[go: up one dir, main page]

CN1783139A - Identification modes of content file producer and its method - Google Patents

Identification modes of content file producer and its method Download PDF

Info

Publication number
CN1783139A
CN1783139A CN 200510127466 CN200510127466A CN1783139A CN 1783139 A CN1783139 A CN 1783139A CN 200510127466 CN200510127466 CN 200510127466 CN 200510127466 A CN200510127466 A CN 200510127466A CN 1783139 A CN1783139 A CN 1783139A
Authority
CN
China
Prior art keywords
content file
content
data
authentication data
file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN 200510127466
Other languages
Chinese (zh)
Inventor
酒泽茂之
高木幸一
宫地悟史
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
KDDI Corp
Original Assignee
KDDI Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by KDDI Corp filed Critical KDDI Corp
Publication of CN1783139A publication Critical patent/CN1783139A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)
  • Reverberation, Karaoke And Other Acoustics (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

提供一种内容文件制作者认证方式及其方法,在面向移动机(例如便携电话)的多媒体内容文件提供服务中,移动机侧仅对使用正当内容制作工具制作的内容文件提供规定的服务。内容制作侧使用某个硬件密钥2或秘密信息,对内容、例如音乐源1进行加密处理3,得到内容文件4。移动机侧下载该内容文件4,暂时保持在文件存储部11中。验证部12验证该下载的内容文件是否是由正当的制作工具制作的,在通过了验证的情况下,将该内容文件4登录在登录部13中,提供给用户。

Figure 200510127466

Provided is a method and method for authenticating content file creators. In providing services for multimedia content files to mobile devices (such as mobile phones), the mobile device side provides specified services only for content files created using legitimate content creation tools. The content production side uses a certain hardware key 2 or secret information to perform encryption processing 3 on the content, such as the music source 1, to obtain the content file 4. The mobile device side downloads the content file 4 and temporarily stores it in the file storage unit 11 . The verification unit 12 verifies whether the downloaded content file is produced by an authentic production tool, and if the verification is passed, the content file 4 is registered in the registration unit 13 and provided to the user.

Figure 200510127466

Description

内容文件制作者的认证方式及其方法Authentication method and method of content file creator

本发明是申请号为200410000502.0、申请日为2004年1月8日、发明名称为内容文件制作者的认证方式及其程序的分案申请。The present invention is a divisional application with the application number 200410000502.0, the application date being January 8, 2004, and the title of the invention being the authentication method and its program for content document creators.

技术领域technical field

本发明涉及一种内容文件制作者的认证方式及其方法,在该认证方式中,在面向便携电话的多媒体内容文件的提供服务中,便携电话侧仅对使用正当内容制作工具制作的内容文件提供规定服务。The present invention relates to an authentication method and method for content file creators. In the authentication method, in the provision service of multimedia content files for mobile phones, the mobile phone side only provides content files produced by legitimate content creation tools. prescribed service.

背景技术Background technique

作为这种现有技术,有用于判定有无篡改所传输的内容、例如合同等的数字签名技术,此外作为其它现有技术,有在接收发送者之间认证对方、即用于验证发送者侧是否持有正确的秘密密钥的询问应答方法。As such prior art, there is a digital signature technology for judging whether or not a transmitted content, such as a contract, has been falsified. In addition, as another prior art, there is a method for authenticating the other party between the receiver and the sender, that is, for verifying the sender's side. This is a query-response method for whether you have the correct secret key.

图8中示出该询问应答步骤的概要。如图8所示,接收侧生成随机数值,将该随机数值发送到发送侧(发送询问代码)。接收侧与发送侧根据该随机数值,使用秘密密钥来进行某种计算(哈希(hash)计算),发送侧向接收侧发送该哈希计算的结果(发送应答代码)。接收侧对照接收到的值与自身的哈希计算得到的值,若一致,则判断发送侧为持有正确秘密密钥者。The outline of this inquiry response procedure is shown in FIG. 8 . As shown in FIG. 8, the receiving side generates a random number, and transmits the random number to the sending side (transmission of a challenge code). The receiving side and the sending side perform some kind of calculation (hash calculation) using the secret key based on the random value, and the sending side transmits the result of the hash calculation (transmission response code) to the receiving side. The receiving side compares the received value with the value calculated by its own hash, and if they match, it judges that the sending side is the one who holds the correct secret key.

