WO2014136480A1 - 通信装置及び通信方法、コンピューター・プログラム、並びに通信システム - Google Patents
通信装置及び通信方法、コンピューター・プログラム、並びに通信システム Download PDFInfo
- Publication number
- WO2014136480A1 WO2014136480A1 PCT/JP2014/051014 JP2014051014W WO2014136480A1 WO 2014136480 A1 WO2014136480 A1 WO 2014136480A1 JP 2014051014 W JP2014051014 W JP 2014051014W WO 2014136480 A1 WO2014136480 A1 WO 2014136480A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- content
- terminal
- date
- time
- server
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims description 150
- 238000004891 communication Methods 0.000 title claims description 129
- 238000004590 computer program Methods 0.000 title claims description 32
- 230000004044 response Effects 0.000 claims description 31
- 238000004422 calculation algorithm Methods 0.000 claims description 11
- 238000012545 processing Methods 0.000 description 50
- 238000005516 engineering process Methods 0.000 description 39
- 230000008569 process Effects 0.000 description 31
- 230000005540 biological transmission Effects 0.000 description 30
- 238000010586 diagram Methods 0.000 description 17
- 238000012423 maintenance Methods 0.000 description 12
- 230000009471 action Effects 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 238000012790 confirmation Methods 0.000 description 2
- 238000012217 deletion Methods 0.000 description 2
- 230000037430 deletion Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 239000000284 extract Substances 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 230000004083 survival effect Effects 0.000 description 2
- 235000008694 Humulus lupulus Nutrition 0.000 description 1
- 206010000210 abortion Diseases 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000010561 standard procedure Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 239000013589 supplement Substances 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/108—Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2137—Time limited access, e.g. to a computer or data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/61—Time-dependent
Definitions
- the technology disclosed in this specification includes a communication device and a communication method for encrypting and transmitting content using a key shared according to a predetermined mutual authentication and key exchange (AKE) algorithm such as DTCP, a computer program, and a communication system.
- AKE mutual authentication and key exchange
- the present invention relates to a communication device and communication method, a computer program, and a communication system that transmit contents stored in a home via an external network while suppressing use beyond the scope of private use.
- Digitized content is relatively easy to perform illegal operations such as copying and falsification.
- DTCP Digital Transmission Content Protection
- DTLA Digital Transmission Licensing Administrator
- DTCP In DTCP, an authentication protocol between devices at the time of content transmission and a transmission protocol for encrypted content are negotiated. To summarize, the DTCP compliant device does not send out compressed content that is easy to handle in an unencrypted state outside the device, and the key exchange required to decrypt the encrypted content is a predetermined mutual authentication. And the key exchange (Authentication and Key Exchange: AKE) algorithm, and limiting the range of devices that perform key exchange using the AKE command.
- AKE Authentication and Key Exchange
- DTCP was originally defined for content transmission on a home network using IEEE 1394 or the like as a transmission path. Recently, as typified by DLNA (Digital Living Network Alliance), a movement to distribute digital contents through an IP network in the home has become serious. Accordingly, development of DTCP-IP (DTCP mapping to IP), in which DTCP technology is ported to an IP network, is underway.
- DLNA Digital Living Network Alliance
- the current DTCP-IP (DTCP-IP Volume 1 Specification Revision 1.4) registers remote access to home servers with the intention of restricting the use of content by third parties. It is limited to the terminal that has been.
- the round-trip delay time (RTT: Round Trip Time) of the command is limited to a maximum of 7 milliseconds and an upper limit of the number of hops of the IP router is imposed.
- the purpose of the technique disclosed in this specification is to use content beyond the scope of private use when transmitting content stored in a home via an external network according to a predetermined mutual authentication and key exchange algorithm such as DTCP. It is an object of the present invention to provide an excellent communication apparatus and communication method, computer program, and communication system that can be suitably suppressed.
- a content acquisition unit that acquires content to be provided to the terminal, or a content recording unit that records content to be provided to the terminal;
- a terminal registration unit for registering terminals that provide content;
- a content provider that controls the provision of content to the terminal based on the registration date of the terminal; It is a communication apparatus which comprises.
- the communication device further includes an authentication and key sharing unit that authenticates the terminal according to a predetermined mutual authentication and key exchange procedure and shares an exchange key.
- the content providing unit is configured to provide the terminal with the content encrypted using the exchange key.
- the authentication and key sharing unit of the communication device performs mutual authentication with the terminal according to an authentication and key exchange (AKE) algorithm defined by DTCP-IP.
- AKE authentication and key exchange
- the exchange key is shared, and the terminal registration unit is configured to register the terminal in accordance with a procedure defined by DTCP-IP.
- the terminal registration unit of the communication device registers a terminal in a home network
- the content providing unit registers the access accessed from an external network. It is configured to provide content to a later terminal.
- the terminal registration unit of the communication device manages the expiration date obtained by adding the first predetermined period to the registration date and time of the terminal together with the terminal information.
- the content providing unit is configured to restrict provision of content to a terminal whose expiration date has passed.
- the terminal registration unit of the communication device manages an expiration date obtained by adding a first predetermined period to the registration date and time of the terminal together with the terminal information.
- the content providing unit is configured to restrict provision of content to a terminal whose expiration date has passed.
- the content providing unit of the communication device exempts a predetermined number of terminals registered in the terminal registration unit from restrictions based on registration date and time. And is configured to provide content.
- the communication device sets a terminal exempt from restrictions based on registration date and time for each content or content group
- the content providing unit includes: The content is provided regardless of the registration date and time to a terminal exempted from restrictions based on the registration date and time for the content to be provided or the content group including the content.
- the content recording unit of the communication device corresponds to a terminal exempting the restriction based on the registration date and time for the content or the content group including the content. It is configured to record in content or content group metadata.
- the communication device described in claim 5 sets a terminal exempt from restrictions based on an expiration date for each content or each content group.
- the content providing unit is configured to provide content to a content group including the content to be provided or a terminal for which the exemption is set for the content to be provided regardless of the expiration date.
- the communication device described in claim 6 sets a terminal exempting restriction based on the limit date and time for each content or each content group.
- the content providing unit is configured to provide content to a content group including the content to be provided or a terminal to which the exemption is set for the content to be provided regardless of the limit date and time.
- the technique according to claim 12 of the present application is A content acquisition step of acquiring content to be provided to the terminal, or a content recording step of recording content to be provided to the terminal in a content recording unit; A terminal registration step of registering a terminal that provides content; A content providing step of providing the terminal with the content acquired in the content acquisition step or the content recorded in the content recording step while applying restrictions based on the registration date and time of the terminal; Is a communication method.
- the technique according to claim 13 of the present application is A content acquisition unit for acquiring content to be provided to the terminal, or a content recording unit for recording content to be provided to the terminal, A terminal registration unit for registering terminals that provide content; A content provider that controls the provision of content to the terminal based on the registration date and time of the terminal; As a computer program written in a computer-readable format to make the computer function.
- the computer program according to claim 13 of the present application defines a computer program described in a computer-readable format so as to realize predetermined processing on a computer.
- a cooperative operation is exhibited on the computer, and the same operational effect as the communication device according to claim 1 of the present application is obtained. Can do.
- the technique described in claim 14 of the present application is: An input unit for inputting operation information by the user; A registration request unit that makes a registration request to a server that manages the registration date and time; A content requesting unit that requests content from the server in accordance with operation information input to the input unit; In response to the request for content, a content playback unit that is allowed to play back the content from the server under restrictions based on the registration date and time, It is a communication apparatus which comprises.
- the content reproduction unit of the communication device is configured such that after the expiration date obtained by adding a first predetermined period to the registration date and time to the server, the server Playback of content from is restricted.
- the content reproduction unit of the communication device according to claim 14 is acquired by the server after the date and time obtained by adding the second predetermined period to the date and time registered in the server, or Playback of recorded content is restricted.
- the content reproduction unit is not restricted based on the registration date and time in the server.
- content can be reproduced from the server.
- the technique described in claim 18 of the present application is: An input step where user operation information is input; A registration request step for making a registration request to a server that manages the registration date and time; A content requesting step for requesting content from the server in accordance with operation information input to the input unit; A content playback step in which playback of the content from the server is permitted under a restriction based on the registration date and time in response to the request for the content; Is a communication method.
- the technology described in claim 19 of the present application is: An input section where user operation information is input, A registration request unit that makes a registration request to the server that manages the registration date and time, A content requesting unit that requests content from the server according to operation information input to the input unit; A content playback unit that is allowed to play back the content from the server under a restriction based on the registration date and time in response to the request for the content; As a computer program written in a computer-readable format to make the computer function.
- the computer program according to claim 19 of the present application defines a computer program written in a computer-readable format so as to realize predetermined processing on a computer.
- a cooperative operation is exhibited on the computer, and the same operational effect as the communication device according to claim 14 of the present application is obtained. Can do.
- a device requesting content
- a server that registers a terminal that provides content, and that controls the provision of the content to the terminal based on the registration date and time
- a communication system comprising:
- system here refers to a logical collection of a plurality of devices (or functional modules that realize specific functions), and each device or functional module is in a single housing. It does not matter whether or not.
- remote access from a terminal to a server in the home is restricted based on the date and time of registration with the server of the terminal, so that a third party who has registered once continues to use it. And the use of content beyond the scope of private use can be suitably suppressed.
- the content that can be used by the terminal by remote access is limited to the content recorded before the second predetermined period from the registration date and time of the terminal to the server.
- the use of content that exceeds the range of private use by a third party can be suitably suppressed.
- FIG. 1 is a diagram schematically illustrating a configuration example of a communication system 100 to which the technology disclosed in this specification is applied.
- FIG. 2 is a diagram schematically illustrating another configuration example of the communication system 200 to which the technology disclosed in this specification is applied.
- FIG. 3 is a diagram schematically illustrating a functional configuration of the communication apparatus 300 that operates as the servers 101 and 201 in FIGS. 1 and 2.
- FIG. 4 is a diagram schematically illustrating a functional configuration of the communication apparatus 400 that operates as the terminals 102 and 202 in FIGS. 1 and 2.
- FIG. 5 is a diagram showing a procedure for registering a sink for remote access described in the DTCP specification in the source.
- FIG. 1 is a diagram schematically illustrating a configuration example of a communication system 100 to which the technology disclosed in this specification is applied.
- FIG. 2 is a diagram schematically illustrating another configuration example of the communication system 200 to which the technology disclosed in this specification is applied.
- FIG. 3 is a diagram schematically illustrating
- FIG. 6 is a diagram showing a procedure for registering a sink device that performs remote access in a source device together with an expiration date.
- FIG. 7 is a diagram exemplifying the registered contents of the remote sink registry in which the sink-ID and the expiration date are paired.
- FIG. 8 is a diagram schematically showing a procedure for performing content transmission by remote access between a source device and a sink device.
- FIG. 9 is a diagram schematically showing the contents of the content list browsing phase (SEQ 801).
- FIG. 10 shows the V1SE. It is the figure which showed the contents of RA-AKE procedure phase described in 10.7.2.
- FIG. 11 is a diagram showing the contents of the RA-AKE procedure phase including the process of deleting the expired Sink-ID from the remote sink registry.
- FIG. 12 is a flowchart showing the procedure of the maintenance process of the remote sink registry.
- FIG. 13 is a diagram showing a procedure for registering a sink device that performs remote access in the source device together with the limit date and time.
- FIG. 14 is a diagram exemplifying the registered contents of a remote sink registry in which a sink-ID and a limit date / time are paired.
- FIG. 15 is a diagram showing a state in which the remote access exchange key K R and its exchange key label K R — label are associated with the Sink-ID and stored as a RAC record.
- Figure 16 is a diagram schematically showing the contents of a content transmission phase for transmitting encrypted (SEQ803) using the exchange key K R for remote access.
- FIG. 8 is a diagram schematically showing the contents of a content transmission phase for transmitting encrypted (SEQ803) using the exchange key K R for remote access.
- FIG. 17 is a flowchart showing a procedure of content output management processing performed in SEQ1602.
- FIG. 18 is a diagram schematically showing the contents of the content transmission phase (SEQ803) including content output management based on the expiration date.
- FIG. 19 is a flowchart showing a processing procedure of content output management performed in SEQ1802.
- FIG. 20 is a flowchart showing a processing procedure of content output management when a terminal exempting application of remote access restriction based on an expiration date is registered.
- FIG. 21 is a flowchart showing a processing procedure of content output management in a case where a terminal exempting application of remote access restriction based on the limit date is registered.
- FIG. 22 is a flowchart showing a processing procedure for restricting provision of CDS information based on an expiration date of a sink device to be remotely accessed.
- FIG. 23 is a flowchart showing a processing procedure for exempting the CDS information provision restriction based on the expiration date of the sink device in the content list browsing phase.
- FIG. 24 is a flowchart showing a processing procedure for restricting the provision of CDS information based on the limit date and time of the sink device to be remotely accessed.
- FIG. 25 is a flowchart showing a processing procedure for exempting the CDS information provision restriction based on the limit date and time of the sink device in the content list browsing phase.
- FIG. 26 is a diagram showing a configuration of a computer program distribution system 2600.
- FIG. 1 schematically shows a configuration example of a communication system 100 to which the technology disclosed in this specification is applied.
