WO2003088059A1 - Dispositif de traitement d'informations, procede, support d'enregistrement et programme - Google Patents
Dispositif de traitement d'informations, procede, support d'enregistrement et programme Download PDFInfo
- Publication number
- WO2003088059A1 WO2003088059A1 PCT/JP2003/004549 JP0304549W WO03088059A1 WO 2003088059 A1 WO2003088059 A1 WO 2003088059A1 JP 0304549 W JP0304549 W JP 0304549W WO 03088059 A1 WO03088059 A1 WO 03088059A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- content
- content data
- data
- format
- storage medium
- Prior art date
Links
- 230000010365 information processing Effects 0.000 title claims abstract description 32
- 238000000034 method Methods 0.000 title abstract description 120
- 238000006243 chemical reaction Methods 0.000 claims description 20
- 238000003672 processing method Methods 0.000 claims description 6
- 238000000605 extraction Methods 0.000 claims description 2
- 239000000284 extract Substances 0.000 abstract description 8
- 230000008569 process Effects 0.000 description 106
- 230000008676 import Effects 0.000 description 27
- 238000010586 diagram Methods 0.000 description 24
- 230000004913 activation Effects 0.000 description 19
- 238000004891 communication Methods 0.000 description 18
- 230000006870 function Effects 0.000 description 7
- 239000004065 semiconductor Substances 0.000 description 7
- 238000013478 data encryption standard Methods 0.000 description 5
- 230000008859 change Effects 0.000 description 4
- 238000007726 management method Methods 0.000 description 4
- 230000004044 response Effects 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 3
- 238000010200 validation analysis Methods 0.000 description 3
- 230000003044 adaptive effect Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 239000000126 substance Substances 0.000 description 2
- 240000007594 Oryza sativa Species 0.000 description 1
- 235000007164 Oryza sativa Nutrition 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 235000009566 rice Nutrition 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/107—License processing; Key processing
- G06F21/1077—Recurrent authorisation
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
- G11B20/00137—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving measures which result in a restriction to contents recorded on or reproduced from a record carrier to authorised users
- G11B20/00152—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving measures which result in a restriction to contents recorded on or reproduced from a record carrier to authorised users involving a password
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
- G11B20/00166—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving measures which result in a restriction to authorised contents recorded on or reproduced from a record carrier, e.g. music or software
- G11B20/00181—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving measures which result in a restriction to authorised contents recorded on or reproduced from a record carrier, e.g. music or software using a content identifier, e.g. an international standard recording code [ISRC] or a digital object identifier [DOI]
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
- G11B20/0021—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
- G11B20/0021—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier
- G11B20/00217—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier the cryptographic key used for encryption and/or decryption of contents recorded on or reproduced from the record carrier being read from a specific source
- G11B20/00224—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier the cryptographic key used for encryption and/or decryption of contents recorded on or reproduced from the record carrier being read from a specific source wherein the key is obtained from a remote server
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
- G11B20/0021—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier
- G11B20/00485—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier characterised by a specific kind of data which is encrypted and recorded on and/or reproduced from the record carrier
- G11B20/00492—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier characterised by a specific kind of data which is encrypted and recorded on and/or reproduced from the record carrier wherein content or user data is encrypted
- G11B20/00507—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier characterised by a specific kind of data which is encrypted and recorded on and/or reproduced from the record carrier wherein content or user data is encrypted wherein consecutive physical data units of the record carrier are encrypted with separate encryption keys, e.g. the key changes on a cluster or sector basis
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
- G11B20/00731—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a digital rights management system for enforcing a usage restriction
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
- G11B20/00731—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a digital rights management system for enforcing a usage restriction
- G11B20/0084—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a digital rights management system for enforcing a usage restriction wherein the usage restriction can be expressed as a specific time or date
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11B—INFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
- G11B20/00—Signal processing not specific to the method of recording or reproducing; Circuits therefor
- G11B20/00086—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
- G11B20/00855—Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving a step of exchanging information with a remote server
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
- H04L9/0833—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
- H04L9/0836—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key using tree structure or hierarchical structure
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/60—Digital content management, e.g. content distribution
- H04L2209/603—Digital right managament [DRM]
Definitions
- the present invention relates to an information processing apparatus and method, a recording medium, and a program, and in particular, is capable of preventing unauthorized copying and use of content without a license from a copyright holder.
- the present invention relates to an information processing apparatus and method, a recording medium, and a program. Background art
- the content can be imported from another device of a different format or a different format, or the content can be transferred to another device. It was difficult to export.
- DRM Digital Rights Management
- the present invention has been made in view of such circumstances, and it has been made possible to prevent loss of information and to enable content to be imported or exported, and to treat imported or exported content in the same manner as other content.
- the purpose is to be able to do so.
- a first information processing apparatus includes: an extracting unit that extracts content data included in a content; a converting unit that converts a format of the extracted content data into a predetermined format corresponding to a storage medium; Generating means for generating a predetermined file from the data excluding the content data; adding means for adding reference information of the converted content data to the file; and the content whose format has been converted. And first writing control means for controlling writing of data and files to the storage medium.
- the information processing apparatus may further include a second writing control unit that controls writing of information to the storage medium based on the usage right necessary to use the content.
- a first information processing method includes: an extracting step of extracting content data included in content; a converting step of converting a format of the extracted content data into a predetermined format corresponding to a storage medium; A generating step of generating a predetermined file from data excluding the content data included in the content, an adding step of adding reference information of the format-converted content data to the file, and a format-converted content A writing control step of controlling writing of data and files to the storage medium.
- the program of the first recording medium of the present invention includes: an extracting step of extracting content data included in the content; and a converting step of converting the format of the extracted content data into a predetermined format corresponding to the storage medium.
- a first program includes, in a computer, an extraction step of extracting content data included in a content, and a conversion step of converting a format of the extracted content data into a predetermined format corresponding to a storage medium.
- a writing control step of controlling writing of the obtained content data and file to the storage medium.
- a second information processing apparatus includes: an acquisition unit that acquires content data from a storage medium; a conversion unit that converts content data acquired by the acquisition unit into a predetermined format to generate content; Encrypting means for encrypting the format-converted content data included in the content generated by the converting means and adding key information for decrypting the content data encrypted to the content; and It is characterized by including additional means for adding information for associating with a use right necessary for use.
- the information processing apparatus may further include a storage unit for storing a usage right necessary for using the input content.
- an acquisition step of acquiring content data from a storage medium, and the content data acquired by the processing of the acquisition step are provided.
- the program of the second recording medium of the present invention comprises: an acquisition step of acquiring content data from a storage medium; and a conversion step of converting the content data acquired by the processing of the acquisition step into a predetermined format to generate content.
- the method is characterized by executing a step and an additional step of adding information for associating the content with a use right necessary for using the content.
- the first recording medium, and the first program of the present invention content data included in the content is extracted, and the format of the extracted content data corresponds to the storage medium. Converted to the specified format. Then, a predetermined file is generated from the data excluding the content data included in the content, and the format converted to the file is copied. : Data reference information is added. Further, the writing of the converted format data and files onto the storage medium is controlled.
- the information processing device may be a single device, or may be a block that performs information processing of a reproducing device or a recording / reproducing device.
- the content may be any useful information regardless of the type of information such as audio, image, or text.
- the storage medium only needs to store the content by a physical change or a chemical change.
- content data is obtained from a storage medium, and the obtained content data is converted into a predetermined format.
- Content is generated.
- the format-converted content data included in the generated content is encrypted, and key information for decrypting the encrypted content data is added to the content.
- information is added to the content for associating it with the right to use the content.
- the information processing device may be a single device, or may be a block that performs information processing of the recording device or the recording / reproducing device.
- the content may be any useful information regardless of the type of information such as audio, image, or text.
- the storage medium only needs to store the content by a physical change or a chemical change.
- FIG. 1 is a block diagram showing a configuration of a content providing system to which the present invention is applied.
- FIG. 2 is a block diagram showing the configuration of the client shown in FIG.
- FIG. 3 is a flowchart for explaining the content download processing of the client in FIG.
- FIG. 4 is a flowchart illustrating a content providing process of the content server in FIG.
- FIG. 5 is a diagram showing an example of the format in step S26 in FIG.
- FIG. 6 is a flowchart illustrating the content reproduction processing of the client in FIG.
- FIG. 7 is a flowchart illustrating details of the usage right acquisition process in step S43 of FIG.
- FIG. 8 is a diagram showing the structure of the usage right.
- FIG. 9 is a flowchart illustrating a process of providing a license right of the license server in FIG.
- FIG. 10 is a diagram illustrating the configuration of a key.
- FIG. 11 is a diagram illustrating a category node.
- FIG. 12 is a diagram showing a specific example of correspondence between nodes and devices.
- FIG. 13 is a diagram for explaining the configuration of the validation key block.
- FIG. 14 is a diagram for explaining the configuration of the validation key block.
- FIG. 15 is a diagram illustrating the use of an activation key block.
- FIG. 16 is a diagram showing an example of the format of the activation keep-up.
- FIG. 17 is a diagram illustrating the configuration of the tag of the activation key block.
- FIG. 18 is a diagram for explaining a content decryption process using DNK.
- FIG. 19 is a diagram showing an example of the activation key block. .
- FIG. 20 is a diagram for explaining assignment of a plurality of contents to one device.
- FIG. 21 is a block diagram showing the configuration of a Memory Stick.
- FIG. 22 is a flowchart explaining the process of exporting content.
- FIG. 23 is a flowchart illustrating a process of executing a client export.
- FIG. 24 is a diagram illustrating an example of generating a MAC value using the DES encryption processing configuration.
- FIG. 25 is a diagram for explaining the index and the content stored in the Memory Stick.
- FIG. 26 is a flowchart illustrating the process of executing the import of the Memory Stick.
- FIG. 27 is a diagram for explaining the import and export of contents.
- FIG. 28 is a diagram for explaining conversion of content in import or export.
- FIG. 29 is a diagram illustrating an example of content conversion in import or export.
- FIG. 30 is a flowchart for explaining the content writing process of the client 1.
- FIG. 31 is a flowchart illustrating the process of storing the content of the Memory Stick 651.
- FIG. 32 is a flowchart illustrating a process in which the client 1 imports the content recorded on the CD.
- FIG. 33 is a flowchart illustrating processing of importing the content stored in the memory stick 651 by the client 1.