另外,作为涉及上述现有技术的文献,例如有作为日本专利公开公报的特开2002-334173号公报“コンテンツ配信方法おょびこれに用いゐサ一バ及び端末並びにコンピユ一タプログラム”(其名称为:内容发布方法及其使用的服务器及终端以及计算机程序)。In addition, as a document related to the above-mentioned prior art, there is, for example, Japanese Patent Laid-Open Publication No. 2002-334173 "Content distribution method おょびこれににいゐサババ and びterminalびびびびんンピユータピムラム" (the name is : content distribution method and the server and terminal used therefor and computer program).

但是,上述现有技术为了认证对方必须在接收发送者之间进行通信,在内容发布服务中,存在着在内容制作者与接收者之间进行直接通信不现实的问题。However, in the prior art described above, communication between the sender and the receiver is necessary to authenticate the other party, and there is a problem that direct communication between the content creator and the receiver is not realistic in the content delivery service.

发明内容Contents of the invention

本发明的目的在于提供一种在面向移动机(例如便携电话)的多媒体内容文件提供服务中,移动机侧仅对使用正当内容制作工具制作的内容文件提供规定服务的内容文件制作者认证方式及程序。The object of the present invention is to provide a content file creator authentication method and method for providing a predetermined service only to content files created by legitimate content creation tools on the mobile side in a multimedia content file providing service for mobile devices (such as mobile phones). program.

另外,本发明的另一目的在于提供一种检测出使用不正当内容制作工具制作的内容文件、例如由盗版工具制作的内容文件,不对该内容文件提供移动机内的规定服务的内容文件制作者认证方式及程序。In addition, another object of the present invention is to provide a content file creator that detects a content file created using an illegal content creation tool, such as a content file created by a pirated tool, and does not provide the content file with a predetermined service in a mobile device. Authentication methods and procedures.

并且,本发明的再一目的在于提供一种不必为了认证是使用正当内容制作工具制作的内容文件而在接收发送者之间进行通信的内容文件制作者认证方式及程序。Another object of the present invention is to provide a method and program for authenticating content file creators that do not require communication between senders and receivers in order to authenticate content files created using legitimate content creation tools.

为了实现上述目的,本发明的特征在于,发送侧具备用内容文件制作工具加密内容数据、并制作内容文件的单元;和发布(配信する)该内容文件的单元。另外,其特征在于,接收侧具备存储取得的内容文件的文件存储部;验证部,其验证存储在该文件存储部中的内容文件是否是由正当的内容文件制作工具制作的;和登录部,其登录该验证判断为正当的内容文件。In order to achieve the above object, the present invention is characterized in that the transmitting side includes means for encrypting content data with a content file creation tool to create a content file; and means for distributing (distributing) the content file. In addition, it is characterized in that the receiving side includes a file storage unit for storing the acquired content file; a verification unit that verifies whether the content file stored in the file storage unit is created by a legitimate content file creation tool; and a registration unit, It registers the content files judged to be legitimate by the verification.

另外,本发明的特征还在于,内容文件制作侧从内容文件中提取部分数据,向该部分数据赋予数据签名,移动机侧从接收到的所述内容文件中提取与所述部分数据相同的部分数据,进行所述数据签名的验证,对该验证判断为正当的内容文件提供规定的服务。In addition, the present invention is characterized in that the content file production side extracts partial data from the content file, adds a data signature to the partial data, and the mobile device extracts the same portion as the partial data from the received content file. data, perform verification of the data signature, and provide specified services for the content files judged to be legitimate by the verification.

根据这些特征,因为移动机侧可认证内容文件制作者,所以移动机可仅对使用正当内容制作工具制作的内容文件提供规定的服务。According to these features, since the creator of the content file can be authenticated on the mobile device side, the mobile device can provide a predetermined service only to the content file created using the authorized content creation tool.

另外,本发明的第二特征在于提供一种内容文件制作的程序,该程序由如下步骤构成:从未签名的内容文件的数据部分中部分地提取预定位置的数据;对该提取出的数据应用哈希函数,求出哈希值;用秘密密钥加密该哈希值,赋予所述内容文件的报头部;和向该报头部赋予公开密钥与公开密钥证书。In addition, a second feature of the present invention is to provide a program for creating content files, the program comprising the steps of: partially extracting data at a predetermined position from the data portion of an unsigned content file; A hash function is used to obtain a hash value; the hash value is encrypted with a secret key and assigned to a header of the content file; and a public key and a public key certificate are assigned to the header.