- the illustrated communication system 100 includes a server 101 and a terminal 102 connected on a home network 110 installed in a home.
- a server 101 and a terminal 102 connected on a home network 110 installed in a home.
- a home network 110 installed in a home.
- FIG. 1 schematically shows a configuration example of a communication system 100 to which the technology disclosed in this specification is applied.
- the illustrated communication system 100 includes a server 101 and a terminal 102 connected on a home network 110 installed in a home.
- a home network 110 installed in a home.
- FIG. 1 schematically shows a configuration example of a communication system 100 to which the technology disclosed in this specification is applied.
- the illustrated communication system 100 includes a server 101 and a terminal 102 connected on a home network 110 installed in a home.
- only one server and one terminal are depicted, but it is also assumed that two or more servers and terminal
- the server 101 stores content to be provided to the terminal 102.
- the server 101 is, for example, broadcast content received by terrestrial digital broadcasting, commercial content such as a movie read from a recording medium (not shown) such as a Blu-ray disc, and download from a content server (not shown) on the Internet. Accumulated content.
- DTCP technology is applied to content transmission between the server 101 and the terminal 102 via the home network 110.
- the terminal 102 that wants to use the content performs mutual authentication with the server 101 and shares the key according to a predetermined mutual authentication and key exchange (AKE) algorithm, and then stores the content stored in the server 101. Can be requested.
- the server 101 encrypts and transmits the requested content using the shared key.
- the server 101 that provides content corresponds to a source device, and the terminal 102 that uses the content corresponds to a sink device.
- the terminal 102 when the terminal 102 wants to access the server 101 from outside the home network 110, such as when going out, the terminal 102 needs to be pre-registered in the server 101 on the home network 110.
- FIG. 2 schematically illustrates another configuration example of the communication system 200 to which the technology disclosed in this specification is applied.
- the illustrated communication system 200 includes a server 201 connected on a home network 210 installed in a home and a terminal 202 connected on an external network 220 such as the Internet.
- the home network 210 and the external network 220 are interconnected via a router 230 according to an IP (Internet Protocol) protocol.
- IP Internet Protocol
- FIG. 2 schematically illustrates another configuration example of the communication system 200 to which the technology disclosed in this specification is applied.
- the illustrated communication system 200 includes a server 201 connected on a home network 210 installed in a home and a terminal 202 connected on an external network 220 such as the Internet.
- the home network 210 and the external network 220 are interconnected via a router 230 according to an IP (Internet Protocol) protocol.
- IP Internet Protocol
- the server 201 stores content to be provided to the terminal 202 such as broadcast content and commercial content.
- the DTCP-IP technology is applied to content transmission between the server 201 and the terminal 202 via the home network 210 and the external network 220. Therefore, the terminal 202 that wants to use the content needs to be registered in advance in the server 201 on the home network 210 (described above).
- the terminal 202 can request content stored in the server 201 after mutual authentication with the server 201 and sharing of the exchange key via the IP network including the home network 210 and the external network 220.
- the server 201 encrypts and transmits the requested content using the shared exchange key.
- the server 201 that provides content corresponds to a source device, and the terminal 202 that uses the content corresponds to a sink device.
- FIG. 3 schematically shows a functional configuration of the communication apparatus 300 that operates as the servers 101 and 201 (that is, the source device) in FIGS. 1 and 2.
- the communication / control unit 301 controls the communication operation through the home network and the external network, and controls the operation of the communication device 300 as a whole. Further, the communication / control unit 301 includes an interface for connecting to an external device such as HDMI (registered trademark) (High Definition Multimedia Interface) or USB (Universal Serial Bus) (or for digital output of content). ⁇ Recording and playback devices such as disk devices and Blu-ray disk devices can be connected.
- HDMI registered trademark
- USB Universal Serial Bus
- the content recording unit 302 records content to be provided to the terminal via the home network and the external network. Each content recorded in the content recording unit 302 holds a recording date and time and an access date and time under the management of a general file system.
- remote access restrictions may be set for each content recorded in the content recording unit 302, or a plurality of contents may be grouped to set remote access restrictions for each content group. The details will be given later.
- the content recording unit 302 also records metadata of each content or content group.
- the content acquisition unit 303 acquires content to be provided to the terminal.
- the content acquisition unit 303 includes a terrestrial digital broadcast tuner, for example, and acquires broadcast content.
- the content acquisition unit 303 is based on specifications defined by, for example, ARIB (Association of Radio Industries and Businesses).
- the content acquisition unit 303 can receive, for example, all or part of a broadcast channel segment, EPG (Electronic Program Guide) functions (program search, program information display, program reservation), HDCP (High-bandwidth Digital Content)
- EPG Electronic Program Guide
- HDCP High-bandwidth Digital Content
- a copy control function based on the (Protection) specification and the like, a content protection function for encrypting a broadcast content when it is limitedly received or when the received broadcast content is externally output, and the like.
- the content acquisition unit 303 includes a media playback device such as a Blu-ray disc, and reads commercial content such as movies from the media.
- the content acquisition unit 303 includes a browser and downloads paid or free content from a content server (not shown) on the Internet.
- the content acquisition unit 303 may record the acquired content in the content recording unit 302 as necessary.
- the content acquisition unit 303 may acquire content to be provided to the terminal from the content recording unit 302.
- the acquisition date and time of broadcast content and commercial content is the current date and time when the content acquisition unit 303 receives the broadcast content or reads the commercial content.
- the acquisition date and time of the content in the content recording unit 302 is the recording date and time when the content is recorded, and is managed by the file system or the like. In the present embodiment, there is one feature in that the provision of content is restricted based on the acquisition date or recording date of the content to a remotely accessed terminal, and details thereof will be described later.
- the content providing unit 304 provides the terminal with the content acquired by the content acquisition unit 303 in response to a request from the terminal.
- the content providing unit 304 transmits the content to the terminal by using, for example, an HTTP (Hyper Text Transfer Protocol) protocol.
- the content providing unit 304 encrypts the content to be transmitted using the exchange key shared with the terminal by the authentication / key sharing unit 306.
- the terminal When a terminal requests content by remote access from an external network, the terminal must be registered in advance in the terminal management unit 307.
- the content providing unit 304 has one feature in that content provision is limited based on the registration date and time and the content acquisition date and time to a remotely accessed terminal. Details thereof will be described later. Give up.
- the content list providing unit 305 provides the terminal with a list of contents that can be provided to the terminal and detailed information in response to a request from the terminal, for example.
- the content that the servers 101 and 201 can provide to the terminal includes broadcast content received by the content acquisition unit 303, commercial content read from the media, and content already recorded in the content recording unit 302. .
- the Content Directory Service (CDS) function that distributes the content list and the detailed information of the content in a hierarchy developed by UPnP (Universal Plug and Play), which is the base of DLNA, is applied. Is done.
- UPnP Universal Plug and Play
- the authentication / key sharing unit 306 shares an exchange key for mutual authentication and content encryption with a terminal that is a content request source according to an authentication and key exchange (AKE) algorithm defined by DTCP-IP. Do. Authentication and key sharing unit 306 for the terminal coming requesting content by remote access from the external network, and share the exchange key K R for remote access (see below).
- AKE authentication and key exchange
- the terminal management unit 307 manages information on terminals that request content.
- the terminal management unit 307 performs pre-registration processing for a terminal that uses content by remote access from an external network, and information on the terminal as “remote sink registry” or “RAC (Remote Access Connection) registry”.
- RAC Remote Access Connection
- Content usage should be limited to private use.
- the use of content is restricted to the range of private use by restricting the provision of the content based on the registration date / time and the content acquisition date / time to the remote access terminal. There are three characteristics, but the details will be given later.
- the above functional blocks 303 to 307 can also be realized as application programs executed by the communication / control unit 301 on top of the operating system or the TCP / IP protocol.
- this kind of application program can be distributed at a predetermined download site on a wide area network such as the Internet, and is a multi-function such as a CE (Consumer Electronics) device such as a digital broadcast tuner and a TV receiver, and a smartphone. It is downloaded to the terminal for use.
- CE Consumer Electronics
- Such a download site includes, for example, a server 2610 including a storage device 2611 that stores a computer program and a communication device 2612 that accepts the download in response to receiving a download request for the computer program (
- the computer program distribution system 2600 is configured together with a client device (DTCP_Source or DTCP_Sink) for installing the downloaded computer program.
- This type of server further includes an information notification device 2613 for notifying information indicating the name of the computer program in response to a download request for the computer program from the client.
- the information notification device 2613 notifies the computer program name and information indicating that the application provides a commercial content recorded in the home to a remote terminal, for example.
- FIG. 4 schematically shows a functional configuration of the communication apparatus 400 that operates as the terminals 102 and 202 (that is, sinks) in FIGS. 1 and 2.
- the communication / control unit 401 controls the communication operation via the home network and the external network, and controls the overall operation of the communication device 400.
- the content list browsing unit 402 makes a content list acquisition request to the servers 101 and 201 serving as the sources, and displays the acquired content list browsing screen. For example, when a list of contents that can be provided by the servers 101 and 201 is acquired as CDS information (described above), a contents list screen is displayed. The user can select contents to be reproduced and output through this list screen.
- the list of contents that can be provided is limited based on the registration date and time and the content acquisition date and time in the server 201. The details will be described later.
- the content acquisition unit 403 transmits a content acquisition request to the servers 101 and 201 to acquire content in the server.
- the content acquisition unit 403 requests acquisition of content selected by the user in the content list screen displayed by the content / list browsing unit 402.
- an HTTP protocol is used for content acquisition requests to the servers 101 and 201 and content acquisition (described later).
- the terminal 202 that remotely accesses the server 201, there is one feature in that the content that can be acquired is limited based on the registration date and time and the content acquisition date and time in the server 201. Details will be given later.
- the content acquired from the servers 101 and 201 is encrypted by the authentication / key sharing unit 406 using the exchange key shared with the servers 101 and 201.
- the content decrypting unit 404 decrypts the encrypted content acquired from the servers 101 and 201 using this encryption key. Then, the content reproduction output unit 405 reproduces and outputs the decrypted content.
- the authentication / key sharing unit 406 is an encryption key for mutual authentication and content encryption according to the authentication and key exchange (AKE) algorithm defined by DTCP-IP with the servers 101 and 201 that are the content request destinations. Share. Authentication and key sharing unit 406, between the server 201 to request the content by remote access from the external network, and share the exchange key K R for remote access. The authentication / key sharing unit 406 performs pre-registration for remote access to the server 101 when the home network 210 is connected.
- AKE authentication and key exchange
- the above functional blocks 402 to 406 can also be realized as application programs executed on the upper level of the operating system or TCP / IP protocol in the communication / control unit 401.
- This type of application program can be distributed on a predetermined download site over a wide area network such as the Internet, and downloaded to a multifunction terminal that plays back content in a home server such as a smartphone.
- Such a download site includes, for example, a server 2610 including a storage device 2611 that stores a computer program and a communication device 2612 that accepts the download in response to receiving a download request for the computer program (
- the computer program distribution system 2600 is configured together with a client device (DTCP_Source or DTCP_Sink) for installing the downloaded computer program.
- This type of server further includes an information notification device 2613 for notifying information indicating the name of the computer program in response to a download request for the computer program from the client.
- the information notification device 2613 notifies information indicating that the application is permitted to browse commercial content recorded in the home, for example, together with the name of the computer program.
- the remote access from the terminal 202 to the server 201 as shown in FIG. 2 is controlled based on the registration date / time to the server 201, and the remote access is restricted when a predetermined period elapses from the registration date / time.
- the authentication / key sharing unit 406 manages the date and time of registration in the server 201 and the re-registration procedure is automatically executed before the predetermined period elapses, so that the remote access terminal 202 does not restrict remote access.
- the registration date and time may be refreshed.
- FIG. 5 shows a DTCP specification, DTCP Volume 1 Supplement E Mapping DTCP to IP, Revision 1.4ed1 (Informational Version) V1SE.
- Fig. 10 illustrates a procedure for registering a sink device for remote access to a source device described in section 10.7.1. In the figure, it is understood that the sink device corresponds to the terminal 202 and the source device corresponds to the server 201.
- an AKE procedure is performed between a source device and a sink device under the restriction of RTT (Round Trip Time) (SEQ501). For example, if the source device and the sink device are in the home network 210, the RTT restriction is cleared and the AKE procedure ends successfully. Since the RTT-AKE procedure itself is not directly related to the gist of the technique disclosed in this specification, a detailed description thereof is omitted here.
- the sink device uses the command RA_REGISTER.
- the user's own Sink-ID is transmitted to the Source device (SEQ502).
- the Sink device transmits its own Device ID or IDu as the Sink-ID (the Sink device implements the Common Device Key and the Common Device Certificate, and the Device ID becomes the specific information of the Sink. If not, IDu is used as the Sink-ID).
- Source device is RA_REGISTER. It is checked whether the Sink-ID received by the CMD matches the Device ID or IDu received by the RTT-AKE procedure completed immediately before.
- the source device checks whether the received sink-ID is already stored in the remote sink registry (managed by the terminal management unit 307). If the received sink-ID is already stored, this procedure is terminated as it is.
