method and may be changed to another method.
- SOAP Simple Object Access Protocol
- the sales server 42 waits for the arrival of the sales start time obtained from the sales start time database 47 and attaches the encrypted content key data Kc received from the key distribution server to the electronic mail. The message is transmitted to the mail control unit 26 (S25).
- sales Sano 2 executes a billing settlement relating to the transmitted content data (S27).
- the mail control unit 26 requests the SD card processing unit 23 to store the received encrypted content key data Kc (S28).
- the SD card processing unit 23 Upon receiving this request, the SD card processing unit 23 stores the encrypted content key data Kc in the user data area 4.
- the user wishes to distribute content data.
- This distribution request can be transmitted before the sales start time for the content data.
- the access is biased in each time zone within 24 hours (the access is concentrated in the time zone at midnight rather than the time zone from early morning to evening). Will naturally occur.
- the reserved sales period from the start of the reservation to the start of sales
- only a slight concentration of access is expected on the reservation start date.
- Access is distributed throughout. Concentration of access on the reservation start date is also expected to be considerably less than access on the first day of sales when there is no reservation sales period. Therefore, according to this embodiment, the possibility of server down due to concentration of access can be reduced, and the user can also greatly reduce the access time and download time.
- S51 to S63 shown in FIG. 5 are substantially the same as S31 to S43 of the second embodiment.
- This embodiment is different from the second embodiment in that the encrypted content data C is not transmitted from the license center device 40 to the user terminal 20 immediately after the reservation purchase application step (S31).
- the encrypted content key data Kc is transmitted in S64, the encrypted content data C is not attached to the email, but instead the content data is stored.
- Sales server 42 URL data power E-mail is sent in the header part of the e-mail. Thereafter, the sales server 42 performs billing settlement (S65).
- the mail control unit 26 When the mail control unit 26 confirms the reception of the e-mail, the user activates the download unit 22 without performing browsing of the e-mail body (S66), and is indicated in the e-mail header.
- the URL data is designated and the sales server 42 is accessed to request download of content data (S67). Because URL data is in the email header, not the body, it is not subject to attacks from email containing viruses. Further, by including the specific identification data in the URL data, the mail control unit 26 does not malfunction even against an attack from an email spoofing the URL data.
- the sales server 42 attaches the encrypted content data C to the e-mail and sends it to the download unit 22 (S68), and the e-mail control unit 26 confirms receipt of the e-mail, and then the SD card processing unit 23 In response to this request, the SD card processing unit 23 stores the encrypted content key data Kc in the user data area 4 (S69).
- the storage medium may be in any form as long as the storage medium can store the program and is readable by the computer.
- the operating system operating system
- database management software database management software
- MW middleware
- network software such as network software that run on the computer based on the instructions of the program installed on the computer are the storage media. A part of each process for realizing may be executed.
- the storage medium in the present invention is not limited to a medium independent of a computer, but also includes a storage medium in which a program transmitted via a LAN or the Internet is downloaded and stored or temporarily stored.
- the storage medium is not limited to one, and the processing in this embodiment is executed from multiple media Such a case is also included in the storage medium in the present invention, and the medium configuration may be any configuration.
- the computer according to the present invention executes each process according to the present embodiment based on a program stored in a storage medium, and a single device such as a computer or a plurality of devices are connected to a network. Any configuration such as a system may be used.
- the computer in the present invention is not limited to a personal computer, but includes a processing unit, a microcomputer, and the like included in an information processing device, and is a generic term for devices and devices that can realize the functions of the present invention by a program. ing.
- the present invention is not limited to the above-described embodiments as they are, but can be embodied by modifying the constituent elements without departing from the spirit of the invention in the implementation stage.
- Various inventions can be formed by appropriately combining a plurality of constituent elements disclosed in the embodiments. For example, some components may be deleted from all the components shown in the embodiment. Furthermore, constituent elements over different embodiments may be appropriately combined.
- FIG. 1 is a schematic diagram showing a configuration of a storage medium processing system according to a first embodiment of the present invention.
- FIG. 2 SD card SDq explains the procedure for acquiring content key data via the user terminal 20.
- FIG. 3 shows an example of changes in the number of accesses to the license center device 40.
- FIG. 4 illustrates the operation of the storage medium processing system according to the second embodiment of the present invention.
- FIG. 5 illustrates the operation of the storage medium processing system according to the third embodiment of the present invention.