根据该特征,能以少的计算量来提供具有可认证内容文件制作者的数据的内容文件。According to this feature, it is possible to provide a content file having data that can authenticate the creator of the content file with a small amount of calculation.

另外,本发明的另一特征在于提供一种移动机的内容文件制作者认证程序,该程序由如下步骤构成:判断接收到的内容文件中是否有数据签名;在有该数据签名的情况下,使用根证书来进行公开密钥证书的认证;在进行认证的情况下,使用该公开密钥,解码由秘密密钥加密的认证数据,求出第1哈希值;从所述接收到的内容文件的数据部中提取预定的部分数据;对该部分数据应用哈希函数,计算第2哈希值;判断所述第1及第2哈希值是否一致;在一致的情况下,提供规定的服务,在不一致的情况下,不提供该规定的服务。In addition, another feature of the present invention is to provide a mobile phone content file creator authentication program, the program is composed of the following steps: determine whether there is a data signature in the received content file; if there is the data signature, Use the root certificate to authenticate the public key certificate; in the case of authentication, use the public key to decode the authentication data encrypted by the secret key to obtain the first hash value; from the received content Extract predetermined part of the data from the data part of the file; apply a hash function to the part of the data to calculate the second hash value; judge whether the first and second hash values are consistent; if they are consistent, provide the specified Services, in case of inconsistency, do not provide the specified services.

根据该特征,移动机侧即使不向该内容文件的制作侧通信也可验证接收到的内容文件是否是由正当的内容文件制作工具制作的,并且使该验证可用少量的计算量来提供。According to this feature, the mobile device side can verify whether the received content file is created by an authorized content file creation tool without communicating with the content file creation side, and this verification can be provided with a small amount of calculation.

另外,本发明的另一特征在于内容文件制作者侧向内容文件赋予由仅内容文件制作者知道的信息制作的认证数据,移动机侧验证是否在取得的内容文件中赋予了所述认证数据,在该验证成立的情况下,对该内容文件提供规定的服务。In addition, another feature of the present invention is that the content file creator provides the content file with authentication data created from information known only to the content file creator, and the mobile device verifies whether or not the authentication data is assigned to the acquired content file, When the verification is established, a predetermined service is provided to the content file.

根据该特征,移动机侧仅对正当的内容文件提供规定的服务。另外,移动机侧即使不向该内容文件的制作侧通信也可验证接收到的内容文件是否是由正当的内容文件制作工具制作的。According to this feature, the mobile device side provides predetermined services only for valid content files. In addition, even if the mobile device does not communicate with the creator of the content file, it can be verified whether the received content file is created by an authorized content file creation tool.

附图说明Description of drawings

图1是表示本发明的概要系统结构的框图。FIG. 1 is a block diagram showing a schematic system configuration of the present invention.

图2是本发明第1实施方式中的数据签名的一例的说明图。FIG. 2 is an explanatory diagram of an example of a data signature in the first embodiment of the present invention.

图3是表示内容文件的结构例的说明图。FIG. 3 is an explanatory diagram showing a structural example of a content file.

图4是表示内容文件制作程序的流程图。Fig. 4 is a flowchart showing a content file creating program.

图5是表示移动机的内容文件制作者认证程序的流程图。Fig. 5 is a flowchart showing a content file creator authentication procedure of the mobile device.

图6是本发明第2实施方式的认证数据赋予的一例的说明图。FIG. 6 is an explanatory diagram of an example of authentication data provision according to the second embodiment of the present invention.

图7是表示移动机侧的内容文件制作者认证程序的流程图。Fig. 7 is a flowchart showing a content file creator authentication procedure on the mobile device side.

图8是表示现有询问应答步骤的图。Fig. 8 is a diagram showing a conventional inquiry response procedure.

具体实施方式Detailed ways

下面,参照附图来详细说明本发明。图1是利用本发明的面向便携电话的多媒体内容文件提供服务的概要系统图。Hereinafter, the present invention will be described in detail with reference to the accompanying drawings. FIG. 1 is a schematic system diagram of a service for providing multimedia content files for mobile phones using the present invention.

内容文件的发送侧(制作侧)对内容数据、例如音乐源1应用某一硬件密钥2(仅制作侧持有的秘密信息),进行加密处理3,得到内容文件4。即,该发送侧(制作侧)用自身的内容制作工具(包含硬件密钥2和加密处理3)来制作该内容文件4。The sending side (creating side) of the content file applies a certain hardware key 2 (secret information held only by the producing side) to the content data, such as the music source 1, performs encryption processing 3, and obtains the content file 4. That is, the sending side (creating side) creates the content file 4 with its own content creation tool (including the hardware key 2 and the encryption process 3).