- FIG. 1 shows a configuration of a content providing system to which the present invention is applied.
- Clients 1-1 and 1-2 (hereinafter, these clients are simply referred to as client 1 when there is no need to distinguish them individually) are connected to the Internet 2.
- the Internet 2 includes a content server 3 that provides content to the client 1, a license server 4 that grants the client 1 the right to use the content provided by the content server 3, and a client When the client 1 receives the usage right, a charging server 5 that performs a charging process for the client 1 is connected.
- Figure 2 shows the configuration of Client 1.
- the timer 20 performs a timing operation and supplies time information to the CPU 21.
- the RAM 23 also appropriately stores data necessary for the CPU 21 to execute various processes.
- the encryption / decryption unit 24 performs a process of encrypting the content data and a process of decrypting the already encrypted content data.
- the codec unit 25 encodes the content data by, for example, ATRAC (Adaptive Transform Acoustic Coding) 3 method and supplies the encoded data to the semiconductor memory 44 connected to the drive 30 via the input / output interface 32. , Record. Alternatively, the codec unit 25 decodes the encoded data read from the semiconductor memory 44 via the drive 30.
- ATRAC Adaptive Transform Acoustic Coding
- the semiconductor memory 44 is composed of, for example, a Memory Stick (trademark).
- the CPU 21 N ROM 22, RAM 23, encryption / decryption unit 24, and codec unit 25 are interconnected via a bus 31.
- the bus 31 is also connected to an input / output interface 32.
- the input / output interface 32 includes an input unit 26 composed of a keyboard and a mouse, a display composed of a CRT, LCD, etc., an output unit 27 composed of a speaker, etc., a storage unit 28 composed of a hard disk, etc., a modem, and a terminal.
- a communication unit 29 composed of an adapter and the like is connected.
- the communication unit 29 performs communication processing via the Internet 2.
- the communication unit 29 also performs communication processing of an analog signal or a digital signal with another client.
- a drive 30 is connected to the input / output interface 32 as necessary, and a magnetic disk 41, an optical disk 42, a magneto-optical disk 43, or a semiconductor memory 44, etc. are appropriately mounted and read out from them.
- the installed computer program is installed in the storage unit 28 as necessary.
- the content server 3, the license server 4, and the billing server 5 are also constituted by computers having basically the same configuration as the client 1 shown in FIG. Therefore, in the following description, the configuration of FIG. 2 is also referred to as the configuration of the content server 3, the license server 4, the billing server 5, and the like.
- a PD Portable Device
- a computer having a configuration basically similar to that of the client 1 shown in FIG.
- the CPU 21 controls the communication unit 29 in step S1 and sends the content server 3 to the content server 3 via the Internet 2. Have access.
- step S2 when the user operates the input unit 26 to specify the content to be provided, the CPU 21 receives this specification information, and from the communication unit 29, via the Internet 2.
- the content server 3 is notified of the content ID of the designated content to the content server 3.
- the content server 3 having received the notification transmits the content including the encrypted content data. I will send you Then, in step S3, the CPU 21 receives the content data via the communication unit 29, and in step S4, stores the encrypted content data in the hard disk constituting the storage unit 28. Supply and memorize.
- the configuration of the client 1 in FIG. 2 is also referred to as the configuration of the content server 3.
- step S21 the CPU 21 of the content server 3 waits until the client 1 accesses the Internet 2 through the communication unit 29, and when it is determined that the access has been received, the CPU 21 proceeds to step S22. Proceed and capture the content ID sent from client 1. This content ID is the information notified in step S2 in FIG.
- step S23 the CPU 21 of the content server 3 extracts the content data specified by the content ID captured in the processing of step S22 from the content stored in the storage unit 28. read out.
- step S24 the CPU 21 supplies the content data read from the storage unit 28 to the encryption / decryption unit 24, and encrypts the content data using the content key Kc.
- the encoded content data is encrypted.
- the content data can be stored in the storage unit 28 in an encrypted state in advance.
- the processing of step S24 can be omitted.
- step S25 the CPU 21 of the content server 3 stores, in the header constituting the format for transmitting the encrypted content data, the key information necessary for decrypting the encrypted content ( EKB and K (Kc)), which will be described later with reference to Fig. 5, are added.
- step S26 the content The CPU 21 of the server 3 converts the data obtained by formatting the content encrypted in the process of step S24 and the header to which the key information is added in the process of step S25 from the communication unit 29 into Sends to the client 1 that has accessed via the Internet 2.
- FIG. 5 shows a format configuration when the content is supplied from the content server 3 to the client 1 in this manner.
- this format is composed of a header and data.
- the header contains Content information, URL (Uniform
- the content information includes information such as a content ID (CID) as identification information for identifying content data formatted as data, and a codec method of the content.
- CID content ID
- the URL is address information that is accessed when acquiring the usage right required to use the content.
- the license server 4 required to receive the usage right is used. Address.
- the content attribute is information related to the content.
- the content attribute includes a content ID, a record company ID as identification information for identifying a content provider, and an artist as identification information for identifying an artist. ID, etc. are included.
- the attribute is used to specify the content subject to the usage right.
- the signature is an electronic signature corresponding to the attribute of the content.
- the data consists of an arbitrary number of encryption blocks (Encryption Blocks). Each encryption block consists of an initial vector (IV) and a serial vector.
- IV initial vector
- W 03 serial vector
- the key K ′ c is composed of a content key Kc and a value calculated by applying a value Seed set by a random number to a hash function, as shown by the following equation.
- K 'c Hash (Kc, Seed)
- the initial vector IV and the seed Seed are set to different values for each encrypted block.
- This encryption is performed every 8 bytes by dividing the content data in units of 8 bytes.
- the latter 8-byte encryption is performed in CBC (Cipher Block Chaining) mode, which uses the result of the previous 8-byte encryption.
- the encryption method is not limited to this.
- the client 1 can freely acquire the content from the content server 3 for free. Therefore, the content itself can be distributed in large quantities.
- each client 1 when using the acquired content, each client 1 needs to hold a usage right indicating that use of the content is permitted. Therefore, with reference to FIG. 6, a process when the client 1 plays the content will be described.
- step S41 the CPU 21 of the client 1 acquires the identification information (CID) of the content specified by the user operating the input unit 26.
- This identification The information is composed of, for example, the title of the content and a number assigned to each stored content.
- the CPU 21 sets the attribute of the content.
- step S42 the CPU 21 assigns a usage right such that the attributes read in step S41 satisfy the content condition included in each usage right. Then, it is determined whether or not it has already been acquired and stored in the storage unit 28. If the usage right has not been acquired yet, the process proceeds to step S43, and the CPU 21 executes a usage right acquisition process. Details of the usage right acquisition process will be described later with reference to the flowchart of FIG.
- step S42 determines whether or not the usage right has already been obtained, or if the usage right has been obtained as a result of executing the usage right acquisition process in step S43.
- step Proceeding to S44 the CPU 21 determines whether or not the acquired usage right is within the expiration date. Whether or not the usage right is within the validity period is determined by comparing the time limit specified as the content of the usage right (see Figure 8 below) with the current date and time measured by the timer 20. Is done. If it is determined that the expiration date of the usage right has already expired, the CPU 21 proceeds to step S45 to execute a usage right update process.
- step S44 If it is determined in step S44 that the usage right is still within the validity period, or if the usage right has been updated in step S45, the process proceeds to step S46, where?
- the reference numeral 1121 reads out the use condition and use state (described later) included in the use right stored in the storage unit 28, and judges whether or not the reproduction condition is satisfied.
- step S46 If it is determined in step S46 that the reproduction is permitted based on the usage conditions and the usage status included in the usage right, the process proceeds to step S47, where the CPU 21 is encrypted. Reads content data from storage unit 28 and stores it in RAM 23 Let it. Then, in step S48, the CPU 21 supplies the encrypted content data stored in the RAM 23 to the encryption / decryption unit 24 in units of encryption blocks arranged in the data of FIG. And decrypt using the content key Kc.
- K EKBC can be obtained, and the content key Kc can be obtained from the data K EKBC (Kc) (FIG. 5) using the key K EKBC .
- step S49 the CPU 21 supplies the content data decrypted by the encryption / decryption unit 24 to the codec unit 25, where the content data is decoded. Then, the CPU 21 supplies the data decoded by the codec unit 25 from the input / output interface 32 to the output unit 27, performs D / A conversion, and outputs the data from the speaker. If it is determined in step S46 that reproduction is not permitted based on the usage conditions and usage status included in the usage right, the content is not output and the process ends.
- Obtain service data including ID, DNK (Device Node Key), client 1 private key 'public key pair, license server public key, and certificate of each public key.
- ID ID
- DNK Device Node Key
- the leaf ID indicates the identification information assigned to each client, and the DNK is the device node key required to decrypt the content key Kc encrypted by the EKB (validation keep lock) included in the content. (Described later with reference to FIG. 10).
- step S61 the CPU 21 acquires the URL described in the header of the content. As mentioned above, this URL is the address to be accessed when obtaining the necessary usage rights to use the content. Therefore.
- step S62 the CPU 21 accesses the URL obtained in step S61.
- the communication unit 29 accesses the license server 4 via the Internet 2.
- the license server 4 sends a list of usage rights to the client 1, usage right specification information for specifying the usage right to be purchased (the usage right required to use the content), and the user ID And a password is required (step S102 in FIG. 9 described later).
- the CPU 21 displays this request on the display unit of the output unit 27.
- the user operates the input unit 26 based on this display to input the usage right designation information, the user ID, and the password.
- the user ID and password are obtained in advance by the user of the client 1 accessing the license server 4 via the Internet 2.
- step S63 and S64 the CPU 21 fetches the IJ right designation information input from the input unit 26, and fetches the user ID and password.
- step S65 the CPU 21 controls the communication unit 29 to transmit the input user ID and password to the usage right designation information and the usage right request including the leaf ID included in the service data (described later). To the license server 4 via the Internet 2.
- the license server 4 transmits the use right based on the user ID, the password, and the use right designation information (step S109) as described later with reference to FIG. 9 (step S109). If the condition is not satisfied, the right to use is not transmitted (step S112).
- step S66 the CPU 21 determines whether or not the usage right has been transmitted from the license server 4, and if the usage right has been transmitted, the process proceeds to step S67, where the usage right is determined.
- the data is supplied to the storage unit 28 and stored.