- FIG. 6 is a schematic diagram showing a configuration of an SD card and a user terminal corresponding to the encryption key double key method.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Business, Economics & Management (AREA)
- Computer Hardware Design (AREA)
- Accounting & Taxation (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Finance (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- Strategic Management (AREA)
- Development Economics (AREA)
- Computing Systems (AREA)
- Marketing (AREA)
- Multimedia (AREA)
- Economics (AREA)
- Technology Law (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/572,553 US20080310638A1 (en) | 2004-07-30 | 2005-06-24 | Storage Medium Processing Method, Storage Medium Processing Device, and Program |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2004-223035 | 2004-07-30 | ||
JP2004223035A JP2006042237A (ja) | 2004-07-30 | 2004-07-30 | 記憶媒体処理方法、記憶媒体処理装置及びプログラム |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2006011327A1 true WO2006011327A1 (ja) | 2006-02-02 |
Family
ID=35786079
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2005/011609 WO2006011327A1 (ja) | 2004-07-30 | 2005-06-24 | 記憶媒体処理方法、記憶媒体処理装置及びプログラム |
Country Status (3)
Country | Link |
---|---|
US (1) | US20080310638A1 (ja) |
JP (1) | JP2006042237A (ja) |
WO (1) | WO2006011327A1 (ja) |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2007102387A (ja) * | 2005-10-03 | 2007-04-19 | Fujitsu Ltd | ストレージシステム,暗号化パス切替え方法,暗号化パス切替え用プログラムおよびそのプログラムを記録した記録媒体 |
JP2008187691A (ja) * | 2007-01-31 | 2008-08-14 | Toshiba Corp | コンテンツ配信システム、及びコンテンツ配信方法 |
JP2009230745A (ja) * | 2008-02-29 | 2009-10-08 | Toshiba Corp | バックアップ及びリストアの方法、プログラム、及びサーバ |
US20100122323A1 (en) * | 2008-11-12 | 2010-05-13 | Condel International Technologies Inc. | Storage device management systems and methods |
US20160292400A1 (en) * | 2015-03-30 | 2016-10-06 | Honeywell International Inc. | Sd card license mechanism |
US10581617B2 (en) * | 2015-12-23 | 2020-03-03 | Mcafee, Llc | Method and apparatus for hardware based file/document expiry timer enforcement |
US10862872B1 (en) * | 2020-04-30 | 2020-12-08 | Snowflake Inc. | Message-based database replication |
US20230101220A1 (en) * | 2021-09-27 | 2023-03-30 | Real Identity Co., Ltd. | Usb secure data storage device, system to authenticate the same and authenticating method of the same |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH10326236A (ja) * | 1997-05-27 | 1998-12-08 | Mitsubishi Electric Corp | マルチメディア電子メールシステム |
JP2003519942A (ja) * | 1999-12-16 | 2003-06-24 | マイクロソフト コーポレイション | デジタルコンテンツを事前リリースする方法およびその方法と共に使用される暗号化鍵データベース |
JP2004112555A (ja) * | 2002-09-20 | 2004-04-08 | Matsushita Electric Ind Co Ltd | ダウンロードシステム及びダウンロード方法 |
WO2004036434A1 (ja) * | 2002-10-18 | 2004-04-29 | Kabushiki Kaisha Toshiba | 暗号化記録装置、再生装置及びプログラム |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7065507B2 (en) * | 2001-03-26 | 2006-06-20 | Microsoft Corporation | Supervised license acquisition in a digital rights management system on a computing device |
US20040267590A1 (en) * | 2003-06-30 | 2004-12-30 | International Business Machines Corporation | Dynamic software licensing and purchase architecture |
-
2004
- 2004-07-30 JP JP2004223035A patent/JP2006042237A/ja not_active Abandoned
-
2005
- 2005-06-24 WO PCT/JP2005/011609 patent/WO2006011327A1/ja active Application Filing
- 2005-06-24 US US11/572,553 patent/US20080310638A1/en not_active Abandoned
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH10326236A (ja) * | 1997-05-27 | 1998-12-08 | Mitsubishi Electric Corp | マルチメディア電子メールシステム |
JP2003519942A (ja) * | 1999-12-16 | 2003-06-24 | マイクロソフト コーポレイション | デジタルコンテンツを事前リリースする方法およびその方法と共に使用される暗号化鍵データベース |
JP2004112555A (ja) * | 2002-09-20 | 2004-04-08 | Matsushita Electric Ind Co Ltd | ダウンロードシステム及びダウンロード方法 |
WO2004036434A1 (ja) * | 2002-10-18 | 2004-04-29 | Kabushiki Kaisha Toshiba | 暗号化記録装置、再生装置及びプログラム |
Also Published As
Publication number | Publication date |
---|---|
JP2006042237A (ja) | 2006-02-09 |
US20080310638A1 (en) | 2008-12-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8126150B2 (en) | Storage medium processing method, storage medium processing device, and program | |
US7124304B2 (en) | Receiving device for securely storing a content item, and playback device | |
WO2006001161A1 (ja) | 記憶媒体処理方法、記憶媒体処理装置及びプログラム | |
US7845011B2 (en) | Data transfer system and data transfer method | |
AU2001253243B2 (en) | Secure digital content licensing system and method | |
US20070160209A1 (en) | Content management method, content management program, and electronic device | |
JP2005078653A (ja) | コンテンツアクセスデータのユーザ配信システム及びその方法 | |
JP2005080315A (ja) | サービスを提供するためのシステムおよび方法 | |
JP2007052633A (ja) | コンテンツデータ配信システム | |
WO2006008909A1 (ja) | 記憶媒体処理方法、記憶媒体処理装置及びプログラム | |
JP2010267240A (ja) | 記録装置 | |
WO2006011327A1 (ja) | 記憶媒体処理方法、記憶媒体処理装置及びプログラム | |
EP2273409A2 (en) | Interoperable keychest | |
JP2006025243A (ja) | 記憶媒体処理方法、記憶媒体処理装置及びプログラム | |
JP5209945B2 (ja) | 記憶装置、暗号化コンテンツの有効化方法及び端末装置 | |
JP2004078538A (ja) | デジタルデータ保護システム | |
JP2002033724A (ja) | コンテンツ配信システム | |
JP2002278845A (ja) | 遠隔パーティーの権利を保存しながらローカル・データを配布する方法 | |
US20120290834A1 (en) | Key distribution device, terminal device, and content distribution system | |
US9305144B2 (en) | Digital receipt for use with an interoperable keychest | |
JP2003298565A (ja) | コンテンツ配信システム | |
JP5198218B2 (ja) | 記憶媒体処理サーバ、記憶媒体処理方法及びシステム、及びユーザ端末 | |
JP4969821B2 (ja) | プログラム及びコンテンツ復号化方法 | |
KR20070107854A (ko) | 포터블 미디어 장치에 디지털 저작권 관리 포맷의 컨텐츠를제공하기 위한 drm 변환 방법 및 포터블 디바이스 | |
JP2011120292A (ja) | 情報処理装置およびプログラム |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 11572553 Country of ref document: US |
|
122 | Ep: pct application non-entry in european phase |