另一方面,接收侧(移动机侧)下载该内容文件4,暂时保持在文件存储部11中。验证部12验证该下载的内容文件是否是由正当的制作工具制作的,在验证是由该正当制作工具制作的情况下,将该内容文件4登录在登录部13中,并提供给用户。例如,将所述音乐源1的播放功能提供给用户。另一方面,在该验证部12未验证为该下载的内容文件是由正当的制作工具制作的情况下,采取不向用户提供该内容文件4的措施。On the other hand, the receiving side (mobile device side) downloads the content file 4 and temporarily stores it in the file storage unit 11 . The verification unit 12 verifies whether the downloaded content file is created by an authorized authoring tool, and if it is verified that it was created by the authorized authoring tool, registers the content file 4 in the registration unit 13 and provides it to the user. For example, the playing function of the music source 1 is provided to the user. On the other hand, if the verification unit 12 has not verified that the downloaded content file was produced by an authentic production tool, it takes measures not to provide the content file 4 to the user.

下面,说明本发明的第1实施方式。在通常的数据签名中,对内容数据整体计算哈希值,用秘密密钥加密,由此得到签名值。这是为了保证内容数据的任何地方都未进行篡改。Next, a first embodiment of the present invention will be described. In normal data signing, a hash value is calculated for the entire content data and encrypted with a secret key to obtain a signature value. This is to ensure that no tampering has been made anywhere in the content data.

相反,在本发明的第1实施方式中,其目的在于保证内容文件制作者持有正当的秘密密钥,或验证内容文件的制作工具具有正规的秘密密钥,不关心内容数据本身的完整性、即内容数据本身是否被篡改,换言之,不关心内容数据本身的真假。On the contrary, in the first embodiment of the present invention, the purpose is to ensure that the creator of the content file has a legitimate secret key, or to verify that the creator of the content file has a legitimate secret key, and does not care about the integrity of the content data itself. , That is, whether the content data itself has been tampered with, in other words, do not care about the authenticity of the content data itself.

首先,说明由所述加密处理3执行的加密处理的方法。作为所提供的内容数据,除所述音乐源1之外,还包含视频数据、音频数据、或视频和音频数据等。First, the method of encryption processing performed by the encryption processing 3 will be described. As content data to be supplied, in addition to the music source 1, video data, audio data, or video and audio data, etc. are included.

如图2所示,从内容数据A中提取部分数据A1、A2、A3、…,对其应用哈希函数,计算哈希值。接着,求出对该哈希值使用秘密密钥实施了数据签名的认证数据。As shown in FIG. 2 , partial data A1 , A2 , A3 , . . . are extracted from content data A, a hash function is applied to them, and a hash value is calculated. Next, authentication data obtained by performing a data signature on the hash value using a secret key.

接着,将该认证数据填入图3所示报头部分的适当存储部位、即适当的字段(原子:atom)中。这里,图3表示所述内容文件4的格式例,该内容文件4由报头部分与数据部分构成。另外,与所述秘密密钥成对的公开密钥也被填入所述原子中。并且,用于认证该公开密钥的正当性的公开密钥证书也被填入原子中。该公开密钥证书是由保持在便携电话内部的根证书进行认证的证书。Next, the authentication data is filled in an appropriate storage location in the header portion shown in FIG. 3 , that is, an appropriate field (atom: atom). Here, FIG. 3 shows an example of the format of the content file 4, and the content file 4 is composed of a header part and a data part. In addition, the public key paired with the secret key is also filled in the atom. And, the public key certificate for authenticating the public key is also filled in the atom. This public key certificate is a certificate certified by a root certificate held inside the mobile phone.

这里,从数据部分提取的数据A1、A2、A3、…的位置由制作侧和便携电话预先确定。例如,预先确定为从数据开头起的1k字节、或每隔10字节提取1字节总计提取5k字节等。Here, the positions of the data A1, A2, A3, . . . extracted from the data portion are predetermined by the production side and the mobile phone. For example, it is predetermined to extract 1 kbytes from the head of the data, or to extract 1 byte every 10 bytes for a total of 5 kbytes.

