WO2006064565A1 - Content managing system and identifying medium - Google Patents
Content managing system and identifying medium Download PDFInfo
- Publication number
- WO2006064565A1 WO2006064565A1 PCT/JP2004/018840 JP2004018840W WO2006064565A1 WO 2006064565 A1 WO2006064565 A1 WO 2006064565A1 JP 2004018840 W JP2004018840 W JP 2004018840W WO 2006064565 A1 WO2006064565 A1 WO 2006064565A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- domain
- identification medium
- management system
- content
- devices
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1458—Protection against unauthorised use of memory or access to memory by checking the subject access rights
- G06F12/1491—Protection against unauthorised use of memory or access to memory by checking the subject access rights in a hierarchical protection system, e.g. privilege levels, memory rings
Definitions
- the present invention provides a content management system for sharing the right to use copyright-protected digital content among a plurality of users (for example, users in a group (domain) in a specific network). And an identification medium used therefor.
- Patent Document 1 Conventionally, for example, there has been a method described in Patent Document 1 for such a problem. This allows the server managing the usage rights to manage the users and the groups in which the users are included, and to give the usage rights for the content in groups.
- Patent Document 1 Japanese Patent Application Laid-Open No. 2003-132232
- the present invention has been made to solve the above-described problems, and allows a user to easily set a domain and prevent unauthorized use of content. It is an object to obtain a content management system and an identification medium used therefor. Disclosure of the invention
- a content management system includes an identification medium having a domain ID for identifying a plurality of devices as one group, and an internal arithmetic unit that reads and writes the domain ID,
- an arbitrary identification medium is communicatively connected, and the domain ID of the identification medium is a domain ID that permits content
- the apparatus includes a device that permits use of the content.
- FIG. 1 is a configuration diagram showing a content management system according to Embodiment 1 of the present invention.
- FIG. 2 is an explanatory diagram showing an overall configuration of a content management system according to Embodiment 1 of the present invention.
- FIG. 3 is an explanatory diagram showing in-license information of the content management system according to the first embodiment of the present invention.
- FIG. 1 is a configuration diagram illustrating a content management system according to Embodiment 1 of the present invention.
- FIG. 2 is an explanatory diagram illustrating an overall configuration of the content management system according to Embodiment 1 of the present invention.
- the content management system also has a plurality of (four in the illustrated example) devices 100 (100a 100d) and identification medium 200 (200a 200d). . Since the basic functions of the devices 100a and 100d and the identification media 200a to 200d are the same, the common functions will be described below as the device 100 and the identification medium 200.
- the device 100 is a device that plays back and stores digital content. Equipment for receiving and storing digital broadcasts installed in Also, the power of these devices 100a-100d is connected to the network. This network connection is not essential.
- the device 100 includes a content processing unit 101, a license holding unit 102, a license processing unit 103, and a card interface unit 104.
- the identification medium 200 is composed of, for example, an IC card having a calculation function, and is configured to be capable of being cut out from the device 100.
- the identification medium 200 includes a storage unit 201, an internal calculation unit 202, and an external interface unit 203.
- the content processing unit 101 in the device 100 is a functional unit that processes content when license permission by the license processing unit 103 is authorized.
- the license holding unit 102 is a storage unit that holds license data for permitting use of content.
- the license data is configured as follows, for example.
- FIG. 3 is an explanatory diagram of license data.
- license data content usage rights, data necessary for use
- the content is used by referring to the license data when the content is used. That is, in general, copyright-managed content is signed, and the information in the license data is used after being decrypted.
- No decryption key can be obtained.
- the encryption key for the content in the license data is the same as the encryption / decryption key that only that device has individually.
- the license data (license information) is managed by the server, and each time the content is used, information necessary for using the content by inquiring the server whether or not the content can be used or performing a purchase process (content content) Obtain and use an encryption key for decryption.
- the present invention can be applied to any of these cases, but in the present embodiment, a description will be given of a system in which license data is held in the license holding unit 102 in the device 100 and used.