- step S66 If it is determined in step S66 that the usage right has not been transmitted, the CPU 2
- step 1 the flow advances to step S68 to execute error processing. Specifically, CPU 21 Since the right to use the content cannot be obtained, the content playback process is prohibited.
- each client 1 can use the content for the first time after acquiring the necessary usage right to use the content.
- usage right acquisition process of FIG. 7 can be performed in advance before each user acquires content.
- the usage right provided to the client 1 includes, for example, a use condition, a leaf ID, and an electronic signature as shown in FIG.
- the version is information that describes the version of the usage right by separating the major version and my version by a dot.
- a profile is described from a decimal integer value and is information that defines restrictions on how to describe usage rights.
- the usage right ID is identification information for identifying the usage right, which is described by a hexadecimal constant.
- the creation date and time indicates the date and time when the usage right was created.
- the expiration date indicates the expiration date of the usage right.
- An expiration date of 9 9 9 9 years 23: 59: 59: 59 indicates that there is no limit on the expiration date.
- the terms of use include the expiration date when the content can be used based on the usage right, the playback expiration date when the content can be played based on the usage right, the maximum number of times the content can be played, and the usage
- the number of times that content can be copied based on the right (number of permitted copies), the maximum number of checkouts, and whether the content can be recorded on a CD-R based on the usage right
- PD Portable Device
- the electronic signature of the use condition is an electronic signature corresponding to the use condition.
- Constants are constants that are referenced in usage conditions or conditions.
- the leaf ID is identification information for identifying a client.
- An electronic signature is an electronic signature that corresponds to the entire usage right.
- the certificate is a certificate that contains the license server's public key.
- the storage unit 28 of the client 1 stores a use state, which is information indicating the state of the content use right, together with the use condition of the use right.
- the usage status includes the number of times the content has been played, the number of times the content has been copied, the number of times the content has been checked out, the date and time the content has been played for the first time, the number of times the content has been recorded on CD-R, and other content based on the corresponding usage rights.
- information indicating history information or the like regarding the usage right is included.
- the determination of the reproduction condition in step S46 in FIG. 6 is performed based on the use condition included in the use right and the use state stored in the storage unit 28 together with the use right. For example, if the number of times the content stored in the use state has been reproduced is smaller than the maximum number of content reproduction times included in the use condition, it is determined that the reproduction condition is satisfied.
- step S101 the CPU 21 of the license server 4 waits for access from the client 1, and when the access is received, the process proceeds to step S102, where the CPU 21 It sends a list of usage rights including information on usage rights, and requests transmission of user ID and password, and usage right designation information.
- the CPU 21 of the license server 4 executes a process of receiving and taking in the data via the communication unit 29, and the CPU 21 of the license server 4 executes the communication unit 29 in step S103. Accesses the billing server 5 from the Request the credit process.
- the billing server 5 When receiving a request for credit processing from the license server 4 via the Internet 2, the billing server 5 checks the past payment history of the user corresponding to the user ID and the password, and the user checks that the user It checks whether there is a record of non-payment, etc., and if there is no such record, sends a credit result permitting the grant of the usage right. Send the credit result of the refusal to grant the license.
- step S104 the CPU 21 of the license server 4 determines whether or not the credit result from the charging server 5 is a credit result that allows the use right to be granted, and grants the use right. If is permitted, the process proceeds to step S105, and the use right corresponding to the use right designation information fetched in the processing of step S102 is stored in the storage unit 28. Take out of the right to use. As the usage right stored in the storage unit 28, information such as a usage right ID, a version, a creation date, an expiration date, and the like are described in advance.
- step S106 the CPU 21 adds the received leaf ID to the usage right. Further, in step S107, the CPU 21 selects a use condition associated with the use right selected in step S105. Alternatively, in the process of step S102, when the use condition is specified by the user, the use condition is added to the prepared use condition as necessary. Adds the selected terms of use to the usage right. Terms of use may be added to the usage right.
- step S108 the CPU 21 signs the usage right with the license server's private key, and attaches a certificate including the license server's public key to the usage right, thereby obtaining a license as shown in FIG. A right to use the configuration is generated.
- step S109 the CPU 21 of the license server 4 transmits the use right (having the configuration shown in FIG. 8) from the communication unit 29 to the client 1 via the Internet 2. .
- step S110 the CPU 21 of the license server 4 executes the processing of step S109 to convert the use right (including the usage conditions and the leaf ID) just transmitted to the license server 4. Corresponding to the user ID and password taken in the processing of S 102, it is stored in the storage unit 28. Further, in step S111, the CPU 21 executes a billing process. Specifically, the CPU 21 requests the charging server 5 from the communication unit 29 to perform a charging process for the user corresponding to the user ID and the password. The billing server 5 performs a billing process for the user based on the billing request. As described above, if the user does not pay for this billing process, the user will not be able to receive the usage right afterwards even if the user requests the grant of the usage right. Will be.
- a credit result that denies the grant of the usage right is transmitted from the charging server 5, so that the process proceeds from step S104 to step S112, and the CPU 21 performs error processing.
- the CPU 21 of the license server 4 transmits a message to the effect that the use right cannot be granted to the client 1 that has accessed the communication unit 29 by controlling the communication unit 29, and terminates the processing. .
- the client 1 since the client 1 cannot receive the use right, the client 1 cannot use the content (decrypt and reproduce the encrypted content data).
- devices and keys are managed based on the principle of a broadcast encryption system.
- the keys are organized in a hierarchical tree structure, with the bottom leaf corresponding to a key unique to each device.
- Hierarchical tree structure key management used in the system of the present invention is described in Japanese Patent Application Publication No. 2001-352321.
- keys corresponding to 16 devices from No. 0 to No. 15 are generated.
- Each key is defined corresponding to each node of the tree structure indicated by the circle in the figure. Is done.
- the root key KR corresponds to the root node at the top level
- the keys K 0 and K 1 correspond to the nodes at the second level.
- the keys K 0 0 0 through K 1 1 1 correspond to the fourth-level nodes, respectively. Supported.
- the leaf (device node) as the lowermost node corresponds to each of the -keys K 0 00 0 to K 1 1 1 1.
- the key above the key KO 0 0 1 and the key 0 0 1 1 is K 0 0 1
- the key above the key K 0 0 0 and the key K 0 0 1 is , K 00.
- the key above the keys K 00 and K 01 is denoted by K O
- the key above the keys K 0 and K 1 is denoted by KR.
- the key to use the content is managed by the key corresponding to each node of one path from the device node (leaf) at the bottom to the root node at the top.
- the key for using the content is managed by each key of the path including the keys KOOiI, K001, K00, KO, and KR.
- a key system configured based on the principle of FIG. 10 manages device keys and content keys.
- 8 + 24 + 32 nodes are in a tree structure, and a category is assigned to each node from the root node to the lower 8 nodes.
- the category here means a category such as a category of a device using a semiconductor memory such as a memory stick and a category of a device receiving a digital broadcast, and a license is managed in one of the category nodes.
- This system (referred to as the T system) corresponds to this system.
- the service provider or the service provided by the service provider is corresponded by the key corresponding to the node of the 24th tier in the hierarchy further lower than the node of the T system.
- this makes it possible to define a 2 24 (approximately 1 6 mega) mono bis provider or service.
- the lowest 32 levels can define 2 32 (approximately 4 giga) users (or clients 1).
- the key corresponding to each node on the path from the bottom 32 node to the node of the T system constitutes the MK (Device Node Key), and the ID corresponding to the bottom leaf is the leaf ID .
- the content key obtained by encrypting the content is encrypted with the updated root key KR ', and the updated node key in the upper layer is encrypted using the updated node key in the immediately lower layer, and EKB (Fig. 13 (Described later with reference to FIG. 14).
- the updated node key one level up from the end of the EKB is encrypted by the end node key or leaf key of the EKB and placed in the EKB.
- Client 1 uses one of the DNK keys described in the service data to update the immediately higher hierarchy described in the EKB ( Figures 13 and 14) distributed with the content data.
- the node key is decrypted, and the updated node key in the layer above it described in the EKB is decrypted using the decrypted key. By performing the above processing sequentially, the client 1 can obtain the updated root key KR '.
- Fig. 12 shows a specific example of category classification in a hierarchical structure.
- the root key KR2 301 is set at the top of the hierarchical tree structure
- the node key 2302 is set at the following middle
- the leaf key 2303 is set at the bottom. Is set.
- Each device has an individual leaf key, a series of node keys from the leaf key to the root key, and a device node key (DNK) consisting of the root key.
- DNK device node key
- the category [Memory Stick (trademark)] is set to one node 2305 in the M-th stage in Fig. 12. Nodes following this node and leaves are used to store various devices using memory stick. It is set as a node or leaf dedicated to the containing category. In other words, Node 2 305 or less is the power of the Memory Stick. It is defined as a set of related nodes and leaves of devices defined in the category.
- a stage several stages lower than the M stage can be set as a subcategory node 2306.
- the node below the category [Memory Stick] node 2305 there is a subcategory node included in the category of the device using the Memory Stick, and a node 2306 of [Playback device] as a subcategory node. It is set.
- the node 2303 of the telephone with the music playback function included in the category of the playback-only device is set under the node 2303 of the playback-only device, which is a subcategory node, and the music playback function is further subordinated.
- the [PHS] node 230 and the [mobile phone] node 230 included in the telephone category are set.
- categories and sub-categories are not only device types, but also arbitrary units (eg, nodes managed by a certain manufacturer, content provider, payment institution, etc., ie, processing units, jurisdiction units, or provided service units, etc.) These are collectively referred to as entities below).
- one category node is set as a dedicated vertex node for a game device XYZ sold by a game device manufacturer, the lower node key and leaf key below the vertex node are stored in the game device XYZ sold by the manufacturer.
- an activation key block consisting of node keys and leaf keys below the top node key. Data that can be distributed and used only for devices below the top node can be distributed.
- one vertex of the category stage or the subcategory stage is set.
- the maker, content provider, etc. that manages the node independently generates an activation key block (EKB) with the node as the vertex and distributes it to devices belonging to the vertex node and below. This makes it possible to execute key updating without affecting devices belonging to other categories of nodes that do not belong to the vertex node.
- EKB activation key block
- K (t) a a a indicates that it is an updated key of the generation t of the key K a a a.
- the update key distribution process will be described.