图4是说明所述制作侧(发送侧)的程序或动作的流程图。在步骤S1中,制作未签名的内容文件,例如所述音乐源1。在步骤S2中,从数据部分中部分地提取数据(例如所述数据A1、A2、A3)。在步骤S3中,对该提取的数据应用哈希函数,求出哈希值,在步骤S4中,用秘密密钥加密该哈希值,形成赋予了数据签名的认证数据,将该数据填入所述原子中。在步骤S5中,将与该秘密密钥成对的公开密钥也填入原子中,将用于认证该公开密钥的正当性的公开密钥证书也填入原子中。在步骤S6中,上载到服务器上。Fig. 4 is a flowchart illustrating the procedure or operation of the creation side (sending side). In step S1, an unsigned content file, such as the music source 1, is produced. In step S2, data (for example said data A1, A2, A3) are partially extracted from the data portion. In step S3, a hash function is applied to the extracted data to obtain a hash value. In step S4, the hash value is encrypted with a secret key to form authentication data with a data signature, and the data is filled in in the atom. In step S5, the public key paired with the secret key is also filled in the atom, and the public key certificate for authenticating the public key is also filled in the atom. In step S6, upload to the server.

下面,参照图5来说明便携电话侧(移动机侧)的程序或处理。在便携电话侧进行数据签名的验证。在步骤S11中,判断从服务器下载的内容文件中是否有签名。即,验证报头中是否包含所述认证数据。在有签名的情况下,进入步骤S12,使用位于便携电话内的根证书,认证内容文件(参照图3)内的公开密钥证书。另外,在所述内容文件中没有签名的情况下,进入步骤S18,不提供规定的服务。Next, procedures or processing on the mobile phone side (mobile device side) will be described with reference to FIG. 5 . Verification of the data signature is performed on the mobile phone side. In step S11, it is judged whether there is a signature in the content file downloaded from the server. That is, it is verified whether the authentication data is included in the header. If there is a signature, it proceeds to step S12, where the public key certificate in the content file (see FIG. 3 ) is authenticated using the root certificate in the mobile phone. In addition, when there is no signature in the content file, the process proceeds to step S18, and the predetermined service is not provided.

在步骤S12的认证正确的情况下,进入步骤S13,使用该公开密钥,解码用所述秘密密钥加密的认证数据,求出哈希值。即,取出由制作侧(发送侧)计算的哈希值。在步骤S12的认证不正确的情况下,中止处理。在步骤S14中,从内容文件的数据部中提取预定的与制作侧位置相同的部分数据,即与制作侧共享的部分数据(例如所述数据A1、A2、A3)。之后,在步骤S15中,对该提取的部分数据应用哈希函数,计算哈希值。If the authentication in step S12 is correct, the process proceeds to step S13, where the public key is used to decode the authentication data encrypted with the secret key to obtain a hash value. That is, the hash value calculated by the creation side (transmission side) is taken out. If the authentication in step S12 is not correct, the process is aborted. In step S14, predetermined partial data at the same location as the production side is extracted from the data part of the content file, that is, partial data shared with the production side (such as the data A1, A2, A3). Afterwards, in step S15, a hash function is applied to the extracted partial data to calculate a hash value.

在步骤S16中,判断步骤S13与S15中求出的哈希值是否一致。在一致的情况下,验证数据签名。在步骤S16的判断为肯定的情况下,进入步骤S17,进行规定的服务,例如音频的播放。另一方面,在不一致的情况下,数据签名不能通过验证,进入步骤S18,不进行规定的服务。In step S16, it is judged whether or not the hash values calculated in steps S13 and S15 match. In case of agreement, verify the data signature. If the determination in step S16 is affirmative, the process proceeds to step S17 to perform a prescribed service, such as audio playback. On the other hand, in the case of inconsistency, the data signature cannot be verified, and the process goes to step S18, and the prescribed service is not performed.

根据上述第1实施方式,因为对内容文件的部分数据进行数据签名,所以能以少的运算量来进行数据签名。另外,在移动机侧对接收到的内容文件的部分数据进行数据签名的验证,所以不向内容文件制作侧进行通信,就可验证该内容文件是否是由正当的内容文件制作工具制作的。According to the above-mentioned first embodiment, since the data signature is performed on the partial data of the content file, the data signature can be performed with a small amount of computation. In addition, data signature verification is performed on the partial data of the received content file on the mobile device side, so it can be verified whether the content file was created by a valid content file creation tool without communicating with the content file creation side.