- the source device confirms that the remote sink registry is not full. If the received Sink-ID matches the Device ID or IDu received in the RTT-AKE procedure completed immediately before and the remote sink registry is not full, the Source device sets the Sink-ID to the remote sink registry. Additional storage is performed (SEQ504).
- the source device sends the registered result to the command RA_REGISTER. Return to the sink device with RSP (SEQ503).
- the server 201 as the source device receives the sink-ID of the terminal 201 (when connected to the home network 210) that has succeeded in the RTT-AKE procedure. Further, the information is additionally stored in the remote sink registry managed by the terminal management unit 307.
- the server 201 keeps the Sink-ID once registered in the remote sink registry, once the third party terminal is registered in the server once, the third party will continue to use the contents in the server. There is a problem of being able to.
- the server 201 restricts remote access from the terminal 202 based on the registration date and time of the terminal 202 to the server 201, thereby preventing a third party who has once registered from continuing to use.
- the use of content beyond the scope of private use is suitably suppressed.
- the server 201 allows the terminal to allow remote access for a first predetermined period (for example, 30 days) from the registration date and time. The method of setting as a time limit is mentioned. If the terminal 202 that requested remote access to the content is within the expiration date, the server 201 permits the use of the content, but does not permit remote access from the terminal 202 that has passed the expiration date.
- a first predetermined period for example, 30 days
- the server 201 calculates the expiration date of the terminal 202 by adding the first predetermined period to the current date and time, and pairs the expiration date with the sink-ID. Thus, it may be stored in the terminal management unit 307.
- FIG. 6 illustrates a procedure for registering a sink device that performs remote access to a source device together with an expiration date.
- the Source device corresponds to the server 201 installed in the home network 210 and transmits content
- the Sink device corresponds to the terminal 202 that requests content from the server 201 (the same applies hereinafter).
- the Sink device once performs the registration procedure shown in FIG. 6 on the home network 210 and then remotely accesses the server 201 from the external network 220 such as the Internet.
- an AKE procedure is performed between the source device and the sink device under the restriction of RTT (Round Trip Time) (SEQ601).
- the Sink device receives the command RA_REGISTER.
- the user's own Sink-ID is transmitted to the Source device (SEQ602).
- the Source device is RA_REGISTER.
- the Sink-ID received by the CMD matches the Device ID or IDu received by the RTT-AKE procedure that was completed immediately before, and is not yet stored in the remote sink registry, and whether the remote sink registry is not full. To check. Then, when these conditions are cleared and the Sink-ID is additionally stored in the remote sink registry, the Source device uses the command RA_REGISTER. It returns to the sink device by RSP (SEQ603).
- the source device acquires the current date and time as the registration date and time of the sink device (SEQ604), the source device adds the first predetermined period (for example, 30 days) as the effective period of the sink device registration to the current date and time.
- the time limit is calculated (SEQ 605), the pair of the Sink-ID and the expiration date is stored in the remote sink registry (SEQ 606).
- FIG. 7 shows an example of the registered contents of the remote sink registry in which the sink-ID and the expiration date are stored as a pair.
- the management of terminal registration date / time and expiration date information as shown in FIG. 7 is not performed individually in the server 201 on the home network 210, but on a management server placed on the cloud or the like. You may make it carry out centrally.
- the source device (server 201) indicates the current date and time as the registration date and time, for example, a clock function built in the server (not shown in FIG. 3), a time signal included in the broadcast wave (for example, the content acquisition unit 303 has a tuner function). It can be obtained from time information obtained from a server (not shown) on the network.
- the terminal 202 manages the registration date and time to the server 201 with the authentication / key sharing unit 406 or the like so that remote access to the server 201 is not restricted based on the registration date and time without the user's knowledge. Then, the re-registration procedure (that is, the restart of the processing sequence shown in FIG. 6) is automatically executed before the predetermined period elapses, so that the registration date and time is refreshed so that remote access is not restricted. May be. Of course, the user of the terminal 202 may refresh the registration date and time by manual operation.
- FIG. 8 schematically shows a procedure for performing content transmission by remote access between the Source device and the Sink device after the above pre-registration.
- the remote access exchange key is implemented by performing a mutual authentication and key exchange procedure between the source device and the sink device, and a content list browsing phase (SEQ801) for designating the content that the sink device requests to transmit.
- SEQ802 a content list browsing phase
- K share R RA-AKE procedure phase (SEQ802), has been the content specified in the content list view phase, consisting of the content transmission phase for transmitting encrypted (SEQ803) using the exchange key K R for remote access .
- FIG. 9 schematically shows the contents of the content list browsing phase (SEQ 801).
- a content list browsing request is issued from the content list browsing unit 402 (SEQ901).
- a content list service (Content Directory Service) function that distributes the content list and the detailed information of the content in a hierarchical manner, which is formulated in UPnP, which is the base of DLNA, is applied to browse the content list.
- CDS Content Directory Service
- UPnP which is the base of DLNA
- the content list browsing request includes a sink-ID that identifies the sink device.
- a sink-ID that identifies the sink device.
- a CDS Click request
- the content providing unit 304 On the source device side, content that can be provided by the content providing unit 304 (for example, broadcast content or commercial content that can be acquired by the content acquisition unit 303, or content that is already recorded in the content recording unit 302 that is its own storage) Since the CDS: Browse action has been issued, the content list providing unit 305 obtains all obtainable content information regarding the corresponding content (SEQ902), and generates CDS information with a sufficient amount of information. (SEQ903). The source device may restrict the provision of the CDS information to the sink device to be remotely accessed based on the expiration date of the sink device (described later). Then, the Source device returns a CDS Result to the Sink device (SEQ904).
- the content list browsing unit 402 analyzes the received CDS Result and displays the content information including the content title and more detailed information (SEQ905).
- FIG. 22 is a flowchart showing a processing procedure for the source device to restrict the provision of CDS information to the sink device to be remotely accessed based on the expiration date of the sink device in the content list browsing phase (SEQ801). It is shown in the form of
- the source device clears the content information that can be provided (step S2201).
- the source device acquires the expiration date corresponding to the sink-ID of the requesting sink device from the remote sink registry (step S2202), and acquires the current date and time (step S2203).
- the source device checks whether or not the current date has passed the expiration date of the requesting sink device (step S2204). If the current date and time has passed the expiration date (No in step S2204), the subsequent content information adding process is skipped, and the content information is transmitted while it is empty (step S2208).
- step S2204 when the current date and time have not passed the expiration date of the requesting sink device (Yes in step S2204), content information is created as usual. That is, until all the content information is processed (No in step S2205), the content information of the unprocessed content is referred to (step S2206), and the content information is added to the content information that can be provided (step S2207). , Repeat. Then, the source device transmits the completed content information to the requesting sink device (step S2208).
- the processing procedure shown in FIG. 22 is performed, for example, in SEQ 903 in the sequence diagram shown in FIG.
- the source device does not necessarily need to perform this processing procedure, and may provide content information for all content that can be provided by itself regardless of the expiration date of the sink device.
- the user of the sink device can select content to be reproduced from the displayed content list.
- transmission of the content from the source device to the sink device is started.
- mutual authentication and key exchange for remote access between the sink device and the source device, that is, RA-AKE processing is performed.
- Fig. 10 shows V1SE. Of the DTCP specification (described above). Details of the contents of the RA-AKE procedure phase (SEQ802) described in Section 10.7.2 are shown.
- the sink device transmits a CHALLENGE command including an exchange key field in which a bit for remote access exchange K R (Remote Exchange Key) is set, and requests the source device to perform an AKE process (SEQ1001). Then, the challenge / response part of the authentication procedure is executed between the source device and the sink device (SEQ1002 to 1004).
- K R Remote Exchange Key
- Source device aborts the RA-AKE procedure, it is possible to continue the AKE procedure other than RA-AKE.
- the source device When the source device receives the device ID or IDu as a sink-ID from the sink device in a challenge / response procedure (SEQ1005), the source device registers in the remote sink registry managed in the terminal management unit 307 of the source device. It is checked whether it has been done (SEQ1006).
- the source device transmits an AKE_CANCEL command to the sink device (SEQ1014) and stops the RA-AKE procedure (SEQ1015).
- the source device determines whether or not the RAC record corresponding to the sink-ID already exists. The contents in the registry (described later) are checked (SEQ1007).
- the Source device uses the remote access exchange key K R and its exchange key label K R _label stored in the RAC record. Decide on. Alternatively, if the source device does not transmit content using the remote access exchange key K R , the source device refers to the inside of the RAC record and updates the stored values of K R and K R _label. You may make it (SEQ1013).
- the source device determines whether the count value RACC for counting the RAC record is less than RACC max . Is checked (SEQ1008).
- RACC max is a counter that counts remote access connections, and is initialized to zero when there is no remote access connection.
- the Source device transmits an AKE_CANCEL command to the sink device (SEQ1014), and cancels the RA-AKE procedure (SEQ1015).
- Source device After incrementing by 1 the value of the RACC (SEQ1009), according to a predetermined calculation rule, exchange key K R and exchange key label for remote access K and generates an R _label (SEQ1010), these in association with Sink-ID of the Sink device, and stores the RAC record in RAC registry (SEQ1011).
- the server 201 manages the RAC record in the terminal management unit 307, for example.
- FIG. 15 shows how the remote access exchange key K R generated for the sink device and its exchange key label K R — label are stored as a RAC record in association with the sink-ID.
- the source device can use the remote access exchange key K R extracted from the existing RAC record and its exchange key label K R _label (including the case where it is updated), or a newly generated remote access exchange key K.
- R and its exchange key label K R — label are transmitted to the sink device (SEQ1016).
- Source device if it supports RA_MANAGEMENT function, to initiate K R for survival timer for maintaining the replacement K R for remote access, for holding at least one minute K R (SEQ1012).
- V1SE V1SE.
- the source device confirms that the sink device's sink-ID is registered in the remote sink registry in the first condition determination SEQ1006. and exchange to share the key K R for access.
- the third party terminal uses the content in the server thereafter. There is a problem of being able to continue.
- the source device sets the expiration date from the registration date and time to the sink-ID registered in the remote sink registry (see FIGS. 6 and 7), and the sink-ID whose expiration date has expired. Is deleted from the remote sink registry to prevent the third party once registered from continuing to use it, and the use of content beyond the scope of private use is suitably suppressed.
- the deletion process for a sink-ID whose expiration date has expired can be performed, for example, in the source device.
- FIG. 11 shows the details of the contents of the RA-AKE procedure phase (SEQ 802) including the process of deleting the expired Sink-ID from the remote sink registry.
- Sink device sends laden CHALLENGE command the exchange key field bit is set in the replacement K R for remote access, requesting the AKE process on Source device (SEQ1101), Source between the device and the Sink Device
- SEQ1101 Source between the device and the Sink Device
- the challenge / response portion of the authentication procedure is executed (SEQ 1102 to 1104).
- the source device can receive the device ID or IDu as the sink-ID from the sink device in a challenge / response procedure (SEQ1105).
- the source device performs maintenance of the remote sink registry, that is, the process of deleting the expired sink-ID from the remote sink registry (SEQ1106).
- the process of deleting the expired sink-ID set from the registration date and time from the remote sink registry it is possible to prevent a registered third party from continuing to use it. It is assumed that only entries within the validity period remain after the maintenance process of remote sink registration is performed. The details of the maintenance process of the remote sink registration will be described later.
- the source device checks whether or not the received sink-ID is listed in the remote sink registry managed in its own terminal management unit 307 (SEQ 1107).
- the source device transmits an AKE_CANCEL command to the sink device (SEQ1116) and cancels the RA-AKE procedure (SEQ1117).
- the source device determines whether or not the RAC record corresponding to the sink-ID already exists. The inside is checked (SEQ 1108).
- the Source device uses the remote access exchange key K R and its exchange key label K R _label stored in the RAC record. Decide on. Alternatively, if the source device does not transmit content using the remote access exchange key K R , the source device refers to the inside of the RAC record and updates the stored values of K R and K R _label. You may make it (SEQ1114).
- the sink-ID is listed in the remote sink registry, but if the corresponding RAC record does not exist (No in SEQ1108), the source device determines whether the count value RACC for counting the RAC record is less than RACC max . Is checked (SEQ1109).
- the source device transmits an AKE_CANCEL command to the sink device (SEQ 1115), and cancels the RA-AKE procedure (SEQ 1116).
- Source device After incrementing by 1 the value of the RACC (SEQ1110), according to a predetermined calculation rule, exchange key K R and exchange key label for remote access K and generates an R _label (SEQ1111), these in association with Sink-ID of the Sink device, and stores the RAC record in RAC registry (SEQ1112).
- the server 201 manages the RAC record in the terminal management unit 307, for example.
- FIG. 15 shows how the remote access exchange key K R generated for the sink device and its exchange key label K R — label are stored as a RAC record in association with the sink-ID.
- the source device can use the remote access exchange key K R extracted from the existing RAC record and its exchange key label K R _label (including the case where it is updated), or a newly generated remote access exchange key K.
- R and its exchange key label K R — label are transmitted to the sink device (SEQ 1117).
- Source device if it supports RA_MANAGEMENT function, to initiate K R for survival timer for maintaining the replacement K R for remote access, for holding at least one minute K R (SEQ1113).