- the license data includes, for example, content information, condition information on users who can use the content, content use conditions, and other information.
- the license processing unit 103 has a function of determining whether or not the content can be used based on this information when using copyright-managed content.
- the device 100 purchases / acquires a license and holds it in the license holding unit 102 (the license acquisition method is obtained from a license server on the network, etc. There are a variety of methods, but that doesn't matter here).
- a card interface unit 104 is a communication means for communicating with the identification medium 200, and issues a card access interface command to the identification medium 200, thereby identifying the identification medium. It has functions such as obtaining a domain ID from 200 and generating a domain ID on the identification medium 200.
- the card interface unit 104 has a function of decrypting the encrypted domain ID acquired from the identification medium 200.
- the device 100 includes a card slot (identification medium connecting means) 105 for connecting the identification medium 200.
- a card slot (identification medium connecting means) 105 for connecting the identification medium 200.
- two cards slots 105a and 105b are provided in one device (in this embodiment, device 100a), and two identification media 200 can be connected simultaneously.
- the storage unit 201 in the identification medium 200 is made of rewritable memory such as EEPROM, and stores a card ID and a domain ID.
- the card ID is a unique ID for uniquely identifying each identification medium 200 and is fixed (non-rewritable) data.
- the domain ID is identification information for identifying a plurality of devices as one group, and is provided as rewritable data. Also, the domain ID storage area is configured so that the domain ID cannot be set at the same time.
- the internal calculation unit 202 is an internal calculation function including, for example, a CPU, a RAM, and the like, and receives a command from the device 100, reads a domain ID from the storage unit 201, and rewrites the domain ID. It has a function.
- This internal calculation function is a function that is concealed within the identification medium 200 (which is generally not disclosed, but is commonly held as the identification medium 200).
- the external interface unit 203 is an interface for communicating with the device 100. It is.
- each identification medium 200a-200d When such an identification medium 200a 200d is connected to each device 100a 100d as shown in FIG. 2, in each device 100, the card interface unit 104 adds a domain ID to the connected identification medium 200. Issue a read request (card access interface command).
- the internal calculation unit 202 reads the domain ID from the storage unit 201, and sends this to the device 100 as response data for the read request. To do.
- the domain ID returned as a response from the identification medium 200 is the data as it is, there is a risk that the data will be illegally read and used.
- the internal computing unit 202 is not disclosed to the general public, but each identification medium 200 has a common data encryption / decryption function, and this encryption function is used when returning a domain ID. It is encrypted and returned as an encrypted domain ID.
- the encrypted domain ID received by the card interface unit 104 is decrypted and sent to the license processing unit 103.
- the license processing unit 103 compares the domain ID of the identification medium 200 with the domain ID that can use the content in the license holding unit 102, and determines that the device is permitted if they match. As a result, the content processing unit 101 uses predetermined content. By such an operation, all the devices 100 connected to the identification medium 200 having the same domain ID can use the content.
- the domain ID is generated inside the identification medium 200.
- the identification medium 200a is inserted into the card slot 105a of the device 100a, and a card access interface command indicating a domain ID generation setting is sent from the device 100a.
- the internal calculation unit 202 automatically generates a domain ID.
- the card ID byte sequence is reversed. This is done by using a domain ID as a result.
- Such an operation is performed for each identification medium 200, and a domain ID corresponding to each card ID is set.
- a different domain ID is set.
- the initial domain ID may not be automatically generated in the identification medium 200 but may be acquired from a server (not shown).
- a new identification medium 200b used in the device 100b is registered as the same domain (participates in the domain) will be described as an example.
- an identification medium 200a in which a domain ID is already set is inserted into one card slot 105a.
- an identification medium 200b for rewriting the domain ID is inserted.
- the card interface unit 104 reads the domain ID from the identification medium 200 described above for the identification medium 200a inserted in one card slot 105a, An ID is obtained and temporarily stored in a storage unit (not shown). For the identification medium 200b inserted in the other card slot 105b, a card access interface command for setting a domain ID is issued, and the key ID is sent together with this card access interface command. To do.