另外,移动机侧可以仅对使用正当内容制作工具制作的内容文件提供规定的服务。相反,可防止对使用不正当内容制作工具制作的内容文件、例如由盗版工具制作的内容文件提供规定的服务。另外,移动机侧即使不向接收到的内容文件的制作侧通信,也可验证该内容文件是否是由正当的内容文件制作工具制作的。In addition, the mobile device side may provide predetermined services only to content files created using authorized content creation tools. On the contrary, it is possible to prevent the provision of prescribed services for content files produced by unauthorized content production tools, for example, content files produced by pirated tools. In addition, even if the mobile device does not communicate with the creator of the received content file, it can verify whether the content file is created by an authorized content file creation tool.

下面,参照图6和图7来说明本发明的第2实施方式。本实施方式中,移动机侧不使用数据签名,也可验证接收到的内容文件是否是由正当的内容文件制作工具制作的,仅对使用正当的内容制作工具制作的内容文件提供规定的服务。Next, a second embodiment of the present invention will be described with reference to FIGS. 6 and 7 . In this embodiment, the mobile device side can also verify whether the received content file is created by an authorized content file creation tool without using a data signature, and only provide specified services for content files created by an authorized content creation tool.

参照图6,说明内容文件的发送侧(制作侧)的处理。首先,发送侧事先具有作为仅内容文件制作者知道的信息的秘密信息21与运算式22,将该秘密信息21与运算式22事先存储在接收侧(移动机侧)的存储单元中。例如,在移动机出厂前,由移动机的制造者等将所述秘密信息21与运算式22事先存储在便携电话等移动机的存储器中。Referring to FIG. 6, the processing on the transmission side (creation side) of the content file will be described. First, the sending side has secret information 21 and arithmetic formula 22 which are information known only to the content file creator, and stores the secret information 21 and arithmetic formula 22 in a storage unit on the receiving side (mobile device side). For example, the secret information 21 and the calculation formula 22 are previously stored in a memory of a mobile device such as a mobile phone by a manufacturer of the mobile device before the mobile device is shipped.

如图6所示,发送侧使用所述秘密信息21,通过所述运算式22对音乐源等内容数据B进行规定运算(例如加扰(scramble)运算),得到认证数据。接着,将该认证数据存储在内容文件23的报头部中,将该内容文件23发布到便携电话等移动机。As shown in FIG. 6 , the sending side uses the secret information 21 to perform predetermined operations (for example, scramble operations) on content data B such as music sources through the operation formula 22 to obtain authentication data. Next, the authentication data is stored in the header of the content file 23, and the content file 23 is distributed to mobile devices such as mobile phones.

下面,参照图7的流程图来说明便携电话等的移动机侧的动作。移动机侧首先接收所述内容文件。接着,在步骤S21中,判断该内容文件的报头中是否存在认证数据。在该判断为否定时,进入步骤S26,进行不提供规定服务的处理。Next, the operation of a mobile device such as a mobile phone will be described with reference to the flowchart in FIG. 7 . The mobile device first receives the content file. Next, in step S21, it is judged whether there is authentication data in the header of the content file. If the judgment is negative, the process proceeds to step S26, where a predetermined service is not provided.

另一方面,在所述步骤S21的判断为肯定的情况下,进入步骤S22,从内容文件的报头中抽取认证数据。之后,进入步骤S23,使用秘密信息对内容文件内的数据进行规定运算,生成认证数据。在步骤S24中,判断步骤S22中抽取的认证数据与步骤S23中生成的认证数据是否一致,在判断为肯定、即一致的情况下,进入步骤S25,提供规定的服务。另一方面,在该判断为否定时,进入步骤S26。On the other hand, if the determination in step S21 is affirmative, proceed to step S22 to extract authentication data from the header of the content file. Afterwards, proceed to step S23, and use the secret information to perform predetermined calculations on the data in the content file to generate authentication data. In step S24, it is judged whether the authentication data extracted in step S22 is consistent with the authentication data generated in step S23, and if the judgment is affirmative, that is, in the case of matching, it proceeds to step S25, and a predetermined service is provided. On the other hand, when this determination is negative, it progresses to step S26.

根据本第2实施方式,不使用数据签名也可验证是否是使用正当内容制作工具制作的内容文件,移动机侧仅对正当的内容文件提供规定的服务。另外,移动机侧即使不对该内容文件的制作侧通信,也可验证接收到的内容文件是否是由正当的内容文件制作工具制作的。According to the second embodiment, it is possible to verify whether or not a content file is created using a valid content creation tool without using a data signature, and the mobile device side provides a predetermined service only for a valid content file. Also, even if the mobile device does not communicate with the creator of the content file, it can verify whether the received content file was created by an authorized content file creation tool.