- the maintenance process of the remote sink registry implemented in SEQ1106 refer to the registered contents of the remote sink registry (refer to FIG. 7) stored as a pair of the sink-ID and the expiration date, and refer to the registration date and time. Delete the Sink-ID entry that has expired from the remote sink registry.
- This maintenance processing can be performed in the server 201 as a source device, but it may be performed together with management of terminal registration date and time information on a management server placed on the cloud or the like. Good.
- FIG. 12 shows a maintenance process procedure of the remote sink registry in the form of a flowchart.
- maintenance processing is performed in the server 201 as a source device. This maintenance process is performed, for example, by the authentication / key sharing unit 306 in the server 201 during the RA-AKE procedure phase.
- the server 201 In the remote sink registry managed in the terminal management unit 307, the server 201 relates to the sink device whose expiration date has not been confirmed (No in step S1201), and sets the expiration date stored as a pair with the sink-ID. Reference is made (step S1202), and it is checked whether or not the current date has passed the expiration date (step S1203). Then, the entry of the sink-ID whose current date and time has passed the expiration date (step S1203: Yes) is deleted from the remote sink registry (step S1204).
- the server 201 repeatedly executes the processes in steps S1202 to S1204 for all the sink entries registered in the remote sink registry (Yes in step S1201).
- the maintenance process of the remote sink registry shown in FIG. 12 is not performed individually by each server 201 (in other words, performed in units of the home network 210 in which the server 201 is installed), but a management server on the cloud, etc.
- the remote sink registry of the server 201 of each home may be centrally managed.
- the remote sink registry maintenance process as shown in FIG. 12 is not performed sequentially during the RA-AKE procedure, but the server 201 or a management server on the cloud (whether or not to implement the RA-AKE procedure). (Despite this) it may be done periodically.
- the expiration date confirmation process is executed for all entries in the remote sink registry in one maintenance process, but the sink that is the target of the RA-AKE procedure is used. -Only the entry corresponding to the ID may be subjected to the expiry date confirmation process (deletion process for entries that have expired).
- “content output management” that restricts the transmission of content to the terminal whose expiration date has passed in the subsequent content transmission phase is performed. It may be included.
- the RA-AKE procedure is performed in accordance with the procedure shown in FIG. 10 not including the erasure processing instead of FIG. 11, and the remote access exchange key K R and its key are assigned to all the Sink devices regardless of the expiration date.
- An exchange key label K R _label is distributed. Then, in the content transmission phase of SEQ803, the expiration date of the requesting sink device is checked.
- FIG. 18 schematically shows the contents of the content transmission phase (SEQ 803) including output management of content based on the expiration date.
- the sink device acquires the remote access exchange key K R acquired by the RA-AKE procedure and its exchange key label K R _label, and then, for example, by an HTTP request (HTTP GET request) using an HTTP GET method.
- the device is requested to transmit content (SEQ1801).
- SEQ1801 At the time of the request, along with the URL (Uniform Resource Locator) of the content, and sends the label K R _label the ID of the exchange key K R for remote access.
- the source device executes content output management processing based on the expiration date (SEQ1802).
- the source device When the source device sends the remote access exchange key K R and its exchange key label K R _label to the sink device in the RA-AKE procedure, these are associated with the sink-ID and stored as a RAC record. (See above and FIG. 15). Therefore, the source device can check the sink-ID of the request source sink device from the RAC record corresponding to the exchange key label K R — label included in the content request.
- the source device calculates the expiration date when registering the sink device, that is, when registering the sink-ID in the remote sink registry, and stores it as a pair with the sink-ID (see FIG. 7 and FIG. 7). checking). Therefore, it is possible to check the expiration date of the sink device based on the sink-ID obtained from the RAC record.
- the source device permits the content request if the current date and time has not passed the expiration date of the requesting sink device, but does not permit the content request when the current date and time has passed the expiration date. Further, the source device may delete the entry of the sink device that has passed the expiration date from the remote sink registry.
- the remote device When the source device permits the content request from the sink device, the remote device extracts the remote access exchange key K R specified by the exchange key label K R _label from the RAC record and encrypts the content using this. Then, it is transmitted to the sink device as an HTTP response (HTTP GET response) (SEQ1803).
- HTTP GET response HTTP GET response
- FIG. 19 shows a processing procedure of content output management performed in SEQ1802 in the form of a flowchart.
- the content providing unit 304 performs content output management processing in the server 201 as the source device.
- the server 201 refers to the exchange key label K R _label included in the content request (HTTP GET request) (step S1901), and determines whether or not the RAC record of the same exchange key label K R _label exists in the terminal management unit 307. A check is made (step S1902).
- the server 201 acquires the Sink-ID corresponding to the exchange key label K R _label from the RA record (Ste S1903).
- the server 201 acquires the expiration date stored in pairs with the sink-ID from the remote sink registry in the terminal management unit 307 (step S1904).
- the server 201 accesses the management server via the communication / control unit 301 and sends information on the corresponding expiration date. get.
- the server 201 acquires the current date and time (step S1905), and checks whether the current date and time has passed the expiration date of the requesting sink device (step S1906). If the current date and time has passed the expiration date (Yes in step S1906), the corresponding sink-ID entry is deleted from the remote sink registry (step S1907), and this processing routine ends.
- the server 201 permits the content request from the sink device and transmits the requested content, for example, HTTP GET response. (Step S1908).
- an expiration date is set by adding the first predetermined period to the registration date and time of the terminal to the server, and only the terminals within the expiration date are allowed to remotely access the contents in the server and are valid. By prohibiting remote access after the expiration date, the use of content beyond the scope of private use by a third party can be suppressed.
- content of content that can be remotely accessed by the terminal 202 for a second predetermined period ⁇ (for example, 3 days) from the registration date and time is mentioned.
- remote access of content recorded in the content recording unit 302 before the limit date and time of the terminal 202 is permitted, but remote access of content recorded after the limit date and time is not permitted.
- remote access of content acquired by the content acquisition unit 303 before the limit date is permitted, but remote access of content acquired by the content acquisition unit 303 after the limit date is not permitted.
- the server 201 calculates the limit date of the terminal 202 by adding a second predetermined period ⁇ to the current date and time, and pairs the limit date and time with the sink-ID. And remember it.
- FIG. 13 illustrates a procedure for registering a sink device that performs remote access to the source device together with the limit date and time.
- an AKE procedure is performed between the source device and the sink device under the restriction of RTT (Round Trip Time) (SEQ1301).
- RTT Random Trip Time
- the sink device transmits the command RA_REGISTER.
- CMD the user's own Sink-ID is transmitted to the Source device (SEQ1302).
- Source device is RA_REGISTER.
- the Sink-ID received by the CMD matches the Device ID or IDu received by the RTT-AKE procedure that was completed immediately before, and is not yet stored in the remote sink registry, and whether the remote sink registry is not full. To check. Then, when these conditions are cleared and the Sink-ID is additionally stored in the remote sink registry, the Source device uses the command RA_REGISTER. It returns to the sink device with RSP (SEQ1303).
- the source device acquires the current date and time as the registration date and time of the sink device (SEQ1304)
- the source device adds a second predetermined period ⁇ (for example, three days) as the limit date and time of registration of the sink device to the current date and time.
- the limit date and time is calculated (SEQ 1305), and the pair of sink-ID and limit is stored in the remote sink registry (SEQ 1306).
- FIG. 14 exemplifies the registered contents of the remote sink registry in which the sink-ID and the limit date / time are stored as a pair.
- the management of terminal registration date / time and limit date / time information as shown in FIG. 14 is not performed individually in the server 201 on the home network 210, but on a management server placed on the cloud or the like. You may make it carry out centrally.
- the source device uses the current date and time as the registration date and time, for example, a clock function built in the server (not shown in FIG. 3), a time signal included in the broadcast wave (for example, the content acquisition unit 303 uses the tuner).
- a broadcast wave with a function it can be obtained from time information obtained from a server (not shown) on the network.
- Figure 16 is the content of the content transmission phase for transmitting encrypted using the exchange key K R for remote access (SEQ803) schematically shown.
- the illustrated sequence includes content output management processing based on the limit date and time.
- the sink device acquires the remote access exchange key K R acquired by the RA-AKE procedure and its exchange key label K R _label, and then, for example, by an HTTP request (HTTP GET request) using an HTTP GET method.
- the device is requested to transmit content (SEQ1601).
- SEQ1601 Content
- At the time of the request along with the URL (Uniform Resource Locator) of the content, and sends the label K R _label the ID of the exchange key K R for remote access.
- the source device executes content output management processing based on the limit date (SEQ1602).
- the source device When the source device sends the remote access exchange key K R and its exchange key label K R _label to the sink device in the RA-AKE procedure, these are associated with the sink-ID and stored as a RAC record. (See above and FIG. 15). Therefore, the source device can check the sink-ID of the request source sink device from the RAC record corresponding to the exchange key label K R — label included in the content request.
- the source device calculates the limit date and time when registering the sink device, that is, when registering the sink-ID in the remote sink registry, and stores it as a pair with the sink-ID (described above and FIG. 14). checking). Therefore, the limit date and time of the sink device can be checked based on the sink-ID obtained from the RAC Record.
- the source device If the content is recorded in the source device before the limit date and time of the requesting sink device, the source device permits the content request from the sink device, but records it in the source device after the limit date and time has passed. For the content that has been set, the content request from the sink device is not permitted.
- the remote device When the source device permits the content request from the sink device, the remote device extracts the remote access exchange key K R specified by the exchange key label K R _label from the RAC record and encrypts the content using this. Then, it is transmitted to the sink device as an HTTP response (HTTP GET response) (SEQ1603).
- HTTP GET response HTTP GET response
- FIG. 17 shows the procedure of content output management processing executed in SEQ1602 in the form of a flowchart.
- the content providing unit 304 performs content output management processing in the server 201 as the source device.
- the server 201 refers to the exchange key label K R — label included in the content request (HTTP GET request) (step S1701), and determines whether or not the RAC record of the same exchange key label K R — label exists in the terminal management unit 307. A check is made (step S1702).
- the server 201 acquires the Sink-ID corresponding to the exchange key label K R — label from the RA record ( Step S1703).
- the server 201 acquires the limit date and time stored as a pair with the sink-ID from the remote sink registry in the terminal management unit 307 (step S1704). However, when the limit date and time of each Sink-ID is entrusted to, for example, a management server on the cloud, the server 201 accesses the management server via the communication / control unit 301 to obtain information on the corresponding limit date and time. get.
- the server 201 acquires the recording date and time when the content requested by the content request (HTTP GET request) is recorded in the content recording unit 302 from the file system (step S1705). However, when the requested content is content acquired by the content acquisition unit 304 such as broadcast content, the current date and time (reception date and time) is acquired as the acquisition date and time.
- the server 201 checks whether the recording date / time or the acquisition date / time of the requested content exceeds the limit date / time set in the sink device (step S1706).
- the server 201 permits the content request from the sink device, and in step S1707, the requested content is transmitted. Is performed by, for example, HTTP GET response.
- the server 201 does not permit the content request from the sink device, skips subsequent processing, This processing routine ends.
- the content that the terminal can use by remote access is the content recorded before the limit date or limit
- the limit date and time By restricting only content acquired before the date and time, it is possible to suitably suppress the use of content that exceeds the scope of private use by a third party.
- remote access restriction based on the limit date and time can be performed in the content list browsing phase (SEQ801).
- FIG. 24 is a flowchart showing a processing procedure for the source device to restrict the provision of CDS information to the sink device to be remotely accessed based on the limit date and time of the sink device in the content list browsing phase (SEQ 801). It is shown in the form of
- the source device clears the content information that can be provided (step S2401).
- the source device acquires the limit date and time corresponding to the sink-ID of the requesting sink device from the remote sink registry (step S2402).
- the source device creates content information until all content information is processed (No in step S2403). That is, when the source device refers to the content information of the unprocessed content (step S2404), the recording date and time when the content is recorded in the content recording unit 302 is acquired from the file system (step S2405). However, when the requested content is content acquired by the content acquisition unit 304 such as broadcast content, the current date and time (reception date and time) is acquired as the acquisition date and time.
- the source device checks whether the recording date / time or the acquisition date / time of the content does not exceed the limit date / time set in the sink device (step S2406).
- step S2406 When the recording date / time or the acquisition date / time of the content does not exceed the limit date / time of the sink device (Yes in step S2406), the source device adds the content information to the content information that can be provided (step S2407). Then, the process returns to step S2403, and it is checked whether or not all content information has been processed.
- step S2406 when the recording date / time of the content exceeds the limit date / time of the sink device (No in step S2406), the source device does not add the content information to the content information that can be provided, and proceeds to step S2403. Return and check if all content information has been processed.
- the source device transmits the completed content information to the requesting sink device (step S2408).
- a predetermined number of terminals registered in the server 201 may be exempted from application of remote access restrictions based on the registration date and time.
- a terminal exempted from the restriction of remote access based on the registration date and time may be set for each content recorded in the server 201 or for each content group.
- the restriction is exempted from the available terminals registered in the terminal management unit 307 (ie, remote sink registry). Automatically select the terminal of the user who performed the recording reservation or recording request operation by registering the Sink-ID of the terminal that exempts the application of restrictions for each user.