- the key is updated by, for example, storing a table composed of block data called an enabling key block (EKB) shown in FIG. 13 via a network or in a recording medium via a device. , 1 and 2 are implemented.
- the activation key block (EKB) is used to distribute the newly updated key to devices corresponding to each leaf (bottom node) constituting the tree structure as shown in Fig. 10. It consists of an encryption key.
- Activation Keep Lock (EKB) is sometimes called Key Renewal Block (KRB).
- the activation key block (EKB) shown in Fig. 13 is configured as block data that has a data structure that can be updated only by devices that require node key updates.
- the example in FIG. 13 is block data formed for the purpose of distributing an updated node key of generation t to devices 0, 1, and 2 in the tree structure shown in FIG. 10, which is evident from FIG.
- device 0 and device 1 need K (t) 00, K (t) 0 and K (t) R as update node keys
- device 2 has K (t) 001 as update node keys.
- K (t) 00, (t) 0, and (t) R are required.
- the EKB contains multiple encryption keys. The encryption key at the bottom of FIG.
- En c (K00 10, K (t) 00 1) c which is the updated node key K (t) 00 encrypted by the leaf key K00 10 of device 2. 1, and the device 2 can decrypt this encryption key with its own leaf key K0010 to obtain the updated node key K (t) 00 1.
- the encryption key En c (K (t) 00 1, K (t) 00) in the second stage from the bottom in Fig. 13 can be decrypted.
- the updated node key K (t) 00 can be obtained.
- the node key K000 is not included in the object to be updated.
- Nodes 0 and 1 need K (t) 00, K (t) 0, and (t) R as the updated node keys.
- the nodes 0 and 1 use the device keys K0000 and K0001 to decrypt the third encryption key Enc (K000, K (t) 00) from the top in Fig. 13 to update the node key K (t).
- the updated node key K (t) 0 is obtained by sequentially decrypting the second encryption key En c (K (t) 00, K (t) 0) from the top in FIG.
- the updated root key K (t) R is obtained by decrypting the encryption key Enc ((t) 0, (t) R) in the first stage from the top in FIG. In this way, devices 0, 1, and 2 can obtain the updated key K (t) R.
- the index in Fig. 13 indicates the absolute addresses of the node key and leaf key used as the decryption key for decrypting the encryption key on the right side of the figure.
- the activation keep block shown in Fig. 14 By using (EKB), the updated node key K (t) 00 can be distributed to devices 0, 1, and 2.
- the EKB shown in Fig. 14 can be used, for example, when distributing new contenties shared by a specific group. As a specific example, it is assumed that devices 0, 1, 2, and 3 in the group indicated by a dotted line in FIG. 10 use a recording medium and a new common content key K (t) con is required.
- devices 0, 1, and 2 can obtain the content key K (t) con at time t by decrypting the ciphertext using the key K (t) 00 obtained by processing the EKB. Become.
- Figure 15 shows an example of a process for obtaining a content key K (t) con at time t.
- Data E obtained by encrypting a new common content key K (t) con using K (t) 00.
- the device 0 uses the EKB at the generation t stored in the recording medium and the node key K000 stored in advance by itself and performs the same EKB processing as described above to execute the node key K Generate (t) 0 0. Further, the device 0 decrypts the updated content key K (t) con using the decrypted updated node key K (t) 0 0 and encrypts it with its own leaf key K00 00 to use it later. And store it.
- FIG 16 shows an example of the format of the activation key block (EKB).
- Version 601 is an identifier indicating the version of the activation key block (EKB).
- the version has the function of identifying the latest EKB and the function of indicating the correspondence with the content.
- Depth is the device to which the activation key block (EKB) is distributed Shows the number of layers in the hierarchical tree for.
- the data pointer 603 is a pointer indicating the position of the data section 606 in the activation keep-up (EKB)
- the tag pointer 604 is the position of the tag section 607
- the signature pointer 605 is This is a pointer indicating the position of the signature 608.
- the data section 606 stores, for example, data obtained by encrypting a node key to be updated, for example, stores each encryption key related to the updated node key as shown in FIG.
- the tag section 607 is a tag indicating the positional relationship between the encrypted node key and the reef key stored in the data section 606. The rules for assigning this tag will be described with reference to FIG.
- Fig. 17 shows an example of sending the activation key block (EKB) described above with reference to Fig. 13 as data.
- the data at this time is as shown in the table shown in Fig. 17B.
- the address of the top node included in the encryption key at this time is set as the top node address.
- the root node update key K (t) R is included, so the top node address is KR.
- the data Enc (K (t) 0, K (t) R) at the top corresponds to the position PO shown in the hierarchical tree indicated by A in FIG.
- the data in the next row is Enc (K (t) 00, K (t) 0), which corresponds to the lower left position P00 of the previous data on the tree.
- Tags Seen from the specified position in the tree structure, if there is data below it, the tag is set to 0, otherwise it is set to 1.
- Tags are set as ⁇ left (L) tag, right (R) tag ⁇ .
- tags are set for all data, and data strings and tag strings shown in C in Fig. 17 are configured.
- the tag is set to indicate where the corresponding data Enc (Kxxx, Kyyy) force tree structure is located.
- the key data Enc (Kx xx, Ky yy) stored in the data section 606 is simply encrypted. Although the data is merely a list of keys, the position of the encryption key stored as data on the tree can be determined by the tag described above. Instead of using the tags described above, using the node index corresponding to the encrypted data as in the configuration described in FIG.
- Signature 608 is an electronic signature issued by, for example, a management center (license server 4), a content provider (content server 3), a payment institution (charging server 5), etc., which issued the activation key block (EKB).
- the device that has received the EKB verifies the signature by verifying that it is an activation keep block (EKB) issued by the valid activation key block (EKB) issuer.
- FIG. 18 shows a summary of the process of using the content supplied from the content server 3 based on the usage right supplied from the license server 4 as described above.
- the content is provided from the content server 3 to the client 1, and the license is provided to the client 1 from the license server 4.
- the content is encrypted with the content key Kc (Enc (Kc, Content)), and the content key Kc is updated with the update root key KR '(EKB Key (corresponding to the key K EKBC in Fig. 5), encrypted (Enc (KR ', Kc)), added to the encrypted content with EKB, and provided to client 1. Is done.
- the EKB in the example of FIG. 18 includes, for example, as shown in FIG. 19, an updated root key KR 'that can be decrypted by DNK (Enc (DNK, KR')). Therefore, Client 1 can obtain the updated root key KR 'from EKB by using the DNK included in the service data. Furthermore, the content key Kc can be decrypted from Enc (KR ': Kc) using the updated root key KR', and the content can be decrypted from Enc (Kc, Content) using the content key Kc. .
- the client 1 associates the service data with the usage right, thereby preventing unauthorized copying of the usage right.
- the T system that manages licenses for category nodes and the categories of devices that use various contents are associated with each other. Devices. As a result, different categories of content can be managed on a single device.
- FIG. 20 shows an example of this relationship. That is, DNK 1 is assigned to device D 1 based on the T system, and content 1 including EKB can be reproduced. Similarly, the device D 1 is assigned, for example, DNK 2 and the content 2 ripped from a CD to a memory stick is Can be recorded. In this case, the device D1 can simultaneously handle contents distributed by different systems (T system and device management system) of contents 1 and contents 2. This is not possible if you assign a single DNK to a device, such as by deleting a previously assigned DNK when assigning a new D fox.
- the DNK instead of embedding advance in equipment and media by the license server 4, when performing the registration process, each device
- the content is used for all purposes, regardless of how it is used after it has been created.
- the private key and the corresponding public key certificates are distributed to each user (client 1) from the license server 4 as a certificate authority.
- Each user can create a signature using the secret key and add it to the content to ensure the integrity of the content and prevent the content from being tampered with.
- FIG. 21 is a diagram showing a configuration of a Memory Stick.
- the Memory Stick 651 has a flash memory (non-volatile memory) 661, a memory control block 662, and a security block 663 including a DES (Data Encryption Standard) encryption circuit on one chip. It is an IC.
- the flash memory 661 stores the encoded and encrypted contents under the control of the memory control block 662.
- the memory control block 662 performs serial Z-parallel conversion or parallel-serial conversion, separates the supplied command and data, and executes the separated command.
- Memory control block 6 6 2, corresponding to the supplied command, or to store the contents in the flash memory 6 6 1, or c memory stick 6 5 1 reads the content stored in the flash memory 6 6 1
- the security block 666 stores a plurality of authentication and authentication keys and a unique storage key for each memory card.
- the security block 666 has a random number generation circuit, and under the control of the memory control block 662, performs mutual authentication with the client 1 and shares a session key.
- the security block 666 stores the indices including the use conditions and the MAC value described later.
- the security block 666 decrypts the encrypted content under the control of the memory control block 662.
- FIG. 22 is a flowchart for explaining the content export process performed by the client 1.
- step S201 the CPU 21 of the client 1 selects the content to be exported and creates a signature from the attributes included in the selected content.c For example, the CPU 21 of the client 1 is included in the content. A signature is created by encrypting the attribute with the license server public key included in the certificate.
- step S202 the CPU 21 of the client 1 compares the signature of the created attribute with the signature of the attribute included in the content, and determines the signature of the created attribute and the signature of the attribute included in the content. If it is determined that the attributes match, the attribute has not been tampered with, and the process proceeds to step S203.
- step S202 If it is determined in step S202 that the signature of the created attribute does not match the signature of the attribute included in the content, the attribute is falsified, and the process proceeds to step S209, and The CPU 21 of the client 1 executes an error process such as an error display, does not perform the export process, and ends the process.
- an error process such as an error display
- step S203 the CPU 21 of the client 1 searches the storage unit 28 for a usage right for which the attribute of the target content satisfies the content condition included in the usage right and the export is permitted. . If the right to use the target content is not found in the storage unit 28, the process proceeds to step S209, and the CPU 21 of the client 1 executes error processing such as displaying an error, and performs export. The processing ends without performing the processing of the execution of.
- step S203 when the right to use the content is found, the process proceeds to S204, and the CPU 21 of the client 1 stores the right to use the content in the storage unit 28.
- One stored force Judges whether two or more are stored.
- step S205 the CPU 21 of the client 1 executes the display of the output unit 27. Display the information such as the usage conditions of each usage right, and ask the user to confirm which usage rights are used as the usage conditions of the exported content. Based on the input from the user to the input section 26, Decide which right to use for the export.