在上述各实施方式中,参照图4、图5及图7的流程图说明了根据本发明的程序或动作,但这些处理也可由内容文件制作侧和移动机侧具有的计算机和微计算机(CPU)来执行。另外,显然,这种处理程序在不脱离本发明的精神的范围下可进行种种变更。In each of the above-mentioned embodiments, the procedures or actions according to the present invention have been described with reference to the flowcharts of FIGS. ) to execute. In addition, it is obvious that various changes can be made to such processing procedures without departing from the scope of the spirit of the present invention.

Claims (2)

1、一种内容文件制作者认证方式,其特征在于,1. An authentication method for a content file creator, characterized in that, 内容文件制作者侧具有:The content file creator side has: 使用仅内容文件制作者知道的秘密信息与运算式,对内容文件的数据部实施运算,得到认证数据的单元;和A means for obtaining authentication data by performing calculations on the data portion of the content file using secret information and calculation formulas known only to the content file creator; and 将该认证数据填入该内容文件的报头部的单元;和filling the authentication data into the element of the header of the content file; and 发布在所述报头部填入了所述认证数据的内容文件的单元;Publishing the unit of the content file in which the authentication data is filled in the header; 取得所述发布内容文件的移动机侧具有:The mobile machine side that obtains the published content file has: 使用预先取得的所述秘密信息与运算式,对所述取得的内容文件数据部实施运算,生成认证数据的单元;和means for generating authentication data by performing calculations on the acquired content file data portion using the secret information and calculation formulas acquired in advance; and 比较所述生成的认证数据和填入在所述报头部的认证数据,两者的认证数据一致时,作为使用正当的内容文件制作的正当的内容文件,进行规定的服务的单元。Comparing the generated authentication data with the authentication data filled in the header, and when the two authentication data match, it is a means to perform a predetermined service as an authentic content file created using an authentic content file. 2、一种移动机的内容文件制作者认证方法,其由如下步骤构成:2. A content file producer authentication method for a mobile device, which consists of the following steps: 判断在接收到的内容文件中是否赋予了认证数据的步骤;A step of judging whether authentication data is given in the received content file; 在赋予了该认证数据时,使用仅内容文件制作者知道的秘密信息对内容文件进行规定的运算,生成认证数据的步骤;When the authentication data is assigned, a step of generating authentication data by performing a predetermined calculation on the content file using secret information known only to the content file creator; 判断赋予给所述接收到的内容文件的认证数据与所述生成的认证数据是否一致的步骤;A step of judging whether the authentication data assigned to the received content file is consistent with the generated authentication data; 一致时,提供规定的服务,不一致时,不提供该规定的服务的步骤。If they match, the specified service is provided, and if they do not match, the specified service is not provided.
CN 200510127466 2003-01-08 2004-01-08 Identification modes of content file producer and its method Pending CN1783139A (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
JP2135/2003 2003-01-08
JP2003002135 2003-01-08
JP422792/2003 2003-12-19

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CNB2004100005020A Division CN1312620C (en) 2003-01-08 2004-01-08 Authentication methods and procedures for content document creators

Publications (1)

Publication Number Publication Date
CN1783139A true CN1783139A (en) 2006-06-07

Family

ID=36773285

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200510127466 Pending CN1783139A (en) 2003-01-08 2004-01-08 Identification modes of content file producer and its method

Country Status (2)

Country Link
JP (1) JP2010068527A (en)
CN (1) CN1783139A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101183933B (en) * 2007-12-13 2010-09-08 中兴通讯股份有限公司 A method for judging terminal equipment for creating DCF files
CN106575338A (en) * 2014-06-30 2017-04-19 Nicira股份有限公司 Encryption architecture
US11411995B2 (en) 2013-02-12 2022-08-09 Nicira, Inc. Infrastructure level LAN security
US11533301B2 (en) 2016-08-26 2022-12-20 Nicira, Inc. Secure key management protocol for distributed network encryption

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5947295B2 (en) * 2011-06-13 2016-07-06 パナソニック株式会社 Terminal device, server device, content recording control system, recording method, and recording permission / inhibition control method
JP6478724B2 (en) * 2015-03-09 2019-03-06 Kddi株式会社 Information processing apparatus, information processing method, and computer program
CN115842683B (en) * 2023-02-20 2023-07-07 中电装备山东电子有限公司 A signature generation method for communication of electricity consumption information collection system

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH096237A (en) * 1995-06-16 1997-01-10 Ricoh Co Ltd Filing system
JP2915904B2 (en) * 1997-07-07 1999-07-05 松下電器産業株式会社 Data control method, data control information embedding method, data control information detection method, data control information embedding device, data control information detection device, and recording device
JP3103061B2 (en) * 1997-09-12 2000-10-23 インターナショナル・ビジネス・マシーンズ・コーポレ−ション Token creation device and data control system using the token
JP2000022680A (en) * 1998-07-07 2000-01-21 Open Loop:Kk Digital contents distribution method and recording medium reproducibly recording contents
JP2002049530A (en) * 2000-05-25 2002-02-15 Victor Co Of Japan Ltd Content recording method, content reproducing method, content recording device, content reproducing device, and recording medium
JP3714183B2 (en) * 2000-08-22 2005-11-09 株式会社デンソー Mobile phone device setting service system, mobile phone device, and mobile phone device setting service providing method
JP2002319935A (en) * 2001-01-19 2002-10-31 Matsushita Electric Ind Co Ltd Data processing device
JP3846230B2 (en) * 2001-06-18 2006-11-15 日本ビクター株式会社 Content information authentication playback device

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101183933B (en) * 2007-12-13 2010-09-08 中兴通讯股份有限公司 A method for judging terminal equipment for creating DCF files
US11411995B2 (en) 2013-02-12 2022-08-09 Nicira, Inc. Infrastructure level LAN security
US11743292B2 (en) 2013-02-12 2023-08-29 Nicira, Inc. Infrastructure level LAN security
US12206706B2 (en) 2013-02-12 2025-01-21 Nicira, Inc. Infrastructure level LAN security
CN106575338A (en) * 2014-06-30 2017-04-19 Nicira股份有限公司 Encryption architecture
CN106575338B (en) * 2014-06-30 2021-03-02 Nicira股份有限公司 Encryption architecture
US11087006B2 (en) 2014-06-30 2021-08-10 Nicira, Inc. Method and apparatus for encrypting messages based on encryption group association
US12093406B2 (en) 2014-06-30 2024-09-17 Nicira, Inc. Method and apparatus for dynamically creating encryption rules
US11533301B2 (en) 2016-08-26 2022-12-20 Nicira, Inc. Secure key management protocol for distributed network encryption

Also Published As

Publication number Publication date
JP2010068527A (en) 2010-03-25

Similar Documents

Publication Publication Date Title
US20030126432A1 (en) Content authentication for digital media based recording devices
US9847880B2 (en) Techniques for ensuring authentication and integrity of communications
CN1276319C (en) Method for securing electronic device, security system and electronic device
CN100539497C (en) A Method for Authenticating Content Providers and Ensuring Content Integrity
CN1220121C (en) Method and system for using interference-free microprocessor to allocate program
US8769292B2 (en) Method for generating standard file based on steganography technology and apparatus and method for validating integrity of metadata in the standard file
CN101145906B (en) Method and system for legality authentication of receiving terminal in unidirectional network
CN1606374A (en) Prevent cloned devices from binding flash/boot
US20220070005A1 (en) File acquisition method and device based on two-dimensional code and two-dimensional code generating method
CN1830212A (en) Content identification for broadcast media
US7606768B2 (en) Voice signature with strong binding
CN1266520A (en) Secure transaction system
CN101142599A (en) Digital Rights Management System Based on Hardware Identification
JP3980145B2 (en) Cryptographic key authentication method and certificate for chip card
CN1350669A (en) Method and device for authenticating a program code
CN1621992A (en) Method for software copyright protection
CN1312620C (en) Authentication methods and procedures for content document creators
JP2010068527A (en) Authentication method of content file producer
US7552092B2 (en) Program distribution method and system
CN1922816B (en) One way authentication
CN1321950A (en) Content sender machine, content receiver machine, authorizing method and system
CN101243427A (en) Undo Information Management
JP2005512395A (en) Method and system for authenticating electronic certificates
JP2000172648A (en) Digital information protection apparatus, digital information protection method, and storage medium storing digital information protection program
JP2005318068A (en) Digital watermark embedding method and authentication method for content authentication data

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Open date: 20060607