- a method of assigning exemptions is conceivable.
- a login ID to the server 201 for example, a login ID to the server 201, a user instruction, a user recognition by a camera or a sensor, and the like can be cited.
- the terminal's Sink-ID is held as metadata related to each content. Further, when a terminal exempt from application of restrictions is registered for each content group, the sink-ID of the terminal is held as metadata relating to each content group.
- the RA-AKE procedure is performed according to the procedure shown in FIG. 10 instead of FIG. without performing the deregistration process, keep distributing the exchange key K R and exchange key label K R _label for remote access to all of the Sink device. Then, in the content output management process in the content transmission phase (see FIGS. 18 and 16), the content transmission to the terminal is controlled according to the remote access restriction exemption set for each content or each content group To do.
- FIG. 20 shows the procedure of content output management processing in the form of a flowchart in the case where a terminal exempting application of remote access restriction based on the expiration date is registered.
- the content providing unit 304 performs content output management processing in the server 201 as the source device.
- the server 201 refers to the exchange key label K R — label included in the content request (HTTP GET request) (step S2001), and determines whether or not the RAC record of the same exchange key label K R — label exists in the terminal management unit 307. Check (step S2002).
- the server 201 acquires a Sink-ID corresponding to the exchange key label K R _label from the RA record ( Step S2003).
- the server 201 exempts whether or not this Sink-ID exists in the metadata of the content group including the requested content, that is, exempts the restriction of remote access by the expiration date for the content group. It is checked whether the Sink-ID is set (step S2004). If the Sink-ID exists in the metadata of the content group (Yes in step S2004), the server 201 permits the content request from the sink device and transmits the requested content, for example, HTTP GET. The response is performed (step S2009).
- the server 201 determines whether the sink-ID exists in the requested content metadata. That is, it is checked whether or not the Sink-ID is exempt from the application of the remote access restriction due to the expiration date for the content (step S2005). If the Sink-ID exists in the metadata of the content (Yes in step S2005), the server 201 permits the content request from the sink device and transmits the requested content using, for example, an HTTP GET response. This is performed (step S2009).
- the server 201 acquires the current date and time (step S2007), and checks whether the current date and time has passed the expiration date of the requesting sink device (step S2008). If the current date has passed the expiration date (No in step S2008), the processing routine is terminated without transmitting the content.
- the server 201 permits the content request from the sink device and transmits the requested content, for example, HTTP GET response. (Step S2009).
- remote access restriction exemption based on the expiration date can also be performed in the content list browsing phase (SEQ801).
- FIG. 23 is a flowchart showing a processing procedure for exempting the provision of CDS information based on the expiration date of the sink device from the source device to the sink device remotely accessed in the content list browsing phase (SEQ801). It is shown in the form of
- the source device clears the content information that can be provided (step S2301).
- the source device acquires an expiration date corresponding to the sink-ID of the requesting sink device from the remote sink registry (step S2302), and acquires the current date and time (step S2303).
- the source device creates content information until all content information is processed (No in step S2304).
- step S2305 When the source device refers to the content information of the unprocessed content (step S2305), it is determined whether or not the requesting sink-ID exists in the metadata of the content group including the content, that is, for the content group. It is checked whether or not the Sink-ID is exempted from application of remote access restrictions due to the expiration date (step S2306). If the sink-ID exists in the metadata of the content group (Yes in step S2306), the source device adds the content information referred to in step S2305 to the content information that can be provided (step S2305). S2309), the process returns to step S2304.
- the source device determines whether the request source sink-ID exists in the metadata of the content, that is, Then, it is checked whether or not the Sink-ID is exempt from application of the remote access restriction due to the expiration date for the content (step S2307). If a sink-ID exists in the metadata of the content (Yes in step S2307), the source device adds the content information referred to in step S2305 to the content information that can be provided (step S2309). Return to step S2304.
- the sink-ID does not exist in any metadata of the content group and the content, that is, when the application of the remote access restriction due to the expiration date is not exempted (No in steps S2306 and S2307)
- the source device checks whether the current date and time acquired in step S2303 has passed the expiration date of the requesting sink device (step S2308).
- step S2308 If the current date / time has not yet passed (Yes in step S2308), the source device adds the content information referenced in step S2305 to the content information that can be provided (step S2309), and then step S2304. Return to.
- step S2308 if the current date has passed the expiration date (No in step S2308), the process returns to step S2304 without adding the content information referred to in step S2305 to the content information that can be provided.
- the source device transmits the completed content information to the requesting sink device (step S2310).
- FIG. 21 shows the procedure of content output management processing in the form of a flowchart in the case where a terminal exempting the application of the remote access restriction based on the limit date is registered.
- the content providing unit 304 performs content output management processing in the server 201 as the source device.
- the server 201 refers to the exchange key label K R — label included in the content request (HTTP GET request) (step S2101), and determines whether or not the RAC record of the same exchange key label K R — label exists in the terminal management unit 307. Check (step S2102).
- step S2102 If there is no RAC record of the same exchange key label K R _label (No in step S2102), the server 201 skips all subsequent processes and ends this processing routine.
- Step S2103 when the RAC record of the same exchange key label K R _label exists (Yes in Step S2102), the server 201 acquires the Sink-ID corresponding to the exchange key label K R _label from the RA record ( Step S2103).
- the server 201 exempts whether or not this Sink-ID exists in the metadata of the content group including the requested content, that is, the remote access restriction by the limit date and time for the content group is exempted. It is checked whether the Sink-ID is set (step S2104). If the sink-ID is present in the metadata of the content group (Yes in step S2104), the server 201 permits the content request from the sink device and transmits the requested content, for example, HTTP GET. The response is performed (step S2109).
- the server 201 determines whether the sink-ID exists in the requested content metadata. That is, it is checked whether or not the Sink-ID is exempt from application of remote access restrictions based on the limit date and time for the content (step S2105). If the Sink-ID exists in the metadata of the content (Yes in Step S2105), the server 201 permits the content request from the Sink device and transmits the requested content using, for example, an HTTP GET response. This is performed (step S2109).
- the sink-ID does not exist in any metadata of the content group and the content, that is, when the application of the remote access restriction by the limit date / time is not exempted (No in steps S2104 and S2105). Then, the limit date and time stored as a pair with the sink-ID is acquired from the remote sink registry in the terminal management unit 307 (step S2106).
- the server 201 acquires the recording date and time when the requested content is recorded in the content recording unit 302 from the file system (step S2107).
- the requested content is content acquired by the content acquisition unit 304 such as broadcast content
- the current date and time is acquired as the acquisition date and time.
- the server 201 checks whether the recording date / time or the acquisition date / time of the requested content exceeds the limit date / time set in the sink device (step S2108).
- the server 201 permits the content request from the sink device, and in step S2109, the requested content is transmitted. For example, HTTP GET response is performed.
- the server 201 does not permit the content request from the sink device, skips subsequent processing, This processing routine ends.
- remote access restriction exemption based on the limit date can also be performed in the content list browsing phase (SEQ801).
- FIG. 25 is a flowchart showing a processing procedure for exempting the source device from providing the CDS information based on the limit date and time of the sink device to the sink device that is remotely accessed in the content list browsing phase (SEQ801). It is shown in the form of
- the source device clears the content information that can be provided (step S2501).
- the source device acquires the limit date and time corresponding to the sink-ID of the requesting sink device from the remote sink registry (step S2502).
- the source device creates content information until all content information is processed (No in step S2503).
- step S2504 When the source device refers to the content information of the unprocessed content (step S2504), whether or not the requesting sink-ID exists in the metadata of the content group including the content, that is, for the content group. It is checked whether or not the Sink-ID is exempt from application of the remote access restriction by the limit date (step S2505). If the sink-ID exists in the metadata of the content group (Yes in step S2505), the source device adds the content information referenced in step S2504 to the content information that can be provided (step S2504). S2509), the process returns to step S2503.
- the source device determines whether the sink-ID of the request source exists in the metadata of the content, that is, Then, it is checked whether or not the Sink-ID is exempt from application of the remote access restriction according to the limit date and time for the content (step S2506). If a sink-ID exists in the metadata of the content (Yes in step S2506), the source device adds the content information referred to in step S2504 to the content information that can be provided (step S2509). Return to step S2503.
- the sink-ID does not exist in the metadata of the content group and the content, that is, when the remote access restriction by the limit date is not exempted (No in steps S2505 and S2506).
- the source device checks whether the content information referred in step S2504 has exceeded the limit date.
- the Source device acquires the recording date and time when the content was recorded in the content recording unit 302 from the file system (step S2507). However, when the requested content is content acquired by the content acquisition unit 304 such as broadcast content, the current date and time (reception date and time) is acquired as the acquisition date and time. Then, the source device checks whether the recording date / time or the acquisition date / time of the content does not exceed the limit date / time set in the sink device (step S2508).
- step S2508 When the recording date / time or the acquisition date / time of the content does not exceed the limit date / time of the sink device (Yes in step S2508), the source device adds the content information to the content information that can be provided (step S2509), and then the step. The process returns to S2503.
- step S2508 when the recording date / time of the content exceeds the limit date / time of the sink device (No in step S2508), the source device does not add the content information to the content information that can be provided, and proceeds to step S2503. Return.
- step S2503 when all the content information has been processed (Yes in step S2503), the source device transmits the completed content information to the requesting sink device (step S2510).
- FIG. 20 As shown in FIG. 20, FIG. 21 and FIG. 23, FIG. 25, it is not specific to a specific terminal and exempt from remote access restrictions, but for each content or for each group of content. To ensure the convenience of content use within the scope of private use by multiple terminals for each family member, for example, by setting a terminal that exempts remote access restrictions based on the date and time of registration with the server Can do.
- the technology disclosed in this specification has been described mainly with respect to an embodiment in which the technology disclosed in this specification is applied to an IP network and a DTCP specification network.
- the gist of the technology disclosed in this specification is not limited thereto. Absent.
- the technology disclosed in the technology disclosed in the present specification can also be applied to various communication systems other than DTCP-IP that have restrictions on remote access to content in a home network.
- the scope of application of the technology disclosed in this specification is not limited to remote access to a home network.
- the technology disclosed in the present specification can be similarly applied when it is desired to restrict access based on the registration date and time of the terminal to the home server even during local access in the home network.
- a content acquisition unit that acquires content to be provided to the terminal, or a content recording unit that records content to be provided to the terminal;
- a terminal registration unit for registering terminals that provide content;
- a content provider that controls the provision of content to the terminal based on the registration date of the terminal;
- a communication apparatus comprising: (2) further comprising an authentication and key sharing unit for authenticating the terminal according to a predetermined mutual authentication and key exchange procedure and sharing the exchange key;
- the content providing unit provides the terminal with content encrypted using the exchange key;
- the communication device according to (1) above.
- the authentication and key sharing unit performs mutual authentication and exchange key sharing with a terminal according to an authentication and key exchange (AKE) algorithm defined by DTCP-IP.
- AKE authentication and key exchange
- the terminal registration unit registers a terminal according to a procedure defined by DTCP-IP.
- the terminal registration unit registers the terminal in the home network,
- the content providing unit provides content to a registered terminal accessed from an external network.
- the terminal registration unit manages an expiration date obtained by adding a first predetermined period to the registration date and time of the terminal together with information on the terminal,
- the content providing unit restricts the provision of content to a terminal whose expiration date has passed;
- the terminal registration unit manages the limit date and time obtained by adding the second predetermined period to the registration date and time of the terminal together with the terminal information,
- the content providing unit restricts the provision of content to the terminal whose acquisition date / time of the content acquisition unit or recording date / time to the content recording unit is after the limit date / time,
- the communication device according to (1) above.
- the content providing unit exempts restrictions based on the registration date and provides content. The communication device according to (1) above.
- the content providing unit For each content or content group, set a terminal exempt from restrictions based on the registration date and time, The content providing unit provides content regardless of the registration date and time to a terminal exempt from restrictions based on the registration date and time for the content to be provided or a content group including the content, The communication device according to (1) above. (9) The content recording unit records, in the metadata of the corresponding content or content group, a terminal that exempts the restriction based on the registration date and time for the content or the content group including the content. The communication device according to (8) above.
- the content providing unit For each content or content group, set a terminal exempt from restrictions based on the expiration date, The content providing unit provides content to a content group including content to be provided or a terminal in which the exemption is set for content to be provided regardless of an expiration date.
- the communication device according to (5) above.
- the communication device according to (6) above.
- a content information providing unit that provides the terminal with information related to content that can be provided to the terminal, The content providing unit provides content selected via content information viewed on the terminal side; The communication device according to (1) above.
- the content information providing unit restricts the provision of content information to the terminal based on the registration date and time of the terminal.
- the terminal registration unit manages an expiration date obtained by adding a first predetermined period to the registration date and time of the terminal together with information on the terminal, The content information providing unit restricts the provision of content information to a terminal whose expiration date has passed; The communication device according to (13) above.
- the terminal registration unit manages a limit date and time obtained by adding a second predetermined period to the registration date and time of the terminal together with information on the terminal,
- the content information providing unit restricts provision of content information to a terminal for content whose acquisition date / time of the content acquisition unit or recording date / time to the content recording unit is after the limit date / time,
- the communication device according to (13) above.