- the internal calculation unit 202 decrypts the encrypted domain ID, and sets this in the storage unit 201 as the domain ID.
- the domain ID can be easily set even with the new identification medium 200.
- the identification medium 200 in which the domain ID is already set is removed from the card slot 105, and the identification medium 200 in which the domain ID is newly set is inserted into the card slot 105.
- the card interface unit 104 sends the card access interface command for setting the identification medium 200 and the domain ID temporarily stored in the device 100 to the identification medium 200 that has been inserted. Send it out.
- the subsequent internal operation of the identification medium 200 is the same as the domain ID setting operation described above.
- the device 100 is temporarily read until the domain ID is read from the identification medium 200 for which the domain ID has already been set and the domain ID is set for another identification medium 200.
- the domain ID that you read in. Therefore, if you do not insert another card after reading the domain ID from the identification medium 200 for which the domain ID has already been set, the domain ID that was temporarily read will remain in the device 100. In other words, the possibility that the domain ID is used illegally increases.
- the card interface unit 104 of the device 100 sets a new domain ID even after a certain period of time after reading the domain ID from the identification medium 200 for which the domain ID has already been set. If the desired identification medium 200 is not inserted or the card access interface command for setting the domain ID is not issued, the read domain ID is erased and the domain ID setting process is controlled to be interrupted. In other words, if more than a predetermined time elapses after the domain ID is acquired from the identification medium 200 for which the domain ID is set and before the identification medium 200 for which a new domain ID is set is connected, the domain Disable ID setting processing. By performing such processing, it is possible to prevent the use of unauthorized domain IDs.
- the card interface unit 104 may decode the key domain ID, and other functional units within the device 100 may decrypt the card ID.
- the domain ID is copied when the domain ID is read in the copy process of the domain IDs in the two identification media 200. However, in the copy process, the copy is performed without any change. Processing may be performed. Alternatively, the copy process may be performed without encryption only when the above-described two identification media 200 are inserted into the device 100a at the same time.
- the first embodiment the case where an IC card is used as the identification medium 200 has been described.
- the first embodiment has a data storage area, an internal arithmetic unit, and an external interface function. Any medium that can be punched is applicable.
- At least one of the domain ID for identifying a plurality of devices as one group and the reading or writing of the domain ID An identification medium having an internal calculation unit that performs communication with the identification medium, an arbitrary identification medium is connected for communication, and the domain ID of the identification medium is predetermined to permit the content If it is a domain ID, it has a device that allows the use of the content, so that it is possible for the user of the device to easily set a domain and to prevent unauthorized use of the content.
- the identification medium of the first embodiment has an interface with an arbitrary device, a domain ID for identifying a plurality of devices as one group, and an internal arithmetic unit,
- the operation unit is configured to read the domain ID and assign the domain ID based on the interface command from the outside, so that the domain ID can be read and written by the interface command from the outside. effective.
- the internal arithmetic unit when assigning the domain ID, the internal arithmetic unit generates the domain ID using information that uniquely identifies the identification medium. Therefore, there is an effect that the domain ID can be set with a simple configuration and high security.
- the internal arithmetic unit performs encryption 'decoding means'. If the domain ID is output to the outside, the encryption domain ID is generated and output using the “ ⁇ ” key means, and if the encryption domain ID is received from the outside, the decryption means is used. Since the domain ID is decrypted and the domain ID is assigned, the domain ID can be managed more safely and the domain ID setting process for the identification medium can be performed more safely.
- the identification medium of the first embodiment since only one domain ID is held, it is possible to prevent an illegal domain setting and to obtain a highly reliable identification medium. There is an effect that can.
- the content management system of the first embodiment has an interface with an arbitrary device, a domain ID for identifying a plurality of devices as one gnole, and an internal calculation unit.