- the selection of the usage right in step S205 is not limited to the selection by the user, and the priority may be determined based on a predetermined rule. If it is determined that one usage right for using the target content is stored in the storage unit 28, the usage right used for export is determined, and thus the usage right of step S205 is determined. Is not selected, and the process proceeds to step S206.
- the CPU 21 of the client 1 creates a signature from the usage conditions of the usage right.
- the CPU 21 of the client 1 creates a signature by encrypting the use conditions included in the usage right with the public key of the license server included in the certificate.
- step S207 the CPU 21 of the client 1 compares the signature of the created use condition with the signature of the use condition included in the use right, and signs the created use condition signature and included in the use right. If it is determined that the signature of the usage condition matches the usage condition, the use condition is not falsified, and the process proceeds to step S208.
- step S208 the CPU 21 of the client 1 performs the export execution process, and the process ends.
- step S207 If it is determined in step S207 that the signature of the created attribute does not match the signature of the attribute included in the content, the attribute is falsified, and the process proceeds to step S209, and The CPU 21 of the client 1 executes an error process such as an error display, does not perform the export process, and ends the process.
- an error process such as an error display
- FIG. 23 is a flowchart for explaining the process of executing the export of the client 1 corresponding to the process of step S208.
- step S221 the CPU 21 of the client 1 executes a process of mutual authentication with the attached memory stick.
- the CPU 21 of the client 1 and the security block 663 of the memory stick 651 can execute a challenge and response mutual authentication process.
- step S221 If the mutual authentication is not performed in the processing of step S221, the client 1 or the memory stick 651 is not valid. The processing of S228 is skipped, and the processing ends without writing the content to the Memory Stick 651.
- step S221 if mutual authentication is performed, the client 1 and the memory stick 651 are valid, so that the client 1 and the memory stick 651 share a common temporary key (session key).
- the processing of steps S222 to S228 is performed.
- the information transmitted by the client 1 to the memory stick 651 is encrypted by the encryption / decryption unit 24 with the temporary key. Since the information received by the client 1 from the memory stick 65 1 is encrypted by the temporary key, the information is decrypted by the encryption / decryption unit 24.
- step S222 the CPU 21 of the client 1 writes the content to the memory stick 651.
- the CPU 21 of the client 1 obtains the content key of the memory stick 651, from the memory stick 651, and re-locks the content key to the content key of the memory stick 651 (the content is stored in the memory stick 651).
- the content key of the Memory Stick 651 is encrypted (encrypted with the content key of the Memory Stick 651), and the re-locked content is supplied to the Memory Stick 651.
- step S223 the CPU 21 of the client 1 converts the format of the usage condition of the usage right into a format corresponding to the Memory Stick.
- step S224 the CPU 21 of the client 1 sends to the encryption / decryption unit 24 a message authentication code (MAC: Message) of the usage condition of the usage right.
- MAC message authentication code
- MAC value (hereinafter also referred to as the MAC value).
- Figure 24 shows an example of MAC value generation using the DES ⁇ processing configuration.
- the target message usage condition
- the target message usage condition
- the initial value (IV) and Ml are exclusive-ORed by the arithmetic unit 24-1A (the result is assumed to be II).
- the divided messages are assumed to be Ml, M2, ..., MN.
- I 1 is put into the DE encryption section 24-1 B, and is encrypted using a key (hereinafter, referred to as K 1) (the output is referred to as E 1).
- DE S encryption unit 24 The last EN that came out of the NB is a message authentication code (MAC).
- MAC message authentication code
- step S225 the CPU 21 of the client 1 writes the use condition whose format has been converted in the process of step S223 into the index of the memory stick 651, together with the MAC value calculated in the process of step S224.
- FIG. 25 is a diagram illustrating indexes and contents stored in the memory stick 651.
- the index 70 1 of the memory stick 65 1 stores the usage condition of the content, the MAC value, and the pointer corresponding to the content.
- the pointer at index 701 stores the address of the content.
- the pointer indicating the content 702-1 stored in the memory stick 65 1 is stored in the index 701 together with the usage condition of the content 702-1 and its MAC value.
- the pointer indicating the content 702-2 stored in the memory stick 651 is stored in the index 701 together with the usage condition of the content 702-2 and its MAC value.
- the pointer indicating the content 702-3 stored in the memory stick 651 is stored in the index 701 together with the usage condition of the content 720-3 and its MAC value.
- the CPU 21 of the client 1 acquires the index 701 in which the new use condition and the MAC value are newly written from the memory stake 651 by the process of step S225.
- step S227 the CPU 21 of the client 1 calculates the integrity check value (ICV) of the entire Memory Stick 651, based on the index 701 in which the new use condition and the MAC value are written. .
- L1 and L2 are usage condition information, and the MAC value of the usage condition is used.
- the CPU 21 of the client 1 calculates the integrity check value based on the MAC values corresponding to the contents 702-1 to 702-3 contained in the index 701 obtained from the memory stick 651.
- the CPU 21 of the client 1 writes the calculated integrity 1 check value 703 to the memory stick 65 1 as shown in FIG.
- Client 1 encrypts the integrity 'check value with a temporary key and transmits the integrity' check value to the memory stick 6 1 through the memory stick 65 1 (send, relay, SAC (Secure Authentication Channel)). Send to
- the integrity check value 703 corresponding to the index 701 is securely stored in the memory stick. For example, when the I CV generated based on the index 701 and the I CV 703 generated based on the usage conditions are compared during content playback, if the same I CV is obtained, It is guaranteed that the usage conditions have not been tampered with, and if the ICVs are different, it is determined that tampering has occurred.
- step S224 the security block 636 of the memory stick 651 executes a process of mutual authentication with the client 1 in response to the process of step S221 of the client 1.
- a common temporary key (session key) is shared between Client 1 and Memory Stick 651.
- the information transmitted by the memory stick 651 to the client 1 is encrypted by the security key 663 using the temporary key. Also, since the information received by the Memory Stick 651 from the client 1 is encrypted with the temporary key, the security block 663 of the Memory Stick 651 uses the temporary key to write the encrypted information. Decrypt.
- step S224 the memory controller block 626 of the memory stick 651 receives the content from the client 1 executing the process of step S222, and receives the content.
- the content is stored in the flash memory 6 6 1.
- step S243 the memory controller lock block 662 of the memory stick 651 sends the format-converted use condition from the client 1 executing the process of step S225, so that The use condition is received, and the received use condition is written to the index 701 of the security block 666.
- the memory stick 651 writes the pointer indicating the content stored in the process of step S224 to the index 701 of the security block 663 in accordance with the use condition.
- step S 2 4 4 the memory control block 626 of the memory stick 65 1 reads the index 70 1 from the security block 66 3 because there is a request from the client 1, and reads the read index 70 0. Send 1 to the client.
- the client 1 can acquire the index 701 in the processing of step S226.
- step S24.5 the memory stick 651 receives the ICV transmitted from the client 1 because a new ICV is transmitted from the client 1 executing the processing in step S228.
- the ICV is updated based on the received ICV, and the process ends.
- the integrity information and the integrity information of the use condition are managed as a single piece of information as an index 701.
- Client 1 can export content signed with public key cryptography to a Memory Stick without reducing the level of content protection on the Memory Stick, even if the processing power of the Memory Stick is low. Become like
- the same content can be used even on terminals with low processing capacity. This will allow, among other things, any device to exchange content.
- FIG. 27 in the system according to the present invention, as a service corresponding to one of the categories described in FIG. 12, content can be imported from the memory stick 651 to the client 1 and the client can be imported. You can export content from 1 to Memory Stick 6 5 1.
- the client 1 When importing content from the Memory Stick 651, the client 1 assigns the content to one service and converts the imported content into a predetermined format.
- the content of Client 1 is a format that can store multiple types of data (such as audio data, image data, or text data), for example, QuickTime (trademark) format. Having. Audio data, image data, text data, and the like stored in one content of the client 1 have a correspondence relationship with each other. For example, if the audio data is music data, the image data is data showing the image of the performer of the music, and the text data is data showing the commentary or lyrics of the music ⁇
- the client 1 may, for example, export audio track data of a format content that can store a plurality of types of data. Then, the data is converted into a format compatible with the memory stick 651, such as a Memory Stick Audio (MSA) format, and other data of the content is linked to the data of the converted audio track.
- MSA Memory Stick Audio
- the attribute data included in the content is regarded as fringe data. It is a different file.
- the file containing the fringe data and metadata is stored on the Memory Stick 651, separately from the audio data file.
- the audio data file shown in FIG. 28 and the file containing the fringe data and the metadata are associated with the content stored in the memory stick 651 in FIG.
- Client 1 when importing (ripping) content from a CD, which is another example of a storage medium, to Client 1, Client 1 uses the service data for import and the default usage corresponding to the import service.
- the model of the right is stored in advance.
- the service data for import is the same as that shown in Fig. 8, but stores a unique ID instead of a leaf ID.
- a predetermined value that indicates one node in the hierarchical tree structure described in Fig. 10 is set as the unique ID. Is done.
- a predetermined ID is set as the usage right ID.
- the client 1 may store a plurality of license templates and, when importing the content, select a predetermined usage right template from the stored multiple usage rights templates. .
- the service data for import may be obtained from a predetermined license server 4.
- Client 1 converts the content read from the CD into Client 1's content format and further defines the appropriate content attributes.
- client 1 reads data (for example, record company ID or artist ID) related to the content of the content recorded on the CD from the TOC (Table Of Contents) of the CD, and sets it as a content attribute. .
- the client 1 binds the generated content and the usage right stored in advance in accordance with the content read from the CD.
- import true
- the client 1 generates a random number with a predetermined number of bits, and sets the generated random number in the content as a content ID.
- the content ID may be read from T0C of the CD, and the read content ID may be set in the content.
- FIG. 29 is a diagram showing an example of more specific content conversion in import and export.
- audio data is extracted from the content of the client 1 and the extracted audio data is converted into an audio data file.
- the audio data file is stored on the Memory Stick 651.
- the EKB, KEKBC (Kc), attribute data, signature, and the like included in the content are regarded as fringe data.
- Image data or text data Metadata such as data is stored as a file on the Memory Stick 651, along with the fringe data, in the same format.
- audio data is extracted from the audio data file, and the extracted audio data is added to the content of the client 1 as audio data (audio data). (Track).