- the content information providing unit exempts restrictions based on the registration date and provides content information.
- the communication device according to (13) above.
- a communication method comprising: (20) A content acquisition unit that acquires content to be provided to the terminal, or a content recording unit that records content to be provided to the terminal, A terminal registration unit for registering terminals that provide content;
- a registration request unit that makes a registration request to a server that manages the registration date and time;
- the content playback unit obtains content encrypted with the exchange key from the server, decrypts the content with the exchange key, and plays back the content.
- the communication device according to (21) above. (23) The registration request unit registers with the server in a home network, The content playback unit acquires content from the server via an external network; The communication device according to (21) above. (24) The registration request unit performs the processing of the registration request to the server again before a predetermined period elapses from the registration date and time.
- the communication device according to (21) above. The content reproduction unit reproduces broadcast content received by the server or commercial content read from a recording medium, or content recorded by the server.
- the content reproduction unit is restricted from reproducing the content from the server after an expiration date obtained by adding a first predetermined period to the registration date and time to the server.
- the content reproduction unit is limited to reproduce the content acquired or recorded by the server after the date and time when the second predetermined period is added to the registration date and time to the server.
- (28) When registered in the server within a predetermined number, the content reproduction unit can reproduce the content from the server without being restricted based on the registration date and time to the server.
- the content playback unit can play back the content exempted from restrictions based on the registration date and time or the content included in the content group for the communication device regardless of the registration date and time.
- the content reproduction unit can reproduce the content exempted from the restriction based on the expiration date for the communication device or the content included in the content group regardless of the set expiration date.
- the content reproduction unit may determine whether the server acquires or records content or content included in a content group exempted from restriction based on the limit date and time for the communication device, whether or not the date or time before the limit date and time is acquired by the server. Can be played regardless,
- a content information browsing unit for browsing information related to content that can be provided by the server The content requesting unit requests the server to select content selected via information browsed by the content information browsing unit;
- the communication device according to (21) above. 33) The content information browsing unit browses information related to content that can be provided by the server under restrictions based on the registration date and time to the server.
- the communication device according to (32) above. 34) The content information browsing unit is restricted from browsing the content information after the expiration date obtained by adding the first predetermined period to the registration date and time to the server.
- the content information browsing unit is restricted from browsing the content information acquired or recorded by the server after the date and time when the second predetermined period is added to the registration date and time to the server.
- the communication device (2) above.
- the content information browsing unit can browse the content information without being restricted based on the registration date and time to the server.
- the communication device (33) above.
- the content information browsing unit can browse the content information included in the content or the content group exempted from the restriction based on the expiration date for the communication device regardless of the set expiration date.
- the communication device (34) above.
- the content information browsing unit determines whether or not the server acquires or records content information included in a content group or content group exempted from restriction based on the limit date and time by the server before the limit date and time. Can be viewed regardless of The communication device according to (35) above.
- a communication method comprising: (40) An input unit for inputting operation information by a user; A registration request unit that makes a registration request to the server that manages the registration date and time, A content requesting unit that requests content from the server according to operation information input to the input unit; A content playback unit that is allowed to play back the content from the server under a restriction based on the registration date and time in response to the request for the content; A computer program written in a computer-readable format to make a computer function as (41) a terminal requesting content; A server that registers a terminal that provides content, and that controls the provision of the content to the terminal based on
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
- Information Transfer Between Computers (AREA)
Abstract
Description
端末に提供するコンテンツを取得するコンテンツ取得部、又は、端末に提供するコンテンツを記録するコンテンツ記録部と、
コンテンツを提供する端末を登録する端末登録部と、
端末の登録日時に基づいて端末へのコンテンツの提供を制御するコンテンツ提供部と、
を具備する通信装置である。
端末に提供するコンテンツを取得するコンテンツ取得ステップ、又は、端末に提供するコンテンツをコンテンツ記録部に記録するコンテンツ記録ステップと、
コンテンツを提供する端末を登録する端末登録ステップと、
端末の登録日時に基づく制限をかけながら、前記コンテンツ取得ステップで取得したコンテンツ又は前記コンテンツ記録ステップで記録したコンテンツを端末に提供するコンテンツ提供ステップと、
を有する通信方法である。
端末に提供するコンテンツを取得するコンテンツ取得部、又は、端末に提供するコンテンツを記録するコンテンツ記録部、
コンテンツを提供する端末を登録する端末登録部、
端末の登録日時に基づいて端末へのコンテンツの提供を制御するコンテンツ提供部、
としてコンピューターを機能させるようにコンピューター可読形式で記述されたコンピューター・プログラムである。
ユーザーによる操作情報が入力される入力部と、
登録日時を管理するサーバーに対して登録要求を行なう登録要求部と、
前記入力部に入力される操作情報に応じて、前記サーバーに対してコンテンツの要求を行なうコンテンツ要求部と、
前記のコンテンツの要求に応じて、前記登録日時に基づく制限下で、前記サーバーから前記コンテンツの再生が許可されるコンテンツ再生部と、
を具備する通信装置である。
ユーザーによる操作情報が入力される入力ステップと、
登録日時を管理するサーバーに対して登録要求を行なう登録要求ステップと、
前記入力部に入力される操作情報に応じて、前記サーバーに対してコンテンツの要求を行なうコンテンツ要求ステップと、
前記のコンテンツの要求に応じて、前記登録日時に基づく制限下で、前記サーバーから前記コンテンツの再生が許可されるコンテンツ再生ステップと、
を有する通信方法である。
ユーザーによる操作情報が入力される入力部、
登録日時を管理するサーバーに対して登録要求を行なう登録要求部、
前記入力部に入力される操作情報に応じて、前記サーバーに対してコンテンツの要求を行なうコンテンツ要求部、
前記のコンテンツの要求に応じて、前記登録日時に基づく制限下で、前記サーバーから前記コンテンツの再生が許可されるコンテンツ再生部、
としてコンピューターを機能させるようにコンピューター可読形式で記述されたコンピューター・プログラムである。
コンテンツを要求する端末と、
コンテンツを提供する端末を登録するとともに、その登録日時に基づいて前記端末へのコンテンツの提供を制御するサーバーと、
を具備する通信システムである。
図1には、本明細書で開示する技術を適用した通信システム100の構成例を模式的に示している。図示の通信システム100は、家庭内に敷設されたホーム・ネットワーク110上に接続されたサーバー101と端末102で構成される。同図では、簡素化のため、サーバーと端末をそれぞれ1台ずつしか描いていないが、2台以上のサーバー並びに端末がホーム・ネットワーク110上に設置されることも想定される。
図5には、DTCPの仕様書、DTCP Volume 1 Supplement E Mapping DTCP to IP,Revision 1.4ed1(Informational Version)のV1SE.10.7.1節に記載されている、リモート・アクセスを行なうSinkデバイスをSourceデバイスに登録する手順を図解している。同図中、Sinkデバイスは端末202に相当し、Sourceデバイスはサーバー201に相当するものと理解されたい。
サーバー201が、登録日時に基づいて端末202からのリモート・アクセスを制限する方法の1つとして、登録日時から第1の所定の期間(例えば、30日間)を端末のリモート・アクセスを許可する有効期限として設定する方法が挙げられる。サーバー201は、コンテンツへのリモート・アクセスを要求した端末202が有効期限内であれば、コンテンツの利用を許可するが、有効期限を過ぎた端末202からのリモート・アクセスを許可しない。
サーバー201が、登録日時に基づいて端末202からのリモート・アクセスを制限する他の方法として、登録日時から第2の所定期間α(例えば、3日間)を端末202がリモート・アクセス可能なコンテンツの限界日時として設定する方法が挙げられる。例えば、端末202が持つ限界日時より以前にコンテンツ記録部302に記録されたコンテンツのリモート・アクセスは許可されるが、限界日時以降に記録されたコンテンツのリモート・アクセスは許可されない。また、限界日時より以前にコンテンツ取得部303が取得するコンテンツのリモート・アクセスは許可されるが、限界日時以降にコンテンツ取得部303が取得するコンテンツのリモート・アクセスは許可されない。
上記のC項並びにD項では、端末202をサーバー201に登録した登録日時に基づいて設定した有効期限又は限界日時を用いて端末202からのリモート・アクセスを制限することによって、一旦登録した第三者が利用し続けることを防止し、私的利用の範囲を超えたコンテンツの利用を抑制するようにしている。
(1)端末に提供するコンテンツを取得するコンテンツ取得部、又は、端末に提供するコンテンツを記録するコンテンツ記録部と、
コンテンツを提供する端末を登録する端末登録部と、
端末の登録日時に基づいて端末へのコンテンツの提供を制御するコンテンツ提供部と、
を具備する通信装置。
(2)所定の相互認証及び鍵交換手続きに従って端末を認証するとともに交換鍵を共有する認証及び鍵共有部をさらに備え、
前記コンテンツ提供部は、前記交換鍵を用いて暗号化したコンテンツを端末に提供する、
上記(1)に記載の通信装置。