- the internal computing unit reads out the domain ID based on an interface command from the outside, and also provides an identification medium configured to assign a domain ID, an identification medium in which a domain ID is set, and a new
- an identification medium for setting a domain ID is connected, a domain ID read request is sent to the identification medium for which a domain ID is set, and the domain ID obtained by this read request is Set the domain ID from the identification medium set with the domain ID to the identification medium that newly sets the domain ID. Since the domain ID is set, the identification medium is connected to the device.
- an interface with an arbitrary device is possible.
- the internal calculation unit reads the domain ID based on an interface command from the outside, and
- the identification medium Domain ID is acquired from the storage medium and retained.
- the retained domain ID is set as the domain ID.
- the ID is set for the identification medium for which the domain ID is newly set from the identification medium for which the domain ID is set.
- the device acquires the domain ID from the identification medium in which the domain ID is set, and then sets the new domain ID.
- the domain ID setting process is invalidated, so even a system that does not have the power to connect to a single identification medium There is an effect that a safer domain ID can be set.
- the identification medium is an IC card
- a content management system can be constructed using a widely used IC card. The ability to realize copyright management and convenience for cost-safe content.
- the second embodiment relates to control when each device 100 is connected to the network in the configuration of the first embodiment and data is transmitted / received between these devices 100. Since the configuration in the drawing is the same as that of the first embodiment, the description will be made with reference to these drawings.
- Each device 100 has a network communication control unit (not shown), and negotiates with each other when transmitting and receiving data.
- the communication control unit obtains the domain ID of the identification medium 200 via the card interface unit 104, and establishes communication only when the domain IDs match each other.
- data transmission / reception control by domain ID is not limited to such communication control, and other control methods may be used.
- data is transmitted and received only between a plurality of devices connected via a network and between devices with the same domain ID set.
- data transmission / reception control of each device connected to the network can be performed with a simple configuration and high security.
- the domain ID is confirmed before data transmission / reception between the communicating devices, and if the domain ID is the same, the data Because it is designed to perform data transmission / reception, it is possible to provide a specific method for data transmission / reception control of each device connected to the network, and to perform data transmission / reception control with higher security. .
- the content management system performs domain management of a plurality of devices using an identification medium and has a digital information recording function having a function of realizing copyright protection. Suitable for use in playback devices.
Abstract
Description
Claims
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/JP2004/018840 WO2006064565A1 (en) | 2004-12-16 | 2004-12-16 | Content managing system and identifying medium |
JP2006548619A JPWO2006064565A1 (en) | 2004-12-16 | 2004-12-16 | Content management system and identification medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/JP2004/018840 WO2006064565A1 (en) | 2004-12-16 | 2004-12-16 | Content managing system and identifying medium |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2006064565A1 true WO2006064565A1 (en) | 2006-06-22 |
Family
ID=36587630
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2004/018840 WO2006064565A1 (en) | 2004-12-16 | 2004-12-16 | Content managing system and identifying medium |
Country Status (2)
Country | Link |
---|---|
JP (1) | JPWO2006064565A1 (en) |
WO (1) | WO2006064565A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2010504586A (en) * | 2006-09-21 | 2010-02-12 | サムスン エレクトロニクス カンパニー リミテッド | Apparatus and method for setting domain information |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2001500650A (en) * | 1996-09-12 | 2001-01-16 | オーディブル・インコーポレーテッド | Digital information library and distribution system |
JP2001519562A (en) * | 1997-10-03 | 2001-10-23 | オ−ディブル・インコ−ポレ−テッド | Method and apparatus for targeting a digital information playback device |
JP2003143147A (en) * | 2001-11-01 | 2003-05-16 | Sony Corp | Electronic apparatus, communication system and method, information processing terminal and method, information processing device and method, and program |
JP2004110817A (en) * | 2002-08-28 | 2004-04-08 | Matsushita Electric Ind Co Ltd | Content duplication management system and network equipment |
JP2004110816A (en) * | 2002-08-28 | 2004-04-08 | Matsushita Electric Ind Co Ltd | Content duplication management device, content duplication management method, content reproduction device, content reproducing method, content duplication management system, and program |
JP2004521428A (en) * | 2001-06-08 | 2004-07-15 | コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ | Device and method for selectively accessing services encrypted using a control word and smart card |
JP2004213640A (en) * | 2002-12-20 | 2004-07-29 | Matsushita Electric Ind Co Ltd | Information management system |
-
2004
- 2004-12-16 JP JP2006548619A patent/JPWO2006064565A1/en not_active Withdrawn
- 2004-12-16 WO PCT/JP2004/018840 patent/WO2006064565A1/en not_active Application Discontinuation
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2001500650A (en) * | 1996-09-12 | 2001-01-16 | オーディブル・インコーポレーテッド | Digital information library and distribution system |
JP2001519562A (en) * | 1997-10-03 | 2001-10-23 | オ−ディブル・インコ−ポレ−テッド | Method and apparatus for targeting a digital information playback device |
JP2004521428A (en) * | 2001-06-08 | 2004-07-15 | コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ | Device and method for selectively accessing services encrypted using a control word and smart card |
JP2003143147A (en) * | 2001-11-01 | 2003-05-16 | Sony Corp | Electronic apparatus, communication system and method, information processing terminal and method, information processing device and method, and program |
JP2004110817A (en) * | 2002-08-28 | 2004-04-08 | Matsushita Electric Ind Co Ltd | Content duplication management system and network equipment |
JP2004110816A (en) * | 2002-08-28 | 2004-04-08 | Matsushita Electric Ind Co Ltd | Content duplication management device, content duplication management method, content reproduction device, content reproducing method, content duplication management system, and program |
JP2004213640A (en) * | 2002-12-20 | 2004-07-29 | Matsushita Electric Ind Co Ltd | Information management system |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2010504586A (en) * | 2006-09-21 | 2010-02-12 | サムスン エレクトロニクス カンパニー リミテッド | Apparatus and method for setting domain information |
US8526445B2 (en) | 2006-09-21 | 2013-09-03 | Samsung Electronics Co., Ltd. | Apparatus and method for providing domain information |
Also Published As
Publication number | Publication date |
---|---|
JPWO2006064565A1 (en) | 2008-06-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2267628B1 (en) | Token passing technique for media playback devices | |
AU2005223193B2 (en) | Digital rights management structure, portable storage device, and contents management method using the portable storage device | |
AU2005225953B2 (en) | Method and apparatus for acquiring and removing information regarding digital rights objects | |
US20050216739A1 (en) | Portable storage device and method of managing files in the portable storage device | |
US20060173787A1 (en) | Data protection management apparatus and data protection management method | |
EP1630998A1 (en) | User terminal for receiving license | |
WO2006064768A1 (en) | Unauthorized deice detection device, unauthorized device detection system, unauthorized device detection method, program, recording medium, and device information update method | |
KR20050094317A (en) | Apparatus and method for moving and copying right objects between device and portable storage device | |
JP2006506697A (en) | Method for realizing data security storage and algorithm storage by a semiconductor memory device | |
AU2005225950B2 (en) | Portable storage device and method of managing files in the portable storage device | |
JP2005102055A (en) | Encryptor and decoder | |
JP4201566B2 (en) | Storage device and server device | |
JP2004312717A (en) | Data protection management apparatus and data protection management method | |
WO2006064565A1 (en) | Content managing system and identifying medium | |
KR101241413B1 (en) | Apparatus and method for moving and copying right objects between device and portable storage device | |
KR20020081762A (en) | Security service method for digital content and system therefor | |
KR20090063383A (en) | Digital rights management conversion system and controlling method for the same | |
MXPA06011034A (en) | Method and apparatus for acquiring and removing information regarding digital rights objects |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2006548619 Country of ref document: JP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 04807198 Country of ref document: EP Kind code of ref document: A1 |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 4807198 Country of ref document: EP |