- fringe data including EKB, KEKBC (Kc), attribute data, and signatures, stored in a file on Memory Stick 651 , Is stored in the content of client 1 in a predetermined manner as a header of the client.
- the metadata including the image data and the text data is stored as it is in the metadata of the content of the client 1, that is, in the image track and the text track.
- FIG. 30 is a flowchart for explaining the process of writing the content of the client 1 corresponding to the process of step S222.
- step S301 the CPU 21 of the client 1 extracts an audio track from the content to be exported.
- step S302 the CPU 21 of the client 1 converts the format of the audio track (audio data) into a format usable by the memory stick 651, and generates an audio data file. .
- the CPU 21 of the client 1 obtains the content key of the memory stick 651, from the memory stick 651, and re-keys the audio data of the content to the content key of the memory stick 651 (
- the content data obtained by decrypting the EKB by DNK, decrypting the content key, and decrypting the content data is obtained by encrypting the audio data with the content of the Memory Stick 651) and re-keying the audio data.
- the memory stick 651 may be re-locked with the audio data file.
- step S303 the CPU 21 of the client 1 writes the audio data file into the memory stick 651.
- step S304 the CPU 21 of the client 1 deletes the audio track from the content to be exported.
- the CPU 21 of the client 1 sends a file for writing to the memory stick 651 from data required for decryption included in the content, for example, attributes or EKB, or metadata such as image data or text data.
- the attribute data of the content is set as the fringe data of the file.
- step S305 the CPU 21 of the client 1 receives the reference information indicating the position of the audio data file on the recording medium (storage medium) transmitted from the memory stick 651.
- step S306 the CPU 21 of the client 1 replaces the deleted audio track with reference information indicating the position of the audio data file received in step S305 on the recording medium (storage medium). Insert
- step S307 the CPU 21 of the client 1 writes the content including the reference information of the audio data file as a file on the memory stick 651, and the process ends.
- FIG. 31 is a flowchart for explaining the process of storing the content of the memory stick 651, corresponding to the process of step S224.
- step S321 the memory control block 662 of the memory stick 651 receives the audio data file transmitted from the client 1 executing the processing of step S303, and processes the received audio data file.
- Flat The memory is stored in the memory 6 6 1.
- the memory stick 651 stores an audio data file composed of audio tracks in the contents of the client 1. Since the audio data file has a file format corresponding to the Memory Stick 651, the Memory Stick 651 can use the audio data file (play the sound on the device to which it is attached).
- step S3222 the memory control block 662 of the memory stick 651 transmits reference information indicating the position of the audio data file stored in the flash memory 661 on the recording medium (storage medium). .
- step S332 the memory control block 662 of the memory stick 651 receives the file containing the reference information of the audio data file transmitted from the client 1 executing the processing of step S307. Then, the received file is stored in the flash memory 661, and the process ends.
- the file to which the audio data file is linked does not have a file format corresponding to the Memory Stick 651, and the Memory Stick 651 cannot use the data stored in the file.
- the memory stick 651 stores the audio data file corresponding to the audio track of the content, and stores other data such as the metadata or the attribute data of the content as a file. .
- the process of inserting the reference information indicating the position of the audio data file on the recording medium (storage medium) may be performed by the Memory Stick 651.
- Client 1 sends a content file with the audio track removed
- the memory controller REPLOCK 662 of the Memory Stick 651 inserts reference information indicating the position of the audio data file on the recording medium (storage medium).
- the process of importing the content of the client 1 will be described.
- FIG. 32 is a flowchart illustrating a process in which the client 1 imports (so-called, riving) the content recorded on the CD.
- step S3401 the CPU 21 of the client 1 reads (acquires) the content from the CD, which is the optical disc 42 mounted on the drive 30, and reads the content to the codec section 25.
- Content for example, ATRAC (Adaptive Reflective
- step S3342 the CPU 21 of the client 1 causes the encryption / decryption unit 24 to encrypt the compressed content.
- compressed content is encrypted with a content key created based on a random number, and the content key is stored in the EKB corresponding to the category of the import assigned to a node below the T-system category node. Encrypted with root key. The content key is added to the decrypted content.
- step S3343 the CPU 21 of the client 1 assigns a content ID to the encrypted content.
- the CPU 21 of the client 1 generates a random number with a predetermined number of bits, and assigns the generated random number to the content as a content ID.
- the CPU 21 of the client 1 may read the content ID included in the T0C of the CD, and assign the read content ID to the encrypted content.
- the CPU 21 of the client 1 may read the content ID included in a predetermined track of the CD and assign the read content ID to the encrypted content c step S 3 4 4
- a conditional expression such as
- the content attribute read from the CD satisfies the content condition of the usage right template, and the content read from the CD is permitted to be used by the usage right created from the template.
- step S345 the CPU 21 of the client 1 creates a content attribute.
- CPU 21 of client 1 uses TOC (Table Of
- step S 346 the CPU 21 of the client 1 generates an electronic signature based on the attribute of the created content, and attaches the generated electronic signature to the content.
- the CPU 21 of the client 1 Generates an electronic signature using its own private key included in the certificate of the service data for the import service.
- step S347 the CPU 21 of the client 1 prepares the format of the generated content, sets the format of the content to the format described in FIG. 5, and ends the processing.
- step S3661 the CPU 21 of the client 1 causes the drive 30 to read the audio data file as the content from the memory stick 651, which is the semiconductor memory 44 mounted, and read the audio data. Get the file.
- step S366 the CPU 21 of the client 1 causes the drive 30 to read the file including the fringe data and the metadata from the memory stick 651, and obtain the file including the fringe data and the metadata. I do.
- step S3663 the CPU 21 of the client 1 assigns a content ID to the read content. More specifically, the CPU 21 of the client 1 extracts the content ID included in the fringe data of the file, and assigns the extracted content ID to the content.
- step S364 the CPU 21 of the client 1 assigns a usage right to the content. More specifically, the CPU 21 of the client 1 assigns the attribute included in the fringe data of the file to the content.
- step S365 the CPU 21 of the client 1 sets a content attribute. More specifically, the CPU 21 of the client 1 extracts the attribute included in the fringe data of the file and sets the extracted attribute to the content.
- step S366 the CPU 2 of the client 1 1 attaches an electronic signature to the created content.
- the CPU 21 of the client 1 extracts the electronic signature included in the fringe data of the file, and attaches the extracted electronic signature to the content.
- step S366 the CPU 21 of the client 1
- the format of the generated content is adjusted, and the process ends. More specifically, the CPU 21 of the client 1 uses the audio data file as the audio track format of the content of the client 1 and inserts the audio track into the file to format the content. The method described in 5 is used.
- the extracts predetermined types of data included in the content converts the format of the extracted data into a predetermined format corresponding to the storage medium, and includes the data required for decoding the content included in the content.
- a predetermined file is generated from other types of data, a link between the format-converted data and the file is added, and writing of the format-converted data and file to a storage medium is controlled. If this is done, it will be possible to export the content by preventing loss of information, and the exported content will be handled like any other content.
- the memory stick 651 When the memory stick 651 is configured to store the format-converted content, the content can be used in a memory stick playback device without changing the configuration.
- the content can be obtained.
- the content can be exported to the storage medium.
- the content data included in the content is extracted, the format of the extracted content data is converted into a predetermined format corresponding to the storage medium, and a predetermined format is extracted from the data excluding the content data included in the content.
- Information is lost, information is added to the file, and reference is made to the format-converted content data, and the writing of the format-converted content data and the file to the storage medium is controlled. This prevents content from being exported and allows the exported content to be handled on the storage medium like any other content.
- the content stored in the storage medium can be imported.
- Acquires content data from a storage medium converts the acquired content data into a predetermined format, generates content, encrypts the format-converted content data included in the generated content, and encrypts the content. If key information for decrypting the content data is added and information is added to the content for associating it with the usage right necessary for using the content, loss of information can be prevented. As a result, the content can be imported, and the imported content can be handled like other content.
- content may be imported or eta-ported from a client to a portable device (PD), which is another example of a content storage device.
- PD portable device
- the content may be exported to the storage medium provided, or the content may be imported from the storage medium provided in the content storage device.
- the client may import or export the content to a memory stick attached to the PD. In this case, the process of mutual authentication is performed between the client and the PD, and between the PD and the Memory Stick.
- the client to which the present invention is applied can be a PDA (Personal Digital Assistant), a mobile phone, a game terminal, etc. other than a so-called personal computer.
- PDA Personal Digital Assistant
- the programs that make up the software are installed in a computer that is built into dedicated hardware, or by installing various programs to perform various functions. It can be executed, for example, installed on a general-purpose personal computer from a network or a recording medium.
- the recording medium is a magnetic disk 41 (including a flexible disk) on which a program is recorded, which is distributed separately from the main body of the apparatus to provide a program to a user, and an optical disk.
- 4 2 including CD-ROM (Compact Disk-Read Only Memory), DVD (Digital Versatile Disk)), magneto-optical disk 4 3 (including MD (Mini-Disk) (trademark)), or semiconductor
- CD-ROM Compact Disk-Read Only Memory
- DVD Digital Versatile Disk
- magneto-optical disk 4 3 including MD (Mini-Disk) (trademark)
- semiconductor not only is it composed of package media consisting of memory 44, etc., but it is also stored in the R0M 22 and the storage unit 28 where programs are recorded and provided to the user in a state of being pre-installed in the device body. It consists of a hard disk included.
- steps for describing a program to be recorded on a recording medium are not only performed in chronological order according to the order described, but are not necessarily performed in chronological order. Alternatively, it also includes processes that are individually executed. In addition, it is desirable that the program that executes security-related processing be encrypted in order to prevent the processing from being analyzed. For example, for a process of performing an encryption process or the like, the program can be configured as a tamper resistant module.
- the attribute of the content and the content condition of the usage right are used to specify the usage right required to use the content.
- the present invention is not limited to this.
- the content is used for the content May include the usage right ID of the usage right required in this case.
- the usage right required to use it is uniquely determined, so the process of determining the matching between them is performed No need.
- the first invention it is possible to prevent the loss of information and to export the content, and to handle the exported content on the storage medium in the same manner as other content. .
- the second invention it is possible to prevent the loss of information and to import the content, and to handle the imported content in the same manner as other content.
Description
Claims
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP03719097A EP1496441A4 (en) | 2002-04-15 | 2003-04-10 | INFORMATION PROCESSING DEVICE, METHOD, RECORDING MEDIUM, AND PROGRAM |
US10/480,626 US7487549B2 (en) | 2002-04-15 | 2003-04-10 | Information processing apparatus, information processing method, recording medium, and program |
KR10-2003-7016350A KR20040103748A (ko) | 2002-04-15 | 2003-04-10 | 정보 처리 장치 및 방법, 기록 매체, 및 프로그램 |
US12/269,848 US8042192B2 (en) | 2002-04-15 | 2008-11-12 | Information processing apparatus, information processing method, recording medium, and program |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2002-112110 | 2002-04-15 | ||
JP2002112110A JP3818505B2 (ja) | 2002-04-15 | 2002-04-15 | 情報処理装置および方法、並びにプログラム |
Related Child Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/480,626 A-371-Of-International US7487549B2 (en) | 2002-04-15 | 2003-04-10 | Information processing apparatus, information processing method, recording medium, and program |
US12/269,848 Division US8042192B2 (en) | 2002-04-15 | 2008-11-12 | Information processing apparatus, information processing method, recording medium, and program |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2003088059A1 true WO2003088059A1 (fr) | 2003-10-23 |
Family
ID=29243304
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2003/004549 WO2003088059A1 (fr) | 2002-04-15 | 2003-04-10 | Dispositif de traitement d'informations, procede, support d'enregistrement et programme |
Country Status (6)
Country | Link |
---|---|
US (2) | US7487549B2 (ja) |
EP (1) | EP1496441A4 (ja) |
JP (1) | JP3818505B2 (ja) |
KR (1) | KR20040103748A (ja) |
CN (1) | CN100501703C (ja) |
WO (1) | WO2003088059A1 (ja) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2010082362A1 (en) * | 2009-01-16 | 2010-07-22 | Telefonaktiebolaget L M Ericsson (Publ) | Proxy server, control method thereof, content server, and control method thereof |
US8295299B2 (en) | 2004-10-01 | 2012-10-23 | Qlogic, Corporation | High speed fibre channel switch element |
Families Citing this family (40)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7162035B1 (en) | 2000-05-24 | 2007-01-09 | Tracer Detection Technology Corp. | Authentication method and system |
JP3818505B2 (ja) * | 2002-04-15 | 2006-09-06 | ソニー株式会社 | 情報処理装置および方法、並びにプログラム |
US8171567B1 (en) | 2002-09-04 | 2012-05-01 | Tracer Detection Technology Corp. | Authentication method and system |
US9678967B2 (en) | 2003-05-22 | 2017-06-13 | Callahan Cellular L.L.C. | Information source agent systems and methods for distributed data storage and management using content signatures |
WO2005010762A1 (ja) * | 2003-07-25 | 2005-02-03 | Matsushita Electric Industrial Co., Ltd. | データ処理装置 |
US7552334B2 (en) * | 2003-09-24 | 2009-06-23 | The Boeing Company | System and method for presentation integrity |
JP4622334B2 (ja) * | 2004-06-23 | 2011-02-02 | 日本電気株式会社 | コンテンツデータ利用システム及びその方法並びに移動通信端末及びプログラム |
JP4162237B2 (ja) * | 2004-06-24 | 2008-10-08 | インターナショナル・ビジネス・マシーンズ・コーポレーション | 複数の復号化装置に対し選択的にメッセージを配信する暗号化通信システム、暗号化装置、復号化装置、暗号化方法、復号化方法、暗号化プログラム、及び復号化プログラム |
US20060051061A1 (en) * | 2004-09-09 | 2006-03-09 | Anandpura Atul M | System and method for securely transmitting data to a multimedia device |
KR100694064B1 (ko) * | 2004-10-08 | 2007-03-12 | 삼성전자주식회사 | Drm 변환 방법 및 장치 |
EP1817687B1 (en) * | 2004-10-20 | 2016-08-31 | Inka Entworks, Inc | Apparatus and method for supporting content exchange between different drm domains |
JP4387962B2 (ja) * | 2005-02-18 | 2009-12-24 | 株式会社東芝 | コンテンツ再生装置、コンテンツ再生方法及びプログラム |
WO2006129983A1 (en) * | 2005-06-03 | 2006-12-07 | Ktfreetel Co., Ltd. | Method and apparatus for providing and processing contents using d.r.m |
US7624428B2 (en) * | 2005-06-30 | 2009-11-24 | Intel Corporation | Apparatus and method for platform-independent identity manageability |
US20070005966A1 (en) * | 2005-06-30 | 2007-01-04 | Selim Aissi | Derivation of a shared keystream from a shared secret |
KR100782847B1 (ko) * | 2006-02-15 | 2007-12-06 | 삼성전자주식회사 | 복수의 컨텐트 부분들을 포함하는 컨텐트를 임포트하는방법 및 장치 |
US8978154B2 (en) * | 2006-02-15 | 2015-03-10 | Samsung Electronics Co., Ltd. | Method and apparatus for importing content having plurality of parts |
US20070198425A1 (en) * | 2006-02-17 | 2007-08-23 | International Business Machines Corporation | Method and system for auditing digital rights in a content management system |
KR100806107B1 (ko) | 2006-04-11 | 2008-02-21 | 엘지전자 주식회사 | Drm에서의 비보호 콘텐츠의 보호 방법 |
US8619982B2 (en) * | 2006-10-11 | 2013-12-31 | Bassilic Technologies Llc | Method and system for secure distribution of selected content to be protected on an appliance specific basis |
US20080092239A1 (en) * | 2006-10-11 | 2008-04-17 | David H. Sitrick | Method and system for secure distribution of selected content to be protected |
US8719954B2 (en) * | 2006-10-11 | 2014-05-06 | Bassilic Technologies Llc | Method and system for secure distribution of selected content to be protected on an appliance-specific basis with definable permitted associated usage rights for the selected content |
US20080200224A1 (en) | 2007-02-20 | 2008-08-21 | Gametank Inc. | Instrument Game System and Method |
US8907193B2 (en) | 2007-02-20 | 2014-12-09 | Ubisoft Entertainment | Instrument game system and method |
KR20080084481A (ko) * | 2007-03-16 | 2008-09-19 | 삼성전자주식회사 | 디바이스간의 콘텐츠 전송 방법 및 그 시스템 |
JP5304641B2 (ja) * | 2007-03-29 | 2013-10-02 | 日本電気株式会社 | 再生ルール評価装置、再生ルール評価方法、記憶媒体、及びプログラム |
JP4311475B2 (ja) | 2007-05-10 | 2009-08-12 | ソニー株式会社 | デジタルシネマ処理装置、インジェスト方法及びプログラム |
JP5175615B2 (ja) * | 2007-06-04 | 2013-04-03 | パナソニック株式会社 | 利用装置、サーバ装置、サービス利用システム、サービス利用方法、サービス利用プログラム及び集積回路 |
US7907735B2 (en) | 2007-06-15 | 2011-03-15 | Koolspan, Inc. | System and method of creating and sending broadcast and multicast data |
US8417942B2 (en) * | 2007-08-31 | 2013-04-09 | Cisco Technology, Inc. | System and method for identifying encrypted conference media traffic |
US8837598B2 (en) * | 2007-12-28 | 2014-09-16 | Cisco Technology, Inc. | System and method for securely transmitting video over a network |
US20090169001A1 (en) * | 2007-12-28 | 2009-07-02 | Cisco Technology, Inc. | System and Method for Encryption and Secure Transmission of Compressed Media |
DE102008011882B4 (de) * | 2008-02-29 | 2010-04-01 | Robert Niggl | Vorrichtung und Verfahren zum kontrollierten Datenaustausch zwischen mindestens zwei Datenträgern |
US8826037B2 (en) * | 2008-03-13 | 2014-09-02 | Cyberlink Corp. | Method for decrypting an encrypted instruction and system thereof |
US7995196B1 (en) | 2008-04-23 | 2011-08-09 | Tracer Detection Technology Corp. | Authentication method and system |
US9120016B2 (en) * | 2008-11-21 | 2015-09-01 | Ubisoft Entertainment | Interactive guitar game designed for learning to play the guitar |
JP2010192944A (ja) * | 2009-02-13 | 2010-09-02 | Sony Corp | コンテンツ配信装置、コンテンツ利用装置、コンテンツ配信システム、コンテンツ配信方法、およびプログラム |
JP4660658B1 (ja) * | 2010-02-09 | 2011-03-30 | ネットエージェント株式会社 | 通信情報解析システム |
JP6448235B2 (ja) * | 2014-07-08 | 2019-01-09 | キヤノン株式会社 | 画像処理装置、画像処理装置の制御方法、およびプログラム |
JP6424330B2 (ja) * | 2015-10-13 | 2018-11-21 | 株式会社アクセル | 情報処理装置、及び情報処理方法 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2001051906A (ja) * | 1999-05-31 | 2001-02-23 | Sony Corp | 情報処理装置および方法、並びにプログラム格納媒体 |
JP2001236080A (ja) * | 1999-12-17 | 2001-08-31 | Sony Corp | 情報処理装置および方法、並びにプログラム格納媒体 |
JP2001243707A (ja) * | 2000-02-29 | 2001-09-07 | Sony Corp | 情報送受信システム、及び電子機器 |
Family Cites Families (38)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH02293930A (ja) * | 1989-05-08 | 1990-12-05 | Victor Co Of Japan Ltd | 記録媒体の記録内容の盗用防止方式 |
US5826245A (en) * | 1995-03-20 | 1998-10-20 | Sandberg-Diment; Erik | Providing verification information for a transaction |
US5684951A (en) * | 1996-03-20 | 1997-11-04 | Synopsys, Inc. | Method and system for user authorization over a multi-user computer system |
US6012144A (en) * | 1996-10-08 | 2000-01-04 | Pickett; Thomas E. | Transaction security method and apparatus |
US6226618B1 (en) * | 1998-08-13 | 2001-05-01 | International Business Machines Corporation | Electronic content delivery system |
KR100484209B1 (ko) * | 1998-09-24 | 2005-09-30 | 삼성전자주식회사 | 디지털컨텐트암호화/해독화장치및그방법 |
EP1001419B1 (en) | 1998-11-09 | 2004-03-03 | Matsushita Electric Industrial Co., Ltd. | Data conversion apparatus and method in copyright protecting system |
US6798885B1 (en) * | 1999-04-29 | 2004-09-28 | International Business Machines Corp. | Method and apparatus for encoding security information in a MIDI datastream |
US7143445B1 (en) | 1999-05-31 | 2006-11-28 | Sony Corporation | Information processing apparatus, information processing method, and program storage medium |
US6721802B1 (en) * | 1999-08-12 | 2004-04-13 | Point2 Technologies Inc. | Method, apparatus and program for the central storage of standardized image data |
US6463445B1 (en) * | 1999-08-27 | 2002-10-08 | Sony Electronics Inc. | Multimedia information retrieval system and method including format conversion system and method |
CN1249547C (zh) * | 1999-09-01 | 2006-04-05 | 松下电器产业株式会社 | 版权所有的数据处理方法和设备 |
JP4360026B2 (ja) | 1999-10-25 | 2009-11-11 | ソニー株式会社 | データ処理装置、コンテンツ管理方法及び記憶媒体 |
EP1158416A4 (en) | 1999-10-25 | 2007-12-05 | Sony Corp | PROCESS FOR MANAGING CONTENT DATA |
JP2001236081A (ja) | 1999-11-12 | 2001-08-31 | Sony Corp | 情報処理装置および方法、並びにプログラム格納媒体 |
US20010031050A1 (en) * | 2000-02-14 | 2001-10-18 | Lateca Computer Inc. N.V. | Key generator |
CN1312266A (zh) | 2000-03-07 | 2001-09-12 | 上海博德基因开发有限公司 | 一种新的多肽——人fd9和编码这种多肽的多核苷酸 |
JP2001352321A (ja) | 2000-04-06 | 2001-12-21 | Sony Corp | 情報処理システム、情報処理方法、および情報記録媒体、並びにプログラム提供媒体 |
US6961858B2 (en) * | 2000-06-16 | 2005-11-01 | Entriq, Inc. | Method and system to secure content for distribution via a network |
EP1407360A4 (en) * | 2000-06-16 | 2009-08-12 | Entriq Inc | METHODS AND SYSTEMS FOR DISTRIBUTING CONTENT VIA A NETWORK IMPLEMENTING DISTRIBUTED CONDITIONAL ACCESS AGENTS AND SECURE AGENTS TO PERFORM DIGITAL RIGHTS MANAGEMENT (DRM) |
US7689510B2 (en) * | 2000-09-07 | 2010-03-30 | Sonic Solutions | Methods and system for use in network management of content |
US6856970B1 (en) * | 2000-09-26 | 2005-02-15 | Bottomline Technologies | Electronic financial transaction system |
US7260777B2 (en) * | 2001-08-17 | 2007-08-21 | Desknet Inc. | Apparatus, method and system for transforming data |
US20030009681A1 (en) * | 2001-07-09 | 2003-01-09 | Shunji Harada | Digital work protection system, recording medium apparatus, transmission apparatus, and playback apparatus |
US7010581B2 (en) * | 2001-09-24 | 2006-03-07 | International Business Machines Corporation | Method and system for providing browser functions on a web page for client-specific accessibility |
US7062547B2 (en) * | 2001-09-24 | 2006-06-13 | International Business Machines Corporation | Method and system for providing a central repository for client-specific accessibility |
JP3818505B2 (ja) * | 2002-04-15 | 2006-09-06 | ソニー株式会社 | 情報処理装置および方法、並びにプログラム |
US8656178B2 (en) * | 2002-04-18 | 2014-02-18 | International Business Machines Corporation | Method, system and program product for modifying content usage conditions during content distribution |
US20030204602A1 (en) * | 2002-04-26 | 2003-10-30 | Hudson Michael D. | Mediated multi-source peer content delivery network architecture |
JP4218256B2 (ja) * | 2002-05-02 | 2009-02-04 | 富士ゼロックス株式会社 | データ転送方法及びシステム |
US7133925B2 (en) * | 2002-07-15 | 2006-11-07 | Hewlett-Packard Development Company, L.P. | System, method, and format thereof for scalable encoded media delivery |
US9160976B2 (en) * | 2003-12-23 | 2015-10-13 | The Directv Group, Inc. | Method and apparatus for distributing media in a pay per play architecture with remote playback within an enterprise |
KR20070015567A (ko) * | 2004-04-14 | 2007-02-05 | 마츠시타 덴끼 산교 가부시키가이샤 | 단말장치 및 저작권 보호시스템 |
US20060015649A1 (en) * | 2004-05-06 | 2006-01-19 | Brad Zutaut | Systems and methods for managing, creating, modifying, and distributing media content |
US20060080740A1 (en) * | 2004-10-13 | 2006-04-13 | Nokia Corporation | Adapting protected content for a receiving terminal |
WO2006066052A2 (en) * | 2004-12-16 | 2006-06-22 | Sonic Solutions | Methods and systems for use in network management of content |
US8290156B2 (en) * | 2008-05-16 | 2012-10-16 | General Instrument Corporation | Communicating media content from a DVR to a portable device |
US8112809B2 (en) * | 2008-07-15 | 2012-02-07 | Condel International Technologies Inc. | Method and system for locally activating a DRM engine |
-
2002
- 2002-04-15 JP JP2002112110A patent/JP3818505B2/ja not_active Expired - Fee Related
-
2003
- 2003-04-10 US US10/480,626 patent/US7487549B2/en not_active Expired - Fee Related
- 2003-04-10 EP EP03719097A patent/EP1496441A4/en not_active Withdrawn
- 2003-04-10 KR KR10-2003-7016350A patent/KR20040103748A/ko not_active Application Discontinuation
- 2003-04-10 WO PCT/JP2003/004549 patent/WO2003088059A1/ja active Application Filing
- 2003-04-10 CN CNB038004186A patent/CN100501703C/zh not_active Expired - Fee Related
-
2008
- 2008-11-12 US US12/269,848 patent/US8042192B2/en not_active Expired - Fee Related
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2001051906A (ja) * | 1999-05-31 | 2001-02-23 | Sony Corp | 情報処理装置および方法、並びにプログラム格納媒体 |
JP2001236080A (ja) * | 1999-12-17 | 2001-08-31 | Sony Corp | 情報処理装置および方法、並びにプログラム格納媒体 |
JP2001243707A (ja) * | 2000-02-29 | 2001-09-07 | Sony Corp | 情報送受信システム、及び電子機器 |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8295299B2 (en) | 2004-10-01 | 2012-10-23 | Qlogic, Corporation | High speed fibre channel switch element |
WO2010082362A1 (en) * | 2009-01-16 | 2010-07-22 | Telefonaktiebolaget L M Ericsson (Publ) | Proxy server, control method thereof, content server, and control method thereof |
JP2012515370A (ja) * | 2009-01-16 | 2012-07-05 | テレフオンアクチーボラゲット エル エム エリクソン(パブル) | プロキシサーバ、その制御方法、コンテンツサーバ、及びその制御方法 |
US8826380B2 (en) | 2009-01-16 | 2014-09-02 | Telefonaktiebolaget L M Ericsson (Publ) | Proxy server, control method thereof, content server, and control method thereof |
Also Published As
Publication number | Publication date |
---|---|
JP2003308252A (ja) | 2003-10-31 |
CN100501703C (zh) | 2009-06-17 |
KR20040103748A (ko) | 2004-12-09 |
US20040210762A1 (en) | 2004-10-21 |
CN1516837A (zh) | 2004-07-28 |
JP3818505B2 (ja) | 2006-09-06 |
US7487549B2 (en) | 2009-02-03 |
EP1496441A1 (en) | 2005-01-12 |
EP1496441A4 (en) | 2007-11-28 |
US8042192B2 (en) | 2011-10-18 |
US20090074182A1 (en) | 2009-03-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2003088059A1 (fr) | Dispositif de traitement d'informations, procede, support d'enregistrement et programme | |
JP3818504B2 (ja) | 情報処理装置および方法、並びにプログラム | |
US7765604B2 (en) | Information processing method, information processing apparatus and recording medium | |
KR100983982B1 (ko) | 정보 처리 장치 및 정보 처리 방법과 컴퓨터 판독 가능 기록 매체 | |
US7426639B2 (en) | Information processing apparatus and method for managing grouped devices in an encrypted environment | |
WO2002080448A1 (fr) | Appareil de traitement de l'information | |
WO2002039655A1 (fr) | Dispositif de traitement d'informations, procede de traitement d'informations et support de programme | |
JPWO2002080446A1 (ja) | 情報処理装置 | |
WO2002080442A1 (fr) | Appareil de traitement d'informations | |
WO2001016776A1 (fr) | Systeme de transmission d'informations, emetteur et recepteur, procede de transmission d'informations, procede de reception d'informations | |
WO2001078298A1 (fr) | Systeme et procede de traitement d'informations | |
WO2003049362A1 (fr) | Appareil et procede de traitement d'informations | |
WO2003088563A1 (fr) | Dispositif et procede de traitement d'information, dispositif et procede generant l'information, dispositif et procede de gestion du droit d'utilisation, support d'enregistrement et programme correspondants | |
WO2003088058A1 (fr) | Dispositif de gestion d'information, procede, support d'enregistrement et programme correspondants | |
JP2002359616A (ja) | 情報処理装置および方法、ライセンスサーバ、並びにプログラム | |
JPWO2002080067A1 (ja) | 情報処理装置 | |
JP4306651B2 (ja) | ライセンス提供装置および方法、コンテンツ提供装置、サブスクリプションサービス提供システム、並びに、再生装置および再生方法 | |
KR20040103750A (ko) | 정보 처리 장치 및 방법, 기록 매체, 및 프로그램 | |
JP2001067795A (ja) | 情報受信システム及び情報受信装置 | |
JP2001069134A (ja) | 情報送信システム及び情報受信装置 | |
JP2006320018A (ja) | 情報処理装置および方法、記録媒体、並びにプログラム | |
JP2001076425A (ja) | 記録再生システム、記録再生装置、再生装置、データ格納装置 | |
JP4697152B2 (ja) | 情報管理装置、情報管理方法、記録媒体、およびプログラム | |
JP2001069096A (ja) | 情報配信システム及び情報受信装置 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): CN KR US |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2003719097 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 038004186 Country of ref document: CN |
|
WWE | Wipo information: entry into national phase |
Ref document number: 10480626 Country of ref document: US |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1020037016350 Country of ref document: KR |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWP | Wipo information: published in national office |
Ref document number: 2003719097 Country of ref document: EP |