(3)前記認証及び鍵共有部は、DTCP-IPが規定する認証及び鍵交換(AKE)アルゴリズムに従って、端末と相互認証並びに交換鍵の共有を行ない、
前記端末登録部は、DTCP-IPが規定する手続きに従って端末の登録を行なう、
上記(2)に記載の通信装置。
(4)前記端末登録部は、ホーム・ネットワーク内で端末を登録し、
前記コンテンツ提供部は、外部ネットワークからアクセスした登録後の端末にコンテンツを提供する、
上記(1)に記載の通信装置。
(5)前記端末登録部は、端末の登録日時に第1の所定期間を加算した有効期限を端末の情報とともに管理し、
前記コンテンツ提供部は、有効期限を経過した端末へのコンテンツの提供を制限する、
上記(1)に記載の通信装置。
(6)前記端末登録部は、端末の登録日時に第2の所定期間を加算した限界日時を端末の情報とともに管理し、
前記コンテンツ提供部は、前記コンテンツ取得部の取得日時又は前記コンテンツ記録部への記録日時が限界日時以降となるコンテンツの端末への提供を制限する、
上記(1)に記載の通信装置。
(7)前記コンテンツ提供部は、前記端末登録部に登録される所定台数の端末については、登録日時に基づく制限を免除して、コンテンツを提供する、
上記(1)に記載の通信装置。
(8)コンテンツ毎又はコンテンツ・グループ毎に、登録日時に基づく制限を免除する端末を設定し、
前記コンテンツ提供部は、提供するコンテンツ又はコンテンツが含まれるコンテンツ・グループについて登録日時に基づく制限が免除された端末に対して、登録日時に拘わらずコンテンツを提供する、
上記(1)に記載の通信装置。
(9)前記コンテンツ記録部は、コンテンツ又はコンテンツが含まれるコンテンツ・グループについて登録日時に基づく制限を免除する端末を該当するコンテンツ又はコンテンツ・グループのメタデータに記録する、
上記(8)に記載の通信装置。
(10)コンテンツ毎又はコンテンツ・グループ毎に、有効期限に基づく制限を免除する端末を設定し、
前記コンテンツ提供部は、提供するコンテンツを含むコンテンツ・グループ又は提供するコンテンツについて前記免除が設定された端末に対しては、有効期限に拘わらずコンテンツを提供する、
上記(5)に記載の通信装置。
(11)コンテンツ毎又はコンテンツ・グループ毎に、限界日時に基づく制限を免除する端末を設定し、
前記コンテンツ提供部は、提供するコンテンツを含むコンテンツ・グループ又は提供するコンテンツについて前記免除が設定された端末に対しては、限界日時に拘わらずコンテンツを提供する、
上記(6)に記載の通信装置。
(12)端末に提供可能なコンテンツに関する情報を端末に提供するコンテンツ情報提供部をさらに備え、
前記コンテンツ提供部は、端末側で閲覧しているコンテンツ情報を介して選択されたコンテンツを提供する、
上記(1)に記載の通信装置。
(13)前記コンテンツ情報提供部は、端末の登録日時に基づいて端末へのコンテンツ情報の提供を制限する、
上記(12)に記載の通信装置。
(14)前記端末登録部は、端末の登録日時に第1の所定期間を加算した有効期限を端末の情報とともに管理し、
前記コンテンツ情報提供部は、有効期限を経過した端末へのコンテンツ情報の提供を制限する、
上記(13)に記載の通信装置。
(15)前記端末登録部は、端末の登録日時に第2の所定期間を加算した限界日時を端末の情報とともに管理し、
前記コンテンツ情報提供部は、前記コンテンツ取得部の取得日時又は前記コンテンツ記録部への記録日時が限界日時以降となるコンテンツについては端末へのコンテンツ情報の提供を制限する、
上記(13)に記載の通信装置。
(16)前記コンテンツ情報提供部は、前記端末登録部に登録される所定台数の端末については、登録日時に基づく制限を免除して、コンテンツ情報を提供する、
上記(13)に記載の通信装置。
(17)コンテンツ毎又はコンテンツ・グループ毎に、有効期限に基づく制限を免除する端末を設定し、
前記コンテンツ情報提供部は、有効期限が経過した端末であっても、当該端末に対して前記免除が設定されたコンテンツ・グループに含まれるコンテンツ、又は、前記免除が設定されたコンテンツのコンテンツ情報を提供する、
上記(14)に記載の通信装置。
(18)コンテンツ毎又はコンテンツ・グループ毎に、限界日時に基づく制限を免除する端末を設定し、
前記コンテンツ情報提供部は、提供先の端末に対して前記免除が設定されたコンテンツ又はコンテンツ・グループについては、取得日時又は記録日時が限界日時以降であってもコンテンツ情報を提供する、
上記(15)に記載の通信装置。
(19)端末に提供するコンテンツを取得するコンテンツ取得ステップ、又は、端末に提供するコンテンツをコンテンツ記録部に記録するコンテンツ記録ステップと、
コンテンツを提供する端末を登録する端末登録ステップと、
端末の登録日時に基づく制限をかけながら、前記コンテンツ取得ステップで取得したコンテンツ又は前記コンテンツ記録ステップで記録したコンテンツを端末に提供するコンテンツ提供ステップと、
を有する通信方法。
(20)端末に提供するコンテンツを取得するコンテンツ取得部、又は、端末に提供するコンテンツを記録するコンテンツ記録部、
コンテンツを提供する端末を登録する端末登録部、
端末の登録日時に基づいて端末へのコンテンツの提供を制御するコンテンツ提供部、
としてコンピューターを機能させるようにコンピューター可読形式で記述されたコンピューター・プログラム。
(21)ユーザーによる操作情報が入力される入力部と、
登録日時を管理するサーバーに対して登録要求を行なう登録要求部と、
前記入力部に入力される操作情報に応じて、前記サーバーに対してコンテンツの要求を行なうコンテンツ要求部と、
前記のコンテンツの要求に応じて、前記登録日時に基づく制限下で、前記サーバーから前記コンテンツの再生が許可されるコンテンツ再生部と、
を具備する通信装置。
(22)DTCP-IPが規定する手続きに従ってサーバーへの登録を行なうとともに、DTCP-IPが規定する認証及び鍵交換(AKE)アルゴリズムに従って前記サーバーと相互認証及び交換鍵の共有を行なう認証部をさらに備え、
前記コンテンツ再生部は、前記交換鍵で暗号化されたコンテンツを前記サーバーから取得し、前記交換鍵で復号して再生する、
上記(21)に記載の通信装置。
(23)前記登録要求部は、ホーム・ネットワーク内で前記サーバーに対して登録を行ない、
前記コンテンツ再生部は、外部ネットワーク経由で前記サーバーからコンテンツを取得する、
上記(21)に記載の通信装置。
(24)前記登録要求部は、前記登録日時から所定の期間が経過する前に、前記サーバーに対する登録要求の処理を再度行なう、
上記(21)に記載の通信装置。
(25)前記コンテンツ再生部は、前記サーバーが受信した放送コンテンツ又は記録メディアから読み出した商用コンテンツ、又は、前記サーバーが記録するコンテンツを再生する、
上記(21)に記載の通信装置。
(26)前記コンテンツ再生部は、前記サーバーへの登録日時に第1の所定期間を加算した有効期限以降は、前記サーバーからのコンテンツの再生が制限される、
上記(21)に記載の通信装置。
(27)前記コンテンツ再生部は、サーバーへの登録日時に第2の所定期間を加算した日時以降にサーバーが取得し又は記録したコンテンツの再生が制限される、
上記(21)に記載の通信装置。
(28)所定台数以内でサーバーに登録したときには、前記コンテンツ再生部は、サーバーへの登録日時に基づく制限を受けずに、サーバーからコンテンツを再生することができる、
上記(21)に記載の通信装置。
(29)前記コンテンツ再生部は、前記通信装置に対して登録日時に基づく制限が免除されたコンテンツ又はコンテンツ・グループに含まれるコンテンツを、登録日時に拘わらず再生することができる、
上記(21)に記載の通信装置。
(30)前記コンテンツ再生部は、前記通信装置に対して有効期限に基づく制限が免除されたコンテンツ又はコンテンツ・グループに含まれるコンテンツを、設定された有効期限に拘わらず再生することができる、
上記(26)に記載の通信装置。
(31)前記コンテンツ再生部は、前記通信装置に対して限界日時に基づく制限が免除されたコンテンツ又はコンテンツ・グループに含まれるコンテンツを、サーバーによる取得又は記録日時が限界日時より前か否かに拘わらず再生することができる、
上記(27)に記載の通信装置。
(32)前記サーバーで提供可能なコンテンツに関する情報を閲覧するコンテンツ情報閲覧部をさらに備え、
前記コンテンツ要求部は、前記コンテンツ情報閲覧部で閲覧している情報を介して選択されたコンテンツを前記サーバーに要求する、
上記(21)に記載の通信装置。
(33)前記コンテンツ情報閲覧部は、サーバーへの登録日時に基づく制限下で、サーバーで提供可能なコンテンツに関する情報を閲覧する、
上記(32)に記載の通信装置。
(34)前記コンテンツ情報閲覧部は、サーバーへの登録日時に第1の所定期間を加算した有効期限以降は、コンテンツ情報の閲覧が制限される、
上記(32)に記載の通信装置。
(35)前記コンテンツ情報閲覧部は、サーバーへの登録日時に第2の所定期間を加算した日時以降にサーバーが取得し又は記録したコンテンツ情報の閲覧が制限される、
上記(32)に記載の通信装置。
(36)所定台数以内でサーバーに登録したときには、前記コンテンツ情報閲覧部は、サーバーへの登録日時に基づく制限を受けずに、コンテンツ情報を閲覧することができる、
上記(33)に記載の通信装置。
(37)前記コンテンツ情報閲覧部は、前記通信装置に対して有効期限に基づく制限が免除されたコンテンツ又はコンテンツ・グループに含まれるコンテンツ情報を、設定された有効期限に拘わらず閲覧することができる、
上記(34)に記載の通信装置。
(38)前記コンテンツ情報閲覧部は、前記通信装置に対して限界日時に基づく制限が免除されたコンテンツ又はコンテンツ・グループに含まれるコンテンツ情報を、サーバーによる取得又は記録日時が限界日時より前か否かに拘わらず閲覧することができる、
上記(35)に記載の通信装置。
(39)ユーザーによる操作情報が入力される入力ステップと、
登録日時を管理するサーバーに対して登録要求を行なう登録要求ステップと、
前記入力部に入力される操作情報に応じて、前記サーバーに対してコンテンツの要求を行なうコンテンツ要求ステップと、
前記のコンテンツの要求に応じて、前記登録日時に基づく制限下で、前記サーバーから前記コンテンツの再生が許可されるコンテンツ再生ステップと、
を有する通信方法。
(40)ユーザーによる操作情報が入力される入力部、
登録日時を管理するサーバーに対して登録要求を行なう登録要求部、
前記入力部に入力される操作情報に応じて、前記サーバーに対してコンテンツの要求を行なうコンテンツ要求部、
前記のコンテンツの要求に応じて、前記登録日時に基づく制限下で、前記サーバーから前記コンテンツの再生が許可されるコンテンツ再生部、
としてコンピューターを機能させるようにコンピューター可読形式で記述されたコンピューター・プログラム。
(41)コンテンツを要求する端末と、
コンテンツを提供する端末を登録するとともに、その登録日時に基づいて前記端末へのコンテンツの提供を制御するサーバーと、
を具備する通信システム。
101…サーバー、102…端末、110…ホーム・ネットワーク
201…サーバー、202…端末
200…通信システム
201…サーバー、202…端末
210…ホーム・ネットワーク、220…外部ネットワーク
230…ルーター
300…通信装置(Sourceデバイス)
301…通信・制御部、302…コンテンツ記録部
303…コンテンツ取得部、304…コンテンツ提供部
305…コンテンツ・リスト提供部、306…認証・鍵共有部
307…端末管理部
400…通信装置
401…通信・制御部
402…コンテンツ・リスト閲覧部、403…コンテンツ取得部
404…コンテンツ復号部、405…コンテンツ再生出力部
406…認証・鍵共有部、407…入力部
Claims (20)
- 端末に提供するコンテンツを取得するコンテンツ取得部、又は、端末に提供するコンテンツを記録するコンテンツ記録部と、
コンテンツを提供する端末を登録する端末登録部と、
端末の登録日時に基づいて端末へのコンテンツの提供を制御するコンテンツ提供部と、
を具備する通信装置。 - 所定の相互認証及び鍵交換手続きに従って端末を認証するとともに交換鍵を共有する認証及び鍵共有部をさらに備え、
前記コンテンツ提供部は、前記交換鍵を用いて暗号化したコンテンツを端末に提供する、
請求項1に記載の通信装置。 - 前記認証及び鍵共有部は、DTCP-IPが規定する認証及び鍵交換(AKE)アルゴリズムに従って、端末と相互認証並びに交換鍵の共有を行ない、
前記端末登録部は、DTCP-IPが規定する手続きに従って端末の登録を行なう、
請求項2に記載の通信装置。 - 前記端末登録部は、ホーム・ネットワーク内で端末を登録し、
前記コンテンツ提供部は、外部ネットワークからアクセスした登録後の端末にコンテンツを提供する、
請求項1に記載の通信装置。 - 前記端末登録部は、端末の登録日時に第1の所定期間を加算した有効期限を端末の情報とともに管理し、
前記コンテンツ提供部は、有効期限を経過した端末へのコンテンツの提供を制限する、
請求項1に記載の通信装置。 - 前記端末登録部は、端末の登録日時に第2の所定期間を加算した限界日時を端末の情報とともに管理し、
前記コンテンツ提供部は、前記コンテンツ取得部の取得日時又は前記コンテンツ記録部への記録日時が限界日時以降となるコンテンツの端末への提供を制限する、
請求項1に記載の通信装置。 - 前記コンテンツ提供部は、前記端末登録部に登録される所定台数の端末については、登録日時に基づく制限を免除して、コンテンツを提供する、
請求項1に記載の通信装置。 - コンテンツ毎又はコンテンツ・グループ毎に、登録日時に基づく制限を免除する端末を設定し、
前記コンテンツ提供部は、提供するコンテンツ又はコンテンツが含まれるコンテンツ・グループについて登録日時に基づく制限が免除された端末に対して、登録日時に拘わらずコンテンツを提供する、
請求項1に記載の通信装置。 - 前記コンテンツ記録部は、コンテンツ又はコンテンツが含まれるコンテンツ・グループについて登録日時に基づく制限を免除する端末を該当するコンテンツ又はコンテンツ・グループのメタデータに記録する、
請求項8に記載の通信装置。 - コンテンツ毎又はコンテンツ・グループ毎に、有効期限に基づく制限を免除する端末を設定し、
前記コンテンツ提供部は、提供するコンテンツを含むコンテンツ・グループ又は提供するコンテンツについて前記免除が設定された端末に対しては、有効期限に拘わらずコンテンツを提供する、
請求項5に記載の通信装置。 - コンテンツ毎又はコンテンツ・グループ毎に、限界日時に基づく制限を免除する端末を設定し、
前記コンテンツ提供部は、提供するコンテンツを含むコンテンツ・グループ又は提供するコンテンツについて前記免除が設定された端末に対しては、限界日時に拘わらずコンテンツを提供する、
請求項6に記載の通信装置。 - 端末に提供するコンテンツを取得するコンテンツ取得ステップ、又は、端末に提供するコンテンツをコンテンツ記録部に記録するコンテンツ記録ステップと、
コンテンツを提供する端末を登録する端末登録ステップと、
端末の登録日時に基づく制限をかけながら、前記コンテンツ取得ステップで取得したコンテンツ又は前記コンテンツ記録ステップで記録したコンテンツを端末に提供するコンテンツ提供ステップと、
を有する通信方法。 - 端末に提供するコンテンツを取得するコンテンツ取得部、又は、端末に提供するコンテンツを記録するコンテンツ記録部、
コンテンツを提供する端末を登録する端末登録部、
端末の登録日時に基づいて端末へのコンテンツの提供を制御するコンテンツ提供部、
としてコンピューターを機能させるようにコンピューター可読形式で記述されたコンピューター・プログラム。 - ユーザーによる操作情報が入力される入力部と、
登録日時を管理するサーバーに対して登録要求を行なう登録要求部と、
前記入力部に入力される操作情報に応じて、前記サーバーに対してコンテンツの要求を行なうコンテンツ要求部と、
前記のコンテンツの要求に応じて、前記登録日時に基づく制限下で、前記サーバーから前記コンテンツの再生が許可されるコンテンツ再生部と、
を具備する通信装置。 - 前記コンテンツ再生部は、前記サーバーへの登録日時に第1の所定期間を加算した有効期限以降は、前記サーバーからのコンテンツの再生が制限される、
請求項14に記載の通信装置。 - 前記コンテンツ再生部は、サーバーへの登録日時に第2の所定期間を加算した日時以降にサーバーが取得し又は記録したコンテンツの再生が制限される、
請求項14に記載の通信装置。 - 所定台数以内でサーバーに登録したときには、前記コンテンツ再生部は、サーバーへの登録日時に基づく制限を受けずに、サーバーからコンテンツを再生することができる、
請求項14に記載の通信装置。 - ユーザーによる操作情報が入力される入力ステップと、
登録日時を管理するサーバーに対して登録要求を行なう登録要求ステップと、
前記入力部に入力される操作情報に応じて、前記サーバーに対してコンテンツの要求を行なうコンテンツ要求ステップと、
前記のコンテンツの要求に応じて、前記登録日時に基づく制限下で、前記サーバーから前記コンテンツの再生が許可されるコンテンツ再生ステップと、
を有する通信方法。 - ユーザーによる操作情報が入力される入力部、
登録日時を管理するサーバーに対して登録要求を行なう登録要求部、
前記入力部に入力される操作情報に応じて、前記サーバーに対してコンテンツの要求を行なうコンテンツ要求部、
前記のコンテンツの要求に応じて、前記登録日時に基づく制限下で、前記サーバーから前記コンテンツの再生が許可されるコンテンツ再生部、
としてコンピューターを機能させるようにコンピューター可読形式で記述されたコンピューター・プログラム。 - コンテンツを要求する端末と、
コンテンツを提供する端末を登録するとともに、その登録日時に基づいて前記端末へのコンテンツの提供を制御するサーバーと、
を具備する通信システム。
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/767,664 US9785756B2 (en) | 2013-03-08 | 2014-01-20 | Restriction of use that exceeds a personal use range when transmitting a content accumulated at home via an external network |
EP14760030.8A EP2966804A4 (en) | 2013-03-08 | 2014-01-20 | COMMUNICATION APPARATUS, COMMUNICATION METHOD, COMPUTER PROGRAM, AND COMMUNICATION SYSTEM |
JP2015504195A JP6350514B2 (ja) | 2013-03-08 | 2014-01-20 | 通信装置 |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2013-047006 | 2013-03-08 | ||
JP2013047006 | 2013-03-08 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2014136480A1 true WO2014136480A1 (ja) | 2014-09-12 |
Family
ID=51491010
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2014/051014 WO2014136480A1 (ja) | 2013-03-08 | 2014-01-20 | 通信装置及び通信方法、コンピューター・プログラム、並びに通信システム |
Country Status (5)
Country | Link |
---|---|
US (1) | US9785756B2 (ja) |
EP (1) | EP2966804A4 (ja) |
JP (5) | JP6350514B2 (ja) |
TW (1) | TW201440456A (ja) |
WO (1) | WO2014136480A1 (ja) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP5614016B2 (ja) * | 2009-09-09 | 2014-10-29 | ソニー株式会社 | 通信システム、通信装置及び通信方法、コンピューター・プログラム、並びに、コンテンツ提供装置及びコンテンツ提供方法 |
WO2016200990A1 (en) * | 2015-06-08 | 2016-12-15 | Arris Enterprises Llc | Method and apparatus for efficient interruptible transfer of protected media assets |
KR102453145B1 (ko) * | 2017-03-16 | 2022-10-14 | 삼성전자주식회사 | 전자장치 및 그를 이용한 트랜잭션 수행 방법 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2004234648A (ja) * | 2003-01-10 | 2004-08-19 | Matsushita Electric Ind Co Ltd | グループ加入認可システム、サーバ機器及びクライアント機器 |
JP2010160709A (ja) * | 2009-01-09 | 2010-07-22 | Hitachi Ltd | 生体情報登録方法および生体情報登録システム |
JP2011082952A (ja) | 2009-09-09 | 2011-04-21 | Sony Corp | 通信システム、通信装置及び通信方法、並びにコンピューター・プログラム |
JP2011197917A (ja) * | 2010-03-18 | 2011-10-06 | Hitachi Information Systems Ltd | サービスシステム及びサービス方法 |
Family Cites Families (31)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7133845B1 (en) * | 1995-02-13 | 2006-11-07 | Intertrust Technologies Corp. | System and methods for secure transaction management and electronic rights protection |
CN101359350B (zh) * | 1995-02-13 | 2012-10-03 | 英特特拉斯特技术公司 | 用于安全地管理在数据项上的操作的方法 |
US7406214B2 (en) * | 1999-05-19 | 2008-07-29 | Digimarc Corporation | Methods and devices employing optical sensors and/or steganography |
JP3846301B2 (ja) * | 2001-12-18 | 2006-11-15 | 日本電気株式会社 | コンテンツ配信システム、その配信方法及びそのプログラム |
JP2003331176A (ja) * | 2002-05-09 | 2003-11-21 | Toyota Motor Corp | 試乗車提供システム及び方法 |
JP2003331175A (ja) * | 2002-05-15 | 2003-11-21 | Fujitsu Ltd | 当選者抽出方法、および、当選者抽出装置 |
JP3826100B2 (ja) * | 2002-11-27 | 2006-09-27 | 株式会社東芝 | 通信中継装置、通信システム及び通信制御プログラム |
TWI349204B (en) * | 2003-01-10 | 2011-09-21 | Panasonic Corp | Group admission system and server and client therefor |
EP2284645B1 (en) * | 2003-12-04 | 2015-02-25 | Koninklijke Philips N.V. | Connection linked rights protection |
JP2007519286A (ja) * | 2003-12-15 | 2007-07-12 | 松下電器産業株式会社 | 秘密情報設定装置および秘密情報設定方法 |
JP4982031B2 (ja) * | 2004-01-16 | 2012-07-25 | 株式会社日立製作所 | コンテンツ送信装置、コンテンツ受信装置およびコンテンツ送信方法、コンテンツ受信方法 |
JP4608886B2 (ja) | 2004-01-16 | 2011-01-12 | 株式会社日立製作所 | コンテンツ送信装置および方法 |
US7984489B2 (en) | 2004-07-15 | 2011-07-19 | Panasonic Corporation | Device registration system and device registration apparatus |
JP4444066B2 (ja) * | 2004-10-15 | 2010-03-31 | パナソニック株式会社 | コンテンツ配信管理方法、コンテンツ配信管理用コンピュータ、コンテンツ配信サービス用コンピュータ、コンテンツ配信管理システム、端末装置、コンテンツ配信管理プログラム、及び端末プログラム |
US7533258B2 (en) * | 2005-01-07 | 2009-05-12 | Cisco Technology, Inc. | Using a network-service credential for access control |
US7333876B2 (en) * | 2005-03-01 | 2008-02-19 | Isotec International, Inc, | Systems and methods for providing electronic quality control in a process for applying a polyurethane to a substrate |
JP2006323707A (ja) * | 2005-05-20 | 2006-11-30 | Hitachi Ltd | コンテンツ送信装置、コンテンツ受信装置、コンテンツ送信方法及びコンテンツ受信方法 |
JP2007158854A (ja) * | 2005-12-06 | 2007-06-21 | Matsushita Electric Ind Co Ltd | Avサーバ装置、クライアント機器、及びファイル転送システム |
JP2007164299A (ja) * | 2005-12-09 | 2007-06-28 | Matsushita Electric Works Ltd | 遠隔監視システム |
EP1857972A1 (en) * | 2006-05-19 | 2007-11-21 | FUJIFILM Corporation | Center server and image network system |
JP2008052578A (ja) * | 2006-08-25 | 2008-03-06 | Seiko Epson Corp | アクセス制御装置、画像表示装置及びプログラム |
US8004944B2 (en) * | 2007-07-02 | 2011-08-23 | Taiyo Yuden Co., Ltd. | Method of setting recording setup information about optical disk, program therefor, and data recording player |
JP5142395B2 (ja) | 2008-11-12 | 2013-02-13 | 日本電信電話株式会社 | 関係情報抽出装置、その方法、プログラム及び記録媒体 |
JP5614016B2 (ja) * | 2009-09-09 | 2014-10-29 | ソニー株式会社 | 通信システム、通信装置及び通信方法、コンピューター・プログラム、並びに、コンテンツ提供装置及びコンテンツ提供方法 |
WO2011052121A1 (ja) * | 2009-10-30 | 2011-05-05 | パナソニック株式会社 | Avデータ受信装置、avデータ受信方法及びavデータ送受信システム |
JP2011186705A (ja) * | 2010-03-08 | 2011-09-22 | Seiko Epson Corp | 情報処理装置、情報処理方法およびプログラム |
JP5533236B2 (ja) * | 2010-05-18 | 2014-06-25 | 富士通株式会社 | 内線管理装置及び内線番号割当方法 |
JP5768462B2 (ja) * | 2011-04-21 | 2015-08-26 | ソニー株式会社 | 通信システム、通信装置並びに通信方法 |
JP5931362B2 (ja) * | 2011-07-01 | 2016-06-08 | 日立マクセル株式会社 | コンテンツ送信装置及びコンテンツ送信方法 |
US20140143607A1 (en) * | 2012-02-10 | 2014-05-22 | Phoenix Contact Development & Manufacturing, Inc. | Dedicated Network Diagnostics Module for a Process Network |
KR101353585B1 (ko) * | 2012-06-11 | 2014-02-11 | 강릉원주대학교산학협력단 | 무선 센서 네트워크 시스템 및 노드장치, 센싱 메시지 처리방법 |
-
2014
- 2014-01-20 WO PCT/JP2014/051014 patent/WO2014136480A1/ja active Application Filing
- 2014-01-20 EP EP14760030.8A patent/EP2966804A4/en not_active Withdrawn
- 2014-01-20 US US14/767,664 patent/US9785756B2/en active Active
- 2014-01-20 JP JP2015504195A patent/JP6350514B2/ja active Active
- 2014-02-26 TW TW103106489A patent/TW201440456A/zh unknown
-
2016
- 2016-12-02 JP JP2016235288A patent/JP2017085591A/ja active Pending
- 2016-12-02 JP JP2016235391A patent/JP6369524B2/ja active Active
-
2018
- 2018-03-27 JP JP2018060162A patent/JP6604395B2/ja active Active
- 2018-05-07 JP JP2018089039A patent/JP2018174530A/ja not_active Ceased
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2004234648A (ja) * | 2003-01-10 | 2004-08-19 | Matsushita Electric Ind Co Ltd | グループ加入認可システム、サーバ機器及びクライアント機器 |
JP2010160709A (ja) * | 2009-01-09 | 2010-07-22 | Hitachi Ltd | 生体情報登録方法および生体情報登録システム |
JP2011082952A (ja) | 2009-09-09 | 2011-04-21 | Sony Corp | 通信システム、通信装置及び通信方法、並びにコンピューター・プログラム |
JP2011197917A (ja) * | 2010-03-18 | 2011-10-06 | Hitachi Information Systems Ltd | サービスシステム及びサービス方法 |
Also Published As
Publication number | Publication date |
---|---|
JP6350514B2 (ja) | 2018-07-04 |
US9785756B2 (en) | 2017-10-10 |
JP2017097885A (ja) | 2017-06-01 |
JP6369524B2 (ja) | 2018-08-08 |
US20160004846A1 (en) | 2016-01-07 |
JP2018113722A (ja) | 2018-07-19 |
EP2966804A1 (en) | 2016-01-13 |
JP2018174530A (ja) | 2018-11-08 |
JP2017085591A (ja) | 2017-05-18 |
JPWO2014136480A1 (ja) | 2017-02-09 |
TW201440456A (zh) | 2014-10-16 |
JP6604395B2 (ja) | 2019-11-13 |
EP2966804A4 (en) | 2016-11-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
TWI510066B (zh) | 用於安全串流媒體內容之系統和方法 | |
CN102215218B (zh) | 内容发送方法、内容发送装置及内容接收装置 | |
US20080216177A1 (en) | Contents Distribution System | |
EP1875431A2 (en) | Digital rights management for local recording and home network distribution | |
JP6604395B2 (ja) | 通信方法 | |
US20150149778A1 (en) | Content reception apparatus and method, and content transmission apparatus and method | |
JP6465233B2 (ja) | 通信システム | |
JP6607303B2 (ja) | コンテンツ・リモート・アクセス制御装置 | |
JP6471820B2 (ja) | コンテンツ・リモート・アクセスシステム | |
JP6269755B2 (ja) | コンピューター・プログラム配信システム並びにコンテンツ・リモート・アクセス利用装置 | |
JP6323514B2 (ja) | コンテンツ・リモート・アクセス制御方法 | |
JP6269754B2 (ja) | コンピューター・プログラム配信システム並びにコンテンツ・リモート・アクセス制御装置 | |
JP6327296B2 (ja) | 通信装置及び通信方法、並びにコンピューター・プログラム | |
JP6036415B2 (ja) | 通信装置、並びにコンピューター・プログラム配信システム | |
JP5962549B2 (ja) | 通信装置及び通信方法、コンピューター・プログラム、並びに通信システム | |
JP6221428B2 (ja) | コンテンツ受信装置及びコンテンツ受信方法、並びにコンピューター・プログラム | |
KR20090065350A (ko) | 재전송을 이용한 콘텐츠 스트리밍에서 콘텐츠 보호 장치 및방법 | |
JP6332280B2 (ja) | コンテンツ送信装置及びコンテンツ送信方法、並びにコンピューター・プログラム | |
JP6187139B2 (ja) | コンテンツ伝送システム | |
JP6221429B2 (ja) | コンテンツ伝送システム | |
KR100881724B1 (ko) | 방송 콘텐츠 재분배를 위한 키 변환 시스템 및 방법 | |
JP2015082681A (ja) | コンテンツ受信装置及びコンテンツ受信方法、並びにコンピューター・プログラム |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 14760030 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2015504195 Country of ref document: JP Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 14767664 Country of ref document: US |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2014760030 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |