JP2001022844A - System and method for providing data, managing device and data processor - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a data providing system capable of protecting the profit of the persons concerned of a data providing device. SOLUTION: A contents provider 101 distributes a secure container 104 storing contents data and the title deed thereof to a secure application module(SAM) 1051. The SAM 1051 determines the purchase/utilization style of distributed contents data on the basis of the distributed title deed data and transmits utilization history data 108 showing the history of that determined purchase/utilization style to an electronic music distribution(EMD) service center 102. On the basis of the utilization history data 108, the EMD service center 102 performs processing for distributing the money paid by a user to the rightful person of the contents provider 101.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

[0001] 1. Field of the Invention [0002] The present invention relates to a data providing system and method for providing content data, and a management device and a data processing device used for the system and method.

[0002]

2. Description of the Related Art There is a data providing system which distributes encrypted content data to a data processing device of a user who has made a predetermined contract, and in which the content data is decrypted, reproduced and recorded. One of such data providing systems is a conventional EMD (Electronic Music Distribution) system for distributing music data.

FIG. 67 is a configuration diagram of a conventional EMD system 700. In the EMD system 700 shown in FIG. 67, the content providers 701a and 701b transmit the content data 704 to the service provider 710.
a, 704b, 704c and copyright information 705a, 70
5b and 705c are encrypted with session key data obtained after mutual authentication and supplied online, or supplied offline. Here, the copyright information 70
5a, 705b, and 705c include, for example, SCMS (Ser
ial Copy Management System) information, digital watermark information requesting embedding in content data, and copyright information requesting embedding in the transmission protocol of the service provider 710.

[0004] The service provider 710 decrypts the received content data 704a, 704b, 704c and the copyright information 705a, 705b, 705c using the session key data. Then, the service provider 710 embeds copyright information 705a, 705b, 705c in the decrypted or offline received content data 704a, 704b, 704c to generate content data 707a, 707b, 707c. At this time, the service provider 710, for example,
The digital watermark information of the copyright information 705a, 705b, 705c is converted into the content data 704a, 704b, 70.
A predetermined frequency region is changed and embedded in 4c, and SCMS information is embedded in a network protocol used when transmitting the content data to the user. Further, the service provider 710 determines that the content data 707a,
707b and 707c are encrypted using the content key data Kca, Kcb and Kcc read from the key database 706, respectively. Thereafter, the service provider 710 transmits the encrypted content data 707a, 707
Secure container 722 storing 07b and 707c
Is encrypted with the session key data obtained after the mutual authentication, and the CA (Conditi
onal Access) module 711.

[0005] The CA module 711 decrypts the secure container 722 using the session key data. Further, the CA module 711 uses the billing function such as electronic payment or CA to retrieve the content key data Kca, Kcb,
It receives Kcc and decrypts it using the session key data. This makes it possible for the terminal device 709 to decrypt the content data 707a, 707b, and 707c using the content key data Kca, Kcb, and Kcc, respectively. At this time, the CA module 7
11 performs a billing process for each content, generates billing information 721 corresponding to the result, encrypts the billing information 721 with session key data, and transmits the encrypted billing information 721 to the right processing module 720 of the service provider 710. In this case, CA
The module 711 collects user contract (update) information, which is an item that the service provider 710 wants to manage with respect to the service provided by the service provider 710, network rent such as a monthly basic fee, charging processing for each content, and physical network networking. Layer security.

When the service provider 710 receives the billing information 721 from the CA module 711, the service provider 710 and the content providers 701a, 701a, 7
01b and 701c. At this time,
The profit distribution from the service provider 710 to the content providers 701a, 701b, and 701c is performed, for example, by using the Japanese Society for Rights of Aut
hors, Composers and Publishers: Japan Music Copyright Association. Also, by JASRAC,
The profits of the content provider are distributed to the copyright owner, artist, lyricist / composer, affiliated production, etc. of the content data.

[0007] In the terminal device 709, when the content data 707a, 707b, 707c decrypted using the content key data Kca, Kcb, Kcc is recorded on a RAM type recording medium 723 or the like, the copyright information 70
The copy control is performed by rewriting the SCMS bits of 5a, 705b, and 705c. That is, on the user side, copy control is performed based on the SCMS bits embedded in the content data 707a, 707b, 707c,
Copyright is protected.

[0008]

SUMMARY OF THE INVENTION By the way, SCMS
Is DAT (Digital Audio Tap) from CD (Compact Disc)
e) is specified to prevent recording on
Replication between AT and DAT is possible. Also, when digital watermark information is embedded in content data, when a problem occurs, it is only necessary to specify the distribution route of the content data such as the content provider that provided the target content data, and illegal copying is performed. It does not technically prevent it. Therefore, in the EMD system 700 shown in FIG. 67 described above, there is a problem that the right (profit) of the content provider is not sufficiently protected.

In the above-described EMD system 700, the billing information 721 from the user's terminal device 709 is
Rights processing module 720 of service provider 710
Therefore, there is a concern that the content provider can appropriately receive the profit that the content provider should receive in accordance with the use of the content data by the user.

In the above-described EMD system 700, since the service provider embeds the copyright information of the content provider in the content data, the content provider needs to audit whether the embedding is performed as requested. Further, the content provider needs to audit whether the service provider distributes the content data according to the contract. Therefore, there is a problem that the burden for the audit is large.

SUMMARY OF THE INVENTION The present invention has been made in view of the above-mentioned problems of the related art, and provides a data providing system, a method thereof, a management device, and a data processing device capable of appropriately protecting the interests of the right holder (related person) of the content provider. The purpose is to. Another object of the present invention is to provide a data providing system, a method thereof, a management device, and a data processing device capable of reducing the burden of an audit for protecting the interests of the right holder of the content provider.

[0012]

In order to solve the above-mentioned problems of the prior art and achieve the above object, a data providing system according to a first aspect of the present invention comprises a data providing device,
A data providing system having a data processing device and a management device, wherein the data providing device distributes content data and rights document data indicating handling of the content data to the data processing device, wherein the data processing device Determining at least one of a purchase mode and a use mode of the distributed content data based on the distributed rights document data; and history data indicating a history of at least one of the determined purchase mode and use mode. To the management device, the management device manages the data providing device and the data processing device, based on the received history data, for the purchase and the use of the content data in the data processing device For distributing the resulting profits to the parties concerned with the data providing device. Perform a benefit distribution processing.

[0013] In the data providing system according to the first aspect of the present invention, the data providing device sends the data to the data processing device.
It distributes the content data and the right certificate data indicating the handling of the content data. Next, the data processing device determines at least one of a purchase mode and a use mode of the distributed content data based on the distributed rights document data. Next, history data indicating the history of at least one of the determined purchase mode and usage mode is transmitted from the data processing apparatus to the management apparatus. Next, the management device manages the data providing device and the data processing device, and based on the received history data, obtained with the purchase and use of the content data in the data processing device. A profit distribution process for distributing the profit to the persons involved in the data providing device is performed.

A data providing system according to a second aspect of the present invention is a data providing system including a data providing device, a data distribution device, a data processing device, and a management device, wherein the data providing device includes content data and content data. Providing rights data indicating the handling of the content data to the data distribution device, wherein the data distribution device comprises:
Distributing the provided content data and the rights document data to the data processing device, wherein the data processing device communicates with the first module that communicates with the data distribution device and the distributed rights document data. A second module for determining at least one of a purchase mode and a usage mode of the distributed content data based on the distribution, and transmitting history data indicating a history of the determined purchase mode and usage mode to the management device. The management device manages a data providing device, a data distribution device, and a data processing device, and the data processing device performs the distribution of the content data based on the history data received from the second module. Received, and profits obtained by purchasing and using the content data Performs profit distribution processing for distributing the parties of said data providing apparatus and said data distribution apparatus.

In the data providing system according to the second aspect of the present invention, the data providing device provides the data distribution device with the content data and the right data indicating the handling of the content data. Next, the provided content data and the rights certificate data are distributed from the data distribution device to the data processing device. Next, the data processing device determines at least one of a purchase mode and a usage mode of the distributed content data based on the distributed rights document data. Next, history data indicating the history of the determined purchase mode and usage mode is transmitted from the data processing apparatus to the management apparatus. Next, in the management device, based on the received history data, the data processing device obtains the distribution of the content data, and obtains the content data in accordance with the purchase and the use of the content data. And a profit distribution process for distributing the obtained profit to persons involved in the data providing device and the data distribution device.

A data providing system according to a third aspect of the present invention is a data providing system including a data providing device, a data distribution device, a data processing device, and a management device, wherein the data providing device includes content data and Providing rights data indicating the handling of the content data to the data distribution device, wherein the data distribution device comprises:
Distributing the provided content data and the rights document data to the data processing device, performing a charging process for the distribution of the content data based on the data distribution device purchase history data received from the data processing device, A data processing device comprising: a first module for generating purchase history data for a data distribution device indicating a history of purchase of the content data distributed from the data distribution device and transmitting the generated purchase history data to the data distribution device; Based on the received rights document data, at least one of a purchase form and a use form of the distributed content data is determined, and management apparatus history data indicating a history of the determined purchase form and use form is determined. A second module for transmitting to the management device, wherein the management device is Based on the gravel data, the profit obtained accompanied with the purchase and the use of the content data in the data processing apparatus, performs profit distribution processing for distributing the parties of said data providing apparatus and said data distribution apparatus.

A data providing system according to a fourth aspect of the present invention is a data providing system having a data providing device, a data distribution device, a data processing device, and a management device, wherein the data providing device transmits content data. Providing to the data distribution device, the data distribution device distributes the provided content data to the data processing device, and the data processing device utilizes the distributed content data, the management device Manages the operation of a data providing service by the data providing device, the data distribution device, and the data processing device.

A data providing system according to a fifth aspect of the present invention includes a data providing device, a data distribution device, a data processing device, and a management device.
Providing content data to the data distribution device, the data distribution device distributes the provided content data to the data processing device, the data processing device
The data providing system that manages the operation of a data providing service by the data providing device, the data distribution device, and the data processing device, wherein the management device uses the distributed content data. Device, the data distribution device, data transmission between the data processing device and the management device, mutual authentication using a public key encryption method, signature generation, signature verification,
This is performed using data encryption using a common key encryption method.

A data providing system according to a sixth aspect of the present invention includes a data providing device, a data distribution device, a data processing device, and a management device.
Providing content data to the data distribution device, the data distribution device distributes the provided content data to the data processing device, the data processing device
Utilizing the distributed content data, the management device manages the operation of a data providing service by the data providing device, the data distribution device, and the data processing device, and the data providing device, the data distribution device And when each of the data processing devices supplies data to another device, creates signature data indicating that the data has been created by itself using its own secret key data, and sends data from another device. When the supply of
When verifying the validity of the signature data corresponding to the data by using the public key data of the other device, the signature data corresponding to the secret key data of the data providing device, the data distribution device, and the data processing device is verified. A data providing system that creates and manages public key certificate data of public key data, wherein the data providing device, the data distribution device, and the data processing device are configured to perform communication with another device. The public key certificate data of the own device is acquired from the management device, and the acquired public key certificate data is transmitted to the other device.

A data providing system according to a seventh aspect of the present invention includes a data providing device, a data distribution device, a data processing device, and a management device.
Providing content data to the data distribution device, the data distribution device distributes the provided content data to the data processing device, the data processing device
Utilizing the distributed content data, the management device manages the operation of a data providing service by the data providing device, the data distribution device, and the data processing device, and the data providing device, the data distribution device And when each of the data processing devices supplies data to another device, creates signature data indicating that the data has been created by itself using its own secret key data, and sends data from another device. When the supply of
When verifying the validity of the signature data corresponding to the data using the public key data of the other device, the signature data corresponding to the secret key data of each of the data providing device, the data distribution device, and the data processing device is used. A data providing system that creates and manages public key certificate data of public key data, wherein the data providing device, the data distribution device, and the data processing device perform communication with other devices. The public key certificate data of the own device is acquired from the management device, and the acquired public key certificate data is transmitted to the other device during the communication.

[0021] A data providing system according to an eighth aspect of the present invention includes a data providing device, a data distribution device, a data processing device, and a management device.
Providing content data to the data distribution device, the data distribution device distributes the provided content data to the data processing device, the data processing device
Utilizing the distributed content data, the management device manages the operation of a data providing service by the data providing device, the data distribution device, and the data processing device, and the data providing device, the data distribution device And when each of the data processing devices supplies data to another device, creates signature data indicating that the data has been created by itself using its own secret key data, and sends data from another device. When the supply of
When verifying the validity of the signature data corresponding to the data using the public key data of the other device, the signature data corresponding to the secret key data of each of the data providing device, the data distribution device, and the data processing device is used. Generating and managing public key certificate data of public key data, generating public key certificate revocation data for specifying public key certificate data to be invalidated among the generated public key certificate data, And restricting the data distribution device and the data processing device from performing the communication or the distribution using the public key certificate data specified by the public key certificate revocation data.

A data providing system according to a ninth aspect of the present invention includes a data providing device, a data distribution device, a data processing device, and a management device.
Providing content data to the data distribution device, the data distribution device distributes the provided content data to the data processing device, and the management device includes the data providing device, the data distribution device, and the data processing. Manages the operation of the data providing service by the device, and when the data providing device supplies data to another device, using its own private key data, signature data indicating that the data has been created by itself. A public key certificate of the public key data corresponding to the secret key data of the data providing device when the other device verifies the validity of the signature data using the public key data corresponding to the secret key data. Public key certificate that creates and manages certificate data and specifies public key certificate data to be invalidated among the created public key certificate data Generating revocation data and distributing the public key certificate revocation data to the data processing device, wherein the data processing device performs the distribution based on the public key certificate revocation data received from the management device. It verifies whether the public key certificate data of the data providing device that provided the received content data is invalid, and controls the use of the distributed content data based on the result of the verification.

[0023] A data providing system according to a tenth aspect of the present invention includes a data providing device, a data distribution device, a data processing device, and a management device, wherein the management device includes the data distribution device, the data distribution device. And managing the operation of a data providing service by the data processing device, and when the data providing device supplies data to another device, a signature data indicating that the data is created by itself is stored in its own private key. Public key data corresponding to the secret key data of the data providing device when the other device verifies the validity of the signature data using the public key data corresponding to the secret key data. Public key certificate data that creates and manages the public key certificate data, and specifies the public key certificate data to be invalidated among the created public key certificate data. Generating the public key certificate revocation data and distributing the public key certificate revocation data to the data distribution device, wherein the data distribution device performs the provision based on the public key certificate revocation data received from the management device. Verify whether the public key certificate data of the data providing device that provided the received content data is invalid, and, based on the result of the verification, send the provided content data to the data processing device. Control distribution.

A data providing system according to an eleventh aspect of the present invention includes a data providing device, a data distribution device, a data processing device, and a management device, and the management device includes the data distribution device, the data distribution device. And managing the operation of a data providing service by the data processing apparatus, and when the data distribution apparatus supplies data to another apparatus, the data distribution apparatus transmits a signature data indicating that the data is created by itself to its own private key. Public key data corresponding to the secret key data of the data distribution device when another device verifies the validity of the signature data using the public key data corresponding to the secret key data. Public key certificate data that creates and manages the public key certificate data, and specifies the public key certificate data to be invalidated among the created public key certificate data. Generating the certificate revocation data, and distributing the public key certificate revocation data to the data providing device, wherein the data providing device generates content data based on the public key certificate revocation data received from the management device. Verifying whether or not the public key certificate data of the data distribution device of the provision destination is invalid, and controlling the provision of the content data to the data distribution device based on the result of the verification, The device distributes the provided content data to the data processing device, and the data processing device uses the distributed content data.

A data providing system according to a twelfth aspect of the present invention includes a data providing device, a data distribution device, a data processing device, and a management device, wherein the management device includes the data distribution device, the data distribution device And managing the operation of a data providing service by the data processing apparatus, and when the data distribution apparatus supplies data to another apparatus, the data distribution apparatus transmits a signature data indicating that the data is created by itself to its own private key. Public key data corresponding to the secret key data of the data distribution device when another device verifies the validity of the signature data using the public key data corresponding to the secret key data. A public key certificate for creating and managing public key certificate data of the public key certificate and identifying public key certificate data to be invalidated among the created public key certificate data. Generating the certificate revocation data, distributing the public key certificate revocation data to the data distribution device, the data providing device providing the content data to the data distribution device, and the data distribution device providing the content distribution device with the provided data. Content data and the distributed public key certificate revocation data are distributed to the data processing device, and the data processing device receives the distribution based on the distributed public key certificate revocation data. It verifies whether the public key certificate data of the data distribution device that distributed the content data is invalid, and controls the use of the distributed content data based on the result of the verification.

A data providing system according to a thirteenth aspect of the present invention includes a data providing device, a data distribution device, a data processing device, and a management device, and the management device includes the data distribution device, the data distribution device. And managing the operation of a data providing service by the data processing apparatus, and when the data distribution apparatus supplies data to another apparatus, the data distribution apparatus transmits a signature data indicating that the data is created by itself to its own private key. Public key data corresponding to the secret key data of the data distribution device when another device verifies the validity of the signature data using the public key data corresponding to the secret key data. Public key certificate data that creates and manages the public key certificate data, and specifies the public key certificate data to be invalidated among the created public key certificate data. Generating the data discarding data, distributing the public key certificate discarding data to the data processing device, the data providing device providing the content data to the data distributing device, and the data distributing device providing the data distributing device, Content data is distributed to the data processing device, and the data processing device, based on the distributed public key certificate revocation data, distributes the distributed content data to the public key certificate of the data distribution device. It verifies whether or not the document data is invalid, and controls the use of the distributed content data based on the result of the verification.

A data providing system according to a fourteenth aspect of the present invention includes a data providing device, a data distribution device, a data processing device, and a management device, and the management device includes the data distribution device, the data distribution device. And managing the operation of a data providing service by the data processing apparatus, and when the data distribution apparatus supplies data to another apparatus, the data distribution apparatus transmits a signature data indicating that the data is created by itself to its own private key. Public key data corresponding to the secret key data of the data distribution device when another device verifies the validity of the signature data using the public key data corresponding to the secret key data. Public key certificate data that creates and manages the public key certificate data, and specifies the public key certificate data to be invalidated among the created public key certificate data. Generating the certificate revocation data and distributing the public key certificate revocation data to the data providing device, the data providing device providing the data distribution device with the content data and the public key certificate revocation data, The distribution device distributes the provided content data and public key certificate revocation data to the data processing device, and the data processing device performs the distribution based on the distributed public key certificate revocation data. It verifies whether the public key certificate data of the data distribution device that has distributed the received content data is invalid, and controls the use of the distributed content data based on the result of the verification.

A data providing system according to a fifteenth aspect of the present invention includes a data providing device, a data distribution device, a plurality of data processing devices, and a management device, wherein the management device includes the data providing device, the data The data processing apparatus manages the operation of a data providing service by the distribution apparatus and the data processing apparatus, and when the data processing apparatus supplies data to another apparatus, the data processing apparatus transmits a signature data indicating that the data is created by itself to its own. Created using secret key data, when another device verifies the validity of the signature data using public key data corresponding to the secret key data,
A public key certificate that creates and manages public key certificate data of public key data corresponding to secret key data of the data processing device, and specifies public key certificate data to be invalidated among the created public key certificate data. Generates discard data,
Distributing the public key certificate revocation data to the data providing device, wherein the data providing device provides the data distribution device with the content data and the public key certificate revocation data, and the data distribution device provides the provided data. Distributes the content data and the public key certificate revocation data to the data processing device, and the data processing device discloses the other data processing device based on the public key certificate revocation data distributed from the data distribution device. It verifies whether or not the key certificate data is invalid, and controls communication with the other data processing device based on a result of the verification.

A data providing system according to a sixteenth aspect of the present invention includes a data providing device, a data distribution device, a plurality of data processing devices and a management device, wherein the management device includes the data providing device, the data The data processing apparatus manages the operation of a data providing service by the distribution apparatus and the data processing apparatus, and when the data processing apparatus supplies data to another apparatus, the data processing apparatus transmits a signature data indicating that the data is created by itself to its own. Created using secret key data, when another device verifies the validity of the signature data using public key data corresponding to the secret key data,
A public key certificate that creates and manages public key certificate data of public key data corresponding to secret key data of the data processing device, and specifies public key certificate data to be invalidated among the created public key certificate data. Generates discard data,
Distributing the public key certificate revocation data to the data distribution device, the data providing device provides content data to the data distribution device, and the data distribution device, the provided content data, and the distributed And distributing the public key certificate revocation data to the data processing device, and the data processing device sends the public key certificate of another data processing device based on the public key certificate revocation data distributed from the data distribution device. It verifies whether or not the write data is invalid, and controls communication with the other data processing device based on the result of the verification.

A data providing system according to a seventeenth aspect of the present invention includes a data providing device, a data distribution device, a plurality of data processing devices and a management device, wherein the data processing device is connected to a predetermined Supply the registration data indicating the registered data processing device connected to the network to the management device, refer to the discard flag in the registration data supplied from the management device, and invalidate by the discard flag. Regulates communication with other data processing devices having public key certificate data indicated to be
The management device manages operation of a data providing service by the data providing device, the data distribution device, and the data processing device, and when the data processing device supplies data to another device, the data When the signature data showing the property is created using its own private key data, the public key certificate data of the public key data corresponding to the private key data is created and managed, and the created public key certificate data of the created public key certificate data is Generating public key certificate revocation data for specifying the public key certificate data to be invalidated, storing the public key certificate revocation data, and supplying from the data processing device based on the public key certificate revocation data. The new registration data is generated by setting the discard flag in the received registration data, and the generated registration data is distributed to the data processing device. Data providing apparatus provides content data to said data distribution apparatus, said data distribution apparatus, distributing the provided content data to said data processing apparatus.

A data providing system according to an eighteenth aspect of the present invention includes a data providing device, a data distribution device, a plurality of data processing devices and a management device, wherein the management device includes the data providing device, the data The data processing apparatus manages the operation of a data providing service by the distribution apparatus and the data processing apparatus, and when the data processing apparatus supplies data to another apparatus, the data processing apparatus transmits signature data indicating the validity of the data to its own private key data. When using the public key certificate data, the public key certificate data of the public key data corresponding to the private key data is created and managed, and the public key certificate data to be invalidated is specified from the created public key certificate data. Generating public key certificate revocation data, and distributing the public key certificate revocation data to the data providing device, wherein the data providing device includes the data distribution device To provide the content data and the public key certificate discard data, the data distribution device distributes the provided content data and the public key certificate discard data to the data processing device, the data processing device, Based on the distributed public key certificate destruction data, set a destruction flag in the registration data indicating the registered data processing device connected to the predetermined network to which the self is connected, and perform the destruction. It restricts communication with another data processing device having public key certificate data indicated to be invalid by the flag.

A data providing system according to a nineteenth aspect of the present invention includes a data providing device, a data distribution device, a plurality of data processing devices and a management device, wherein the management device includes the data providing device, the data The data processing apparatus manages the operation of a data providing service by the distribution apparatus and the data processing apparatus, and when the data processing apparatus supplies data to another apparatus, the data processing apparatus transmits signature data indicating the validity of the data to its own private key data. When using the public key certificate data, the public key certificate data of the public key data corresponding to the private key data is created and managed, and the public key certificate data to be invalidated is specified from the created public key certificate data. Generating public key certificate revocation data, and distributing the public key certificate revocation data to the data distribution device, wherein the data providing device includes the data distribution device It provides content data to,
The data distribution device distributes the provided content data and the public key certificate revocation data to the data processing device, and the data processing device, based on the received public key certificate revocation data, A public key certificate data indicating that the discard flag is set in the registration data indicating the already registered data processing device connected in a predetermined network to which the self device is connected, and that the discard flag indicates that the data processing device is invalid; Regulates communication with other data processing devices having

A data providing system according to a twentieth aspect of the present invention is a data providing system including a data providing device, a data distribution device, a data processing device, and a management device, wherein the data providing device includes content data and ,
Providing rights data indicating the handling of the content data to the data distribution device, the data distribution device distributing the provided contents data and the rights data to the data processing device, and Determines a first module that communicates with the data distribution device, and at least one of a purchase mode and a usage mode of the distributed content data based on the distributed rights document data, A second module for transmitting history data indicating a history of the determined purchase mode and usage mode to the management device, wherein the management device manages a data providing device, a data distribution device, and a data processing device; Based on the history data received from the second module, the data processing device determines the content data And performing profit distribution processing for distributing the profit obtained from the purchase and use of the content data to the data providing device and the person concerned with the data distribution device. And a right management function for registering the right document data.

A data providing system according to a twenty-first aspect of the present invention is a data providing system having a data providing device, a data distribution device, a data processing device, and a management device, wherein the data providing device includes ,
Providing the data distribution device with rights document data indicating the handling of the content data, the data distribution device having a billing function of performing a settlement process using settlement claim right data distributed from the management device. Distributing the provided content data and the rights document data to the data processing device, wherein the data processing device communicates with the data distribution device; and a first module for communicating with the distributed data. A second module that determines at least one of a purchase mode and a usage mode of the distributed content data based on the distribution data, and transmits history data indicating a history of the determined purchase mode and usage mode to the management device; and Having, the management device manages a data providing device, a data distribution device and a data processing device,
Based on the history data received from the second module, obtained by the data processing device receiving the distribution of the content data, and by purchasing and using the content data. Performs a profit distribution process for distributing profits to the parties of the data providing device and the data distribution device, and generates payment claim right data used when performing payment based on the result of the profit distribution process, and generates the data. It has a function of generating settlement claim right data to be supplied to the distribution device, and a right management function of registering the right form data.

A data providing system according to a twenty-second aspect of the present invention is a data providing system having a data providing device, a data distribution device, a data processing device, and a management device, wherein the data providing device is provided with the management device. A billing function for performing a settlement process using the settlement claim right data distributed from the company; providing the data distribution device with content data and rights document data indicating handling of the content data; Distributes the provided content data and the rights document data to the data processing device, wherein the data processing device communicates with the data distribution device, and a first module that communicates with the data distribution device; Determine at least one of a purchase form and a use form of the content data distributed based on the data, Second to send history data indicating a history of purchase mode and usage mode to the determined in the management device
The management device manages a data providing device, a data distribution device, and a data processing device, and the data processing device manages the content data based on the history data received from the second module. And a profit distribution process for distributing a profit obtained in connection with the purchase and use of the content data to the data providing device and a person concerned with the data distribution device. A payment claim data generation function for generating payment claim right data to be used when performing payment based on the result of the profit distribution processing and distributing the data to the data providing device, and a right management for registering the right certificate data With function.

Further, the management apparatus according to the first aspect of the present invention comprises:
A data providing device for distributing the content data and rights document data indicating handling of the content data, and at least one of a purchase mode and a use mode of the distributed content data based on the distributed rights document data A management device that manages a data processing device that generates history data indicating at least one history of the determined purchase mode and usage mode, and receives the history data from the data processing device, Based on the received history data, a profit distribution process is performed for distributing a profit obtained by the purchase and use of the content data in the data processing device to a person concerned with the data providing device.

Further, the management device according to the second aspect of the present invention comprises:
A data providing device for providing content data and right document data indicating handling of the content data, a data distributing device for distributing the provided content data and the right document data, and the right receiving the distributed data A data processing device that determines at least one of a purchase mode and a use mode of the distributed content data based on the document data, and generates history data indicating a history of at least one of the determined purchase mode and the use mode. A management device that manages, based on the received history data, the data processing device has received the distribution of the content data, and with the purchase and the use of the content data Related parties of the data providing device and the data distribution device with the obtained profit Performs profit distribution processing for distributing.

Further, the data processing device according to the first aspect of the present invention receives distribution of content data and rights document data indicating handling of the content data from the data providing device, and receives the distribution of the content data. A data processing device that transmits the history data to a management device that performs a profit distribution process for distributing profits obtained through purchase and use to persons involved in the data providing device based on predetermined history data. Determining at least one of a purchase mode and a use mode of the distributed content data based on the distributed rights document data, and changing the history data indicating a history of the determined purchase mode and use mode. Send to the management device.

Further, the data processing device according to the second aspect of the present invention comprises: a data distribution device that receives, from a data providing device, content data and right data indicating the handling of the content data; A profit distribution process for receiving the distribution of the rights document data and distributing a profit obtained by purchasing and using the distributed content data to a person who is involved in the data providing apparatus and the data distribution apparatus; A data processing device that transmits the history data to a management device that performs based on predetermined history data, the first module performing communication with the data distribution device, and the rights module data that is distributed. Determines at least one of a purchase form and a use form of the distributed content data, and The history data indicating a history of the incoming forms and usage mode and a second module to be transmitted to the management device.

A data processing apparatus according to a third aspect of the present invention receives distribution of content data and rights document data indicating handling of the content data from a data providing apparatus via the data distribution apparatus, and performs the distribution. A management device that performs a profit distribution process for distributing a profit obtained through the purchase and use of the received content data to a person concerned with the data providing device and the data distribution device based on the management device history data. A data processing device for transmitting the history data to the data distribution device, generating purchase history data for the data distribution device indicating a history of purchase of the content data distributed from the data distribution device, and transmitting the generated purchase history data to the data distribution device. Based on the distributed rights document data and the distributed content Determining at least one of the purchase mode and usage mode of chromatography data, and a second module for sending historical data for the management apparatus according to the history of the purchase form and usage form to the determined to the management device.

A data providing method according to a first aspect of the present invention is a data providing method using a data providing device, a data processing device, and a management device, wherein the data providing device sends a content to the data processing device. Data and rights document data indicating handling of the content data, and in the data processing device, a purchase form and a use form of the distributed content data based on the distributed rights document data. At least one is determined, history data indicating the history of at least one of the determined purchase mode and usage mode is transmitted to the management device, and in the management device, based on the received history data, the data processing device The profit obtained from the purchase and use of the content data is Performs profit distribution processing for distributing the parties of the device.

A data providing method according to a second aspect of the present invention is a data providing method using a data providing device, a data distribution device, a data processing device, and a management device. Providing, to the device, content data and rights document data indicating the handling of the content data; distributing the provided content data and the rights document data from the data distribution device to the data processing device; A processing device that determines at least one of a purchase mode and a usage mode of the distributed content data based on the distributed rights document data, and a history indicating a history of the determined purchase mode and usage mode. Sending data to the management device and receiving data from the second module at the management device; Based on the history data, the data processing device receives the distribution of the content data, and, based on the purchase and the use of the content data, obtains a profit obtained by the data providing device and the A profit distribution process for distributing to a person concerned with the data distribution device is performed.

A data providing method according to a third aspect of the present invention is a data providing method using a data providing device, a data distribution device, a data processing device, and a management device. Device, providing the content data and right data indicating the handling of the content data, and transmitting the provided content data and the right data to the data processing device from the data distribution device to the data processing device. Distribution, in the data processing device, generates data distribution device purchase history data indicating a history of purchase of the content data distributed from the data distribution device, transmits the generated data to the data distribution device, and performs the distribution. Based on the received rights document data, a purchase form of the distributed content data and Determining at least one of the use forms,
The management apparatus transmits the management apparatus history data indicating the history of the determined purchase mode and usage mode to the management apparatus, and based on the management apparatus history data, the management apparatus transmits the content data of the content data in the data processing apparatus. The profit obtained with the purchase and the use is distributed to the parties related to the data providing device and the data distribution device, and the data distribution device converts the purchase history data for the data distribution device received from the data processing device into data. Based on the distribution data, the charging process is performed.

[0044]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, an EMD (Electronic Music Distribution) system according to an embodiment of the present invention will be described. First Embodiment FIG. 1 is a configuration diagram of an EMD system 100 according to the present embodiment. In the present embodiment, the content data distributed to the user refers to digital data in which the information itself has a value, and will be described below using music data as an example. As shown in FIG. 1, the EMD system 100 includes a content provider 101, an EMD service center (clearing house, hereinafter also referred to as ESC) 102, and a user home network 103. Here, like the content provider 101, EMD service center 102, SAM 105 ₁ to 105 ₄ is the data providing apparatus according to claim 1 respectively correspond to the management apparatus and a data processing device. First, the EMD system 10
The outline of 0 will be described. In the EMD system 100, the content provider 101 has a usage control policy (UCP: Usage Control Policy) indicating rights such as a license condition of the content data C of the content to be provided by the content provider 101.
y) Convert data 106 to E, a highly trusted authority
The information is transmitted to the MD service center 102. Rights certificate data 1
06 is authorized (authenticated) by the EMD service center 102.

Further, the content provider 101 encrypts the content data C with the content key data Kc to generate a content file CF, and transmits the content key data Kc to the distribution key for the corresponding period distributed from the EMD service center 102. data KD ₁ ~KD5 ₆
To encrypt. And the content provider 101
Converts a secure container (module) 104 storing the encrypted content key data Kc and content file CF and its own signature data into a user home network 103 using a network such as the Internet, digital broadcasting or a recording medium. To be distributed to

The user home network 103 includes, for example, a network device 160 ₁ and an AV device 160 ₂
With a 160 _4. The network device 160 ₁
AM has a built-in (Secure Application Module) 105 _1. The AV devices 160 _{2 to} 160 ₄ are SAM
It has a built-in 105 _{2-105 4.} SAM105 ₁ ~
105 ₄ mutual, for example, IEEE (Institute ofEle
ctrical and Electronics Engineers) are connected via a bus 191 such as a 1394 serial interface bus.

The SAMs 105 _{1 to} 105 ₄ are stored in the secure container 104 received by the network device 160 ₁ online from the content provider 101 via a network or the like, and / or recorded on the recording medium from the content provider 101 to the AV devices 160 _{2 to} 160 _4. after it decrypted using the distribution key data KD ₁ ~KD ₃ of period corresponding the secure container 104 supplied offline via verifies the signature data. SAM105
_1-105 secure container 104 supplied to _4,
Network devices 160 ₁ and AV apparatuses 160 ₂ to 1
In 60 _4, after the purchase and usage mode is determined in response to the user's operation, a target such as a recording of the reproducing or recording medium. The SAMs 105 _{1 to} 105 ₄ store the purchase / use history of the secure container 104 described above in the use history (Usage
Log) Recorded as data 108. Usage history data 1
08 is sent from the user home network 103 in response to a request from the EMD service center 102, for example.
It is transmitted to the D service center 102.

The EMD service center 102 determines (calculates) the billing content based on the usage history data 108,
Based on the result, settlement is made to a settlement agency 91 such as a bank via the payment gateway 90. As a result, the money paid by the user of the user home network 103 to the settlement institution 91 is transferred to the EMD service center 102.
By the content provider 101
Paid for. In addition, the EMD service center 102
The settlement report data 107 is transmitted to the content provider 101 at regular intervals.

In this embodiment, the EMD service center 1
02 has an authentication function, a key data management function, and a right processing (profit distribution) function. That is, the EMD service center 102 sends a request to the root certificate authority 92, which is the highest authority in a neutral position, (the root certificate authority 92).
Second Certificate Authority (located below)
e Authority), and attaches a signature to the public key certificate data of the public key data used in the signature data verification processing in the content provider 101 and the SAMs 105 _{1 to} 105 ₄ using the secret key data of the EMD service center 102. This authenticates the validity of the public key data. As described above, the EMD service center 102 also registers the rights document data 106 of the content provider 101 and authorizes it.
This is one of the authentication functions of the service center 102. Also,
The EMD service center 102 has a key data management function of managing key data such as distribution key data KD _{1 to} KD ₆ . In addition, the EMD service center 10
2 is a standard retail price SRP (Suggested Retailer 'Price) described in the authoritative rights document data 106 and a SAM.
105 _{1 to} SAM 105 ₄ , based on the usage history data 108 input from the user,
It has a right processing (profit distribution) function of performing settlement for use and distributing the money paid by the user to the content provider 101.

Hereinafter, each component of the content provider 101 will be described in detail. [Content Provider 101] FIG. 2 is a functional block diagram of the content provider 101, and shows a flow of data related to data transmitted and received between the SAMs 105 _{1 to} 105 ₄ of the user home network 103. FIG. 3 shows the content provider 101.
The flow of data related to data transmitted and received between the EMD service center 102 and the EMD service center 102 is shown. In the drawings after FIG. 3, the flow of data input / output to / from the signature data processing unit and the encryption / decryption unit using the session key data K _SES is omitted.

As shown in FIG. 2 and FIG. 3, the content provider 101
11, digital watermark information adding unit 112, compression unit 113, encryption unit 114, random number generation unit 115, encryption unit 116, signature processing unit 117, secure container creation unit 118, secure container database 118a, storage unit 119, mutual authentication It has a unit 120, an encryption / decryption unit 121, a license data creation unit 122, a SAM management unit 124, and an EMD service center management unit 125. Before communicating with the EMD service center 102, the content provider 101 transmits, for example, public key data generated by itself, its own identification card, and a bank account number (account number for settlement) to an EMD service offline. It registers with the center 102 and obtains its own identifier (identification number) CP_ID. Further, the content provider 101 receives the public key data of the EMD service center 102 and the public key data of the root certificate authority 92 from the EMD service center 102. Hereinafter, each functional block of the content provider 101 shown in FIGS. 2 and 3 will be described.

The content master source server 111
The content data serving as the master source of the content to be provided to the user home network 103 is stored, and the content data S111 to be provided is output to the electronic watermark information adding unit 112.

The digital watermark information adding unit 112 adds source digital watermark information (Sou
rce Watermark) Ws, Digital Watermark Information for Copy Management (Cop
y Control Watermark) Wc and user digital watermark information
(User Watermark) Wu or the like is embedded to generate content data S112, and the content data S112 is output to the compression unit 113.

The source digital watermark information Ws is information relating to copyright, such as the name of the copyright holder of the content data, the ISRC code, the authoring date, the authoring device ID (Identification Data), and the distribution destination of the content. The copy management digital watermark information Wc is information including a copy prohibition bit for copy prevention via an analog interface. The user digital watermark information Wu includes, for example, an identifier CP of the content provider 101 for specifying a source and a destination of the secure container 104.
_ID and SAM of user home network 103
Identifiers SAM_ID _{1 to} SAM_ of 105 _{1 to} 105 ₄
ID ₄ is included. Also, the electronic watermark information adding unit 112
If necessary, embeds a link ID for searching for content data with a search engine in the content data S111 as digital watermark information. In the present embodiment, preferably, the information content and embedding position of each piece of digital watermark information is defined as digital watermark information management data, and the EMD service center 102 manages the digital watermark information management data. Digital watermark information management data, for example, the network device 160 ₁ and AV apparatuses 160 ₂ to 160 in the user home network 103
₄ is used when verifying the validity of the digital watermark information. For example, in the user home network 103, based on the digital watermark information management data, when both the embedding position of the digital watermark information and the content of the embedded digital watermark information match, it is determined that the digital watermark information is valid. Thus, embedding of false electronic watermark information can be detected with a high probability.

[0055] The compression unit 113 generates the content data S11.
2, for example, ATRAC3 (Adaptive Transform Acoustic
stic Coding 3) (trademark)
The compressed content data S113 is output to the encryption unit 114.

The encrypting unit 114 stores the content key data K
c as a common key, DES (Data Encryption Stand
ard) or Triple DES, encrypts the content data S113 to generate the content data C, and converts this to the secure container creation unit 11
8 is output. Further, the encryption unit 114 encrypts the A / V decompression software Soft and the metadata Meta using the content key data Kc as a common key, and then outputs the encrypted data to the secure container creation unit 117.

DES is an encryption method that uses a 56-bit common key and processes 64 bits of plaintext as one block. The DES process consists of a part (data agitating unit) that converts plaintext into ciphertext and a part (key processing unit) that generates key (enlarged key) data used by the data agitating unit from common key data. Become. Since all the algorithms of the DES are disclosed, the basic processing of the data agitation unit will be briefly described here.

First, the 64 bits of the plaintext are divided into H ₀ of the upper 32 bits and L _{0 of the} lower 32 bits. The extended key data K ₁ and the lower 32 bits of the L ₀ of 48 bits supplied from the key processing unit as input, the output of the F function obtained by stirring the lower 32 bits of the L ₀ is calculated. The F function is
It consists of two types of basic conversion: "substitution" for replacing a numerical value with a predetermined rule and "transposition" for replacing a bit position with a predetermined rule. Next, the upper 32 bits H
_0, exclusive OR of the output of the F function is the calculation, the result is a L _1. L ₀ is set to H ₁ . Then, the upper 32 bits H ₀ and the lower 32 bits L _{0
Based on 0} , the above process is repeated 16 times, and the obtained upper 32 bits H ₁₆ and lower 32 bits L ₁₆ are output as ciphertext. Decryption is realized by reversing the above procedure using the common key data used for encryption.

The random number generating section 115 generates a random number having a predetermined number of bits and outputs the random number to the encrypting section 114 and the encrypting section 116 as the content key data Kc. In addition,
The content key data Kc may be generated from information on music provided by the content data. The content key data Kc is updated, for example, every predetermined time.

The encrypting unit 116 stores the E
Storage unit 119 received from MD service center 102
Enter the distribution key data KD ₁ ~KD ₆ of a period corresponding of the distribution key data KD ₁ ~KD ₆ stored in the common encryption method such as DES using the distribution key data as a common key Figure 4 content key data Kc of (B), the usage control policy data 106, SAM program download containers SDC ₁ ~SDC ₃ and signature and by
The certificate module Mod ₁ after encrypting, and outputs the secure container preparation unit 117. As shown in FIG. 4B, the signature / certificate module Mod ₁ includes signature data SIG _{2, CP to} SIG _{4, CP} and a content provider 10.
The public key certificate CER _{CP of the} first public key data K _{CP, P} and the signature data SIG _{1, ESC} of the EMD service center 102 for the public key certificate CER _CP are stored. Also, SAM program download containers SDC ₁ ~SDC ₃ includes a download drivers used when performing the downloading of the program in SAM 105 ₁ to 105 within _4, usage control policy data (UCP) U10
UCP-L (Label).
It stores R (Reader) and lock key data for making the rewriting and erasing of the storage unit (flash-ROM) built in the SAMs 105 _{1 to} 105 ₄ into a locked state / unlocked state in block units.

The storage unit 119 includes, for example, a database for storing public key certificate data, a distribution key data K
And a variety of databases such as databases for storing a database and the key file KF stores D ₁ ~KD _6.

The signature processing unit 117 takes the hash value of the data to be signed and creates the signature data SIG using the secret key data K _{CP, S} of the content provider 101.

The hash value is generated using a hash function. The hash function is a function that receives target data as input, compresses the input data into data having a predetermined bit length, and outputs the data as a hash value. It is difficult for a hash function to predict an input from a hash value (output). When one bit of data input to the hash function changes, many bits of the hash value change. It has the characteristic that it is difficult to find the input data that it has.

The secure container creation unit 118
As shown in (A), the header data and the encryption unit 114
A content file CF that stores content data C, A / V decompression software Soft, and metadata Meta, each of which has been encrypted with the content key data Kc input from the server, is generated. Here, the A / V decompression software Soft is stored in the user home network 10.
3 network device 160 ₁ and AV device 160 ₂
160 In _4, a software used when decompressing the content file CF, for example, ATR
This is AC3 extension software.

The secure container creation unit 118
Figure 4 (B), the encrypted content key data Kc by distribution key data KD ₁ ~KD ₆ of a period corresponding input from the encryption unit 116, usage control policy data (UC
To generate a key file KF storing the P) 106 and the SAM program download containers SDC ₁ ~SDC ₃ and the signature and certificate module Mod _1. Then, the secure container creation unit 118 checks the state shown in FIG.
The content file CF and the key file KF shown in FIG. 4B and the content provider 10 shown in FIG.
After the secure container 104 storing the public key data K _CP and the signature data SIG _{1 and ESC} is generated and stored in the secure container data berth 118a,
Output to the SAM management unit 124 in response to a request from the user. As described above, in the present embodiment _, the public key certificate CER _CP of the public key data K _{CP, P} of the content provider 101 is used.
Is stored in the secure container 104 and transmitted to the user home network 103. Therefore, user home network 1
03 is EM communication for obtaining public key certificate CER _CP.
There is no need to perform the communication with the D service center 102. According to the present invention, the public key certificate CER _CP is not stored in the secure container 104, and the user home network 103 obtains the public key certificate CER _CP from the EMD service center 102. ) The method may be adopted.

When the content provider 101 transmits and receives data to and from the EMD service center 102 and the user home network 103 online, the mutual authentication unit 120
And mutual authentication with the user home network 103 to generate session key data (shared key) K _SES . The session key data K _SES is newly generated each time mutual authentication is performed.

The encryption / decryption unit 121 encrypts data transmitted online by the content provider 101 to the EMD service center 102 and the user home network 103 using the session key data K _SES . Further, the encryption / decryption unit 121 decrypts data received online by the content provider 101 from the EMD service center 102 and the user home network 103 using the session key data K _SES .

The license data creation unit 122 creates the license data 106 and outputs this to the encryption unit 116.
The license data 106 is a descriptor (descriptor) that defines the operation rule of the content data C. For example, the standard retail price SRP (Suggested Retailer 'Price) desired by the operator of the content provider 101 and the content data C A copy rule and the like are described.

The SAM management unit 124 supplies the secure container 104 to the user home network 103 offline and / or online. When the SAM management unit 124 distributes the secure container 104 to the user home network 103 off-line using a ROM-type recording medium (media) such as a CD-ROM or a DVD, the distribution key data KD _{1 to} KD ₆ The secure container 104 is encrypted using, for example, and recorded on a recording medium. Then, this recording medium is supplied offline to the user home network 103 by selling or the like.

FIG. 5 is a diagram for explaining the ROM type recording medium 130. As shown in FIG. 5, the ROM type recording medium 130 has a ROM area 131, a RAM area 132
And a media SAM 133. ROM area 13
1 stores the content file CF shown in FIG. In the RAM area 132, FIG.
The key file KF and the public key certificate data CER _CP shown in (B) and (C) and the recording key data _KSTR having a unique value according to the type of device are generated using a MAC function as arguments. And signature data and the key file KF
And data obtained by encrypting public key certificate data CER _CP using media key data K _MED having a value unique to the recording medium. In the RAM area 132,
For example, public key certificate discard data (revocation list) that specifies the content provider 101 and the SAMs 105 _{1 to} 105 ₅ that have been invalidated due to fraud or the like are stored. Further, the SAM 10 of the user home network 103 is stored in the RAM area 132 as described later.
5 _1-105 usage control status _{which 4} purchase and usage of the content data C is generated when it is determined in (U
CS) data 166 and the like are stored. As a result, the usage control state data 166 is stored in the RAM area 132, and the ROM-type recording medium 130 whose purchase / use mode has been determined is obtained. In the media SAM 133, for example,
Media ID which is an identifier of the ROM type recording medium 130
And media key data K _MED are stored. The media SAM 133 has, for example, a mutual authentication function.

When the SAM management unit 124 distributes the secure container 104 to the user home network 103 online using a network or digital broadcasting, the SAM management unit 124 _{converts the} session key data K _SES into the encryption / decryption unit 121. After encrypting the secure container 104 using the secure container 104, the encrypted content is distributed to the user home network 103 via the network. In the present embodiment, the SAM
As the management unit, the EMD service center management unit, and the content provider management unit and the service provider management unit to be described later, for example, a communication gateway having a tamper-resistant structure in which monitoring (monitoring) of internal processing contents and tampering are difficult or difficult. Is used.

Here, the distribution of the content data C from the content provider 101 to the user home network 103 is performed either by using the recording medium 130 as described above or online by using the network. A common format secure container 104 in which data 106 is stored is used. Therefore, the SAMs 105 _{1 to} 105 ₄ of the user home network 103 can perform rights processing based on the common rights data 106 in both offline and online.

As described above, in this embodiment,
In the secure container 104, the content key data Kc
An in-band method is used in which the content data C encrypted by the above method and the content key data Kc for decrypting the encrypted content data are enclosed. The in-band method has an advantage in that it is not necessary to separately distribute the content key data Kc when the content data C is to be reproduced on a device of the user home network 103, and the load of network communication can be reduced. The content key data Kc is encrypted with the distribution key data KD _{1 to} KD ₆ , but the distribution key data KD _{1 to} KD ₆ are encrypted.
₆ is managed by the EMD service center 102,
SAM105 of the user home network 103 ₁ to 1
05 ₅ in advance (when the SAM 105 ₁ to 105 ₄ to access the first to the EMD service center 102) since it is delivered, the user home network 103,
The content data C can be used offline without connecting to the EMD service center 102 online. It should be noted that the present invention uses the content data C
And the content key data Kc separately to the user home network 103.
-Of-Band) flexibility.

The EMD service center management unit 125
MD service center 102 from 6 months of distribution key data KD ₁ ~KD ₆ and the signature data SIG _KD1 which corresponds to _{each, ESC ~SIG KD6, ESC} and the public key data K _CP of the content provider _101, public containing _P Key certificate C
When receiving the ER _CP and its signature data SIG _{1, ESC} and the settlement report data 107, these are decrypted by the encryption / decryption unit 121 using the session key data K _SES and then stored in the storage unit 119. The settlement report data 107 includes, for example, the EMD service center 102
Describes the contents of the settlement made by the contents provider 101 to the settlement institution 91 shown in FIG.

The EMD service center management unit 125
Is the global unique of the content data C to be provided
(Global Unique) identifier Content_ID, public key data K _{CP, P} and their signature data SIG
_{9, CP} is transmitted to the EMD service center 102, and the EMD
The public key certificate data CER _CP of the public key data K _{CP, P} is input from the service center 102. Further, the EMD service center management unit 125 stores the
At the time of registration with the D service center 102, as shown in FIG. 6A, a module Mod ₃ storing a globally unique identifier Content_ID of the content data C to be provided, content key data Kc, and rights certificate data 106, and A module for requesting registration of registration Mod ₂ storing the signature data SIG _{5 and CP} is created, and this is transmitted to the encryption / decryption unit 121 by the session key data K.
After encrypting using _SES , E
The information is transmitted to the MD service center 102. As the EMD service center management unit 125, for example, a communication gateway having a tamper-resistant structure in which monitoring (monitoring) of internal processing contents and tampering are difficult or difficult is used as described above.

Hereinafter, the flow of processing in the content provider 101 will be described with reference to FIGS. 2 and 3. It is to be noted that assuming that the following processing is performed, a person involved in the content provider 101 performs registration processing in the EMD service center 102 offline using, for example, his / her own ID card and a bank account for performing payment processing. , Globally unique identifier CP_ID. The identifier CP_ID is stored in the storage unit 119.

First, the content provider 101
In the MD service center 102, its own secret key data K
_CP, the public key data K _CP corresponding to _S, the processing will be described with reference to FIG. 3 in the case of requesting the public key certificate data CER _CP to prove the validity of the _S. First, the content provider 101 generates a random number using a true random number generator, generates secret key data K _{CP, S,} and creates public key data K _{CP, P} corresponding to the secret key data K _{CP, S.} And store it in the storage unit 119. The EMD service center management unit 125 reads the identifier CP_ID of the content provider 101 and the public key data K _{CP, P} from the storage unit 119. And
The EMD service center management unit 125 uses the identifier CP_I
D and the public key data K _{CP, P} are transmitted to the EMD service center 102. Then, the EMD service center management unit 125 sends the public key certificate data C
The ER _CP and its signature data SIG1 _{, ESC} are input from the EMD service center 102 and written into the storage unit 119.

Next, the content provider 101
The process of receiving the distribution key data from the MD service center 102 will be described with reference to FIG. It is to be noted that it is assumed that the content provider 101
Needs to obtain the public key certificate data CER _CP from the EMD service center 102. EMD service center management unit 125 inputs the EMD service from the center 102 6 months of distribution key data KD ₁ ~KD ₃ and the signature data _{SIG KD1, ESC ~SIG KD6, ESC} ,
This is stored in a predetermined database in the storage unit 119. Then, in the signature processing unit 117, the storage unit 119
Data SIG _{KD1, ESC to} SIG stored in
_KD6, after the legitimacy of the _ESC is confirmed, the distribution key data KD ₁ ~KD ₆ stored in the storage unit 119 are treated as valid.

Next, the content provider 101 will be described with reference to FIG processing when transmitting the secure container 104 to the SAM 105 ₁ of the user home network 103. In the following examples, the secure container 1 from the content provider 101 to the SAM 105 ₁
04 is transmitted, the secure container 1
Also if you want to send 04 to the SAM105 ₂ ~105 _4, S
It is the same except that it is transmitted to the SAMs 105 _{2 to} 105 ₄ via the AM 105 ₁ . First, the content data S111 is read from the content master source server 111 and output to the digital watermark information adding unit 112.
Next, the digital watermark information adding unit 112 generates the content data S112 by embedding the digital watermark information in the content data S111, and outputs this to the compression unit 113. Next, the compression unit 113 outputs the content data S112
Is compressed by, for example, the ATRAC3 method to create content data S113, and this is output to the encryption unit 114. Further, content key data Kc generated by generating a random number is output from random number generation section 115 to encryption section 114.

Next, the encrypting unit 114 encrypts the content data S113 and the metadata Meta and A / V decompression software Soft read from the storage unit 119 using the content key data Kc to secure the content data S113. Output to the container creation unit 118. In this case, the metadata Meta does not have to be encrypted. Then, the secure container creating unit 118 creates the content file CF shown in FIG. Also, the signature processing unit 117
In, the hash value of the content file CF is taken, the secret key data K _CP, the signature data SIG 6 by using the _{S, CP}
Is generated.

The signature processing unit 117 includes the content data C, the content key data Kc,
06, and a signature data SIG _{2, CP} , SI indicating the validity of the creator (provider) of each data using the secret key data K _{CP, S.}
G _{3, CP} and SIG _{4, CP} are created. Also, the encryption unit 116
Is 4 content key data Kc of (B), the usage control policy data 106, SAM program download containers SD ₁ to SD _3, and signature and certificate module Mo
d _1, and the key for the delivery of the corresponding period data KD ₁ ~KD ₃
And outputs it to the secure container creation unit 118. Then, the secure container creation unit 118
A key file KF shown in FIG. Further, the signature processing unit 117 obtains a hash value of the key file KF and uses the secret key data K _{CP, S} to generate the signature data SIG.
_7, Create a _CP .

Next, the secure container creation unit 118
A content file CF and its signature data SIG6 _{, CP} shown in FIG. 4A, a key file KF and its signature data SIG7 _{, CP} shown in FIG. 4B, and a public key certificate shown in FIG. A secure container 104 storing the certificate data CER _CP and its signature data SIG1 _{, ESC} is created, and this is stored in the secure container database 118a.
To memorize. Then, the secure container creation unit 118
Stores a secure container 104 to be provided to the user home network 103 in response to a request from the user, for example.
18a, the mutual authentication unit 120 and the SAM 10
5 after encrypting in the encryption and decryption unit 121 by using the session key data K _SES obtained by the mutual authentication between ₁ and transmits to the SAM 105 ₁ of the user home network 103 via the SAM management unit 124.

Next, the content provider 101
A process for requesting the MD service center 102 to register and authorize the license data 106 and the content key data Kc will be described with reference to FIG. Authorization request processing of the license data 106 and the content key data Kc is performed for each content data C.

In this case, in the signature processing unit 117, the globally unique identifier Content_ID, the content key data Kc, and the license data creation unit 122 of the content data C read from the storage unit 119
M consisting of the license data 106 input from
hash value od ₃ is determined, secret key data K _CP, the signature data SIG 5, _CP by using the _S is generated. Then, the right registration request module Mod ₂ shown in FIG.
Session key data K _SES obtained by mutual authentication between mutual authentication unit 120 and EMD service center 102
After being encrypted by the encryption / decryption unit 121 using EMD, the EMD service center management unit 125 transmits the EMD service to the EMD service center 102.

In this embodiment, the EMD service center 1
02, after authorizing the license data 106 and the content key data Kc, the content provider 10
1 does not receive an authorization certificate module proving that it has been authorized from the EMD service center 102,
That is, a case is described in which the content provider 101 creates a key file KF by performing encryption using the distribution key data KD _{1 to} KD ₆ . However, the present invention
For example, after the authority of the usage control policy data 106 and content key data Kc in the EMD service center 102, the EMD service center 102 to the content provider 101, FIG encrypted using the distribution use key data KD ₁ ~KD ₆ ( The authorization certificate module Mod _2a shown in B) may be transmitted. Authorization certificate module M
od _2a is the globally unique identifier Content_ID of the content data C, the content key data Kc
In addition, a module Mod _3a storing the license data 106 input from the license data creation unit 122 and signature data SIG5a _{, ESC of} the module Mod _3a using the secret key data K _{ESC, S} are stored. In this case, the content provider 101, for example,
In 04, distributing and storing authorizes certificate module Mod _2a to SAM 105 ₁ to 105 _4. The EMD service center 102 generates an authorization certificate module Mod _2a for six months, which is encrypted using the distribution key data KD _{1 to} KD ₆ corresponding to different months, and collects them to be a content provider. 101 may be transmitted.

[EMD Service Center 102] The EMD service center 102 establishes a certificate (CA: Certificate Autho
rity) function, Key Management function and Rights Clearing (profit sharing) function. FIG.
2 is a configuration diagram of functions of the EMD service center 102. As shown in FIG. 7, the EMD service center 102
Are a key server 141, a key database 141a, a settlement processing unit 142, a signature processing unit 143, and a settlement organization management unit 14.
4. It has a certificate / rights management unit 145, a CER database 145a, a content provider management unit 148, a CP database 148a, a SAM management unit 149, a SAM database 149a, a mutual authentication unit 150, and an encryption / decryption unit 151. FIG. 7 shows a flow of data related to data transmitted / received to / from the content provider 101 among data flows between functional blocks in the EMD service center 102. FIG. 8 shows SAMs 105 ₁ to SAM 105 in the data flow between the functional blocks in the EMD service center 102.
Flow of the data related to the data transmitted and received is exhibited between the settlement organization 91 shown in 105 ₄ and FIG.

The key server 141 has a key database 141
The distribution key data whose validity period is stored for one month is read out in response to the request and output to the content provider management unit 148 and the SAM management unit 149. Further, in addition to the distribution key data KD of the key database 141a, recording key data K _STR , media key data K _MED and MA
It consists of a series of key data for storing key data such as C key data K _MAC .

[0088] the settlement processing unit 142, SAM105 ₁ ~1
05 ₄ and the usage log data 108 input from the, certificate,
Standard retail price data S input from the rights management section 145
The settlement processing is performed based on the RP and the sales price, the settlement report data 107 and the settlement claim data 152 are created, the settlement report data 107 is output to the content provider management unit 148, and the settlement claim data 152 is managed by the settlement organization. Output to the unit 144. Note that the settlement processing unit 1
42 monitors whether or not a transaction with an illegal dumping price has been made based on the selling price. Here, the usage history data 108 is stored in the user home network 10
3 shows the history of purchase and use (playback, recording, transfer, etc.) of the secure container 104 in
Used at 42 to determine the payment amount of the license fee associated with the secure container 104.

The use history data 108 includes, for example, the identifier Content_ID of the content data C stored in the secure container 104, the secure container 104
Of the content provider 101 that has distributed the
ID, content data C in secure container 104
Compression method, identifier Media_ID of recording medium on which secure container 104 is recorded, secure container 104
SAs of the SAMs 105 _{1 to} 105 ₄ that have been distributed
M_ID, U of the user of the SAM 105 _{1 to} 105 ₄
SER_ID and the like are described. Therefore, the EMD service center 102 needs to distribute the money paid by the user of the user home network 103 to a license owner such as a compression method or a recording medium other than the owner of the content provider 101. Is
An amount to be paid to each partner is determined based on a predetermined distribution ratio table, and settlement report data 107 according to the determination is determined.
And the payment request data 152 are created. The distribution ratio table is created for each content data stored in the secure container 104, for example. In addition, the settlement request data 152 is authoritative data capable of requesting payment to the settlement agency 91 based on the data. For example, in the case where the money paid by the user is distributed to a plurality of right holders, Is created for each right holder. When the settlement is completed, the settlement institution 91 sends the usage statement of the settlement institution to the EMD service center 102. The EMD service center 102 notifies the corresponding right holder of the contents of the usage statement.

The settlement institution management unit 144 includes the settlement processing unit 14
2 transmits the payment request right data 152 generated to the payment institution 91 via the payment gateway 90 shown in FIG. As will be described later, the settlement organization management unit 144
Transmits the settlement request right data 152 to the right holder such as the content provider 101, and the right holder may use the received settlement request right data 152 to make a payment to the settlement agency 91. Further, the settlement organization management unit 144 takes the hash value of the settlement request data 152 in the signature processing unit 143, and generates the signature data SIG ₉₉ generated using the secret key data K _{ESC, S} together with the settlement request data 152. Send it to 91.

The certificate / rights management unit 145 includes the public key certificate data CER _CP and the public key certificate data CER registered and authorized in the CER database 145a.
_{SAM1 ~CER SAM4} reads the like, is authorizes by registering and usage control policy data 106 and content key data Kc of the content provider 101 to the CER database 145a. The public key certificate data CER _SAM1
And Detasu to store ~CER _SAM4, usage control policy data 1
06 and the content key data Kc may be provided separately. At this time, the certificate / rights management unit 145, for example, stores the rights data 106 and the content key data Kc.
Then, each authorized certificate data with signature data using the secret key data K _{ESC, S} is created.

The content provider management section 148 has a function of communicating with the content provider 101, and stores the identifier C of the registered content provider 101.
The user can access the CP database 148a that manages P_ID and the like.

The SAM management unit 149 has a function of communicating with the SAMs 105 _{1 to} 105 ₄ in the user home network 103, and the registered SAM identifier SAM
The user can access the SAM database 149a that records the _ID and the SAM registration list.

Hereinafter, the flow of processing in the EMD service center 102 will be described. First, the EMD service center 1
The flow of processing when transmitting the distribution use key data to SAM 105 ₁ to 105 ₄ of the content provider 101 and the user home network 103 from 02, will be described with reference to FIGS. As shown in FIG.
The key server 141 stores the distribution key data KD _{1 to} KD ₆ for six months, for example, every predetermined period, in the key database 141.
a and outputs it to the content provider management unit 148. Also, the signature processing unit 143 takes the hash value of each of the distribution key data KD _{1 to} KD ₆ and uses the secret key data K _{ESC, S} of the EMD service center 102 to generate the corresponding signature data SIG _{KD1, ESC to} SIG
_{KD6 and ESC} are created and output to the content provider management unit 148. Content provider management unit 148
Are the distribution key data KD _{1 to} KD ₆ and the signature data SIG _{KD1, ESC to} SIG KD6 _{, ESC} for these six months.
_Is encrypted using the session key data K _SES obtained by the mutual authentication between the mutual authentication unit 150 and the mutual authentication unit 120 shown in FIG. 3, and then transmitted to the content provider 101.

As shown in FIG. 8, the key server 141
, For each predetermined period, for example, reads the 3-month distribution key data KD ₁ ~KD ₃ from the key database 141a and outputs to the SAM management unit 149. Also, the signature processing unit 1
Numeral 43 denotes a hash value of each of the distribution key data KD _{1 to} KD ₃ , and uses the secret key data K _{ESC, S} of the EMD service center 102 to generate the corresponding signature data S _ESC, S.
Create IG _{KD1, ESC to} SIG _{KD3, ESC} and save this to SAM
Output to the management unit 149. The SAM management unit 149 stores the three-month distribution key data KD _{1 to} KD ₃ and their signature data SIG _{KD1, ESC to} SIG _{KD3, ESC} between the mutual authentication unit 150 and the SAMs 105 _{1 to} 105 _4. After encrypting using the session key data K _SES obtained by the authentication, it is transmitted to the SAMs 105 _{1 to} 105 ₄ .

Next, the EMD service center 102 sends the public key certificate data CE from the content provider 101.
The process when an _RCP issuance request is received will be described with reference to FIG. In this case, the content provider management unit 148 determines the identifier CP of the content provider 101.
_ID, public key data K _{CP, P} and signature data SIG
_{When the CPs 9 and 9} are received from the content provider 101, they are transmitted to the mutual authentication unit 150 and the mutual authentication unit 12 shown in FIG.
Session key data K _SES obtained by mutual authentication between 0 and
Is decrypted using. Then, the decrypted signature data S
After confirming the validity of IG9 and _{CP in} the signature processing unit 143, based on the identifier CP_ID and the public key data KCP _{, P} , the content provider 101 which has issued the public key certificate data issuance request is transmitted to the CP database 148a.
Check if it is registered in. And the certificate
The rights management unit 145 determines that the content provider 10
1 public key certificate data CER _CP from the CER database 145a and read out the content provider management unit 1
48. Also, the signature processing unit 143 takes the hash value of the public key certificate data CER _CP , creates the signature data SIG _{1, ESC} using the secret key data K _{ESC, S} of the EMD service center 102, and stores this in the content. Output to the provider management unit 148. Then, the content provider management unit 148 converts the public key certificate data CER _CP and its signature data SIG1 _{, ESC} into the mutual authentication unit 150.
And after encrypting using the session key data K _SES obtained by the mutual authentication between the mutual authentication unit 120 shown in FIG.
The content is transmitted to the content provider 101.

Next, the EMD service center 102 sets the SA
From M105 _1, a process when receiving the request for issuing the public key certificate data CER _SAM1, it will be described with reference to FIG. In this case, the SAM management unit 149
₁ identifier SAM ₁ _ID, when the public key data K _{SAM1, P,} and signature data SIG _{8, SAM1} received from SAM 105 _1, these session key data obtained by the mutual authentication between the mutual authenticator 150 and the SAM 105 ₁ and the _Decrypt using _KSES . Then, the decrypted signature data SIG
_8, after confirming the signature processor 143 the validity of the _SAM1, the identifier SAM ₁ _ID and public key data K _{SAM1, P}
Based on, SAM 105 ₁ which issued the request for issuing the public key certificate data to confirm whether or not it is registered in the SAM database 149a. The certificate-Entitlement management unit 145 outputs to the SAM management unit 149 reads the public key certificate data CER _SAM1 of the SAM 105 ₁ from the CER database 145a. Further, the signature processing unit 143 takes the hash value of the public key certificate data CER _SAM1 and outputs the secret key data K of the EMD service center 102.
_The signature data SIG _{50, ESC} is created using _{ESC, S} , and this is output to the SAM management unit 149. Then, the SAM management unit 149 transmits the public key certificate data CER _SAM1 and its signature data SIG _{50, ESC} to the mutual authentication unit 150 and the SA.
After encrypting using session key data K _SES obtained by mutual authentication with M105 _1, it is transmitted to SAM 105 ₁ . When the SAMs 105 _{2 to} 105 ₄ request public key certificate data, the processing is
5 _2-105 only replaces _4, basically above SA
Is the same as in the case of M105 _1. In the present invention, E
The MD service center 102 is, for example, a SAM 105 ₁
The factory, in the case of storing SAM 105 ₁ of the secret key data K _{SAM1, S} and the public key data K _{SAM1, P} to SAM 105 ₁ of the storage unit, at the time of the shipment, the public key data K
The public key certificate data CER _SAM1 of _{SAM1, P} may be created. At this time, at the time of shipment, the public key certificate data CE
The R _SAM1, may be stored in the storage unit of the SAM 105 _1.

Next, a process performed when the EMD service center 102 receives a registration request for the license data 106 and the content key data Kc from the content provider 101 will be described with reference to FIG. In this case, when the content provider management unit 148 receives the license registration request module Mod ₂ shown in FIG. 6A from the content provider 101, the mutual authentication unit 150 and the mutual authentication unit 120 shown in FIG. Using the session key data K _SES obtained by authentication, a right registration registration request module M
to decode the od _2. Then, the signature processing unit 143, using the public key data K _cp read from the key database 141a, verifies the legitimacy of the signature data SIG 5, _CP. Next, certificate-Entitlement management unit 145, usage control policy registration request module stored in the Mod ₂ the usage control policy data 1
06 and the content key data Kc are registered in the CER database 145a.

Next, the processing in the case of performing the settlement processing in the EMD service center 102 will be described with reference to FIG. The SAM management unit 149 receives the usage history data 108 and its signature data SIG ₂₀₀ and SAM ₁ from, for example, the SAM 105 ₁ of the user home network 103, and receives the usage history data 108 and the signature data SIG.
_{200, SAM1} the session key data K _{SE S} obtained by the mutual authentication between the mutual authenticator 150 and the SAM 105 ₁ and
And the public key data K _{SAM1 of the} SAM 105 ₁
After verifying the signature data _{SIG200 and SAM1 according to} the above _{, the} data is output to the settlement processing unit 142.

The settlement processing unit 142 uses the usage history data 108 input from the SAM management unit 149 and the CER database 14 via the certificate / rights management unit 145.
The payment processing is performed based on the standard retail price data SRP and the sales price included in the license data 106 read from 5a, and the payment claim data 152 and the payment report data 107 are generated. The settlement processing unit 142 outputs the settlement claim right data 152 to the settlement organization management unit 144 and outputs the settlement report data 107 to the content provider management unit 148.

Next, the settlement organization management unit 144 performs the mutual authentication and the decryption by the session key data K _SES of the settlement claim right data 152 and the signature data SIG ₉₉ thereof, and then, through the payment gateway 90 shown in FIG. To the settlement institution 91. Thereby, the money of the amount indicated in the settlement claim data 152 is paid to the content provider 101.

Next, a process when the EMD service center 102 transmits a settlement report to the content provider 101 will be described with reference to FIG. Settlement processing unit 14
When the settlement is performed in 2, the settlement report data 107 is output from the settlement processing unit 142 to the content provider management unit 148 as described above. As described above, the settlement report data 107 describes, for example, the contents of the settlement made by the EMD service center 102 to the settlement agency 91 shown in FIG. When the settlement report data 107 is input from the settlement processing unit 142, the EMD service center 102 converts the settlement report data 107 into session key data K _SES obtained by mutual authentication between the mutual authentication unit 150 and the mutual authentication unit 120 shown in FIG. After being used and encrypted, it is transmitted to the content provider 101.

Further, as described above, after the EMD service center 102 registers (authorizes) the license data 106, the EMD service center 102 sends the authorization certificate shown in FIG. 6B to the content provider 101. The module Mod _2a may be encrypted with the distribution key data KD _{1 to} KD ₆ and transmitted.

Further, the EMD service center 102 also performs processing at the time of shipment of the SAMs 105 _{1 to} 105 ₄ ,
The SAM registration list is registered, and these processes will be described later.

[User Home Network 103] As shown in FIG. 1, the user home network 103 includes a network device 160 ₁ and A / V devices 160 ₂ to 160 1.
It has a 60 _4. The network device 160 ₁
AM105 has a _built-1. Also, the AV device 160 ₂
160 ₄ are respectively built SAM 105 ₂ to 105 _4. The SAMs 105 _{1 to} 105 ₄ are connected to each other via a bus 191 such as an IEEE 1394 serial interface bus. Note that the AV devices 160 _{2 to} 160 ₄ may have a network communication function or may not have a network communication function, and use the network communication function of the network device 160 ₁ via the bus 191. Is also good. Further, the user home network 103 may include only AV devices having no network function.

[0106] The following describes the network apparatus 160 _1. Figure 9 is a block diagram of the network device 160 _1. As shown in FIG. 9, the network device 160 ₁
Are the SAM 105 ₁ , the communication module 162, the decryption / decompression module 163, and the purchase / use mode determination operation unit 16
5, download memory 167, playback module 169
And an external memory 201.

The SAMs 105 _{1 to} 105 ₄ are modules for performing a billing process for each content, and communicate with the EMD service center 102. SAM105
_{1-105 4} is, for example, EMD service center 102
The license and the license are transferred to a home device maker as a charging module of a blacks box that performs charging for each content if the mounting is desired. For example, household equipment development manufacturer, SAM105 ₁ ~105 ₄ of IC (Integrated Circ
can not know the internal specifications uit), such as the unified EMD service center 102 of the IC interface, the network device 160 ₁ and AV accordingly
It is mounted on apparatus 160 _{2-160 4.}

The SAMs 105 _{1 to} 105 ₄ have their processing contents completely shielded from the outside, their processing contents cannot be monitored and falsified from the outside, and the data stored in advance and the data being processed are stored in the SAMs 105 _{1 to} 105 _4. It is a tamper-resistant hardware module (such as an IC module) that cannot be monitored and tampered with from the outside. When implementing the functions of the SAMs 105 _{1 to} 105 _{4 in} the form of an IC, a secret memory is provided inside the IC, and a secret program and secret data are stored therein. SAM
Is not limited to the physical form of IC, and if that function can be incorporated in any part of the device, that part may be defined as SAM.

[0109] The following is a detailed description of the function of SAM105 _1. Note that the SAMs 105 _{2 to} 105 ₄ are SA
M105 has _one basically the same function. FIG.
Is a block diagram of the function of SAM 105 _1. FIG.
0 shows the flow of data related to the process of inputting the secure container 104 from the content provider 101 and decrypting the key file KF in the secure container 104. As shown in FIG. 10, SAM 105 ₁
Are the mutual authentication unit 170, the encryption / decryption units 171, 17
2, 173, a content provider management unit 180, an error correction unit 181, a download memory management unit 182, a secure container decryption unit 183, a decryption / decompression module management unit 184, an EMD service center management unit 185, a use monitoring unit 186, and a billing processing unit 187, signature processing unit 189, S
AM management unit 190, media SAM management unit 197, stack (work) memory 200, and external memory management unit 81
One. Since the AV devices 160 _{2 to} 160 ₄ do not have the download memory 167, the SAM 10
5 _2-105 download memory management unit 182 to ₄ does not exist.

[0110] The predetermined function of the SAM 105 ₁ shown in FIG. 10, for example, be realized by executing a secret program in the CPU (not shown). Also, the stack memory 200 undergoes the following processing,
As shown in FIG. 7, the usage history data 108 and the SAM registration list are stored. Here, the memory space of the external memory 201, SAM 105 ₁ of the external (e.g., host CP
U810) can not be seen from, SAM 105 only ₁ can manage access to the storage area of the external memory 201. As the external memory 201, for example, a flash memory or a ferroelectric memory (FeRAM) is used. As the stack memory 200, for example, a SARAM is used, and as shown in FIG.
c, right certificate data (UCP) 106, lock key data K _LOC of storage unit 192, public key certificate CER _{CP of} content provider 101, usage control status data (UCS) 1
66, and the like SAM program download containers SDC ₁ ~SDC ₃ is stored.

Hereinafter, of the functions of the SAM 105 ₁ , the secure container 104 from the content provider 101
The processing content of each functional block when "." Is input will be described with reference to FIG.

When the SAM 105 ₁ transmits / receives data between the content provider 101 and the EMD service center 102 online, the mutual authentication unit 170
Mutual authentication is performed between the content provider 101 and the EMD service center 102 to generate session key data (shared key) K _SES , and this is encrypted / decrypted by the encryption / decryption unit 17.
Output to 1. The session key data K _SES is newly generated each time mutual authentication is performed.

The encryption / decryption unit 171 encrypts / decrypts data transmitted / received between the content provider 101 and the EMD service center 102 using the session key data K _SES generated by the mutual authentication unit 170.

The error correction unit 181 is configured to
04 is corrected and output to the download memory management unit 182. Note that the user home network 103
It may have a function of detecting whether the secure container 104 has been tampered with. In the present embodiment, the error correction unit 181, a case has been exemplified with a built-in SAM 105 _1, the function of the error correction unit 181, for example, the host CPU
It may have to SAM105 ₁ of the outside such as a 810.

The download memory management unit 182 is configured as shown in FIG.
When the download memory 167 has a media SAM 167a having a mutual authentication function as shown in FIG.
After performing mutual authentication between the mutual authentication unit 170 and the media SAM 167a, the secure container 1 after error correction is performed.
04 is encrypted using the session key data K _SES obtained by the mutual authentication and written into the download memory 167 shown in FIG. As the download memory 167, for example, a nonvolatile semiconductor memory such as a memory stick is used. In addition, as shown in FIG.
When a memory having no mutual authentication function such as (Hard Disk Drive) is used as the download memory 211, the content file CF is stored in the download memory 21 because the download memory 211 is not secure.
1, and downloads a highly confidential key file KF, for example, to the stack memory 200 shown in FIG.

The secure container decryption unit 183 stores the key file KF stored in the secure container 104 input from the download memory management unit 182 into the storage unit 19
2 and corresponding distribution key data KD ₁ read from
To KD ₃ , and the signature processing unit 189 checks the validity of the signature data SIG _{2, CP to} SIG _{4, CP} , that is, the validity of the creator of the content data C, the content key data Kc, and the rights certificate data 106. After confirmation, the data is written to the stack memory 200.

An EMD service center management unit 185 manages communication with the EMD service center 102 shown in FIG.

The signature processing section 189 reads the public key data K of the EMD service center 102 read from the storage section 192.
The signature data in the secure container 104 is verified using the _{ESC, P} and the public key data K _{CP, P} of the content provider 101.

[0119] storage unit 192, as secret data which can not be read and rewritten from SAM 105 ₁ of the external,
As shown in FIG. 14, the distribution key data KD _{1 to} KD ₃ ,
SAM_ID, user ID, password, I for information reference
D, SAM registration list, recording key data K _STR , root CA public key data K _{R-CA, P} , EMD service center 1
02 public key data K _{ESC, P} , media key data K _MED , public key data K of the EMD service center 102
_{ESC, P} , secret key data K _{SAM1, S} , SA of SAM 105 ₁
The public key certificate CER _SAM1 storing the public key data K _{SAM1 and P} of M105 ₁ , the signature data SIG _{22 of} the public key certificate CER _ESC using the private key data K _{ESC and S} of the EMD service center 102, and decryption / expansion It stores original key data for mutual authentication with the module 163 and original key data for mutual authentication with the media SAM. The storage unit 19
2 stores a secret program for realizing at least a part of the functions shown in FIG. Storage unit 192
For example, a flash-EEPROM (Electri
cally Erasable Programmable RAM) is used.

[0120] Hereinafter, FIG. 10 the flow of processing in SAM105 within ₁ when storing the distribution use key data KD ₁ ~KD ₃ received from the EMD service center 102 in the storage unit 192
This will be described with reference to FIG. In this case, first, mutual authentication is performed between the mutual authentication unit 170 and the mutual authentication unit 150 shown in FIG. Next, the encrypted 3 months of distribution key data KD ₁ ~KD ₃ and the signature data SI in the session key data K _SES obtained by the mutual authentication
G _{KD1, ESC to} SIG _{KD3, ESC} are written from the EMD service center 102 to the stack memory 811 via the EMD service center management unit 185. Next, encryption
The decryption unit 171 decrypts the distribution key data KD _{1 to} KD ₃ and the signature data SIG _{KD1, ESC to} SIG _{KD3, ESC} using the session key data K _SES . Next, in the signature processing unit 189, the stack memory 811
Data SIG _{KD1, ESC to} SIG stored in
_After the validity of _{KD3 and ESC} is confirmed, the distribution key data K
D _{1 to} KD ₃ are written to the storage unit 192.

Hereinafter, the secure container 104 is input from the content provider 101, and the secure container 10
4 when decoding the key file KF in the SAM 105 ₁
The flow of processing in the inside will be described with reference to FIG. Mutual authentication with the mutual authentication unit 120 shown in the mutual authentication unit 170 and FIG. 2 of SAM 105 ₁ shown in FIG. 10 is performed.
The encryption / decryption unit 171 uses the session key data K _SES obtained by the mutual authentication to transmit the content provider 10 via the content provider management unit 180.
Decrypt the secure container 104 supplied from 1.

Next, the signature processing section 189 verifies the signature data SIG1 _{and ESC} shown in FIG. 4C, and then stores it in the public key certificate data CER _CP shown in FIG. 4C. Key data K _{CP, P of} the content provider 101
Is used to confirm the validity of the signature data SIG6 _{, CP} , SIG7 _{, CP} . When the validity of the signature data SIG _{6, CP} , SIG _{7, CP} is confirmed, the content provider management unit 180 outputs the secure container 104 to the error correction unit 181.

The error correction section 181 is a secure container 1
04 error correction, the download memory management unit 1
82. The download memory management unit 182
Mutual authentication unit 170 and media SAM 167a shown in FIG.
After performing mutual authentication with the secure container 1
04 to the download memory 167.

Next, the download memory management unit 182
Is the mutual authentication unit 170 and the media SAM 16 shown in FIG.
7A, the key file K stored in the secure container 104 shown in FIG.
F is read from the download memory 167 and output to the secure container decryption unit 183.

Then, the secure container decryption unit 183
Using the distribution use key data KD ₁ ~KD ₃ periods corresponding input from the storage unit 192, decrypts the key file KF, the signature-certificate module Mod shown in FIG. 4 (B)
Signature data SIG ₁ stored in _{1, ESC, SIG 2, CP} ~
SIG _{4 and CP} are output to signature processing section 189. The signature processing unit 189 verifies the signature data SIG1 _{, ESC} shown in FIG. 4B, and thereafter, the public key data K _ESC stored in the public key certificate data CER _CP shown in FIG. 4B. _{, P} , the signature data SIG _{2, CP to} SIG _{4, CP} are verified. As a result, the validity of the creator of the content data C, the content key data Kc, and the rights document data 106 is verified.

Next, the secure container decryption unit 183
When the validity of the signature data SIG _{2, CP to} SIG _{4, CP} is confirmed, the key file KF is written to the stack memory 200.

The processing contents of each functional block related to the processing of using and purchasing the content data C downloaded to the download memory 167 will be described below with reference to FIG.

The use monitoring unit 186 stores the stack memory 20
0 to the rights certificate data 106 and the usage control status data 1
66, and monitors that the purchase / use of the content is performed within the range permitted by the read right certificate data 106 and use control status data 166. Here, the rights certificate data 106 is stored in the key file KF shown in FIG. 4B and stored in the stack memory 200 after decryption, as described with reference to FIG. The usage control state data 166 is stored in the stack memory 200 when the purchase mode is determined by the user, as described later.

The billing processing unit 187 creates the usage history data 108 according to the operation signal S165 from the purchase / use mode determination operation unit 165 shown in FIG. Here, as described above, the usage history data 108 describes the history of the form of purchase and use of the secure container 104 by the user. Used to determine the payment of the license fee.

[0130] Further, the charging processing unit 187 notifies the user of the sales price or the standard retail price data SRP read from the stack memory 200 as necessary. Here, the sales price and the standard retail price data SRP are stored in the right certificate data 106 of the key file KF shown in FIG. 4B and stored in the stack memory 200 after decryption. The billing process by the billing processing unit 187 is performed under the supervision of the use monitoring unit 186, under the rights contents such as the license conditions indicated by the license data 106 and the use control state data 16.
6 is performed. That is, the user purchases and uses the content within a range according to the content of the right.

[0131] The billing processing section 187 receives the operation signal S1.
Based on 65, usage control status (UCS: Usage Control Status) data 166 describing the content purchase mode by the user is generated, and this is written to the stack memory 200. Examples of the content purchase form include a purchase purchase without imposing restrictions on reproduction by the purchaser and copying for use by the purchaser, and a reproduction charge for charging for each reproduction. Here, the use control state data 166 is generated when the user determines the purchase mode of the content, and thereafter, is controlled so that the user uses the content within the range permitted by the determined purchase mode. Used to The usage control status data 166 includes
Content ID, purchase format, price according to the purchase format, SAM of SAM from which the content was purchased
_ID, USER_ID of the user who made the purchase, and the like are described.

[0132] Incidentally, if the purchase mode determined is the reproduction charge, for example, transmits in real time from SAM 105 ₁ and the purchase of the content data C usage control status data 166 to the content provider 101, content provider 101 EMD service center 102
The usage history data 108 is stored in the SAM 10 within a predetermined period.
Instruct 5 to go to ₁ . In the case where the determined purchase mode is purchase out, for example, the usage control status data 166 is transmitted to both the content provider 101 and the EMD service center 102 in real time. As described above, in this embodiment, the use control state data 166 is transmitted to the content provider 101 in real time in any case.

The EMD service center management unit 185 transmits the usage history data 108 read from the external memory 201 to the EMD service center 102 via the external memory management unit 811. At this time, the EMD service center management unit 185 creates the signature data _{SIG200, SAM1} of the usage history data 108 using the secret key data _{KSAM1, s} in the signature processing unit 189, and uses the signature data _{SIG200 , SAM1} . EMD service center 10 together with history data 108
Send to 2. Transmission of the usage history data 108 to the EMD service center 102 may be performed, for example, in response to a request from the EMD service center 102 or periodically, or when the amount of history information included in the usage history data 108 It may be performed when it becomes the above. The information amount is determined, for example, according to the storage capacity of the external memory 201.

For example, when a content reproducing operation is performed in response to an operation signal S165 from the purchase mode determination operation unit 165 shown in FIG. 9, the download memory management unit 182 stores the content data C The content key data Kc read from the stack memory 200 and the user digital watermark information data 196 input from the charging processing unit 187 are output to the decryption / decompression module management unit 184. In addition, the decryption / decompression module management unit 184 stores the download memory 16
7 and the content key data K read from the stack memory 200
c and the semi-disclosed parameter data 199 are output to the decryption / decompression module management unit 184.

Here, the semi-disclosed parameter data 199
Is described in the license data 106 and indicates the handling of the content in the preview mode. In the decryption / decompression module 163, the semi-disclosed parameter data 199
, It is possible to reproduce the encrypted content data C in a semi-disclosed state. As a semi-disclosed technique, for example, the decryption / decompression module 163 processes data (signals) in units of predetermined blocks, and decrypts the content using the content key data Kc with the semi-disclosed parameter data 199. There are those that specify blocks to be performed and blocks that are not to be decrypted, limit the playback function at the time of trial listening, and limit the period during which trial listening is possible.

[0136] Hereinafter, description will be given of a flow of processing in SAM105 within _1. First, the flow of processing up to determining the purchase mode of the secure container 104 downloaded from the content provider 101 to the download memory 167 will be described with reference to FIG. First, when the user operates the purchase / usage mode determination operation unit 165 shown in FIG. 9 to output an operation signal S165 indicating the trial listening mode to the charging processing unit 187, for example, the content file stored in the download memory 167 CF is
This is output to the decoding / decompression module 163 shown in FIG. 9 via the decoding / decompression module management unit 184. At this time, the mutual authentication unit 17
0 and the media SAM 167a for mutual authentication and encryption / decryption by the session key data K _SES , and between the mutual authentication unit 170 and the mutual authentication unit 220 for mutual authentication and encryption / decryption by the session key data K _SES. Is performed. The content file CF is output to the decoding unit 222 after being decoded by the decoding unit 221 shown in FIG.

The content key data Kc and the semi-disclosed parameter data 199 read from the stack memory 200 are stored in the decryption / decompression module 163 shown in FIG.
Is output to At this time, after mutual authentication between the mutual authentication unit 170 and the mutual authentication unit 220, the content key data K
The encryption and decryption of c and the semi-disclosed parameter data 199 are performed by the session key data K _SES . Next, the decrypted semi-disclosure parameter data 199 is output to the semi-disclosure processing unit 225, and under the control of the semi-disclosure processing unit 225, the decryption of the content data C using the content key data Kc by the decryption unit 222 is semi-disclosed. Done in Next, the content data C decrypted in the semi-disclosure is output to the digital watermark information processing unit 224 after being expanded in the expansion unit 223. Next, after the digital watermark information processing section 224 embeds the user digital watermark information data 196 in the content data C, the content data C is reproduced by the reproduction module 169, and a sound corresponding to the content data C is output.

Then, the user who listened to the content listens to
When the purchase mode is determined by operating the purchase / usage mode determination operation unit 165, an operation signal S1 indicating the determined purchase mode.
65 is output to the charging section 187. Then, in the charging processing unit 187, the usage history data 108 and the usage control state data 166 according to the determined purchase mode are generated, and the usage history data 108 is stored in the external memory management unit 81.
1 and the usage control status data 166 is written to the stack memory 200. Thereafter, the use monitoring unit 186 controls (monitors) the purchase and use of the content within the range permitted by the use control status data 166.
Is done. Then, the key file KF stored in the stack memory 200, applied is the usage control status data 166, and FIG. 18 (B) new keys shown in file KF ₁ to be described later purchase mode is determined is generated. The key file KF ₁ is stored in the stack memory 200. FIG.
As shown in FIG. 8B, the usage control status data 166 stored in the key file KF ₁
It is encrypted using the _STR using the DES CBC mode. Also, the storage key data K _STR is
C (Message Authentication Code) MAC ₃₀₀ which is a MAC value generated as key data is attached.
Further, a module including the usage control status data 166 and the MAC ₃₀₀ uses the media key data K _MED to _generate D
It is encrypted using the CBC mode of the ES. The module includes the media key data K _MED
MAC _301, which is a MAC value generated by using as the MAC key data.

Next, the content data C stored in the download memory 167 whose purchase mode has already been determined
Will be described with reference to FIG. In this case, the content file CF stored in the download memory 167 is output to the decryption / decompression module 163 shown in FIG. 9 based on the operation signal S165 under the monitoring of the usage monitoring unit 186. At this time, mutual authentication is performed between the mutual authentication unit 170 shown in FIG. 15 and the mutual authentication unit 220 of the decryption / decompression module 163 shown in FIG. Further, the content key data Kc read from the stack memory 200 is output to the decryption / decompression module 163. Then, the decryption unit 222 of the decryption / decompression module 163 decrypts the content file CF using the content key data Kc, and performs the decompression processing by the decompression unit 223. The reproduction module 169 reproduces the content data C. .
At this time, the operation signal S16 is
According to 5, the usage history data 108 stored in the external memory 201 is updated. Usage history data 108
Is read out from the external memory 201, and after mutual authentication, via the EMD service center management unit 185 _, together with the signature data _{SIG200, SAM1} , the EMD service center 1
02.

[0140] Next, as shown in FIG. 16, for example, already purchase mode has been downloaded to the download memory 167 of the network apparatus 160 ₁ is determined the content file CF and the key file KF, via bus 191, AV It will now be described with reference to FIG. 17 the flow of processing in the SAM 105 within the _first case to be transferred to SAM 105 ₂ of the apparatus 160 _2. The user operates the purchase and usage form determination operation unit 165, instructs the transfer of a predetermined content stored in the download memory 167 to the AV apparatus 160 _2, the operation signal S165 in accordance with the operation,
It is output to billing processor 187. Thereby, the billing processing unit 187 updates the usage history data 108 stored in the external memory 201 based on the operation signal S165.

The download memory management unit 182
FIG. 18 read from the download memory 167
The content file CF shown in FIG.
90. The key file KF ₁ shown in FIG. 18B read from the stack memory 200 is output to the signature processing unit 189 and the SAM management unit 190. Signature processing unit 189 creates the signature data SIG _{42, SAM1} of the key file KF ₁ read out from the stack memory 200 and outputs this to the SAM management unit 190. Also, S
The AM management unit 190 stores the information in the storage unit 192 as shown in FIG.
The public key certificate data CER _SAM1 and its signature data _{SIG22 , ESC shown} in FIG.

Further, the mutual authentication unit 170 determines whether the SAM 105
₂ is the session key data K obtained by performing mutual authentication
_{The SES} is output to the encryption / decryption unit 171. The SAM management unit 190 purchases a new secure container including the data shown in FIGS. 18A, 18B, and _18C , and encrypts it using the session key data K _SES in the encryption / decryption unit 171. later, the AV apparatus 160 ₂ shown in FIG. 16 SA
M105 is output to _2. At this time, SAM 105 ₁ and S
In parallel with mutual authentication with AM 105 ₂ , IEEE1
Mutual authentication of the bus 191 which is a 394 serial bus is performed.

Hereinafter, as shown in FIG.
_The contents file CF input from _{1 is} stored in RAM
SAM1 when writing to a recording medium such as a mold
The flow of processing in 05 within ₂ will be described with reference to FIG. 19.

In this case, as shown in FIG. 16, the SAM management unit 190 of the SAM 105 ₂ transmits the content file CF shown in FIG. 18A, the key file KF ₁ shown in FIG. Data SIG
_{42, SAM1} and the public key signature data CE shown in FIG.
R _SAM1 and its signature data SIG _{22, ESC} are input from the SAM 105 ₁ of the network device 160 ₁ . Then, in the encryption / decryption unit 171, the SAM management unit 1
And the content file CF 90 is entered, the key file KF ₁ and the signature data SIG _{42, SAM1,} public key signature data CER _SAM1 and the signature data SIG
_{22, ESC} and are decrypted using the session key data K _SES obtained by the mutual authentication between the mutual authentication unit 170 and the SAM 105 ₁ of the mutual authentication unit 170.

Next, the key file KF ₁ decrypted using the session key data K _SES and its signature data S
The stack memory 200 stores the IG _{42, SAM1} and the public key signature data CER _SAM1 and its signature data _{SIG22 , ESC.}
Is written to.

Next, the signature processing unit 189 verifies the signature data SIG22 _{, ESC} read from the stack memory 200 using the public key data K _{ESC, P} read from the storage unit 192, and verifies the public key certificate. Check the validity of the data CER _SAM1 . Then, when confirming the validity of the public key certificate data CER _SAM1 , the signature processing unit 189 uses the public key data K _{SAM1, P} stored in the public key certificate data CER _SAM1 to _generate the signature data _{SIG42, SAM1.} Check for legitimacy.

[0147] Next, validity of the signature data SIG _{42, SAM1,} that is, the creator of the validity key file KF ₁ is confirmed, reads the key file KF ₁ shown in FIG. 18 (B) from the stack memory 200 Encryption / decryption unit 1
73. In this example, the key file KF
_{In the} above description, the creator of the key file KF ₁ is the same as the sender, but if the creator of the key file KF ₁ is different from the sender, the signature data of the creator, the sender and the signature of the key file KF ₁ Data is created, and in the signature processing unit 189,
The validity of both signature data is verified.

The encryption / decryption unit 173 encrypts the key file KF ₁ in order using the recording key data K _STR , the media key data K _MED, and the purchaser key data K _PIN read from the storage unit 192. Output to the media SAM management unit 197. Note that the media key data K
_{The MED} is stored in the storage unit 192 in advance by mutual authentication between the mutual authentication unit 170 shown in FIG. 17 and the medium SAM 252 of the RAM type recording medium 250 shown in FIG.

Here, the recording key data _KSTR is, for example, a SACD (Super Audio Compact Disk), a DVD (Digital
Versatile Disc) equipment, CD-R equipment and MD (Mini
Disc) The type of device or the like (in this example, the AV device 16
0 ₂ ), and is used to associate the type of device with the type of recording medium on a one-to-one basis.
Since the physical structure of the disk medium is the same between the SACD and the DVD, the SACD is
May be able to perform recording / reproduction on the recording medium. In such a case, the recording key data _KSTR plays a role of preventing unauthorized copying.

The media key data K _MED is data unique to a recording medium (in this example, a RAM type recording medium 250). The media key data K _MED is stored in a recording medium (in this example, a RAM type recording medium 25 shown in FIG. 16).
0), and it is preferable from the viewpoint of security to perform encryption and decryption using the media key data K _MED in the media SAM of the recording medium. At this time, if the medium SAM is mounted on the recording medium, the medium key data K _MED is stored in the medium SAM.
When the medium SAM is not mounted on the recording medium, for example, it is stored in an area of the RAM area that is not managed by the host CPU 810. In addition,
As in the present embodiment, the SAM on the device side (in this example, S
AM 105 ₂ ) and the media SAM (the media SAM 252 in this example) perform mutual authentication, and transmit the media key data K _MED via the secure communication path to the S-side device.
The data may be transferred to the AM, and the device-side SAM may perform encryption and decryption using the media key data K _MED .
In the present embodiment, the recording key data K _STR and the media key data K _MED are used to protect the security at the physical layer level of the recording medium.

The purchaser key data K _PIN is data indicating the purchaser of the content file CF.
When the content is purchased out of stock, the content is allocated by the EMD service center 102 to the purchased user. The purchaser key data K _PIN is managed in the EMD service center 102.

The media SAM management section 197 includes the content file CF input from the SAM management section 190 and the key file KF ₁ input from the encryption / decryption section 173.
Is output to the recording module 260 shown in FIG. Then, the recording module 260 stores the content file CF and the key file KF ₁ input from the media SAM management unit 197 into the RAM type recording medium 2 shown in FIG.
Write to the 50 RAM area 251. In this case, the key file KF ₁ may be written in the media SAM 252.

Next, when the user home network 303 distributes the ROM-type recording medium 130 shown in FIG.
The flow of processing when determining the purchase mode is described with reference to FIGS. 20 and 21 in the V device 160 _2. A
First, the SAM 105 ₂ of the V device 160 ₂ includes the mutual authentication unit 170 shown in FIG. 21 and the ROM type recording medium 1 shown in FIG.
After performing mutual authentication with the media SAM 133, the media key data K
Enter _MED . Incidentally, SAM 105 ₂ is, when the advance holds the media key data K _MED is may not be performed the input. Next, the ROM type recording medium 130
4B and 4C stored in the secure container 104 and its signature data SIG7 _{, CP} and public key certificate data CER _CP and its signature stored in the secure container 104 recorded in the RAM area 132 of FIG. Data SIG _{1, ESC}
Is input via the media SAM management unit 197, and is written to the stack memory 200.

Next, in the signature processing unit 189, after confirming the validity of the signature data SIG1 _{, ESC} , the public key data K _{CP, P} is extracted from the public key certificate data CER _CP , and
Using this public key data K _{CP, P} , signature data SIG
_7. Verify the validity of _{the CP} , that is, the validity of the creator of the key file KF.

In the signature processing section 189, the signature data SI
When the validity of _{G7 and CP} is confirmed, the stack memory 200
Sends the key file K to the secure container decryption unit 183.
Read F. Then, the secure container decryption unit 183, the distribution use key data KD ₁ corresponding period ～KD ₃
Is used to decrypt the key file KF. Next, the signature processing unit 189 uses the public key data K _{ESC, P}
Signature data SIG _{1, ESCM} stored in key file KF
After confirming the validity of the public key data _{KCP, P} stored in the public key certificate data CER _CP in the key file KF,
Is used to verify the validity of the signature data SIG _{2, CP to} SIG _{4, CP} , that is, the validity of the creator of the content data C, the content key data Kc, and the rights document data 106.

[0156] Next, after performing mutual authentication with the decoding and decompression module 163 shown in the mutual authentication unit 170 and Figure 20 shown in FIG. 21, the decoding and decompression module manager 184 of the SAM 105 _2, the stack memory 200 Key data Kc and rights certificate data 106 stored in
Semi-disclosed parameter data 199 stored in
The content data C read from the ROM area 131 of the OM type recording medium 130 is output to the decryption / decompression module 163 shown in FIG. Next, in the decryption / decompression module 163, the content data C is decrypted in the semi-disclosure mode using the content key data Kc, and is then decompressed and output to the reproduction module 270. Then, the reproduction / decompression module 16
3 is reproduced.

Next, the purchase mode of the content is determined by the purchase operation of the purchase mode determination operation section 165 shown in FIG. .

Next, the charging 58 unit 187 outputs the operation signal S1
The usage control state data 166 corresponding to the number 65 is created, and this is written to the stack memory 200. Next, from the stack memory 200 to the encryption / decryption unit 173, for example, as shown in FIG.
In the key file KF shown in FIG.
New key shown in FIG. 18 (B) storing the 66 file KF ₁ is output.

Next, the encryption / decryption unit 173 converts the key file KF ₁ shown in FIG. 18B read from the stack memory 200 into the recording key data K _STR and the media key data K read from the storage unit 192. Media SAM that is sequentially encrypted using _MED and purchaser key data K _PIN
Output to the management unit 197. Next, after performing mutual authentication between the mutual authentication unit 170 shown in FIG. 21 and the media SAM 133 shown in FIG. 20, the SAM management unit 197 reads the key file KF ₁ input from the encryption / decryption unit 173. 2
0 via the recording module 271 shown in FIG.
133 is written. As a result, the ROM-type recording medium 130 whose purchase mode has been determined is obtained. At this time, the usage control state data 166 and the usage history data 108 generated by the charging unit 187 are transmitted to the EMD service center 102 read from the stack memory 200 and the external memory 201 at predetermined timing.

Hereinafter, as shown in FIG.
0 purchase mode in ₃ of ROM type undetermined recording medium 1
Transferred from 30 to the AV equipment 160 ₂ reads the secure container 104, and determines the purchase mode in the AV apparatus 160 ₂ for explaining the flow of processing when writing to RAM type recording medium 250. The ROM-type recording medium 130
Container 1 from the storage medium to the RAM type recording medium 250
04 of the transfer may be performed between any of the network devices 160 ₁ and AV apparatuses 160 ₁ to 160 ₄ shown in FIG.

[0161] First of all, AV equipment 160 ₃ of SAM105 ₃
And performs mutual authentication with the media SAM133 the ROM type storage medium 130, and transfers the media key data K _MED1 of ROM type storage medium 130 to the SAM 105 _3. Further, performs mutual authentication with the media SAM252 AV equipment 160 ₂ of SAM 105 ₂ and RAM type recording medium 250, and transfers the media key data K _MED2 of RAM type recording medium 250 to the SAM 105 _2.

[0162] Then, SAM 105 ₃ is 4 read from the ROM area 131 of the ROM type storage medium 130
(A) Content file CF and RAM area 1
4 (B) and 4 (C) read out from the key file K
F, signature data SIG _{7, CP} , public key certificate data CER
The _CP and the signature data SIG 1, _ESC, in the encryption and decryption unit 172 shown in FIG. 23, it decodes sequentially using the distribution use key data KD ₁ ~KD ₃ corresponding period. Next, the content file CF decrypted by the encryption / decryption unit 172 is output to the encryption / decryption unit 171 and the SAM
After being encrypted using the session key data K _SES obtained by mutual authentication between 105 ₃ and 105 ₂ ,
It is output to the SAM management unit 190. The key file KF decrypted by the encryption / decryption unit 172 is output to the encryption / decryption unit 171 and the signature processing unit 189. The signature processing unit 189, SAM105 ₃ of the secret key data K
_{Using SAM3, S} , signature data SIG of key file KF
_{350, SAM3} is created and output to the encryption / decryption unit 171.

The encryption / decryption unit 171 is provided in the storage unit 1
SAM 105 ₃ public key certificate data CER of _SAM3 and its signature data SIG _{351, ESC} read from the 92,
Key file KF and its signature data SIG _{350, SAM3}
After encrypting the content file CF input from the encryption / decryption unit 172 using the session key data K _SES obtained by the mutual authentication between the SAMs 105 ₃ and 105 ₂ , the SAM management unit 190 is encrypted. Via AV
Output to the SAM 105 _{2 of the} device 160 ₂ .

In the SAM 105 ₂ , as shown in FIG. 24, the content file CF input from the SAM 105 ₃ via the SAM management unit 190 is transmitted to the encryption / decryption unit 1.
After being decrypted at 71 using the session key data K _SES , the RAM
The data is written to the RAM area 251 of the recording medium 250 of the type.

Also, the SAM management unit 190
105 and the key file KF and the signature data SIG _{350, SAM3} input from the _3, the public key certificate data CER
_{After the SAM3} and its signature data SIG _{351 and ESC} are written to the stack memory 200, the encryption / decryption unit 1
At 71, it is decrypted using the session key data K _SES . Next, the decrypted signature data SIG _{351, ECS}
Is verified by the signature processing unit 189, and when its validity is confirmed, the signature data SI is obtained using the public key data K _SAM3 stored in the public key certificate data CER _SAM3.
The validity of _{G350, SAM3} , that is, the validity of the transmission source of the key file KF is confirmed. And the signature data SIG
_When the validity of _{350, SAM3} is confirmed, the stack memory 20
The key file KF is read from 0 and output to the secure container decryption unit 183.

Next, the secure container decryption unit 183
The key file KF is decrypted by using the distribution key data KD _{1 to} KD ₃ of the corresponding period, and after performing a predetermined signature verification, the decrypted key file KF is written to the stack memory 200.

Next, the right certificate data 106 stored in the already decrypted key file KF stored in the stack memory 200 is output to the use monitoring unit 186. The use monitoring unit 186 manages the content purchase form and the use form based on the license data 106.

Next, for example, when the preview mode is selected by the user, the content data C of the content file CF already decrypted with the session key data K _SES
After passing through mutual authentication, the content key data Kc stored in the stack memory 200, the semi-disclosed parameter data 199 obtained from the license data 106, and the user digital watermark information data 196, the decryption / decoding shown in FIG. The data is output to the reproduction module 270 via the decompression module management unit 184. Then, the reproduction module 270 reproduces the content data C corresponding to the trial listening mode.

Next, the purchase / use mode of the content is determined by the user operating the purchase / use mode determination operation unit 165 shown in FIG.
165 is output to the charging unit 187. Then, the billing processing unit 187 generates the use control state data 166 and the use history data 108 according to the determined purchase / use form, and writes them to the stack memory 200 and the external memory 201, respectively. Next, for example, the key file KF ₁ shown in FIG. 18B storing the usage control state data 166 is read from the stack memory 200 to the encryption / decryption unit 173, and the encryption / decryption unit 1 is read.
In 73, the recording key data K _STR read from the storage unit 192, the media key data K _MED2, and the purchaser key data K _PIN are sequentially encrypted and output to the media SAM management unit 197. Key file KF _1, as shown in FIG. 22
The RAM 251 of the RAM type recording medium 250 or the medium SAM2
52 is written. Also, the usage control state data 166
And the usage history data 108 at a predetermined timing,
It is transmitted to the EMD service center 102.

Hereinafter, a method of implementing the SAMs 105 _{1 to} 105 ₄ will be described. When the functions of the SAMs 105 _{1 to} 105 ₄ are realized as hardware, an ASIC-type CPU having a built-in memory is used, and the memory is configured as shown in FIG.
The security function module for realizing each function shown in FIG. 0, a program module for performing content right processing, and highly sensitive data such as key data are stored. A series of rights processing program modules such as a cryptographic library module (public key cryptography, common key cryptography, random number generator, hash function), a content usage control program module, and a billing processing program module are, for example, software Implemented as

For example, the encryption / decryption unit 17 shown in FIG.
For example, the module such as 1 is implemented as hardware as an IP core in an ASIC-type CPU due to a problem of processing speed. Depending on the performance such as the clock speed and the CPU code system, the encryption / decryption unit 171 may be implemented as software. The storage unit 192 shown in FIG.
For example, a nonvolatile memory (flash-ROM) is used as a memory for storing program modules and data for realizing the functions shown in FIG. 10, and a high-speed writable memory such as an SRAM is used as a working memory. Used. In addition, SAM
A ferroelectric memory (FeRAM) may be used as a memory built in 105 _{1 to} 105 ₄ . Also, SA
M105 to _{1-105 4,} the other, a clock function to be used to verify the date and time, such as at the expiration date and the contract period for the use of content is being built.

As described above, the SAMs 105 _{1 to} 105
₄ has a tamper-resistant structure that shields program modules, data and processing contents from the outside. S
AM105 ₁ ~105 ₄ a equipped with the equipment of the host CPU
Via the bus, the contents of highly confidential programs and data stored in the memory inside the IC of the SAM, and the SAM system configuration (System
Configuration) related registers and cryptographic library and clock registers should not be read or newly written, i.e., exist in the address space allocated by the host CPU of the mounted device. In order to avoid this, the SAM uses an MMU (Memory Magagement Unit) that manages the memory space on the CPU side, and sets an address space invisible to the host CPU on the mounted device side. The SAMs 105 _{1 to} 105 ₄ are
It has a structure that can withstand external physical attacks such as X-rays and heat, and has a debugging tool (hardware IC
E, software ICE, etc., even if real-time debugging (reverse engineering) is performed, the processing contents are not known, or the debugging tool itself has a structure that cannot be used after IC manufacturing. . Each of the SAMs 105 _{1 to} 105 ₄ has a hardware-like structure, which is a normal AS with a built-in memory.
Although it is an IC-type CPU, its function depends on software for operating the CPU, but differs from a general ASIC-type CPU in having an encryption function and a tamper-resistant hardware structure.

When all the functions of the SAMs 105 _{1 to} 105 ₄ are realized by software, the SAM 105 ₁ is closed inside a tamper-resistant module to perform software processing. In some cases, the software processing is performed in such a manner that decoding cannot be performed only during the processing. The former is
This is the same as the case where the cryptographic library module is stored in the memory as a normal software module instead of the IP core, and can be considered in the same way as the case where the cryptographic library module is implemented as hardware. On the other hand, the latter is called tamper-resistant software, and even if the execution status is decoded by an ICE (debugger), the execution order of the tasks may be different (in this case, the separated task alone may be used as a program as a program). (That is, the task is cut so as not to affect the preceding and following lines), the task itself is encrypted, and can be realized in the same manner as a task scheduler (MiniOS) for a kind of secure processing. . The task scheduler is embedded in the target program.

Next, the decoding / decompression module 1 shown in FIG.
63 will be described. As shown in FIG. 9, the decryption / decompression module 163 includes a mutual authentication unit 220 and a decryption unit 22.
1, a decoding unit 222, a decompression unit 223, a digital watermark information processing unit 224, and a semi-disclosure processing unit 225. The mutual authentication unit 220 determines that the decryption / decompression module 163 is
5 ₁ when inputting the data, and generates the session key data K _SES performs mutual authentication with the mutual authentication unit 170 shown in FIG. 16.

[0175] decoding unit 221, SAM 105 ₁ content key data Kc input from the semi disclosure parameter data 199, data 196 and the content data C for the user digital watermark information is decrypted by using the session key data K _SES. The decryption unit 221 then decrypts the decrypted content key data Kc and content data C
22 and outputs the decrypted user digital watermark information data 196 to the digital watermark information processing unit 224, and outputs the semi-disclosed parameter data 199 to the semi-disclosed processing unit 225.

The decryption unit 222 uses the content key data Kc based on the control from the semi-disclosure processing unit 225 to
The content data C is decrypted in a semi-disclosed state, and the decrypted content data C is output to the decompression unit 223.

The decompression unit 223 decompresses the decrypted content data C and outputs it to the digital watermark information processing unit 224. The decompression unit 223 performs decompression processing using, for example, A / V decompression software stored in the content file CF illustrated in FIG. 4A, and performs decompression processing using, for example, the ATRAC3 method.

The digital watermark information processing unit 224 embeds the user digital watermark information corresponding to the decrypted user digital watermark information data 196 into the decrypted content data C, and generates new content data C. The digital watermark information processing unit 224 outputs the new content data C to the playback module 169. As described above, the user digital watermark information is embedded in the decryption / decompression module 163 when the content data C is reproduced. In the present invention, the user digital watermark information data 196 may not be embedded in the content data C.

The semi-disclosure processing unit 225, for example, based on the semi-disclosure parameter data 199,
Instruct the decoding unit 222 which block is not to be decoded and which block is to be decoded. The semi-disclosure processing unit 22
In addition, the control unit 5 controls the reproduction function at the time of the trial listening and the period during which the trial listening can be performed based on the semi-disclosed parameter data 199.

The reproduction module 169 performs reproduction in accordance with the decrypted and decompressed content data C.

Next, the content provider 101, EM
A description will be given of a data format when transmitting and receiving data with signature data generated using private key data and public key certificate data between the D service center 102 and the user home network 103. FIG.
(A) shows that the content provider 101 sends the SAM 10
5 ₁ is a diagram for explaining the data format when transmitting the data Data in-band method. In this case, the content provider 101 sends the SAM1
05 _1, a content provider 101 SAM105
Session key data K obtained by the mutual authentication between the _1
The module Mod ₅₀ encrypted by the _SES is transmitted. The module Mod ₅₀ stores the module Mod ₅₁ and its signature data SIG _CP using the secret key data K _{CP, S.} The module Mod ₅₁ includes public key certificate data CER _CP storing the secret key data K _{CP, P} of the content provider 101, and signature data of the public key certificate data CER _CP by the secret key data K _{ESC, S.} SIG
_ESC and data to be transmitted are stored.
By transmitting the module Mod ₅₀ storing the public key certificate data CER _CP from the content provider 101 to the SAM 105 ₁ in this manner, when the SAM 105 ₁ verifies the signature data SIG _CP , the EMD service center 102 SAM105 need to send a public key certificate data CER _CP to ₁ is eliminated.

[0182] FIG. 25 (B), (C) are diagrams for explaining the data format when transmitting out-of-band method data Data from the content provider 101 to the SAM 105 _1. In this case, the module Mod ₅₂ shown in FIG. 25B encrypted with the session key data K _SES obtained by the mutual authentication between the content provider 101 and the SAM 105 ₁ is transmitted from the content provider 101 to the SAM 105 ₁ . You.
The module Mod ₅₂ includes data Data to be transmitted,
The signature data SIG _CP based on the secret key data K _{CP, S} is stored. Further, the module Mod ₅₃ shown in FIG. _25C, which is encrypted with the session key data K _SES obtained by the mutual authentication between the EMD service center 102 and the SAM 105 ₁ , is transmitted from the EMD service center 102 to the SAM 105 ₁ . You. The module Mod ₅₃ stores public key certificate data CER _CP of the content provider 101 and signature data SIG _ESC using the secret key data K _{ESC, S.}

[0183] Figure 25 (D) are diagrams for explaining the data format when transmitting in-band method data Data to the content provider 101 from SAM 105 _1. In this case, the SAM 105 ₁ sends the content provider 101
01 and a module Mod encrypted with session key data K _SES obtained by mutual authentication between SAM 105 ₁ and SAM 105 _1
54 is sent. The module Mod ₅₄ stores the module Mod ₅₅ and signature data SIG _{SAM1 of the} secret key data K _{SAM1, S} of the module Mod ₅₅ . Module Mod _55
Includes public key certificate data CER _SAM1 storing the private key data K _{SAM1 and P} of the SAM 105 ₁ , signature data SIG _ESC with the private key data K _{ESC, S} for the public key certificate data CER _SAM1 , Data to be transmitted is stored. Thus, the public key certificate data CER
_The module Mod ₅₅ storing the _SAM1 is transferred to the SAM 105 ₁
Transmitted to the content provider 101, the content provider 101 sends the signature data SIG
When verifying _SAM1 , the EMD service center 102
_{Does not} need to transmit the public key certificate data CER _SAM1 to the content provider 101.

FIGS. 25E and 25F show the SAM 105 _1.
Is a diagram for describing a data format when data is transmitted from a to a content provider 101 in an out-of-band system. FIG. In this case, SA
The module Mod ₅₆ shown in FIG. _25E encrypted with the session key data K _SES obtained by the mutual authentication between the content provider 101 and the SAM 105 ₁ is transmitted from the M 105 ₁ to the content provider 101.
The module Mod ₅₆ includes data Data to be transmitted and
The secret key data K _{SA M1,} signed by the _S data SIG _SAM1
And are stored. In addition, the EMD service center 10
2, the module Mod ₅₇ shown in FIG. 25 (F) encrypted with the session key data K _SES obtained by the mutual authentication between the EMD service center 102 and the content provider 101 is transmitted. The module Mod ₅₇ includes the public key certificate data CER _SAM1 of the SAM 105 ₁ and its private key data K
_The signature data SIG _ESC by _{ESC, S} is stored.

FIG. 26 (G) shows the content provider 1
01 to the EMD service center 102
FIG. 3 is a diagram for explaining a data format when is transmitted in an in-band system. In this case, from the content provider 101 to the EMD service center 102
Then, the module Mod ₅₈ encrypted with the session key data K _SES obtained by the mutual authentication between the content provider 101 and the EMD service center 102 is transmitted. The module Mod ₅₈ stores the module Mod ₅₉ and the signature data SIG _CP using the secret key data K _{CP, S} thereof. The module Mod ₅₉ includes public key certificate data CER _CP storing secret key data K _{CP, P} of the content provider 101 and public key certificate data CER _CP.
Signature data S with secret key data K _{ESC, S} for _CP
IG _ESC and data to be transmitted are stored.

FIG. 26H shows the contents provider 1
01 to the EMD service center 102
FIG. 4 is a diagram for explaining a data format when is transmitted in an out-of-band system. In this case,
The module Mod ₆₀ shown in FIG. _26H encrypted with the session key data K _SES obtained by the mutual authentication between the content provider 101 and the EMD service center 102 is transmitted from the content provider 101 to the EMD service center 102. . The module Mod ₆₀ includes the data Data to be transmitted and the secret key data K
_The signature data SIG _CP by _{CP and S} is stored. At this time, the public key certificate data CER _CP of the content provider 101 has already been registered in the EMD service center 102.

[0187] FIG. 26 (I) is, EM from SAM105 ₁
FIG. 3 is a diagram for explaining a data format when data Data is transmitted to a D service center 102 by an in-band method. In this case, SAM 105 ₁ through E
The MD service center 102 has the EMD service center 1
02 and the module Mod encrypted with the session key data K _SES obtained by mutual authentication between the SAM 105 ₁ and the SAM 105 _1
61 is sent. The module Mod ₆₁ stores the module Mod ₆₂ and its signature data SIG _SAM1 using the secret key data K _{SAM1, S.} Module Mod _62
Includes public key certificate data CER _SAM1 storing the private key data K _{SAM1 and P} of the SAM 105 ₁ , signature data SIG _ESC with the private key data K _{ESC, S} for the public key certificate data CER _SAM1 , Data to be transmitted is stored.

[0188] FIG. 26 (J) is, EM from SAM105 ₁
FIG. 4 is a diagram for explaining a data format when data Data is transmitted to a D service center 102 by an out-of-band method. In this case, the SAM 105
₁ to the EMD service center 102 using the session key data K _SES obtained by the mutual authentication between the EMD service center 102 and the SAM 105 ₁ in FIG.
The module Mod ₆₃ shown in (J) is transmitted. The module Mod ₆₃ stores data Data to be transmitted and signature data SIG _SAM1 based on the secret key data K _{SAM1, S.} At this time, the EMD service center 102
_Has already registered the public key certificate data CER _SAM1 of the SAM 105 ₁ . Hereinafter, the SAMs 105 _{1 to} 105 ₄
A registration process to the EMD service center 102 at the time of shipment of the "." The SAMs 105 _{1 to} 105
₄ is the same, so that the SAM 105 ₁
Registration processing will be described. When the SAM 105 ₁ is shipped, the key server 141 of the EMD service center 102 shown in FIG.
The following key data is initially registered in the storage unit 192 shown in FIG. The SAM 105 ₁ stores, for example, a program used when the SAM 105 ₁ accesses the EMD service center 102 for the first time in the storage unit 192 or the like at the time of shipment. That is, the storage unit 192
The, for example, SAM 105 ₁ of the identifier SAM_ID of "*" is attached to the left side in FIG. 14, a recording key data K _STR, public key data K _R-CA of the route certificate authority 2, E
Public key data K _{ESC, P} , S of MD service center 102
An original key for generating authentication key data between the secret key data K _{SAM1, S of} the AM 105 ₁ , the public key certificate data CER _SAM1 and its signature data SIG _{22, ESC} , the decryption / decompression module 163 and the media SAM. Data is stored during initial registration. The public key certificate data CER _SAM1
May be transmitted from the EMD service center 102 to the SAM 105 ₁ when registering the SAM 105 ₁ after shipping.

Here, the public key data K of the root certificate authority 2
_R-CA uses RSA, which is generally used in electronic commerce on the Internet, and has a data length of, for example, 10
24 bits. The public key data K _R-CA is issued by the root certificate authority 2 shown in FIG. The public key data K _{ESC, P} of the EMD service center 102 is generated using an elliptic curve cryptosystem having a short data length and a strength equal to or greater than that of RSA.
Is a bit. However, considering the strength of encryption, it is desirable that the public key data K _{ESC, P} has 192 bits or more. Further, the EMD service center 102 registers the public key data K _{ESC, P} in the root certificate authority 92. Further, the root certificate authority 92 creates public key certificate data CER _ESC of the public key data K _{ESC, P.} Public key data K _{ESC, P}
Public key certificate data CER _ESC storing the are preferably stored in the storage unit 192 at the time of shipment of the SAM 105 _1. In this case, the public key certificate data CER _ESC is signed with the private key data K _{ROOT, S} of the root certificate authority 92.

[0190] EMD service center 102 generates a random number SAM 105 ₁ of the secret key data K _{SAM1, S,} generates, generates the public key data K _{SAM1, P} to be this pair. Further, the EMD service center 102 receives the authentication of the root certificate authority 92, issues the public key certificate data CER _SAM1 of the public key data K _{SAM1, P ,} and uses its own private key data K _{ESC, S} for this. Attach signature data. That is, the EMD service center 102 establishes the second CA
(Certificate authority).

[0191] In addition, the SAM105 _1, E shown in FIG. 8
The SAM manager 149 of the MD service center 102, are assigned a unique (unique) identifier SAM_ID under the management of the EMD service center 102, with which are stored in the SAM 105 ₁ of the storage unit 192, SAM database shown in FIG. 8 149a, and is managed by the EMD service center 102.

After shipment, the SAM 105 ₁ is connected to the EMD service center 102 by a user, for example, to perform a registration procedure, and to execute the registration process.
02 to the storage unit 192 from the distribution key data KD _{1 to} KD ₃
Is transferred. That is, a user who uses the SAM 105 ₁ needs to perform a registration procedure in the EMD service center 102 before downloading content. In this registration procedure, for example, information identifying the user himself / herself is described using a registration sheet or the like attached when a device equipped with the SAM 105 ₁ (in this example, the network device 160 ₁ ) is purchased. This is done offline, for example by mail. The SAM 105 ₁ can be used only after the above-described registration procedure.

[0193] The EMD service center 102 is
05 in accordance with the registration procedure according to _one of the user, by issuing a unique identifier USER_ID user, for example, in the SAM database 149a shown in FIG. 8, and manages the correspondence between the SAM_ID and the USER_ID, utilized during charging. In addition, the EMD service center 102 has the SAM 10
5 ₁ of the identifier ID information reference to the user assigns a password to be used for the first time, notifies the user. The user can use the information reference identifier ID and the password to make an inquiry to the EMD service center 102 for information on, for example, the usage status (usage history) of the content data up to the present. Also, EMD
When registering a user, the service center 102 checks the identity with a credit card company or the like, or checks the identity of the user offline.

Next, as shown in FIG.
A procedure for storing the SAM registration list in the storage unit 192 in ₁ will be described. The SAM 105 ₁ shown in FIG. 1 is a topology generated when, for example, an IEEE 1394 serial bus is used as the bus 191, a power supply of a device connected to the bus 191 is turned on, or a new device is connected to the bus 191. using the map, get the SAM105 ₂ ~SAM105 ₄ of the SAM registration list that exists in your system. The topology map generated according to the bus 191 which is an IEEE 1394 serial bus is as follows.
For example, as shown in FIG.
5 ₁ when to 105 ₄ in addition AV equipment 160 _5, 160 ₆ SCMS processing circuits 105 _5, 105 ₆ are connected, generates a target SAM 105 ₁ to 105 ₄ and SCMS processing circuits 105 _5, 105 ₆ Is done. Therefore, the SAM 105 ₁ obtains S
Extract information about AMs 105 _{1 to} 105 ₄ to SA
Generate an M registration list.

The data format of the SAM registration list is shown, for example, in FIG. And SAM105
₁ registers the SAM registration list in the EMD service center 102 and obtains a signature. These processes are performed on the bus 1
Utilizing the 91 session of SAM 105 ₁ is automatically carried out, issues a registration instruction of the SAM registration list in the EMD service center 102. EMD service center 102
Upon receiving the SAM registration list shown from SAM105 ₁ in FIG. 28, to check the expiration date. Then, EMD service center 102 performs the setting of the portion corresponding with reference to the presence or absence of the specified settlement function from SAM 105 ₁ when registering. Further, the EMD service center 102 checks the revocation list and sets a revocation flag in the SAM registration list. The revocation list is forbidden (invalid) by the EMD service center 102 for reasons such as unauthorized use.
M is a list. Also, the EMD service center 102
Retrieves the SAM registration list corresponding to the SAM 105 ₁ at the time of settlement, and checks whether the SAM described therein is included in the revocation list. Also, EM
The D service center 102 attaches a signature to the SAM registration list. The SAM relocation list is generated only for SAMs of the same system (connected to the same bus 191), and indicates whether the SAM is valid or invalid by a revocation flag corresponding to each SAM. I have.

Hereinafter, the content provider 1 shown in FIG.
01 will be described. FIG. 29 is a flowchart of the overall operation of the content provider 101. Step S1: The EMD service center 102 transmits the public key certificate CER _CP of the public key data K _{CP, P} of the content provider 101 to the content provider 101 after the content provider 101 goes through a predetermined registration process. In addition, the EMD service center 102 checks the SAM1
05 ₁ After to 105 ₄ which has passed through the predetermined registration processing, SAM
Public key data K _{SAM1, P to} K _{SAM4, P of} 105 _{1 to} 105 ₄
Public key certificates CER _CP1 to CER _CP4 of SAM105
To send to the _{1-105 4.} Further, EMD service center 102 after the mutual authentication, each expiration transmits the distribution key data KD ₁ ～KD ₆ of 6 months of one month to the content provider 101, three months distribution key The data KD _{1 to} KD ₃ are transferred to the user home network 103
Send to Thus, in the EMD system 100,
The distribution key data KD ₁ ~KD ₃ in advance SAM105 ₁ ~
Because it is distributed to 105 _4, SAM105 ₁ ~105
₄ and the EMD service center 102 are in an offline state, the secure containers 1 distributed from the content provider 101 in the SAMs 105 _{1 to} 105 ₄
04 can be decrypted and purchased and used. In this case, the purchase / use history is described in the use history data 108, and the use history data 108 includes SAMs 105 _{1 to} 105 ₄ and E
When the MD service center 102 is connected, the EM
D is automatically sent to the service center 102,
The settlement processing in the MD service center 102 can be reliably performed. The EMD service center 102
However, a SAM for which the usage history data 108 cannot be collected within a predetermined period is regarded as invalid in the revocation list. Note that the usage control status data 166, as a rule, in real time, is transmitted from the SAM 105 ₁ to 105 ₄ to the EMD service center 102.

Step S2: Content Provider 10
After performing mutual authentication, the EMD service center 1 sends the right registration request module Mod ₂ shown in FIG.
02. Then, the EMD service center 102
After performing a predetermined signature verification,
And the content key data Kc is registered and authorized.

Step S3: Content Provider 10
1 performs encryption by using a distribution key data KD ₁ ~KD ₆ of the corresponding period, FIG. 4 (A), create a content file CF and the key file KF (B), the with these The public key certificate data CE shown in FIG.
The secure container 104 storing _Rcp is distributed to the user home network 103 online and / or offline.

[0199] Step S4: SAM105 ₁ ~SAM105 ₄ of the user home network 103, the distribution key data KD ₁ of the period corresponding the secure container 104
~ KD _{3 and the} like, and secure container 104
It performs signature verification for verifying the validity of the secure container 104 with the creator and sender of the content, and checks whether the secure container 104 has been transmitted from the valid content provider 101.

Step S5: SAM105 _{1 to} SAM1
In 05 _4, based on the operation signal S165 in accordance with the operation of the purchase and usage form determination operation unit 165 shown in FIG. 9 by the user, to determine the purchase and usage modes. At this time, FIG.
The usage monitoring unit 186 shown in FIG. 5 manages the user's purchase / use mode of the content file CF based on the rights document data 106 stored in the secure container 104.

Step S6: SAM105 _{1 to} SAM1
05 In the charge processor 187 shown in FIG. 15 of _4, based on the operation signal S165, the usage log data 108 and the usage control status data 166 describing the operation of the purchase and usage of the decision by the user to produce, these EMD The data is transmitted to the service center 102.

Step S7: EMD service center 10
In the settlement processing unit 142 shown in FIG. 8, the settlement processing unit 142 performs settlement processing based on the usage history data 108, and creates settlement claim right data 152 and settlement report data 107. The EMD service center 102 transmits the settlement claim right data 152 and its signature data SIG ₉₉ to the settlement agency 91 via the payment gateway 90 shown in FIG. Further, the EMD service center 102 transmits the settlement report data 107 to the content provider 101.

Step S8: In the settlement institution 91,
After verifying the signature data SIG ₉₉ , the amount paid by the user is distributed to the owner of the content provider 101 based on the settlement claim data 152.

First Modification of First Embodiment In the above-described embodiment, as shown in FIG. 4B, the content provider 101 encrypts the key file KF using the distribution key data KD, and the SAM 105 ₁ to SAM 105 ₁ .
105 has been illustrated a case of decoding the key file KF by using the distribution use key data KD in _4, as shown in FIG. 1, from the content provider 101 SAM 105 ₁ ~
When supplying the secure container 104 directly to 105 _4, the encryption of the key file KF using the distribution key data KD is not necessarily performed. In this manner, the encryption of the key file KF using the distribution key data KD is performed when the content data is supplied from the content provider to the user home network via the service provider as in a second embodiment described later. To
By holding the distribution key data KD only in the content provider and the user home network, a great effect is exerted in suppressing fraudulent activities by the service provider. However, even in the case of the first embodiment described above,
Encrypting the key file KF using the distribution key data KD is effective in increasing the power of suppressing unauthorized use of content data.

Further, in the above-described embodiment, FIG.
The case where the standard retail price data SRP is stored in the right certificate data 106 in the key file KF shown in FIG.
Outside the key file KF in the secure container 104,
Standard retail price data SRP (price tag data) may be stored. In this case, the standard retail price data SR
A signature data created using the secret key data _Kcp is attached to P.

Second Modification of First Embodiment In the above-described first embodiment, as shown in FIG.
The case where the service center 102 performs the payment processing at the payment institution 91 via the payment gateway 90 using the payment claim right data 152 generated by itself is exemplified. For example, as shown in FIG. The payment request data 152 may be transmitted from the 102 to the content provider 101, and the content provider 101 may use the payment request data 152 to perform a payment process to the payment institution 91 via the payment gateway 90.

Third Modification of First Embodiment In the first embodiment described above, the SAM of the user home network 103 is transmitted from a single content provider 101.
105 _{1-105 4} has exemplified the case of supplying the secure container 104, two or more content providers 101a, SAM 105 ₁ to 105 ₄ each secure container 104a from 101b, 104b may be supplied. FIG. 31 shows the content provider 1
FIG. 14 is a configuration diagram of an EMD system according to a second modification of the first embodiment when using 01a and 101b. In this case, EMD service center 102, the content provider 101a and 101b, the distribution use key data of each 6-month KDa ₁ ~KDa ₆ and KDb ₁ ~K
To deliver the Db _6. Also, the EMD service center 102
Is, to SAM105 ₁ ~105 _4, to deliver the 3 months of delivery for key data KDa ₁ ~KDa ₃ and KDb ₁ ~KDb _3.

Then, the content provider 101a
Is a content file CFa encrypted using the unique content key data Kca, and a content key data K
secure container 10 that stores the key file KFa encrypted by using the distribution key data KDa ₁ ~KDa ₆ of the period corresponding to the such as ca and usage control policy data 106a
4a to SAMs 105 _{1 to} 105 ₄ online and / or
Or supply off-run. At this time, a globally unique identifier Content_ID distributed by the EMD service center 102 is used as the key file identifier, and the EMD service center 102 manages the content data in a unified manner. Further, the content provider 101b has its own content key data Kcb.
Secure container which stores the content file CFb encrypted, and content key data Kcb and rights certificate data 106b by using the distribution key data KDb ₁ ~KDb ₆ of the corresponding period and a key file KFb encrypted using the 104b is supplied to the SAMs 105 ₁ -105 ₄ online and / or off-run.

The SAMs 105 _{1 to} 105 ₄ decrypt the secure container 104 a using the distribution key data KDa _{1 to} KDa ₃ of the corresponding period, and determine the content purchase mode through a predetermined signature verification process and the like. And
The use history data 108a and the use control state data 166a generated according to the determined purchase form and use form are transmitted to the EMD service center 102.
The SAMs 105 _{1 to} 105 ₄ transmit the distribution key data K for the corresponding period for the secure container 104b.
The content is decrypted using Db _{1 to} KDb ₃ , the purchase form of the content is determined through a predetermined signature verification process or the like, the use history data 108 b generated according to the determined purchase form and use form, and the use control are used. State data 16
6b to the EMD service center 102.

[0210] In the EMD service center 102, the content provider 1 based on the usage history data 108a.
Create payment request right data 152a for 01a,
The settlement processing is performed for the settlement institution 91 using this.
Further, the EMD service center 102, based on the usage history data 108b,
, The settlement request data 152b is created, and the settlement institution 91 is settled using this.

[0211] The EMD service center 102 registers the authorization data 106a and 106b to perform the authorization. At this time, the EMD service center 102 transmits the key file KF corresponding to the license data 106a, 106b.
a, KFb, globally unique identifier Co
distributes the nent_ID. Further, the EMD service center 102 includes the content providers 101a, 101
b issue public key certificate data CER _cpa and CER _CPb, and issue their own signature data SIG _{1b, ESC} and SIG.
_1a, Attach _ESC and authenticate its validity.

Second Embodiment In the above-described embodiment, the SAMs 105 ₁ to SAM 105 _{1 of the} user home network 103 are sent from the content provider 101.
A case has been exemplified for directly distributing the content data to 105 _4, in the present embodiment, the content data that the content provider will provide, the case of delivery to the SAM of the user home network via the service provider.

FIG. 32 shows the EMD system 3 of this embodiment.
FIG. As shown in FIG. 32, the EMD system 300 includes a content provider 301, an EMD service center 302, and a user home network 30.
3. It has a service provider 310, a payment gateway 90, and a clearing house 91. Content provider 301, EMD service center 302, SAM30
5 _{1-305 4} etc. and the service provider 310
Is a data providing device according to claim 22 or the like,
It corresponds to a management device, a data processing device, and a data distribution device, respectively. The content provider 301 is the same as the content provider 101 of the first embodiment described above, except that content data is supplied to the service provider 310. Further, the EMD service center 302 includes the content provider 101 and the S
It is the same as the EMD service center 102 of the first embodiment described above, except that the service provider 310 has an authentication function, a key data management function, and a right processing function in addition to the AMs 505 _{1 to} 505 ₄ . Also, the user home network 303 is a network device 3
60 ₁ and has an AV apparatus 360 ₂ to 360 _4. The network device 360 ₁ has a built-in SAM 305 ₁ and CA module 311, and has an AV device 360 1.
_{2-360 4} are each built-in SAM305 ₂ ~305 _4. Here, the SAMs 305 _{1 to} 305 ₄ receive the distribution of the secure container 304 from the service provider 310, verify the signature data of the service provider 310 in addition to the content provider 301, and purchase the SP purchase history data (data distribution device). Purchase history data) 309,
This is the same as the SAMs 105 _{1 to} 105 ₄ of the first embodiment described above.

First, the outline of the EMD system 300 will be described. In the EMD system 300, the content provider 301 uses the same rights certificate (UCP: Usage C) as in the above-described first embodiment, which indicates the rights such as the license condition of the content data C of the content to be provided by the content provider 301.
ontrol Policy) data 106 to the EMD service center 302, which is a highly reliable authority. The license data 106 is registered in the EMD service center 302 and is authorized (authenticated).

Further, the content provider 301 encrypts the content data C with the content key data Kc to generate a content file CF. Further, the content provider 301 transmits the distribution key data KD _{1 to} KD for the corresponding period distributed from the EMD service center 302.
Using D _6, it encrypts the content key data Kc and the usage control policy data 106, creates the key file KF storing them. And the content provider 301
Is a secure container 104 storing a content file CF, a key file KF, and its own signature data.
Is supplied to the service provider 310 using a network such as the Internet, digital broadcasting, a recording medium, an unofficial protocol, or offline.

Upon receiving the secure container 104 from the content provider 301, the service provider 310 verifies the signature data to determine whether the secure container 104 has been created by the legitimate content provider 301 and the sender's legitimacy. Check. Next, the service provider 310 adds price tag data (PT) 312 indicating the price obtained by adding the price of its service to the price (SRP) for the content desired by the content provider 301 notified offline, for example. create. Then, the service provider 310 secures the content file CF and the key file KF extracted from the secure container 104, the price tag data 312, and the signature data of the content file CF and the key file 312 by using its own secret key data K _{SP, S.} Create a container 304. At this time, the key file K
F is encrypted by the distribution key data KD ₁ ~KD _6, because the service provider 310 does not hold the distribution key data KD ₁ ~KD _6, service provider 310 the content of the key file KF They cannot be seen or rewritten. Further, the EMD service center 302 registers and authorizes the price tag data 312.

The service provider 310 distributes the secure container 304 to the user home network 303 online and / or offline. At this time, in the case of off-line, the secure container 304 is directly supplied to the SAM 305 ₁ to 305 _4. On the other hand, when online, the service provider 310
And the CA module 311 perform mutual authentication, encrypt the secure container 304 using the session key data K _SES in the service provider 310 and transmit it, and transmit the secure container 304 received in the CA module 311 to the session key data K _SES. after decoding is used to transfer the SAM 305 ₁ to 305 _4.

Next, in the SAMs 305 _{1 to} 305 ₄ , the secure container 304 is stored in the distribution key data K for the corresponding period distributed from the EMD service center 302.
After decryption using D _{1 to} KD ₃ , the signature data is verified. SAM 305 ₁ to 305 ₄ secure container 304 supplied to, in the network device 360 ₁ and AV apparatuses 360 ₂ to 360 _4, after the purchase and usage mode is determined according to a user operation to the playback and recording medium It is an object of record. SAM305 _{1 to} 3
05 ₄ records as usage history (Usage Log) data 308 the history of the purchase and use of secure container 304 as described above. The usage history data (history data or management device history data) 308 is transmitted from the user home network 303 to the EMD service center 302 in response to a request from the EMD service center 302, for example.

The EMD service center 302, based on the usage history data 308,
For each of the service provider 310 and the service provider 310, the content of the charge is determined (calculated). Thereby, the money paid by the user of the user home network 103 is distributed to the content provider 101 and the service provider 310 by the settlement processing by the EMD service center 102.

In this embodiment, the EMD service center 3
02 has an authentication function, a key data management function, and a right processing (profit distribution) function. In other words, the EMD service center 302 transmits a second certificate authority (Sec) to the root certificate authority 92 which is the highest authority in a neutral position.
ond Certificate Authority), the content provider 301 and the service provider 310
And the SAM 305 _{1 to} 305 ₄ attaches a signature to the public key certificate data of the public key data used for the verification processing of the signature data with the secret key data of the EMD service center 302 to authenticate the validity of the public key data. I do. Further, as described above, the authorization function of the EMD service center 302 also registers and authorizes the right form data 106 of the content provider 301 and the price tag data 312 of the service provider 310. Also, the EMD service center 302
For example, a key data management function for managing the key data such as the distribution key data KD ₁ ~KD _6. Also, EM
The D service center 302 is the content provider 30
1 and the SAM 305 ₁ -S
Usage history data 308 input from AM 305 ₄ and price tag data 3 registered by service provider 310
12, the settlement of the purchase and use of the content by the user of the user home network 303 is performed, and the money paid by the user is transferred to the content provider 30.
1 and a right processing (profit sharing) function to distribute and pay to the service provider 310.

Hereinafter, each component of the content provider 301 will be described in detail. [Content Provider 301] FIG. 33 is a functional block diagram of the content provider 301, and shows a flow of data related to data transmitted to and received from the service provider 310. As shown in FIG. 33, the content provider 301 includes a content master source server 111, a digital watermark information adding unit 112, a compression unit 1
13, encryption section 114, random number generation section 115, encryption section 1
16, signature processing unit 117, secure container creation unit 11
8. Secure container database 118a, storage unit 1
19. Mutual authentication unit 120, encryption / decryption unit 121, rights document data creation unit 122, EMD service center management unit 1
25 and a service provider management unit 324.

In FIG. 33, the components denoted by the same reference numerals as in FIG. 2 are the same as the components denoted by the same reference numerals in the first embodiment described above with reference to FIGS. That is, the content provider 301 has a configuration in which a service provider management unit 324 is provided instead of the SAM management unit 124 shown in FIG. The service provider management unit 324 stores the secure container creation unit 11
The secure container 104 input from 8 is provided to the service provider 310 shown in FIG. 32 offline and / or online. As in the first embodiment, the secure container 104 includes FIGS.
(C) stores the content file CF and its signature data SIG6 _{, CP} , the key file KF and its signature data SIG7 _{, CP,} and the public key certificate data CER _CP and its signature data SIG1 _{, ESC.} ing.

When delivering the secure container 104 to the service provider 310 online, the service provider management unit 324 encrypts the secure container 104 using the session key data K _SES in the encryption / decryption unit 121, The data is distributed to the service provider 310 via the network.

The data flow in the content provider 101 shown in FIG.
10 applies similarly.

[Service Provider 310] The service provider 310 stores the content file CF and the key file KF in the secure container 104 provided from the content provider 301 and the price tag data 312 generated by itself. Online and / or offline, the network device 36 of the user home network 303.
0 delivering to ₁ and AV apparatuses 360 ₂ to 360 _4. The service form of the content distribution by the service provider 310 is roughly classified into an independent service and an interlocked service. The stand-alone service is, for example, a download-only service that individually distributes content. The linked service is a service that distributes content in conjunction with a program or CM (advertisement).
The content of the theme song and insertion song of the drama is stored in the stream of the drama program. When watching the drama program, the user can purchase the content of the theme song or the inserted song in the stream.

FIG. 34 is a functional block diagram of the service provider 310. FIG. 34 shows the secure container 10 supplied from the content provider 301.
4 shows a flow of data when supplying the secure container 304 corresponding to No. 4 to the user home network 303. As shown in FIG.
Are the content provider management unit 350 and the storage unit 35
1, mutual authentication unit 352, encryption / decryption unit 353, signature processing unit 354, secure container creation unit 355, secure container database 355a, price tag data creation unit 356, user home network management unit 357,
It has an EMD service center management unit 358 and a user preference filter generation unit 920.

Hereinafter, a secure container 304 is created from the secure container 104 supplied from the content provider 301, and the secure container 304 is created on the user home network 3
Referring to FIG. 34, a flow of processing in the service provider 310 at the time of distribution to the service provider 03 will be described. The content provider management unit 350 receives the supply of the secure container 104 shown in FIG. 4 from the content provider 301 and writes the secure container 104 into the storage unit 351 online and / or offline. At this time, when online, the content provider management unit 350 uses the session key data K _SES obtained by mutual authentication between the mutual authentication unit 120 shown in FIG. 33 and the mutual authentication unit 352 shown in FIG. And secure container 10
4 is decrypted in the encryption / decryption unit 353, and then written in the storage unit 351.

Next, in the signature processing unit 354, the secure container 104 stored in the storage
The signature data SIG _{1 and ESC} shown in FIG.
Public key data K of the EMD service center 302 read from the _ESC, verified using _P, after its validity was recognized, the public key data K _CP from the public key certificate data CER _CP shown in FIG. 4 (C) _{, Take} out _P. Next, the signature processing unit 3
54 uses the extracted public key data K _{CP, P}
Secure container 104 stored in storage unit 351
Signature data SIG _{6, CP} , S shown in FIGS.
Verify IG7 _{and CP} .

Next, the secure container creation unit 355
When the validity of the signature data SIG _{6, CP} , SIG _{7, CP} is confirmed, the storage unit 351 stores the content file CF, the key file KF, the public key certificate data CER _{SP of the} service provider 310, and the signature data SIG.
_{61, Read ESC} .

[0230] Also, the price tag data creation unit 356
Creates price tag data 312 indicating a price obtained by adding the price of its service to the price of the content requested by the content provider 301 notified offline from the content provider 301, for example,
This is output to the secure container creation unit 355.

The signature processing unit 354 takes the hash value of the content file CF, the key file KF, and the price tag data 312, and
Using the secret key data K _{SP, P} of 0, the signature data SIG
_{62, SP} , SIG _{63, SP} , and SIG _{64, SP} are created and output to the secure container creation unit 355.

Next, the secure container creation unit 355
Figure 35 As shown in (A) ~ (D), the content file CF and its signature data SIG _{62, SP,} and the key file KF and the signature data SIG _{63, ESC,} price tag data 312 and the signature data SIG _{64 , SP}
Then, a secure container 304 storing the public key certificate data CER _SP and its signature data SIG _{61, ESC} is created and stored in the secure container database 355a. Then, the secure container creating unit 355 stores the secure container 304 according to the request from the user home network 303 in the secure container database 355.
a from the user home network management unit 35
7 is output. At this time, the secure container 304
It may be a composite container storing a plurality of content files CF and a plurality of key files KF respectively corresponding to the content files CF. For example, a single secure container 3
04, each song, video clip, lyrics card,
A plurality of content files CF relating to liner notes and jackets may be stored in a single secure container 304. These plurality of content files CF
Are the directory structure of the secure container 304
It may be stored within.

[0233] When the secure container 304 is transmitted by digital broadcasting, the MHEG (Multimedia announce) is used.
d When the Hypermedia Information Coding Experts Group (protocol) is used and transmitted over the Internet, XML / SMIL / HTML (Hyper Text Markup Lang)
uage) protocol is used. At this time, the content file CF and the key file KF are centrally managed by the content provider 301 and do not depend on the protocol for transmitting the secure container 304. That is, the content file CF and the key file KF
Are stored in the secure container 304 in the form of tunneling MHEG and HTML protocols.

Next, the user home network management section 3
57 stores the secure container 304 offline and / or online in the user home network 303.
To supply. User home network management unit 357
When distributing the secure container 304 online to the network device 360 ₁ of the user home network 303, the encryption / decryption unit 352
After encrypting the secure container 304 using the session key data K _{SES in} , the data is distributed to the network device 360 ₁ via the network.

Note that the user home network management unit 3
The 57 encrypts the secure container 304 using the scramble key data K _SCR when broadcasting the secure container 304 via, for example, a satellite. Further, the scramble key data K _SCR by encrypting the work key data K _W, encrypted with the work key data K _W master key data K _M. Then, the user home network management unit 357 transmits the scramble key data K _SCR and the work key data K _W together with the secure container 304 to the user home network 303 via the satellite.
Further, for example, the user home network 30 off-line the master key data K _M, and stores such as the IC card
3 to be distributed.

The user home network management unit 3
57 is content data C distributed by the service provider 310 from the user home network 303.
Upon receiving the SP purchase history data 309 for
This is written in the storage unit 351. Service Provider 3
10 refers to the SP purchase history data 309 when determining future service contents. Further, the user preference filter generation unit 920 transmits the SP purchase history data 309 based on the SP purchase history data 309 based on the SP purchase history data 309.
AM305 analyzes the preference of ₁ to 305 ₄ of the user to generate a user preference filter data 900 and transmits this via the user home network management unit 357 to the CA module 311 of the user home network 303.

FIG. 36 shows the flow of data related to communication with the EMD service center 302 in the service provider 310. In addition, assuming that the following processing is performed, a person involved in the service provider 310 performs registration processing in the EMD service center 302 offline using, for example, his / her own ID card and a bank account for performing payment processing. , Globally unique identifier SP_ID. The identifier SP_ID is
It is stored in the storage unit 351.

First, the service provider 310 determines that the EM
D service center 302 has its own private key data K _{SP, S}
FIG. 36 shows a process for requesting public key certificate data CER _SP for certifying the validity of public key data K _{SP, S} corresponding to.
This will be described with reference to FIG. First, service provider 3
Numeral 10 generates a random number using a true random number generator, generates secret key data K _{SP, S} , creates public key data K _{SP, P} corresponding to the secret key data K _{SP, S} , and stores it in a storage unit. 351 is stored. The EMD service center management unit 358 reads the identifier SP_ID of the service provider 310 and the public key data K _{SP, P} from the storage unit 351. Then, the EMD service center management unit 358 transmits the identifier SP_ID and the public key data K _{SP, P} to the EMD service center 302. Then, the EMD service center management unit 348
Inputs the public key certificate data CER _SP and its signature data SIG _{61, ESC} from the EMD service center 302 according to the registration, and writes the same in the storage unit 351.

Next, the service provider 310 sets the EM
The process of registering the price tag data 312 in the D service center 302 and authorizing it will be described with reference to FIG.

In this case, in the signature processing unit 354, the hash value of the module Mod ₁₀₃ storing the price tag data 312 created by the price tag data creation unit 356 and the globally unique identifier Content_ID read from the storage unit 351 is stored. The signature data SIG80 _{, SP} is generated using the secret key data _{KSP, S.} Further, the public key certificate data CER _SP and its signature data SIG _{61, ESC} are read from the storage unit 351. The price tag registration request module Mod _102, the mutual authentication unit 352 and the EMD service by using the session key data K _SES obtained by the mutual authentication between the center 302 and decoding unit 353 shown in FIG. 37
, And then transmitted from the EMD service center management unit 358 to the EMD service center 302. The module Mod ₁₀₃ includes the service provider 31
A globally unique identifier SP_ID of 0 may be stored.

The EMD service center management unit 358
Writes the payment report data 307s received from the EMD service center 302 into the storage unit 351.

The EMD service center management unit 358
Stores the marketing information data 904 received from the EMD service center 302 in the storage unit 351. The marketing information data 904 is referred to when the service provider 310 determines content data C to be distributed in the future.

[EMD Service Center 302] The EMD Service Center 302, as described above,
A: CertificateAuthority), Key Management
Acts as a bureau and Rights Clearing bureau. FIG. 38 is a configuration diagram of functions of the EMD service center 302. As shown in FIG. 38, the EMD service center 302 includes a key server 141, a key database 14
1a, payment processing unit 442, signature processing unit 443, settlement organization management unit 144, certificate / rights management unit 445, CER database 445a, content provider management unit 14
8, CP database 148a, SAM management unit 149,
SAM database 149a, mutual authentication unit 150, encryption / decryption unit 151, service provider management unit 390,
An SP database 390a, a user preference filter generator 901 and a marketing information data generator 902 are provided. 38, the functional blocks denoted by the same reference numerals as those in FIGS. 7 and 8 have substantially the same functions as the functional blocks denoted by the same reference numerals described in the first embodiment. In the following, in FIG. 38, functional blocks with new reference numerals will be described. FIG. 38 shows the data flow between the functional blocks in the EMD service center 302.
A data flow relating to data transmitted to and received from the service provider 310 is shown. FIG. 39
In the data flow between the functional blocks in the EMD service center 302, the content provider 30
1 shows a flow of data related to data transmitted to and received from the PC. Further, in FIG. 40, of the flow of data between the functional blocks mutually in the EMD service center 302, the data associated with the data sent and received between the SAM 305 ₁ to 305 ₄ and the settlement organization 91 shown in FIG. 32 The flow is shown.

As shown in FIG. 40, the settlement processing unit 442 uses the usage history data 308 input from the SAMs 305 _{1 to} 305 _4, the standard retail price data SRP and the price tag data input from the certificate / rights management unit 445. The settlement processing is performed based on 312. At this time, the settlement processing unit 442 monitors whether or not the service provider 310 has dumped. The payment processing unit 442 includes:
As shown in FIG. 40, the settlement processing creates settlement report data 307c and settlement claim right data 152c for the content provider 301, and outputs these to the content provider management unit 148 and the settlement organization management unit 144, respectively. In addition, by the settlement process, FIG.
8 and FIG. 40, the service provider 31
0, the settlement report data 307s and the settlement claim right data 152s are created, and these are respectively stored in the service provider management unit 390 and the settlement organization management unit 144.
Output to Here, the settlement claim right data 152c, 15
2s is authorized data which can request payment to the settlement agency 91 based on the data.

Here, the usage history data 308 is used to determine the payment of the license fee related to the secure container 304, similarly to the usage history data 108 described in the first embodiment. The use history data 308 includes, for example, as shown in FIG.
04, the identifier Cont of the content data C stored in
ent_ID, the content provider 30 that provided the content data C stored in the secure container 304
1, the identifier SP_ID of the service provider 310 that has distributed the secure container 304, the signal specification data of the content data C, the compression method of the content data C in the secure container 304, and the identifier Media_ of the recording medium on which the secure container 304 is recorded.
SAM3 which received ID and secure container 304
05 _{1-305 4} identifier SAM_ID, the SAM1
Such as 05 _1-105 of ₄ of the user USER_ID is described. Therefore, the EMD service center 302
If it is necessary to distribute the money paid by the user of the user home network 303 to a license owner such as a compression method or a recording medium other than the owner of the content provider 301 and the service provider 310, a predetermined value is determined. An amount to be paid to each party is determined based on the distribution table, and settlement report data and settlement claim right data are created in accordance with the determination.

[0246] certificate and rights certificate management unit 445, CER database 445a is registered in the authority of public key certificate data CER _cp, public-key certificate data CER _SP and the public key certificate data CER _SAM1 ~CER _SAM2 At the same time, the license card data 106 and the content key data Kc of the content provider 301 and the price tag data 312 of the service provider 310 are registered in the CER database 445a to authorize.
At this time, the certificate / rights management unit 445 takes hash values of the rights data 106, the content key data Kc, the price tag data 312, etc., and outputs the secret key data K
_{Authorization} certificate data is created by adding signature data using _{ESC, S.}

[0247] The content provider management unit 148 has a function of communicating with the content provider 101, and manages a CP database 148a that manages the identifier CP_ID of the registered content provider 101 and the like.
Can be accessed.

[0248] The user preference filter generation unit 901 generates the usage history data 30 based on the usage history data 308.
8 is generated, the user preference filter data 903 for selecting the content data C according to the user's preference of the SAMs 305 _{1 to} 305 ₄ is generated, and the user preference filter data 903 is transmitted via the SAM management unit 149 to the use history. The SAM 305 _{1 to} 305 ₄ that transmitted the data 308
Send to

Marketing information data generating section 902
Generates marketing information data 904 indicating, for example, the overall purchase status of the content data C distributed to the user home network 103 by the plurality of service providers 310 based on the usage history data 308, The data is transmitted to the service provider 310 via the unit 390. The service provider 310 determines contents of a service to be provided in the future with reference to the marketing information data 904.

Hereinafter, the flow of processing in the EMD service center 302 will be described. Distribution key data KD from EMD service center 302 to content provider 301
The transmission of _{1 ~KD 6,} the distribution key data KD ₁ ~ from the EMD service center 302 to SAM305 ₁ ~305 ₄
The transmission of KD _3, carried out in the same manner as in the first embodiment.

The processing when the EMD service center 302 receives a request for issuing public key certificate data from the content provider 301 is also performed by the certificate / rights management unit 4.
45 is performed in the same manner as in the above-described first embodiment except that registration is performed in the CER database 445a.

Next, a process performed when the EMD service center 302 receives a request for issuing public key certificate data from the service provider 310 will be described with reference to FIG. In this case, the service provider management unit 390
34 receives the identifier SP_ID of the service provider 310, the public key data KSP _{, P} and the signature data SIG70 _{, SP} previously given by the EMD service center 302 from the service provider 310 _, and sends them to the mutual authentication unit 150 and FIG. _Is decrypted using the session key data K _SES obtained by mutual authentication with the mutual authentication unit 352 shown in FIG. Then, after confirming the validity of the decrypted signature data SIG70 _{, SP in} the signature processing unit 443, the request for issuing the public key certificate data is issued based on the identifier SP_ID and the public key data KSP _{, P.} It is determined whether the service provider 310 is registered in the SP database 390a. Then, the certificate / rights management unit 445 reads the public key certificate data CER _SP of the service provider 310 from the CER database 445a and outputs it to the service provider management unit 390.
In addition, the signature processing unit 443 sends the public key certificate data CER _SP
Of the signature data SIG61 _{, ESC} using the secret key data K _{ESC, S} of the EMD service center 302.
And outputs it to the service provider management unit 390. Then, the service provider management unit 390
Public key certificate data CER _SP and its signature data SI
After encrypting _{G61, ESC} using the session key data K _SES obtained by the mutual authentication between the mutual authentication unit 150 and the mutual authentication unit 352 shown in FIG. 34, the service provider 3
Send to 10.

Note that the EMD service center 302 has the SA
From M105 ₁ to 105 _4, the processing when receiving the request for issuing the public key certificate data is the same as in the first embodiment. The processing when the EMD service center 302 receives a registration request for the license data 106 from the content provider 301 is also the same as in the first embodiment.

Next, the EMD service center 302 sends the price tag data 312 from the service provider 310.
Will be described with reference to FIG. 38. In this case, when the service provider management unit 390 receives the price tag registration request module Mod ₁₀₂ shown in FIG. 37 from the service provider 310, the mutual authentication unit 150 and the mutual authentication unit 352 shown in FIG.
The price tag registration request module Mod ₁₀₂ is decrypted using the session key data K _SES obtained by the mutual authentication between. Then, the signature data SIG stored in the decrypted price tag registration request module Mod ₁₀₂ is obtained.
_80, after confirming the validity of _{the SP in} the signature processing unit 443, the price tag data 312 stored in the price tag registration request module Mod ₁₀₂ is registered in the CER database 445a via the certificate / rights management unit 445. To be authoritative.

Next, a description will be given, with reference to FIG. 40, of a process performed when settlement is performed in the EMD service center 302. SAM management unit 149, the user home usage log data 3 eg from SAM 305 ₁ of the network 303
08 and its signature data SIG _{205, SAM1} , the usage history data 308 and the signature data SIG
_{205, SAM1} is exchanged with the mutual authentication unit 150 and the SAMs 305 ₁ to 30
5 is decrypted using the session key data K _SES obtained by the mutual authentication between the _4, after performing the verification of the signature data SIG _{205, SAM1} by using the public key data K _{SAM1, p} the SAM 305 _1, Financial Output to the processing unit 442.

Then, the settlement processing unit 442 checks the SAM 30
51 Usage history data 308 input from ₁ and standard retail price data SR input from certificate / rights management unit 445
The settlement processing is performed based on the P and the price tag data 312. The payment processing unit 442 performs the payment processing as shown in FIG.
As shown in FIG. 0, payment report data 307c and payment request data 152c for the content provider 301 are created, and these are output to the content provider management unit 148 and the settlement organization management unit 144, respectively. Further, as shown in FIGS. 38 and 40, the settlement processing creates settlement report data 307s and settlement claim right data 152s for the service provider 310, and stores these in the service provider management unit 3 respectively.
90 and the settlement organization management unit 144.

Next, the settlement organization management unit 144 uses the mutual authentication and session key data K _SES to settle the settlement request data 152c and 152s and the signature data created using the secret key data K _{ESC, S.} After decryption, the data is transmitted to the payment institution 91 via the payment gateway 90 shown in FIG. As a result, the amount of money shown in the settlement request data 152c is paid to the content provider 301, and the settlement request data 152s is paid.
Is paid to the service provider 310.

Next, the EMD service center 302 establishes the content provider 301 and the service provider 31.
Processing when transmitting settlement report data 307c and 307s to 0 will be described. When the settlement is performed in the settlement processing unit 442, the settlement report data 307c is transmitted from the settlement processing unit 442 to the content provider management unit 148.
Is output. The content provider management unit 148
When settlement report data 307c is input from settlement processing section 442, it is encrypted using session key data K _SES obtained by mutual authentication between mutual authentication section 150 and mutual authentication section 120 shown in FIG. , To the content provider 301. When the settlement is performed in the settlement processing unit 442, the settlement report data 307 is transmitted from the settlement processing unit 442 to the service provider management unit 390.
s is output. The service provider management unit 390 includes:
When the settlement report data 307s is input from the settlement processing unit 442, the settlement report data 307s is encrypted using the session key data K _SES obtained by the mutual authentication between the mutual authentication unit 150 and the mutual authentication unit 352 shown in FIG. , To the service provider 310.

The EMD service center 302 also processes the SAMs 305 _{1 to} 305 _{4 at} the time of shipment, and executes the SA process, similarly to the EMD service center 102 of the first embodiment.
The M registration list is registered.

[User Home Network 303] As shown in FIG.
Network device 360 ₁ and A / V equipment 360 ₂ ~
It has a 360 _4. The network device 360 ₁
Has a built-in CA module 311 and SAM 305 _1. Further, AV equipment 360 _{2-360 4} are respectively built SAM 305 ₂ to 305 _4. SAM30
5 _{1-305 4} mutual, for example, are connected via a bus 191, such as a 1394 serial interface bus. Note that the AV devices 360 _{2 to} 360 ₄ may have a network communication function or may not have a network communication function, and use the network communication function of the network device 360 ₁ via the bus 191. Is also good. Further, the user home network 303 may include only AV devices having no network function.

The following describes the network device 360 ₁ . FIG. 42 is a configuration diagram of the network device 360 ₁ . As shown in FIG.
0 ₁ indicates the communication module 162 and the CA module 31
1, decryption module 905, SAM 305 ₁ , decryption / decompression module 163, purchase / usage form determination operation unit 16
5, download memory 167, playback module 169
And an external memory 201. In FIG. 42, components denoted by the same reference numerals as those in FIG. 8 are the same as the components denoted by the same reference numerals described in the first embodiment.

Communication module 162 performs communication processing with service provider 310. Specifically, the communication module 162 outputs the secure container 304 received from the service provider 310 by satellite broadcasting or the like to the decryption module 905. In addition, the communication module 1
62 outputs the user preference filter data 900, which has received the SP purchase history data 309 to the service provider 310 via a telephone line or the like, to the CA module 311 and outputs the SP purchase history data 309 input from the CA module 311 to the service provider 310 by telephone. The data is transmitted to the service provider 310 via a line or the like.

FIG. 43 is a functional block diagram of the CA module 311 and the decoding module 905. As shown in FIG. 43, the CA module 311
6, a storage unit 907, an encryption / decryption unit 908, and an SP purchase history data generation unit 909. Mutual authentication unit 90
6 is the CA module 311 and the service provider 31
When sending and receiving data via a telephone line to and from
Mutual authentication is performed with the service provider 310 to generate session key data K _SES and output this to the encryption / decryption unit 908.

[0264] The storage unit 907 is, for example, after a contract is established between the service provider 310 and the user, and stores the master key data K _M supplied off-line using an IC card 912 from the service provider 310.

The encryption / decryption unit 908 receives the encrypted scramble key data K _SCR and work key data K _W from the decryption unit 910 of the decryption module 905, and reads the master key data K _M read from the storage unit 907. To decrypt the work key data K _W. Then, the encryption / decryption unit 908 decrypts the scramble key data K _SCR using the decrypted work key data K _W and outputs the decrypted scramble key data K _SCR to the decryption unit 910. In addition, the encryption / decryption unit 908 transmits the communication module 162 to the service provider 31 via a telephone line or the like.
The user preference filter data 900 received from 0 is decrypted using the session key data K _SES from the mutual authentication unit 906 and output to the secure container selection unit 911 of the decryption module 905. Also, the encryption / decryption unit 908
Is the S input from the SP purchase history data generation unit 909.
The P purchase history data 309 is decrypted using the session key data K _SES from the mutual authentication unit 906 and transmitted to the service provider 310 via the communication module 162.

[0266] For SP purchase log data generation unit 909, usage control from the operation signal S165 or SAM 305 _1, in accordance with the purchase operation of the content data C by the user by using the purchase and usage form determination operation unit 165 shown in FIG. 42 Based on the status data 166, the service provider 310
, Generating SP purchase history data 309 indicating the purchase history of the content data C unique to the
08. The SP purchase history data 309 includes, for example, information that the service provider 310 wants to collect from the user regarding the distribution service, a monthly basic fee (network rent), contract (update) information, purchase history information, and the like.

When the service provider 310 has a charging function, the CA module 311 communicates with the charging database, customer management database, and marketing information database of the service provider 310. In this case, the CA module 311 transmits billing data for the content data distribution service to the service provider 310.

The decryption module 905 has a decryption section 910 and a secure container selection section 911. Decoding unit 9
Reference numeral 10 denotes an encrypted secure container 304 and a scramble key data K from the communication module 162, respectively.
To enter the _SCR and the work key data K _W. Then, the decryption unit 910 outputs the encrypted scramble key data K
CA module 311 transfers _SCR and work key data K _W
Is output to the encryption / decryption unit 908 of the
8 and inputs the decrypted scramble key data K _SCR . Then, the decryption unit 910 decrypts the encrypted secure container 304 using the scramble key data K _SCR and outputs the decrypted secure container 304 to the secure container selection unit 911.

It should be noted that if the secure container 304 is MPEG2
When transmitted from the service provider 310 by the Transport Stream method, for example, the
The scramble key data K _SCR is extracted from the ECM (Entitlement Control Message) in the acket, and the EMM (Entitl
ement take out the work key data K _W from Management Message). The ECM also contains, for example, program attribute information for each channel. Also, EMM
Includes individual trial contract information that differs for each user (viewer).

[0270] The secure container selecting unit 911 performs a filtering process on the secure container 304 input from the decrypting unit 910 using the user preference filter data 900 input from the CA module 311 to generate a secure container 304 according to the user's preference. Select SAM30
51 Output to ₁ .

[0271] Next, a description will be given SAM305 _1.
Incidentally, SAM 305 _1, such as performing a signature verification process for the service provider 310, except for processing for the service provider 310 in addition to the content provider 301, the first embodiment described above with reference to FIGS. 10 24 and a SAM 105 ₁ and essentially perform functions and structure of the form. In addition, SAM305 ₂ ~3
05 ₄ has a SAM 305 ₁ and essentially the same function. That is, the SAMs 305 _{1 to} 305 ₄ are modules that perform a billing process for each content.
Communication is performed with the D service center 302.

[0272] The following is a detailed description of the function of SAM305 _1. Figure 44 is a block diagram of the function of SAM 305 _1. FIG. 44 shows the service provider 310
2 shows the flow of data related to the process of inputting the secure container 304 from the user and decrypting the key file KF in the secure container 304. As shown in FIG.
SAM 305 _1, the mutual authentication unit 170, the encryption and decryption unit 171, 172 and 173, error correction unit 181, download memory management unit 182, secure container decryption unit 18
3. Decryption / decompression module management unit 184, EMD service center management unit 185, usage monitoring unit 186, signature processing unit 189, SAM management unit 190, storage unit 192, media SAM management unit 197, stack memory 200, service provider management unit 580, a billing processor 587, a signature processor 598, and an external memory manager 811. The predetermined function of the SAM 305 ₁ shown in FIG. 44, SA
As in the case of M105 _1, it is realized by executing a secret program in CPU. In FIG. 44, functional blocks denoted by the same reference numerals as in FIG. 10 are the same as the functional blocks denoted by the same reference numerals described in the first embodiment.

In the external memory 201 shown in FIG. 42, the use history data 308 and the SAM registration list are stored through the processing described in the first embodiment and the processing described later. In addition, the stack memory 200 contains FIG.
As shown in FIG. 7, the content key data Kc, the rights certificate data (UCP) 106, and the lock key data K
_LOC , public key certificate data CER _{CP of} the content provider 301, public key certificate data CER _{SP of the} service provider 310, usage control state data (UCS) 36
6. SAM program download container SDC
_{1 to} SDC ₃ and price tag data 312 are stored.

[0274] Hereinafter, among the SAM 305 ₁ of the functional blocks newly described functional blocks denoted by reference numerals in FIG. 44. The signature processing unit 589 reads the public key data K _{ESC, P of} the EMD service center 302 read from the storage unit 192 or the stack memory 200 _, the public key data K _{cp, p of the} content provider 301 _, and the public key data K _SP of the service provider 310. _{, P} , the signature data in the secure container 304 is verified.

As shown in FIG. 46, the billing processing unit 587 is based on the operation signal S 165 from the purchase / use mode determination operation unit 165 shown in FIG. 42 and the price tag data 312 read from the stack memory 200. Then, a billing process is performed according to the user's purchase and use of the content. The billing process by the billing processing unit 587 is performed under the supervision of the use monitoring unit 186, and the rights contents such as the license conditions indicated by the license data 106 and the use control state data 166.
It is performed based on. That is, the user can purchase and use the content within a range according to the content of the right or the like.

[0276] In the billing process, the billing processing unit 587 generates the usage history data 308 and writes it in the external memory 201 via the external memory management unit 811.
Here, the usage history data 308 is, like the usage history data 108 of the first embodiment, the EMD service center 30.
2 is used in determining payment of a license fee associated with the secure container 304.

[0277] The billing processing section 587 also operates the operation signal S1.
65, a usage control state (UCS: Usage Control Sta
tus) data 166, which is stored in the external memory management unit 8
11 to the external memory 201. Examples of the content purchase form include a purchase purchase without imposing restrictions on reproduction by the purchaser and copying for use by the purchaser, and a reproduction charge for charging for each reproduction. Here, the use control state data 166 is generated when the user determines the purchase mode of the content, and thereafter, is controlled so that the user uses the content within the range permitted by the determined purchase mode. Used to The usage control status data 166 includes the content I
D, the purchase type, the purchase price, the SAM_ID of the SAM that purchased the content, the USER_ID of the user who made the purchase, and the like are described.

[0278] Incidentally, if the purchase mode determined is the reproduction charge, for example, transmitted from the SAM 305 ₁ of the usage control status data 166 in real time to the service provider 310, the service provider 310 to the EMD service center 302, use SAM10 for the history data 108
Instruct 5 to go to ₁ . In addition, when the determined purchase mode is “out of stock”, for example, the usage control status data 166 indicates that the service provider 310 and the E
The information is transmitted to the MD service center 302 in real time.

[0279] In SAM 305 _1, the user preference filter data 903 EMD service center management unit 185 has received from the EMD service center 302 is output to the service provider management unit 580. Then, in the service provider management unit 580, the secure container 30 input from the decryption module 905 shown in FIG.
4 is filtered based on the user preference filter data 903 to select the secure container 304 according to the user preference, and the selected secure container 304 is output to the error correction unit 181. This allows
In the SAM 305 ₁ , for all the service providers 310 to which the user of the SAM 305 ₁ is subscribed, selection processing of the content data C based on the user's preference obtained from the purchase status of the content data C by the user is performed. Will be possible.

[0280] Hereinafter, the flow of processing in SAM305 within _1. Process flow in SAM305 within ₁ when storing the distribution use key data KD ₁ ~KD ₃ received from the EMD service center 302 in the storage unit 192, the above-mentioned SA
In the case of M105 ₁ is the same as that.

Next, the secure container 304 is input from the service provider 310, and the secure container 304
The flow of processing in SAM305 within ₁ in decoding the key file KF in the inner be described with reference to FIG. 44. Mutual authentication unit 170 and service provider 310 shown in FIG.
Mutual authentication is performed with the mutual authentication unit 352. The encryption / decryption unit 171 decrypts the secure container 304 shown in FIG. 35 received from the service provider 310 via the service provider management unit 580 using the session key data K _SES obtained by the mutual authentication.

Next, the signature processing section 589 checks the state shown in FIG.
After verifying the signature data SIG _{61, ESC} shown in
The public key data K of the service provider 310 stored in the public key certificate data CER _SP shown in FIG.
_{Using SP and P} , signature data SIG62 _{, SP} , SI
The validity of G _{63, SP} and SIG _{64, SP} is confirmed. The service provider management unit 580 stores the signature data SIG _{62, SP} ,
When the validity of SIG _{63, SP} and SIG _{64, SP} is confirmed,
The secure container 304 is output to the error correction unit 181.

[0283] The error correction unit 181
04 error correction, the download memory management unit 1
82. The download memory management unit 182
The mutual authentication unit 170 and the media SAM 167 shown in FIG.
After performing the mutual authentication with a, the secure container 304 is written into the download memory 167.

Next, the download memory management unit 182
Is the mutual authentication unit 170 and the media SAM1 shown in FIG.
After performing mutual authentication with the secure container 67a, the key file KF shown in FIG. 35B stored in the secure container 304 is read and output to the secure container decryption unit 183.

Then, the secure container decryption unit 183
Using the distribution use key data KD ₁ ~KD ₃ periods corresponding input from the storage unit 192, the key file KF decrypted the signature-certificate module shown in FIG. 35 (B) Mo
signature data SIG _{1, ESC} , SIG _{2, cp} stored in d ₁
~ SIG _{4, cp} to the signature processing unit 589. The signature processing unit 589 generates the signature data SIG shown in FIG.
_1, After verifying _{the ESC} , the public key certificate data CE
The signature data SIG _{2, cp to} SIG _{4, cp} are verified using the public key data K _{CP, P} stored in R _cp .

Next, the secure container decryption unit 183
When the validity of the signature data SIG _{2, cp to} SIG _{4, cp} is confirmed, the key file KF is written to the stack memory 200.

[0287] Hereinafter, the flow of processing until the purchase form of the secure container 304 downloaded from the service provider 310 to the download memory 167 is determined will be described with reference to FIG. The user operates the purchase / usage mode determination operation unit 165 shown in FIG.
The operation signal S165 indicating the trial listening mode is transmitted to the charging processing unit 587.
Is output to the decryption / decompression / decompression module management unit 184, for example, the content file CF stored in the download memory 167.
Output to the decompression module 163. At this time, for the content file CF, mutual authentication between the mutual authentication unit 170 and the media SAM 167a, encryption / decryption using the session key data K _SES , and mutual authentication unit 170
And mutual authentication unit 220, mutual authentication and encryption / decryption by session key data K _SES are performed. The content file CF is output to the decoding unit 222 after being decoded by the decoding unit 221 shown in FIG.

The content key data Kc and the semi-disclosed parameter data 199 read from the stack memory 200 are stored in the decryption / decompression module 16 shown in FIG.
3 is output. At this time, after mutual authentication between mutual authentication section 170 and mutual authentication section 220, encryption and decryption of content key data Kc and semi-disclosed parameter data 199 by session key data K _SES are performed. Next, the decrypted semi-disclosed parameter data 199
Is output to the semi-disclosure processing unit 225,
, The decryption of the content data C using the content key data Kc by the decryption unit 222 is performed in a semi-disclosed manner. Next, the content data C decrypted in the semi-disclosure is output to the digital watermark information processing unit 224 after being expanded in the expansion unit 223. Next, after the user digital watermark information data 196 is embedded in the content data C in the digital watermark information processing unit 224, the content data C is reproduced in the reproduction module 169, and a sound corresponding to the content data C is output.

Then, the user who listened to the content,
When the purchase mode is determined by operating the purchase / usage mode determination operation unit 165, an operation signal S1 indicating the determined purchase mode.
65 is output to the charging section 187. Then, in the charging processing unit 187, the usage history data 308 and the usage control state data 166 according to the determined purchase mode are generated, and the usage history data 308 is stored in the external memory management unit 81.
1 and the usage control status data 166 is written to the stack memory 200. Thereafter, the use monitoring unit 186 controls (monitors) the purchase and use of the content within the range permitted by the use control state data 166. Then, the key file KF stored in the stack memory 200, is applied usage control status data 166, a new key file KF ₁₁ shown in FIG. 47 to be described later purchase mode is determined is generated. Key file KF ₁₁
Are stored in the stack memory 200. As shown in FIG. 47, the usage control status data 166 stored in the key file KF ₁ by using the storage key data K _STR DE
S is encrypted using the CBC mode. Also,
MAC ₃₀₀ which is a MAC value generated by using the storage key data K _STR as MAC key data is attached. Also, the usage control status data 166 and the MAC ₃₀₀
Is encrypted using the media key data _MED in the DES CBC mode. The module includes the media key data K _MED
MAC _301, which is a MAC value generated by using as the MAC key data.

Next, the content data C stored in the download memory 167 whose purchase mode has already been determined
Will be described with reference to FIG. 46. In this case, the content file CF stored in the download memory 167 is output to the decryption / decompression module 163 shown in FIG. 42 based on the operation signal S165 under the monitoring of the usage monitoring unit 186.
Further, the content key data Kc read from the stack memory 200 is output to the decryption / decompression module 163. Then, the decoding unit 2 of the decoding / decompression module 163
At 22, the decryption of the content file CF using the content key data Kc and the decompression process by the decompression unit 223 are performed, and the reproduction module 169 reproduces the content data C. At this time, the charging unit 5
At 87, the usage history data 308 is updated in response to the operation signal S165. The usage history data 308 is transmitted to the EMD service center 302 at a predetermined timing through the EMD service center management unit 185 together with the signature data SIG _{205 and SAM1} created using the secret key data K _{SAM1 and S} , respectively. .

Next, as shown in FIG. 48, for example, the content file CF downloaded in the download memory 167 of the network device 360 _1, whose purchase form has been determined, is transferred via the bus 191 to the AV device 360.
The flow of processing in the SAM 305 within ₁ of transferring ₂ of the SAM 305 ₂ with reference to FIG. 49 will be described. The user operates the purchase and usage form determination operation unit 165, instructs the transfer of a predetermined content stored in the download memory 167 to the AV apparatus 360 _2, the operation signal S165 in accordance with the operation, accounting It is output to the processing unit 587. Thereby, the billing processing unit 587 outputs the operation signal S
Based on 165, the usage history data 308 stored in the stack memory 200 is updated.

The download memory management unit 182
FIG. 50 read from the download memory 167.
The content file CF shown in FIG.
90. Further, the key file KF ₁₁ read from the stack memory 200 and whose purchase form has been determined shown in FIG. 50B is output to the signature processing unit 589 and the SAM management unit 190. Signature processing unit 589 creates the signature data SIG _{80, SAM1} of the key file KF _11, and outputs this to the SAM management unit 190. Further, the SAM management unit 190 stores the public key certificate data CER _SAM1 and its signature data SIG shown in FIG.
_{22, Read the ESC} .

[0293] Further, the mutual authentication unit 170 includes the SAM 305.
₂ is the session key data K obtained by performing mutual authentication
_{The SES} is output to the encryption / decryption unit 171. The SAM management unit 190 encrypts the data shown in FIGS. _50A , _50B, and _50C using the session key data K _SES in the encryption / decryption unit 171, and then transmits the AV data shown in FIG. and outputs it to the SAM305 ₂ of the device 360 _2.

Hereinafter, as shown in FIG.
_The contents file CF input from _{1 is} stored in RAM
SAM3 when writing to a recording medium such as a mold
The flow of processing in 05 within ₂ will be described with reference to FIG. 51.

In this case, as shown in FIG. 51, the SAM management unit 190 of the SAM 305 ₂ sends the content file CF shown in FIG. 50A, the key file KF ₁₁ shown in FIG. SIG _{80, SAM1} ,
The public key signature data CER _SAM1 and its signature data _{SIG22 , ESC} shown in FIG.
60 ₁ of the input from the SAM305 _1. Then, in the encryption and decryption unit 171, a content file CF SAM management unit 190 is input, the key file KF ₁₁ and the signature data SIG _{80, SAM1,} public key signature data CER _SAM1 and the signature data SIG _{22, ESC} DOO is, the session key data K obtained by the mutual authentication between the mutual authentication unit 170 and the SAM 305 ₁ of the mutual authentication unit 170
_Decoded using _SES .

Next, the content file CF decrypted using the session key data K _SES is output to the media SAM management unit 197. Also, the session key data K
The key file KF ₁₁ and the signature data SIG _{80, SAM1} is decrypted using the _SES, the public key certificate data CER
_SAM1 and its signature data _{SIG22 , ESC} are written to the stack memory 200.

Next, the signature processing unit 589 verifies the signature data SIG22 _{, ESC} read from the stack memory 200 using the public key data K _{ESC, P} read from the storage unit 192, and verifies the public key certificate. Check the validity of the data CER _SAM1 . Then, when confirming the validity of the public key certificate data CER _SAM1 , the signature processing unit 589 uses the public key data K _{SAM1, P} stored in the public key certificate data CER _SAM1 to _generate the signature data SIG _{80, SAM1.} Check for legitimacy.

Next, when the validity of the signature data _{SIG80, SAM1} is confirmed, the key file KF ₁₁ shown in FIG.
Is read from the stack memory 200 and output to the encryption / decryption unit 173. Then, the encryption / decryption unit 173
The key file KF ₁₁ is sequentially encrypted using the recording key data K _STR , the media key data K _MED, and the purchaser key data K _PIN read from the storage unit 192, and the media SA
Output to the M management unit 197.

The media SAM management section 197 includes the content file CF input from the SAM management section 190 and the key file KF ₁₁ input from the encryption / decryption section 173.
Is output to the recording module 260 shown in FIG. Then, the recording module 260, the content file CF and the key file KF ₁₁ input from the media SAM management unit 197, the recording of the RAM type shown in FIG. 48 medium 2
Write to the 50 RAM area 251.

[0300] It should be noted that, out of the processing in the SAM305 within _1,
Purchase mode of processing in the AV apparatus 360 ₂ when determining the purchase mode of the ROM type recording medium of undetermined content flows, purchase mode in the AV apparatus 360 ₃ undetermined R
Process flow for writing to a recording medium of RAM type from OM type recording medium and transfers it reads the secure container 304 to the AV apparatus 360 _2, the signature of the signature data using the secret key data of the service provider 310 Except that the data is verified and the price tag data 312 is stored in the key file that has decided the purchase mode,
This is the same as the case of the SAM 105 ₁ of the first embodiment.

Next, the EMD system 300 shown in FIG.
Will be described. 52 and 53
5 is a flowchart of the overall operation of the EMD system 300. Here, a case where the secure container 304 is transmitted from the service provider 310 to the user home network 303 online will be described as an example. The following processing is based on the premise that the EMD service center 30
The content provider 301 to 2, the registration of the service provider 310 and SAM 305 ₁ to 305 ₄ are assumed to have already completed.

Step S21: EMD service center 3
02 is the public key data K of the content provider 301
The public key certificate CER _CP of _{CP, P} is transferred to its own signature data SI.
G1 _{, ESC} and transmitted to the content provider 301. Further, the EMD service center 302 transmits the public key certificate CER _SP of the public key data K _{SP, P} of the content provider 301 to the service provider 310 together with its own signature data SIG _{61, ESC} . Further, EMD service center 302, each expiration transmits the distribution key data KD ₁ ～KD ₆ of 6 months of one month to the content provider 301, 3 months of distribution key data KD ₁ ~K
D SAM 305 ₃ and the user home network 303
To send to the _{1-305 4.}

Step S22: Content Provider 3
01 is a right registration request module Mo shown in FIG.
The d _2, and transmits to the EMD service center 302. Then, after performing a predetermined signature verification, the EMD service center 302 registers and authorizes (authenticates) the license data 106 and the content key data Kc.

Step S23: Content Provider 3
The data 01 shown in FIGS. 4 (A), (B) and (C) undergoes a process of creating signature data and an encryption process using distribution key data KD _{1 to} KD ₃ for a period corresponding to SIG. Is supplied to the service provider 310.

Step S24: Service Provider 31
0 uses the public key data K _{CP, P} stored in the public key certificate data CER _CP after verifying the signature data SIG _{1, ESC} shown in FIG. signature data SIG _{6, CP} and SIG ₇ shown in _B), verifies the _CP, the secure container 104 is legitimate content provider 3
Check whether the data is transmitted from 01.

Step S25: Service Provider 31
0 creates the price tag data 312 and creates the secure container 304 shown in FIG. 35 in which the price tag data 312 is stored.

[0307] Step S26: service provider 31
0 is the price tag registration request module M shown in FIG.
od ₁₀₂ is transmitted to the EMD service center 302.
Then, after performing a predetermined signature verification, the EMD service center 302 registers and authorizes the price tag data 312.

Step S27: Service provider 31
0 is the CA of the user home network 303, for example.
In response to a request from the module 311, step S25
The secure container 304 created in step 3 is connected online or offline to the network device 36 shown in FIG.
0 transmits to the _first decoding module 905.

Step S28: CA module 311
Creates SP purchase history data 309 and transmits it to the service provider 310 at a predetermined timing.

Step S29: SAM 305 _{1 to} SAM 305
₄ , after verifying the signature data SIG _{61, ESC} shown in FIG.
Using the public key data K _{SP, P} stored in R _SP , FIG.
Signature data SI shown in (A), (B) and (C)
G _{62, SP} , SIG _{63, SP} , SIG _{64, SP} are verified, and the secure container 304 is verified as a valid service provider 31.
Check if it is transmitted from 0.

Step S30: SAM 305 _{1 to} SAM 305
₄ , the distribution key data KD _{1 to} KD ₃
To decrypt the key file KF shown in FIG. 35 (B). Then, using the any of the SAM 305 ₁ to 305 _4, after verifying the signature data SIG _{1, ESC} shown in FIG. 35 (B), the public key data K _CP stored in the public key certificate data CER _CP, the _P Then, the signature data SIG _{2, CP} , SIG _{3, CP} and SIG _{4, CP} shown in FIG. _35B are verified, and the content data C and the content key data Kc are verified.
Then, it is checked whether the license data 106 has been created by a valid content provider 301.

Step S31: The user purchases the content shown in FIG.
By operating the use mode determination operation unit 165, the purchase / use mode of the content is determined.

Step S32: The SAM 305 is generated based on the operation signal S165 generated in step S31.
In _{1-305 4,} use history (the Usage Log) data 308 of the secure container 304 is produced. SAM3
05 _{1-305 4} to the EMD service center 302,
Usage history data 308 and its signature data SIG
_{205, SAM1} is transmitted.

The EMD service center 302, based on the usage history data 308,
For each of the service provider 310 and the service provider 310, the charge contents are determined (calculated), and the settlement request data 152c and 152s are created based on the result.

[0315] The EMD service center 302 transmits the billing right data 152c and 152s together with its signature data to the clearing house 91 via the payment gateway 90, and thereby the user home network 303
Of the user paid to the settlement institution 91 are distributed to the owners of the content provider 301 and the service provider 310.

As described above, the EMD system 30
According to No. 0, since the EMD service center 302 has an authentication function, a key data management function, and a right processing (profit distribution) function, the amount paid by the user for using the content is equal to the content provider 301 and E
The distribution is ensured to the owner of the MD service center 302 according to a predetermined ratio. Further, according to the EMD system 300, the usage control policy data 106 for the same content file CF same content provider 301 is supplied, independently of the service type of the service provider 310 is supplied as it is to the SAM 305 ₁ to 305 _4. Accordingly, the SAM 305 ₁ to 305 _4, based on the usage control policy data 106, the intention as a content provider 301, it is possible to perform use of the content file CF. That is, according to the EMD system 300, when the service using the content and the use of the content by the user are performed, the owner of the content provider 301 can be controlled by a technical means without relying on the audit organization 725 as in the related art. Rights and interests can be reliably protected.

First Modification of Second Embodiment FIG. 54 is a configuration diagram of an EMD system 300a using two service providers according to a first modification of the second embodiment. In FIG. 54, the components denoted by the same reference numerals as those in FIG. 32 are the same as the components denoted by the same reference numerals described in the first embodiment. As shown in FIG. 54, in the EMD system 300a, the same secure container 104 is supplied from the content provider 301 to the service providers 310a and 310b.

The service provider 310a, for example,
We provide content for drama programs,
In the service, create a content data C related to the drama program, the secure container 304a storing the price tag data 312a that uniquely created for the content data C, distributing it to the network device 360 _1. Further, the service provider 310b provides, for example, a karaoke service. In the service, the content data C related to the karaoke service and the content data C
Create a secure container 304b that stores and its own price tag data 312b was developed for, to deliver it to the network device 360 _1. Here, the format of the secure containers 304a and 304b is as shown in FIG.
5 is the same as the secure container 304 described above.

[0319] the network device 360a _1, the service provider 310a, CA corresponding to the respective 310b
Modules 311a and 311b are provided. CA
The modules 311a and 311b receive distribution of the secure containers 304a and 304b according to their own requests from the service providers 310a and 310b, respectively.

Next, the CA modules 311a and 311b
Creates SP purchase history data 309a and 309b corresponding to the distributed secure containers 304a and 304b, respectively, and stores them in the service provider 31.
0a and 310b. Also, the CA module 31
1a and 311b are secure containers 304a and 304
b is decrypted with the session key data K _SES ,
Output to 305 ₁ to 305 _4.

Next, the SAMs 305 _{1 to} 305 ₄ use the common distribution key data KD _{1 to} KD ₃ to store the key files K in the secure containers 304a and 304b.
F is decrypted, and based on the common rights data 106,
Processing related to the purchase and use of the content according to the operation from the user is performed, and the use history data
Is created.

Then, the SAMs 305 _{1 to} 305 _{4 are set} to E
The usage history data 308 is transmitted to the MD service center 302.

At the EMD service center 302, the content provider 30
1 and the service providers 310a and 310b, the accounting content is determined (calculated), and based on the result, the corresponding billing right data 152c,
152sa and 152sb are created.

[0324] The EMD service center 302 transmits the settlement request data 152c, 152sa, and 152sb to the settlement agency 91 via the payment gateway 90.
As a result, the money paid by the user of the user home network 303 to the settlement institution 91 is transferred to the content provider 301 and the service providers 310a and 310b.
Distributed to the owners.

As described above, the EMD system 300b
According to, 310a the same content file CF to the service provider, in case of supplying to the 310b, 310a to the service provider encrypts the usage control policy data 106 in the distribution use key data KD ₁ ~KD ₆ for the content file CF, 310b, and the service provider 310a, 310b is a secure container 304 that stores the encrypted rights certificate data 106 as it is.
a, 304b to the user home network.
Therefore, the SAM 305 in the user home network
In _{1-305 4,} the content file CF 310a to the service provider, even when subjected to distribution from any 310b, a right can be processed based on the common usage control policy data 106.

In the first modification, the case where two service providers are used is illustrated. However, in the present invention, the number of service providers is arbitrary.

Second Modification of Second Embodiment FIG. 55 is a configuration diagram of an EMD system 300b using a plurality of content providers according to a second modification of the second embodiment. In FIG. 55, components denoted by the same reference numerals as those in FIG. 32 are the same as the components denoted by the same reference numerals described in the first embodiment. As shown in FIG. 55, in the EMD system 300b, the content providers 301a, 301
01b, the secure containers 104a and 104b are supplied to the service provider 310, respectively.

[0328] The service provider 310 provides services using contents supplied by the content providers 301a and 301b, for example, and price tag data 312a for the secure container 104a.
And price tag data 312b for the secure container 104b, respectively, and create a secure container 304c storing these. As shown in FIG. 55, the secure container 304c includes content files CFa and CFb, key files KFa and KFb, price tag data 312a and 312b, and private key data K of the service provider 310 for each of them.
_The signature data by _{CP and S} is stored.

[0329] The secure container 304c is the C of the network device 360 ₁ of the user home network 303.
After being received by the A module 311, the SAM 305 ₁
It is processed in to 305 _4.

The SAMs 305 _{1 to} 305 ₄ use the distribution key data KDa _{1 to} KDa ₃ to generate the key file KF
is decrypted, and processing related to purchase / use of the content file CFa in accordance with the user's operation is performed based on the rights document data 106a, and the history is described in the use history data 308. SAM305 ₁
In to 305 _4, the distribution key data KDb ₁ ~KDb
₃ , the key file KFb is decrypted, and processing related to the purchase / use of the content file CFb is performed in accordance with the operation of the user based on the license data 106b, and the history is described in the use history data 308. Is done.

Then, the SAMs 305 _{1 to} 305 _{4 are set} to E
The usage history data 308 is transmitted to the MD service center 302.

At the EMD service center 302, the content provider 30
The billing contents are determined (calculated) for each of the service provider 1a, 301b and the service provider 310, and based on the result, the corresponding settlement claim data 152c
a, 152cb, and 152s are created.

[0333] The EMD service center 302 transmits the settlement claim right data 152ca, 152cb, 152s to the settlement agency 91 via the payment gateway 90.
Thus, the money paid by the user of the user home network 303 to the settlement institution 91 is transferred to the content providers 301a and 301b and the service provider 310.
Distributed to the owners.

As described above, the EMD system 300b
According to the above, the right certificate data 106 of the content files CFa and CFb stored in the secure container 304c
a, 106b are content providers 301a, 30
1b, the SAM30
In 5 _{1-305 4,} usage control policy data 106a, 1
06b based on the content files CFa, CFb
Rights processing for the content provider 301a,
This is reliably performed according to the intention of 301b.

In the second modification shown in FIG. 55, the case where two content providers are used is illustrated, but the number of content providers is arbitrary. Further, both the content provider and the service provider may be plural.

Third Modified Example of Second Embodiment FIG. 56 is a configuration diagram of an EMD system according to a third modified example of the second embodiment. In the above-described second embodiment, E
The MD service center 302 notifies the settlement institution 91 of the content provider 301 and the service provider 3
In the present invention, for example, as shown in FIG. 56, the EMD service center 302
, The settlement claim right data 152c for the content provider 301 based on the usage history data 308
And the payment request data 152s for the service provider 310 may be created and transmitted to the content provider 301 and the service provider 310, respectively. In this case, the content provider 301 uses the settlement request right data 152c to
Payment institution 91a via payment gateway 90a
Settlement to. In addition, the service provider 310 performs settlement with the settlement agency 91b through the payment gateway 90b using the settlement claim data 152s.

Fourth Modification of Second Embodiment FIG. 57 is a configuration diagram of an EMD system according to a fourth modification of the second embodiment. In the above-described second embodiment, for example, the case where the service provider 310 does not have a billing function as in the current Internet has been described as an example.
0 has a billing function, the CA module 3
At 11, the usage history data 308s for the service of the service provider 310 regarding the secure container 304 is created and transmitted to the service provider 310. Then, the service provider 310 performs a billing process based on the usage history data 308s to create the billing right data 152s, and uses this to make a payment to the clearing house 91b via the payment gateway 90b. On the other hand, the SAMs 305 _{1 to} 305 ₄ create usage history data 308 c for the right processing of the content provider 301 with respect to the secure container 304 and transmit this to the EMD service center 302. The EMD service center 302 creates the settlement claim data 152c based on the usage history data 308c, and transmits this to the content provider 301. The content provider 301 performs settlement with the settlement agency 91a via the payment gateway 90a using the settlement claim right data 152c.

Fifth Modification of Second Embodiment In the above embodiment, as shown in FIG. 40, the user preference filter generation unit 901 of the EMD service center 302
, The user preference filter data 90 based on the usage history data 308 received from the SAM 305 ₁ or the like.
3, the usage control status data 166 generated by the usage monitoring unit 186 such as the SAM 305 ₁ shown in FIG. 46 is transmitted to the EMD service center 302 in real time, and the SP purchase history is generated. In the data 309, the user preference filter data 903 may be generated based on the use control state data 166.

Sixth Modification of Second Embodiment Content Provider 301, Service Provider 31
0 and the SAMs 305 _{1 to} 305 ₄ respectively have their own private key data K _{CP, S} , K _{SP in} addition to their own public key data K _{CP, P} , K _{SP, P} , K _{SAM1, P to} K _{SAM4, P. , S} , K _{SAM1, S} -K
_{SAM4, S} may be registered in the EMD service center 302. By doing so, the EMD service center 30
2 indicates secret key data K _{CP, S} , K _{SP, S} , K _{SAM1, S} ＫK in response to a request from the state or a police agency in an emergency.
_SAM4, with _S, communication between the content provider 301 and the service provider 310, the communication between the service provider 310 and SAM 305 ₁ to 305 _4, and in the user home network 303 of the SAM 305
It is possible to eavesdrop on communication to be out of communication between _{1-305 4} cross. In addition, SAM305 ₁ -30
5 For _4, at the time of shipment, EMD service center 30
2 to generate secret key data K _{SAM1, S to} K _{SAM4, S}
EM stores it in SAM 305 ₁ to 305 ₄
The D service center 302 may hold (register).

Seventh Modification of Second Embodiment In the above embodiment, the content provider 301
Service provider 310 and SAM305 ₁ ~30
When communicating with each other, the public key certificate data CER _CP and CE ₄ are transmitted from the EMD service center 302 in advance.
R _SP , CER _{SAM1 to} CER _SAN4 are acquired and transmitted to the communication destination by the in-band method. However, in the present invention, various forms are used as the transmission form of the public key certificate data to the communication destination. it can. For example, content provider 301, service provider 310, and SAM 305
_{1-305 4,} when communicating with each other, the public key certificate data CER from the EMD service center 302 in advance
_{The CP} , CER _SP , CER _{SAM1 to} CER _SAN4 may be acquired and transmitted to the communication destination by the out-of-band method prior to the communication. Also, the content provider 301, the service provider 310, and the SAMs 305 _{1 to} 305
_During communication, public key certificate data CER _CP , CER _SP , CER _{SAM1 to} CE are issued from the EMD service center 302 during communication.
R _SAN4 may be acquired.

FIG. 58 is a view for explaining the form of the acquisition (acquisition) route of the public key certificate data. In FIG. 58, components denoted by the same reference numerals as those in FIG.
The components are the same as those described above with the same reference numerals. The user home network 303a is the same as the user home network 303 described above. In the user home network 303b, SAMs 305 _{11 to} 305 ₁₄ are connected via a bus 191 which is an IEEE 1394 serial bus.

When the content provider 301 acquires the public key certificate data CER _SP of the service provider 310, for example, when transmitting the public key certificate data CER _SP from the service provider 310 to the content provider 301 prior to communication. ((3) in FIG. 58)
And the case where the content provider 301 obtains the public key certificate data CER _SP from the EMD service center 302 ((1) in FIG. 58).

In the case where the service provider 310 acquires the public key certificate data CER _CP of the content provider 301, for example, the public key certificate data CER _CP is transmitted from the content provider 301 to the service provider 310 prior to communication. 58 ((2) in FIG. 58) and the service provider 310 obtains the public key certificate data CER _CP from the EMD service center 302 ((4) in FIG. 58).

Also, if the service provider 310 has a SAM
305 _{1 to} 305 ₄ public key certificate data CER _SAM1 to
When acquiring the CER _SAM4, for example, prior to the communication SAM 305 ₁ to 305 ₄ service provider 3 from
When sending the public key certificate data CER _SAM1 ~CER _SAM4 to 10 (in FIG. 58 (6)), if the service provider 310 request a public key certificate data CER _SAM1 ~CER _SAM4 from the EMD service center 302 (FIG. 5
8 (4)).

[0345] Also, SAM 305 ₁ when the to 305 ₄ to acquire the public key certificate data CER _SP of the service provider 310, for example, public key certificate data from the service provider 310 preceding the communication SAM 305 ₁ to 305 ₄ When transmitting CER _SP ((5) in FIG. 58)
When, and a case (such as in FIG. 58 (7)) to request a public key certificate data CER _SP SAM305 ₁ ~305 ₄ from the EMD service center 302.

[0346] Further, when the SAM 305 ₁ acquires the public key certificate data CER _SAM2 of the SAM 305 _2, for example, prior to the communication from the SAM 305 ₂ SAM 305
When sending the public key certificate data CER _SAM2 to ₁ (in FIG. 58 (8)) and, if the SAM 305 ₁ has request a public key certificate data CER _SAM2 from the EMD service center 302 (in FIG. 58 (7), etc.) There is.

[0347] Further, when the SAM 305 ₂ acquires the public key certificate data CER _SAM1 of the SAM 305 _1, for example, from SAM 305 ₁ before communication SAM 305
A case of transmitting the public key certificate data CER _SAM1 to ₂ (in FIG. 58 (9)), and if the SAM 305 ₂ is request a public key certificate data CER _SAM1 from its own EMD service center 302, SAM 305 ₁ is mounted In some cases, public key certificate data CER _SAM1 is obtained via a network device ((7), (8) in FIG. 58).

When the SAM 305 ₄ acquires the public key certificate data CER _{SAM 13} of the SAM 305 ₁₃ ,
For example, the SAM 305 ₁₃ before communication SAM30
5 ₄ If you want to send your public key to certificate data CER _SAM13 (in FIG. 58 (12)) and, SAM305 ₄ is himself EMD
Public key certificate data CER from service center 302
_There is a case where the _SAM13 is obtained ((10) in FIG. 58) and a case where the public key certificate data CER _SAM13 is obtained via a network device in the user home network 303b.

When the _SAM 305 ₁₃ acquires the public key certificate data CER SAM4 of the _SAM 305 ₄ , for example, the _SAM 305 ₄ transmits the _SAM 305 ₄ to the SAM 305 ₄ prior to the communication.
When sending the public key certificate data CER _SAM4 to ₁₃ (in FIG. 58 (11)) and, if the SAM 305 ₁₃ is request a public key certificate data CER _SAM4 from the EMD service center 302 by itself (in FIG. 58 (13)) In some cases, the public key certificate data CER _SAM4 is obtained via a network device in the user home network 303b.

In the second embodiment, the public key certificate revocation
In the second embodiment, in the EMD service center 302, the content provider 3
01, service provider 310 and SAM 305 ₁
To to 305 ₄ from being able to communicate with other devices, to create a public key certificate revocation to disable the public key certificate data of the apparatus used for the fraud. Then, the public key certificate revocation data CRL (Certificate
Revocation List) with the content provider 301,
Service provider 310 and SAM305 ₁ ~30
To send to the 5 _4. The public key certificate revocation data CRL
, In addition to the EMD service center 302, for example, the content provider 301, it may be generated at the service provider 310 and SAM 305 ₁ to 305 _4.

First, the EMD service center 302 transmits the public key certificate data CER of the content provider 301.
_The case where the _CP is invalidated will be described. As shown in FIG. 59, EMD service center 302 transmits a public key certificate revocation CRL ₁ indicating the invalidation of the public key certificate data CER _CP to the service provider 310 (in FIG. 59 (1)) . Service provider 310, when verifying the signature data input from the content provider 301, determines the validity of the public key certificate data CER _CP by referring to the public key certificate revocation CRL _1, it determined to be valid In this case, the signature verification using the public key data K _{CP, P} is performed, and if it is determined that the signature is invalid, the data from the content provider 301 is invalidated without performing the signature verification. Note that instead of invalidating the data,
Communication may be rejected.

The EMD service center 302 transmits the public key certificate revocation data CRL ₁ to the user home network 30 by using either the broadcast type or the on-demand type using the distribution resources of the service provider 310.
In 3, for example to send to the SAM 305 ₁ (in FIG. 59 (1), (2)). SAM 305 _1, when verifying the signature data of the content provider 301 stored in the secure container input from the service provider 310, valid public key certificate data CER _CP by referring to the public key certificate revocation CRL ₁ The public container data _{KCP, P} if it is determined to be valid, and invalidates the secure container without performing the signature verification if it is invalid. . EM
The D service center 302 sends the public key certificate revocation data C
The RL _1, may be sent directly to SAM 305 ₁ via the network apparatus in the user home network 303 (in FIG. 59 (3)).

Next, the EMD service center 302 transmits the public key certificate data CER _{SP of the} service provider 310.
Will be described. As shown in FIG. 60, EMD service center 302 transmits a public key certificate revocation CRL ₂ indicating the invalidation of the public key certificate data CER _SP to the content provider 301 (in FIG. 60 (1)) . The content provider 301
When verifying the signature data input from the service provider 310 determines the validity of the public key certificate data CER _SP by referring to the public key certificate revocation CRL _2, the public key when it is determined that the effective The signature verification using the data K _{SP, P} is performed, and when it is determined that the signature is invalid, the data from the service provider 310 is invalidated without performing the signature verification.

The EMD service center 302 transmits the public key certificate revocation data CRL ₂ to the user home network 30 using either the broadcast type or the on-demand type using the distribution resources of the service provider 310.
In 3, for example to send to the SAM 305 ₁ (in FIG. 60 (2)). The SAM 305 ₁ is the service provider 31
When verifying the signature data of the service provider 310 stored in the secure container input from 0, to determine the validity of the public key certificate data CER _SP by referring to the public key certificate revocation CRL _2, effective If it is determined that the signature is valid, the signature verification using the public key data K _{SP, P} is performed. If the signature is determined to be invalid, the secure container is invalidated without performing the signature verification. In this case, in the service provider 310, the public key certificate revocation data C
Module for transmitting and receiving RL ₂ is required to have a tamper-resistant. Further, in the service provider 310, public key certificate revocation CRL ₂ must be stored in the hard region of tampering by parties of the service provider 310. The EMD service center 3
02, the public key certificate revocation CRL _2, may be sent directly to the SAM 305 ₁ via the network apparatus in the user home network 303 (in FIG. 60 (3)).

[0355] Next, EMD service center 302, the case to disable the public key certificate data CER _SAM2 of example SAM 305 _2. As shown in FIG. 61, EMD service center 302 transmits a public key certificate revocation CRL ₃ indicating the invalidation of the public key certificate data CER _SAM2 to the content provider 301 (in FIG. 61 (1)) . Content provider 301
Sends the public key certificate revocation data CRL ₃ to the service provider 310. The service provider 310
The user's home network 303 is either broadcast or on-demand using its own distribution resources.
The public, for example, to SAM305 ₁ inner key certificate revocation data C
The RL _SAM1 is transmitted ((1) in FIG. 61). SAM305
_1, when verifying the SAM 305 ₂ of the signature data added to input data from the SAM 305 _2, to determine the validity of the public key certificate data CER _SAM2 by referring to the public key certificate revocation CRL _3, When it is determined that the data is valid, the signature verification using the public key data K _{SAM2, P} is performed, and when it is determined that the data is invalid, the data is invalidated without performing the signature verification. In this case, in the service provider 310, the module for transmitting and receiving the public key certificate revocation CRL ₃ must have tamper resistance. Further, in the service provider 310, public key certificate revocation CRL _3, needs to be stored in the hard region of tampering by parties of the service provider 310.

[0356] EMD service center 302 may transmit the public key certificate revocation CRL ₃ to SAM 305 ₁ via the service provider 310 (in FIG. 61 (1), (2)). Also, the EMD service center 302
The public key certificate revocation CRL _3, via the network apparatus in the user home network 303 SA
M305 may send directly to ₁ (in FIG. 61 (3)).

[0357] Further, EMD service center 302, public key certificate revocation CRL ₃ indicating the invalidation of the public key certificate data CER _SAM2 of example SAM 305 ₂
And save it. Further, the user home network 303 creates a SAM registration list SRL of the SAM connected to the bus 191 and transmits this to the EMD service center 302 ((1) in FIG. 62). EMD
The service center 302 indicates that, out of the SAMs 305 _{1 to} 305 ₄ shown in the SAM registration list, the public key certificate revocation data CRL ₃ indicates that it is to be invalidated.
An AM (for example, SAM305 ₂ ) is specified, and a discard flag corresponding to the SAM in the SAM registration list SRL is set to indicate invalid, thereby creating a new SAM registration list SRL. Next, EMD service center 302 transmits the SAM registration list SRL thus generated to SAM 305 ₁ (in FIG. 62 (1)). The SAM 305 ₁ is
When communicating with the AM, the presence / absence of verification of the signature data and whether or not to permit the communication are determined with reference to the discard flag of the SAM registration list SRL.

[0358] Further, EMD service center 302 creates a public key certificate revocation CRL _3, and transmits this to the content provider 301 (in FIG. 62 (2)).
The content provider 301 transmits the public key certificate revocation CRL ₃ to the service provider 310 (in FIG. 62 (2)). Next, the service provider 310
The public key certificate revocation data CRL ₃ is either broadcast or on-demand using its own distribution resources.
And transmits to the SAM 305 ₁ (in FIG. 62 (2)). SA
M305 _1, of the SAM 305 ₁ to 305 ₄ shown in SAM registration list itself has created to identify SAM that have been shown to be disabled by the public key certificate revocation CRL ₃ (e.g. SAM 305 _2), The discard flag corresponding to the SAM in the SAM registration list SRL is set to indicate invalid. Thereafter, the SAM 305 ₁
When communicating with another SAM, the SAM registration list S
With reference to the discard flag of the RL, it is determined whether the signature data is verified and whether communication is permitted or not.

[0359] Further, EMD service center 302 creates a public key certificate revocation CRL _3, and transmits it to the service provider 310 (in FIG. 62 (3)). Next, the service provider 310, in one of its broadcast by utilizing the distribution resources or on-demand type, the public key certificate revocation CRL ₃ SAM 305 ₁
((3) in FIG. 62). The SAM 305 ₁ is the SAM 305 shown in the SAM registration list created by itself.
Of the ₁ to 305 _4, the public key certificate revocation data CRL ₃
Then, the SAM (for example, SAM305 ₂ ) indicated to be invalidated is specified, and the discard flag corresponding to the SAM in the SAM registration list SRL is set to indicate invalid. Thereafter, SAM 305 _1, when communicating with another SAM, with reference to the discard flag of the SAM registration list SRL, to determine whether permission to presence and communication of the verification of the signature data.

[0360] role, such as Figure 63 of the EMD service center 302, the EMD service center (clearing house)) 302 right management clearing house 950 the function of that shown in FIG. 32, cleared for electronic settlement ring House 95
1 is a configuration diagram of an EMD system in a case where the EMD system is divided into 1;
In the EMD system, in the clearing house 951 for electronic settlement, the user home network 303
a, 303b, based on the usage history data 308 from the SAM, performs payment processing (profit distribution processing), generates payment claim right data for the content provider 301 and the service provider 310, and sets the payment institution via the payment gateway 90. At 91, settlement is performed.

Also, a rights management clearing house 95
0 creates a settlement report of the content provider 301 and the service provider 310 in accordance with the settlement notification from the electronic settlement clearinghouse 951, and transmits them to the content provider 301 and the content provider 301. Also, the content provider 30
1 rights certificate data 106 and content key data Kc
Registration (authorization). As shown in FIG. 64, when the right management clearing house 950 and the electronic settlement clearing house 951 are housed in a single device, the EMD service center 302 shown in FIG. 32 is obtained.

According to the present invention, for example, as shown in FIG. 65, a function of a rights management clearing house 960 is provided in the EMD service center 302, and the rights management data Perform registration and use history data 30 from the SAM.
8, the payment request data of the service provider 310 may be created and transmitted to the service provider 310. In this case, the service provider 310
Uses its own billing system as the clearing house 961 for electronic settlement, and performs settlement based on settlement request data from the clearing house 960 for right management.

In the present invention, for example, as shown in FIG. 66, the function of a rights management clearing house 970 is provided in the EMD service center 302, and the rights management data Perform registration and use history data 30 from the SAM.
8, the payment request data of the content provider 301 may be created and transmitted to the content provider 301. In this case, the content provider 301 uses its own billing system as the clearing house 961 for electronic settlement, and performs settlement based on settlement request data from the right management clearing house 970.

[0364]

As described above, according to the data providing system and its method, the management device and the data processing device of the present invention, the content processing of the content data is performed in the data processing device based on the rights document data provided by the data providing device. Since the use is performed, the interests of the persons involved in the data providing device are appropriately protected. Further, according to the data providing system, the method, and the management device of the present invention, since the management device certifies the rights document data, it is possible to appropriately cope with, for example, a case where the rights document data is tampered with. . Further, according to the data providing system, the method, and the management device of the present invention, it is possible to reduce the burden of an audit for protecting the interests of persons involved in the data providing device.

[Brief description of the drawings]

FIG. 1 is an overall configuration diagram of an EMD system according to a first embodiment of the present invention.

FIG. 2 is a functional block diagram of the content provider shown in FIG. 1;
FIG. 3 is a diagram showing a flow of data related to data transmitted / received to / from M.

FIG. 3 is a functional block diagram of the content provider shown in FIG. 1, showing a flow of data related to data transmitted and received between the content provider and the EMD service center.

FIG. 4 is a diagram for explaining a format of a secure container transmitted from the content provider shown in FIG. 1 to the SAM.

FIG. 5 is a diagram for explaining a ROM-type recording medium.

FIG. 6A is an EMD from a content provider.
FIG. 6B is a diagram for explaining the format of a right registration request module transmitted to the service center, and FIG.
FIG. 9 is a diagram for explaining a rights certificate module transmitted from a D service center to a content provider.

FIG. 7 is a functional block diagram of the EMD service center shown in FIG. 1, showing a flow of data related to data transmitted / received to / from a content provider.

FIG. 8 is a functional block diagram of the EMD service center shown in FIG. 1, and is a diagram showing a flow of data related to data transmitted and received between the SAM and the clearing house shown in FIG.

FIG. 9 is a configuration diagram of a network device in the user home network shown in FIG. 1;

FIG. 10 is a functional block diagram of a SAM in the user home network shown in FIG. 1, and shows a data flow until a secure container received from a content provider is decrypted.

FIG. 11 is a diagram for explaining data stored in the external memory shown in FIG. 9;

FIG. 12 is a diagram for explaining data stored in a stack memory;

FIG. 13 is another configuration diagram of the network device in the user home network shown in FIG. 1;

FIG. 14 is a diagram for explaining data stored in a storage unit illustrated in FIG. 10;

FIG. 15 is a functional block diagram of the SAM in the user home network shown in FIG. 1, and is a diagram showing a flow of data related to a process of using and purchasing content data.

FIG. 16 is a diagram illustrating a process in the transfer source SAM when transferring a content file whose purchase mode has already been determined and downloaded to the download memory of the network device illustrated in FIG. 9 to the SAM of the AV device; It is a figure for explaining a flow.

FIG. 17 is a diagram illustrating a flow of data in a transfer source SAM in the case illustrated in FIG. 16;

FIG. 18 is a diagram for explaining a format of a secure container determined in a purchase mode.

19 is a diagram illustrating a case where the input content file or the like is stored in a RAM or ROM type recording medium (media) in the transfer destination SAM in the case shown in FIG. 16;
FIG. 6 is a diagram showing a data flow when writing data to a memory.

FIG. 20 is a flow chart showing a process of determining the purchase mode in the AV device when the user home network distributes the ROM-type recording medium shown in FIG. 5 in which the purchase mode of the content is not determined. It is a figure for explaining a flow.

FIG. 21 is a diagram showing an example of the SA shown in FIG. 20;
FIG. 3 is a diagram showing a data flow in M.

FIG. 22 shows a diagram of A in the user home network.
FIG. 11 is a diagram for explaining a flow of processing when a secure container is read from a ROM-type recording medium for which the purchase mode has not been determined in the V-device, transferred to another AV device, and written to a RAM-type recording medium. is there.

FIG. 23 is a diagram showing a flow of data in the transfer source SAM in the case shown in FIG. 22;

FIG. 24 is a diagram showing a flow of data in a transfer destination SAM in the case shown in FIG. 22;

25 is a diagram for explaining a format of data transmitted and received between the content provider, the EMD service center, and the SAM in the in-band system and the out-band system shown in FIG. 1; .

FIG. 26 is a diagram for explaining a format of data transmitted and received between the content provider, the EMD service center, and the SAM according to the in-band method and the out-band method shown in FIG. 1; .

FIG. 27 is a diagram for explaining an example of a form of connection of a device to a bus 191.

FIG. 28 is a diagram for explaining a data format of a SAM registration list.

FIG. 29 is a flowchart of an overall operation of the content provider shown in FIG. 1;

FIG. 30 is a view for explaining a second modification of the first embodiment of the present invention.

FIG. 31 is a diagram for explaining a third modification of the first embodiment of the present invention.

FIG. 30 is an overall configuration diagram of an EMD system according to a second embodiment of the present invention.

FIG. 33 is a functional block diagram of the content provider shown in FIG. 32, showing a flow of data relating to a secure container transmitted to the service provider.

FIG. 34 is a functional block diagram of the service provider shown in FIG. 32, and is a diagram showing a flow of data transmitted to and received from a user home network.

FIG. 35 is a diagram for explaining a format of a secure container transmitted from the service provider shown in FIG. 32 to the user home network.

FIG. 36 is a functional block diagram of the service provider shown in FIG. 32, and is a diagram showing a flow of data transmitted to and received from an EMD service center.

FIG. 37 is a diagram for explaining a format of a price tag registration request module transmitted from a service provider to an EMD service center.

FIG. 38 is a functional block diagram of the EMD service center shown in FIG. 32, showing a flow of data related to data transmitted / received to / from a service provider.

FIG. 39 is a functional block diagram of the EMD service center shown in FIG. 32, showing a flow of data related to data transmitted and received with a content provider.

FIG. 40 is a functional block diagram of the EMD service center shown in FIG. 32, showing a flow of data related to data transmitted and received to and from the SAM.

FIG. 41 is a diagram for explaining the contents of use history data;

FIG. 42 is a configuration diagram of the network device shown in FIG. 32;

FIG. 43 is a functional block diagram of the CA module shown in FIG. 42;

FIG. 44 is a functional block diagram of the SAM shown in FIG. 42, showing a flow of data from input of a secure container to decryption thereof.

FIG. 45 is a diagram for explaining data stored in the storage unit shown in FIG. 44;

FIG. 46 is a functional block diagram of the SAM shown in FIG. 42, and is a diagram showing a data flow in a case of determining a content purchase / use mode.

FIG. 47 is a diagram for explaining a format of a key file after a purchase mode is determined;

FIG. 48 is a diagram illustrating an example in which the content file downloaded to the download memory of the network device shown in FIG.
FIG. 9 is a diagram for explaining the flow of processing in the SAM at the transfer destination when the data is transferred to the SAM.

FIG. 49 is a diagram showing a transfer source SA in the case shown in FIG. 48;
FIG. 3 is a diagram showing a data flow in M.

FIG. 50 is a diagram illustrating an example in which the SAM of a network device is set to A;
It is a figure for explaining the format of the secure container in which the purchase form transferred to the SAM of the V device is already determined.

FIG. 51 is a diagram showing a transfer destination SA in the case shown in FIG. 48;
FIG. 3 is a diagram showing a data flow in M.

FIG. 52 is a flowchart of an overall operation of the EMD system shown in FIG. 32;

FIG. 53 is a flowchart of an overall operation of the EMD system shown in FIG. 32;

FIG. 54 is a configuration diagram of an EMD system using two service providers according to a first modification of the second embodiment of the present invention.

FIG. 55 is an EMD using a plurality of content providers according to a second modification of the second embodiment of the present invention.
It is a block diagram of a system.

FIG. 56 is a configuration diagram of an EMD system according to a third modification of the second embodiment of the present invention.

FIG. 57 is a configuration diagram of an EMD system according to a fourth modification of the second embodiment of the present invention.

FIG. 58 is a diagram for explaining a form of an acquisition route of public key certificate data.

[Fig. 59] Fig. 59 is a diagram for describing processing when invalidating public key certificate data of a content provider.

FIG. 60 is a diagram for explaining a process when the public key certificate data of the service provider is invalidated.

FIG. 61 is a diagram for explaining a process for invalidating SAM public key certificate data;

FIG. 62 is a diagram for explaining another process when the SAM public key certificate data is invalidated.

FIG. 63 is a diagram for explaining a case where a right management clearing house and an electronic settlement clearing house are provided in place of the EMD service center in the EMD system shown in FIG. 32;

FIG. 64 is a configuration diagram of an EMD system in a case where the right management clearing house and the electronic settlement clearing house shown in FIG. 63 are provided in a single EMD service center.

[FIG. 65] FIG. 65 is an EMD in the case where a service provider directly performs settlement in a clearing house for electronic settlement.
It is a block diagram of a system.

FIG. 66 is an EM in the case where a content provider makes a payment directly to a clearinghouse for electronic payment.
It is a block diagram of a D system.

FIG. 67 is a configuration diagram of a conventional EMD system.

[Explanation of symbols]

90: payment gateway, 91: settlement institution, 92
... Root certificate authority, 100,300 ... EMD system, 1
01, 301 ... content provider, 102, 302
... EMD service center, 103, 303 ... user home network, 104, 304 ... secure container,
_{105 1 ~105 4, 305 1 ~305} 4 ... SAM, 1
06: rights certificate data, 107, 307: settlement report data, 108, 308: usage history data, 160 ₁ : network device, 160 _{2 to} 160 ₄ : AV device, 15
2, 152c, 152s... Settlement claim data, 191.
Bus, 310 service provider, 311 CA module, 312 price tag data, CF content file, KF key file, Kc content key data

──────────────────────────────────────────────────続 き Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI Theme coat ゛ (Reference) H04L 9/08 G06F 15/21 Z 9/32 H04L 9/00 601B 675B 675D F-term (Reference) 5B049 AA05 BB11 BB46 CC05 CC36 DD05 EE03 EE05 EE59 FF09 GG04 GG07 GG10 5B089 GA11 GA21 GB04 HA10 JB22 KA15 KA17 KB13 KC58 5D044 AB05 DE48 GK12 GK17 HL11 5J104 AA07 AA09 AA14 KA01 LA03 LA06 MA02 PA03 9

Claims (84)

[Claims] 1. A data providing system having a data providing device, a data processing device, and a management device, wherein the data providing device distributes content data and right certificate data indicating handling of the content data to the data processing device. The data processing apparatus determines at least one of a purchase mode and a use mode of the distributed content data based on the distributed rights document data, and determines at least one of the determined purchase mode and use mode. Transmitting history data indicating one history to the management device, the management device manages the data providing device and the data processing device, and based on the received history data, the content data in the data processing device. The profits associated with the purchase and use of the Data providing system for the benefit distribution processing for distributing the parties of the device. 2. The data providing device encrypts the content data using predetermined key data and distributes the encrypted content data to the data processing device, and the data processing device uses the key data to transmit the received content. The data providing system according to claim 1, wherein the data is decrypted, and the management device manages the key data. 3. The data providing device generates predetermined key data, registers the generated key data in the management device, the management device manages the registered key data, and In the processing device, when the purchase processing of the content data is performed, the corresponding key data is transmitted to the data processing device, and the data processing device uses the received key data to transmit the received content. Claim 1 for decoding data
2. A data providing system according to 1. 4. The data providing apparatus encrypts the key data, and distributes a module storing the encrypted key data, the encrypted content data, and the rights document data to the data processing apparatus. Item 3. The data providing system according to Item 2. 5. The distribution device according to claim 1, wherein the management device manages distribution key data, distributes the distribution key data to the data providing device and the data processing device, and the data providing device distributes the distributed key data. The method according to claim 4, wherein the key data and the rights data are encrypted using key data, and the data processing device decrypts the key data and the rights data using the distributed key data. Data providing system as described. 6. The management device according to claim 5, wherein the management device distributes the plurality of distribution key data each having a predetermined expiration date to the data providing device and the data processing device for a predetermined period. Data delivery system. 7. The data providing apparatus generates signature data for at least one of the encrypted content data and the rights certificate data using its own secret key data, and generates the encrypted content data. Distributing a module storing the encrypted key data, the encrypted rights document data and the signature data to the data processing device, wherein the data processing device 5. The stored signature data is verified using public key data corresponding to the secret key data, and the management device manages the public key data.
2. A data providing system according to 1. 8. The data providing system according to claim 7, wherein said data providing device distributes said module storing public key data corresponding to said own secret key data to said data processing device. 9. The data providing system according to claim 7, wherein said management device distributes said module storing public key data corresponding to said secret key data of said data providing device to said data processing device. 10. The management device distributes distribution key data to the data providing device and the data processing device, respectively, and the data providing device encrypts the rights certificate data using the distribution key data. 2. The data providing system according to claim 1, wherein the data is distributed to the data processing device, and the data processing device decrypts the received rights document data using the distribution key data. 11. The data providing system according to claim 2, wherein the management device authenticates at least one of the right form data and the key data. 12. The management apparatus generates payment request data used for requesting payment processing according to the profit distribution processing, and signs the payment request data with its own secret key data. The data providing system according to claim 1, wherein data is added and transmitted to the device that performs the settlement process or the data providing device. 13. The management device performs a registration process of the data processing device, manages the registered data processing device, and manages the profit based on the history data received from the registered data processing device. The data providing system according to claim 1, wherein the data providing system performs a distribution process. 14. The data processing device determines a purchase mode of the distributed content data based on the rights document data, and generates usage control state data according to the determined purchase mode. The data providing system according to claim 1, wherein the use of the distributed content data is controlled based on the use control state data. 15. The data processing device according to claim 1, wherein
2. The data providing system according to claim 1, wherein the predetermined data stored in the internal memory and the data being processed are modules that are difficult to monitor and falsify from outside. 16. A data providing device for distributing content data and right document data indicating handling of the content data, a purchase form of the distributed content data based on the distributed right document data, A data processing device that determines at least one of the usage modes and generates history data indicating the history of the determined purchase mode and / or the usage mode; and And a profit distribution for distributing a profit obtained in connection with the purchase and use of the content data in the data processing device to a related person of the data providing device, based on the received history data. A management device that performs processing. 17. The management device according to claim 15, wherein the key data is managed when the content data encrypted using predetermined key data is distributed from the data providing device to the data processing device. 18. The management device according to claim 16, wherein at least one of the right form data and key data used for encrypting the content data is authenticated. 19. A distribution of content data and a right certificate data indicating handling of the content data is received from a data providing device, and a profit obtained by purchasing and using the distributed content data is received by the data providing device. A data processing device that transmits the history data to a management device that performs a profit distribution process for distributing to a related person of the providing device based on predetermined history data, wherein the data processing device transmits the profit data based on the distributed rights document data. A data processing device that determines at least one of a purchase mode and a use mode of the distributed content data, and transmits the history data indicating a history of the determined purchase mode and use mode to the management device. 20. The data processing device according to claim 19, wherein when the content data is encrypted using predetermined key data, the data processing device receives the key data from the data providing device. 21. The data processing apparatus according to claim 19, wherein the processing content, the predetermined data stored in the internal memory, and the data being processed are configured using a module that is difficult to monitor and falsify from outside. 22. A data providing system having a data providing device, a data distribution device, a data processing device, and a management device, wherein the data providing device converts content data and right certificate data indicating handling of the content data into the data. A first module for providing to the distribution apparatus, the data distribution apparatus distributes the provided content data and the rights document data to the data processing apparatus, and the data processing apparatus communicates with the data distribution apparatus. And determining at least one of a purchase form and a use form of the distributed content data based on the distributed rights document data,
A second module for transmitting history data indicating the history of the determined purchase mode and usage mode to the management apparatus, wherein the management apparatus manages a data providing apparatus, a data distribution apparatus, and a data processing apparatus; Based on the history data received from the second module, obtained by the data processing device receiving the distribution of the content data, and by purchasing and using the content data. A data providing system for performing a profit distribution process for distributing profits to the data providing device and a person involved in the data distribution device. 23. The data providing system according to claim 22, wherein the data providing device encrypts the content data using content key data and provides the content data to the data distribution device. 24. The data distribution device creates price data indicating a price of the content data to be distributed, and distributes the price data to the data processing device.
2. A data providing system according to 1. 25. The data providing device encrypts the content key data and the rights document data using distribution key data and provides the data to the data distribution device. The data processing device transmits the distribution key data to the data distribution device. 24. The management device according to claim 23, wherein the management device manages the distribution key data, and distributes the distribution key data to the data providing device and the data processing device. Data providing system as described. 26. A first signature for at least one of the encrypted content data, the encrypted content key data, and the encrypted rights document data. Data is generated using its own first secret key data, and the encrypted content data, the encrypted key data, the encrypted rights document data and the first signature data are stored. Providing a first module to the data distribution device, the data distribution device verifying the first signature data using first public key data corresponding to the first secret key data, and Storing the second signature data generated by using the second secret key data in the first module to generate a second module, and storing the second module in the data The data processing device verifies the first signature data stored in the distributed second module using the first public key data, Using the second public key data corresponding to the secret key data, verifies the second signature data stored in the distributed second module, 26. The data providing system according to claim 25, wherein the data providing system manages public key data and the second public key data. 27. The data providing device provides the first module storing the first public key data to the data distribution device, wherein the data distribution device transmits the first public key data and the first public key data to the first module. The data providing system according to claim 26, wherein the second module storing the second public key data is distributed to the data processing device. 28. The data providing system according to claim 26, wherein said management device distributes said first public key data and said second public key data to said data processing device. 29. The data distribution device distributes price data indicating the price of the content data to be distributed to the data processing device, and the management device performs the encryption of the rights certificate data and the content data. 23. The data providing system according to claim 22, wherein at least one of the key data and the price data used for the authentication is authenticated. 30. The data distribution device according to claim 36, wherein the provided encrypted content data, the provided rights document data, the key data obtained by encrypting the content data, and a price of the distributed content data are determined. 23. The data providing system according to claim 22, wherein a module storing price data indicated is distributed to the data processing device. 31. The management device, wherein the data processing device receives the distribution of the content data, and provides the data obtained from the purchase and use of the content data to the data providing device. Profit distribution processing for distributing to the apparatus and the parties concerned with the data distribution apparatus, to generate payment request data used when requesting payment, and to add own signature data to the payment request data 23. The data providing system according to claim 22, wherein the data is transmitted to a device that performs the payment processing. 32. The data providing system according to claim 31, wherein the management device transmits settlement report data indicating a result of the profit distribution processing to at least one of the data providing device and the data distribution device. 33. The management device, wherein the data processing device receives the distribution of the content data, and provides the data obtained from the purchase and use of the content data to the data providing device. Profit distribution processing for distributing to the apparatus and the parties concerned with the data distribution apparatus, to generate payment request data used when requesting payment, and to add own signature data to the payment request data And transmitting the data to at least one of the data providing device and the service providing device.
2. A data providing system according to 1. 34. The management device performs registration processing of the data processing device, manages the registered data processing device, and manages the profit based on the history data received from the registered data processing device. The data providing system according to claim 22, which performs a distribution process. 35. The data processing device determines at least one of a purchase mode and a use mode of the distributed content data based on the rights document data,
23. The data providing system according to claim 22, wherein usage control state data according to the determined purchase mode and usage mode is generated, and usage of the distributed content data is controlled based on the usage control state data. 36. The data processing apparatus according to claim 22, wherein the second module of the data processing device is a module that is difficult to externally monitor and alter the processing contents, data stored in advance and data being processed from outside. Data providing system. 37. A data providing device for providing content data and rights document data indicating handling of the content data, a data distribution device for distributing the provided contents data and the rights document data, and the distribution And determining at least one of a purchase mode and a use mode of the distributed content data based on the received rights document data, and generating history data indicating a history of at least one of the determined purchase mode and the use mode. A management device that manages the data processing device that performs the distribution of the content data based on the received history data, and that purchases and uses the content data. The data providing device and the data distribution A management device that performs a profit distribution process for distribution to persons involved in the supply device. 38. The management device according to claim 37, wherein the key data is managed when the content data encrypted using predetermined content key data is distributed from the data providing device to the data processing device. . 39. The method according to claim 3, wherein at least one of the right form data and the content key data is authenticated.
9. The management device according to 8. 40. Distribution of the contents data and the rights document data from the data distribution device which receives the provision of the contents data and the license data indicating the handling of the content data from the data providing device, and receives the distribution. The management apparatus performs profit distribution processing for distributing profits obtained through the purchase and use of the content data to persons involved in the data providing apparatus and the data distribution apparatus based on predetermined history data. A data processing device that transmits data, a first module that communicates with the data distribution device, and a purchase form of the distributed content data based on the distributed rights document data. At least one of the usage modes is determined, and a history data indicating the history of the determined purchase mode and usage mode is determined. Data processing apparatus and a second module for transmitting data to said management apparatus. 41. The data processing apparatus according to claim 40, wherein the data processing apparatus comprises a module which is difficult to externally monitor and alter the processing contents, predetermined data stored in the internal memory, and data being processed. 42. A data providing system having a data providing device, a data distribution device, a data processing device, and a management device, wherein the data providing device converts content data and right document data indicating handling of the content data into the data. Provided to the distribution device, the data distribution device distributes the provided content data and the rights document data to the data processing device, based on the data distribution device purchase history data received from the data processing device, The data processing device performs a charging process related to the distribution of the content data, the data processing device generates purchase history data for the data distribution device indicating a history of purchase of the content data distributed from the data distribution device, and performs the data distribution. A first module for transmitting to the device; and Based on the interest document data, at least one of a purchase form and a use form of the distributed content data is determined, and management apparatus history data indicating the history of the determined purchase form and use form is stored in the management apparatus. A second module for transmitting, the management device, based on the management device history data, the profit obtained by the purchase and the use of the content data in the data processing device, the A data providing system for performing a profit distribution process for distributing the data to a data providing device and a person involved in the data distribution device. 43. A distribution of content data and a right certificate data indicating the handling of the content data is received from a data providing device via a data distribution device, and the distribution is obtained with the purchase and use of the distributed content data. A data processing device that transmits the history data to a management device that performs a profit distribution process for distributing the obtained profit to the parties related to the data providing device and the data distribution device based on the management device history data. A first module for generating data distribution device purchase history data indicating a history of purchase of the content data distributed from the data distribution device and transmitting the history to the data distribution device; and Based on the rights document data, at least the purchase form and the use form of the distributed content data Determining one data processing apparatus and a second module for sending historical data for the management apparatus according to the history of the purchase form and usage form to the determined to the management device. 44. A data providing system having a data providing device, a data delivering device, a data processing device, and a managing device, wherein the data providing device provides content data to the data delivering device; Distributing the provided content data to the data processing device, the data processing device uses the distributed content data, the management device includes the data providing device, the data distribution device, and the data processing. A data providing system that manages the operation of data providing services by devices. 45. The data providing device provides rights data indicating handling of the content data to the data distribution device, and the data distribution device processes the provided content data and rights document data in the data processing. The data processing device uses the distributed content data based on the distributed rights document data, and the management device hierarchically distributes to the root certificate authority. It plays the role of an underlying sub-certificate authority and is used to prove the validity of the registered public key data corresponding to the private key data used in the data providing device, the data distribution device and the data processing device. Creation and management of public key certificate data to be authenticated, authentication of the rights document data, and rights processing for the contents data. Cormorant claim 4
5. The data providing system according to 4. 46. The data providing system according to claim 45, wherein the data providing device encrypts the data using the key data and provides the encrypted data to the data distribution device, and the management device manages the key data. 47. Each of the data providing device and the data distribution device creates its own secret key data used when performing authentication with another device, and manages the created secret key data. Creating public key data corresponding to the secret key data, registering the public key data, an identification card, and a settlement account in the management device; and the management device, in response to the registration, The data providing system according to claim 45, wherein public key certificate data for certifying the validity of the data is created. 48. The management device assigns an identification number to each of the data providing device and the data distribution device according to the registration, and assigns a public key data of a root certificate authority to the data providing device and the data distribution device. 48. The data providing system according to claim 47, further comprising transmitting public key data of the management device. 49. The data providing system according to claim 47, wherein each of said data providing device and said data distribution device further registers said secret key data in said management device. 50. The data providing system according to claim 45, wherein the data processing device stores in advance secret key data generated by the management device and public key data corresponding to the secret key data. 51. The data providing system according to claim 50, wherein the data processing device stores public key certificate data for certifying the validity of the public key data generated by the management device in advance. 52. A data provision device, a data distribution device, a data processing device, and a management device, wherein the data provision device provides content data to the data distribution device, and wherein the data distribution device is provided with Distributing content data to the data processing device, wherein the data processing device uses the distributed content data, and the management device includes: a data providing device, the data distribution device, and data from the data processing device. In a data providing system for managing the operation of a provided service, mutual authentication using a public key encryption method is performed for data transmission between the data providing device, the data distribution device, the data processing device, and the management device. , Signature generation, signature verification, and data encryption using common key encryption. System. 53. A data distribution device, a data distribution device, a data processing device and a management device, wherein the data distribution device provides content data to the data distribution device, and wherein the data distribution device is provided with the content data. Distributing content data to the data processing device, wherein the data processing device uses the distributed content data, and the management device includes: a data providing device, the data distribution device, and data from the data processing device. Signature data that manages the operation of the provided service and indicates that when the data providing device, the data distribution device and the data processing device supply data to another device, the data is created by itself. Is created using its own private key data, and when data is supplied from another device, When verifying the validity of the signature data corresponding to the public key data of the other device, the public key corresponding to the respective private key data of the data providing device, the data distribution device, and the data processing device. In a data providing system that creates and manages public key certificate data of data, the data providing device, the data distribution device, and the data processing device, before performing communication with another device, from the management device. A data providing system for acquiring the own public key certificate data and transmitting the acquired public key certificate data to the another device. 54. A data provision device, a data distribution device, a data processing device, and a management device, wherein the data distribution device provides content data to the data distribution device, and wherein the data distribution device is provided with the content data. Distributing content data to the data processing device, wherein the data processing device uses the distributed content data, and the management device includes: a data providing device, the data distribution device, and data from the data processing device. Signature data that manages the operation of the provided service and indicates that when the data providing device, the data distribution device and the data processing device supply data to another device, the data is created by itself. Is created using its own private key data, and when data is supplied from another device, When verifying the validity of the signature data corresponding to the public key data of the other device, the public key corresponding to the respective private key data of the data providing device, the data distribution device, and the data processing device. In a data providing system for creating and managing public key certificate data of data, the data providing device, the data distribution device, and the data processing device, when communicating with another device, from the management device A data providing system for acquiring its own public key certificate data and transmitting the acquired public key certificate data to the other device during the communication. 55. A data provision device, a data distribution device, a data processing device, and a management device, wherein the data distribution device provides content data to the data distribution device, and wherein the data distribution device is provided with Distributing content data to the data processing device, wherein the data processing device uses the distributed content data, and the management device includes: a data providing device, the data distribution device, and data from the data processing device. Signature data that manages the operation of the provided service and indicates that when the data providing device, the data distribution device and the data processing device supply data to another device, the data is created by itself. Is created using its own private key data, and when data is supplied from another device, When verifying the validity of the signature data corresponding to the public key data of the other device, the public key corresponding to the respective private key data of the data providing device, the data distribution device, and the data processing device. Creates and manages public key certificate data of data, generates public key certificate revocation data that specifies public key certificate data to be invalidated among the created public key certificate data, and generates the data providing device, A data distribution system that restricts the data distribution device and the data processing device from performing the communication or the distribution using public key certificate data specified by the public key certificate revocation data. 56. The management device generates the public key certificate revocation data that specifies the public key certificate data corresponding to the data providing device, the data distribution device, and the data processing device used in the misconduct. 56. The data providing system according to claim 55, wherein: 57. A data provision device, a data distribution device, a data processing device, and a management device, wherein the data provision device provides content data to the data distribution device, and wherein the data distribution device is provided with Distributing content data to the data processing device, wherein the management device manages the operation of a data providing service by the data providing device, the data distribution device and the data processing device, and the data providing device is connected to another device. When supplying data, signature data indicating that the data was created by itself is created using its own secret key data, and another device correlates the validity of the signature data with the secret key data. When performing verification using public key data, the public key certificate data of the public key data corresponding to the private key data of the data providing device is used. Creates and manages the public key certificate data, generates public key certificate revocation data that specifies the public key certificate data to be invalidated among the created public key certificate data, and sends the public key certificate revocation data to the data processing device. The data processing device distributes the public key certificate data of the data providing device that provided the distributed content data based on the public key certificate revocation data received from the management device. A data providing system that verifies whether or not the content data is distributed and controls the use of the distributed content data based on a result of the verification. 58. The management device directly distributes the public key certificate revocation data to the data processing device.
2. A data providing system according to 1. 59. The data providing system according to claim 57, wherein the management device distributes the public key certificate revocation data to the data processing device via the data distribution device in a broadcast or on-demand manner. 60. A data providing device, a data distribution device, a data processing device, and a management device, wherein the management device manages operation of a data providing service by the data providing device, the data distribution device, and the data processing device. When the data providing device supplies data to another device, the data providing device creates signature data indicating that the data has been created by itself using its own secret key data, and the other device generates the signature data. When verifying the validity of the data using the public key data corresponding to the secret key data, create and manage public key certificate data of the public key data corresponding to the secret key data of the data providing device, Generates public key certificate revocation data that specifies the public key certificate data to be invalidated from the created public key certificate data, and generates the public key certificate revocation data. The data distribution device distributes the provided content data based on the public key certificate revocation data received from the management device. A data providing system for verifying whether or not public key certificate data is invalid, and controlling distribution of the provided content data to the data processing device based on a result of the verification. 61. A data providing device, a data distribution device, a data processing device, and a management device, wherein the management device manages operation of a data providing service by the data providing device, the data distribution device, and the data processing device. When the data distribution device supplies data to another device, the data distribution device creates signature data indicating that the data has been created by itself using its own secret key data, and the other device generates the signature data. When verifying the validity of the data using the public key data corresponding to the secret key data, create and manage public key certificate data of the public key data corresponding to the secret key data of the data distribution device, Generates public key certificate revocation data that specifies the public key certificate data to be invalidated from the created public key certificate data, and generates the public key certificate revocation data. Data to the data providing device, the data providing device, based on the public key certificate revocation data received from the management device, the public key certificate data of the data distribution device to which the content data is provided. Verifying whether or not is invalid, and based on the result of the verification, the data distribution device that controls the provision of the content data to the data distribution device, the data distribution device A data providing system that uses the distributed content data. 62. A data providing device, a data distribution device, a data processing device, and a management device, wherein the management device manages operation of a data providing service by the data providing device, the data distribution device, and the data processing device. When the data distribution device supplies data to another device, the data distribution device creates signature data indicating that the data has been created by itself using its own secret key data, and the other device generates the signature data. When verifying the validity of the data using the public key data corresponding to the secret key data, create and manage public key certificate data of the public key data corresponding to the secret key data of the data distribution device, Generates public key certificate revocation data that specifies the public key certificate data to be invalidated from the created public key certificate data, and generates the public key certificate revocation data. Distributes data to the data distribution device, the data providing device provides content data to the data distribution device, and the data distribution device provides the provided content data and a public key certificate that has received the distribution. And disposing the discarded data to the data processing device, wherein the data processing device is configured to distribute the distributed content data based on the distributed public key certificate destruction data, and the public key of the data distribution device. A data providing system that verifies whether or not certificate data is invalid, and controls use of the distributed content data based on a result of the verification. 63. The data providing system according to claim 62, wherein said data distribution device has a configuration in which said public key certificate discarded data distributed from said management device is difficult to falsify. 64. The management device, wherein the public key certificate discard data is encrypted using distribution key data and distributed to the data distribution device, and the distribution key data is distributed to the data processing device. 63. The data providing system according to claim 62, wherein the data processing device decrypts the distributed public key certificate revocation data using the distribution key data. 65. The data providing system according to claim 62, wherein said data distribution device distributes said public key certificate revocation data to said data processing device by broadcast or on demand. 66. A data providing device, a data distribution device, a data processing device, and a management device, wherein the management device manages the operation of the data providing device, the data distribution device, and the data providing service by the data processing device. When the data distribution device supplies data to another device, the data distribution device creates signature data indicating that the data has been created by itself using its own secret key data, and the other device generates the signature data. When verifying the validity of the data using the public key data corresponding to the secret key data, create and manage public key certificate data of the public key data corresponding to the secret key data of the data distribution device, Generates public key certificate revocation data that specifies the public key certificate data to be invalidated from the created public key certificate data, and generates the public key certificate revocation data. Distributing the data to the data processing device; the data providing device providing content data to the data distribution device; the data distributing device distributing the provided content data to the data processing device; The processing device verifies whether the public key certificate data of the data distribution device that distributed the distributed content data is invalid based on the distributed public key certificate discard data, A data providing system that controls use of the distributed content data based on a result of the verification. 67. A data providing device, a data distribution device, a data processing device, and a management device, wherein the management device manages the operation of the data providing device, the data distribution device, and the data providing service by the data processing device. When the data distribution device supplies data to another device, the data distribution device creates signature data indicating that the data has been created by itself using its own secret key data, and the other device generates the signature data. When verifying the validity of the data using the public key data corresponding to the secret key data, create and manage public key certificate data of the public key data corresponding to the secret key data of the data distribution device, Generates public key certificate revocation data that specifies the public key certificate data to be invalidated from the created public key certificate data, and generates the public key certificate revocation data. Distributes data to the data providing device, the data providing device provides the data distribution device with content data and the public key certificate revocation data, and the data distribution device provides the provided content data and public key. Distributing certificate revocation data to the data processing device, wherein the data processing device discloses the data distribution device that distributed the distributed content data based on the distributed public key certificate revocation data. A data providing system for verifying whether key certificate data is invalid, and controlling the use of the distributed content data based on a result of the verification. 68. A data provision device, a data distribution device, a plurality of data processing devices and a management device, wherein the management device operates the data provision device, the data distribution device, and a data provision service by the data processing device. When the data processing device supplies data to another device, the data processing device creates signature data indicating that the data was created by itself using its own secret key data, and the other device When verifying the validity of the signature data using the public key data corresponding to the secret key data, creating and managing public key certificate data of the public key data corresponding to the secret key data of the data processing device. Generating the public key certificate revocation data for specifying the public key certificate data to be invalidated among the created public key certificate data, Distributing the revocation data to the data providing device, the data providing device providing the content data and the public key certificate revocation data to the data distribution device, and the data distributing device providing the provided content data and public Distributing key certificate revocation data to the data processing device, wherein the data processing device obtains public key certificate data of another data processing device based on the public key certificate revocation data distributed from the data distribution device. A data providing system that verifies whether or not the data is invalid and controls communication with the other data processing device based on a result of the verification. 69. The data providing system according to claim 68, wherein said data distribution device has a configuration in which said public key certificate discarded data distributed from said management device is difficult to falsify. 70. The management device encrypts the public key certificate revocation data using distribution key data and distributes the data to the data providing device, distributes the distribution key data to the data processing device, 69. The data providing system according to claim 68, wherein the data processing device decrypts the distributed public key certificate revocation data using the distribution key data. 71. A data providing device, a data distribution device, a plurality of data processing devices, and a management device, wherein the management device operates the data providing device, the data distribution device, and a data providing service by the data processing device. When the data processing device supplies data to another device, the data processing device creates signature data indicating that the data was created by itself using its own secret key data, and the other device When verifying the validity of the signature data using the public key data corresponding to the secret key data, creating and managing public key certificate data of the public key data corresponding to the secret key data of the data processing device. Generating the public key certificate revocation data for specifying the public key certificate data to be invalidated among the created public key certificate data, Distributing discarded data to the data distribution device; the data providing device providing content data to the data distribution device; the data distribution device providing the provided content data and the distributed public key certificate The data processing device distributes the discarded data to the data processing device, and the data processing device invalidates the public key certificate data of another data processing device based on the public key certificate destruction data distributed from the data distribution device. A data providing system that verifies whether or not there is, and controls communication with the other data processing device based on a result of the verification. 72. The data providing system according to claim 71, wherein said data distribution device has a configuration in which said public key certificate revocation data distributed from said management device is difficult to be tampered with. 73. The management device encrypts the public key certificate revocation data using distribution key data and distributes the data to the data distribution device, distributes the distribution key data to the data processing device, 72. The data providing system according to claim 71, wherein the data processing device decrypts the distributed public key certificate revocation data using the distribution key data. 74. A data providing device, a data distributing device, a plurality of data processing devices and a management device, wherein the data processing device is connected to a predetermined network to which the data processing device is already connected, and the registered data is registered. Supplying the registration data indicating the processing device to the management device, referencing the destruction flag in the registration data supplied from the management device, and changing the public key certificate data indicated to be invalid by the destruction flag. Regulating communication with another data processing device having, the management device manages the operation of a data providing service by the data providing device, the data distribution device and the data processing device, the data processing device When supplying data to another device, if the signature data indicating the validity of the data is created using its own secret key data, the secret key It creates and manages public key certificate data of public key data corresponding to data, and generates public key certificate revocation data for identifying public key certificate data to be invalidated among the created public key certificate data. Storing the public key certificate revocation data and generating new registration data by setting the revocation flag in the registration data supplied from the data processing device based on the public key certificate revocation data. And distributing the generated registration data to the data processing device; the data providing device providing content data to the data distribution device; and the data distributing device distributing the provided content data to the data processing device. Data distribution system to distribute to. 75. A data providing device, a data distribution device, a plurality of data processing devices, and a management device, wherein the management device operates the data providing device, the data distribution device, and a data providing service by the data processing device. When the data processing device supplies data to another device and creates signature data indicating the validity of the data using its own secret key data, the data processing device corresponds to the secret key data. Generating and managing public key certificate data of the public key data to be generated, generating public key certificate revocation data for specifying the public key certificate data to be invalidated among the generated public key certificate data, Distributing certificate revocation data to the data providing device, wherein the data providing device destroys the content data and the public key certificate to the data distribution device. The data distribution device distributes the provided content data and the public key certificate revocation data to the data processing device, and the data processing device transmits the distributed public key certificate. Based on the discard data, set a discard flag in the registration data indicating the registered data processing device connected to the predetermined network to which the self is connected, and the discard flag indicates that the data processing device is invalid. A data providing system that regulates communication with another data processing device having public key certificate data. 76. A data provision device, a data distribution device, a plurality of data processing devices and a management device, wherein the management device operates the data provision device, the data distribution device, and a data provision service by the data processing device. When the data processing device supplies data to another device and creates signature data indicating the validity of the data using its own secret key data, the data processing device corresponds to the secret key data. Generating and managing public key certificate data of the public key data to be generated, generating public key certificate revocation data for specifying the public key certificate data to be invalidated among the generated public key certificate data, Distributing certificate revocation data to the data distribution device, the data providing device providing content data to the data distribution device, Distributes the provided content data and the public key certificate revocation data to the data processing device, and the data processing device is connected to itself based on the distributed public key certificate revocation data. Setting a discard flag in the registration data indicating the already registered data processing device connected to the predetermined network, and having another public key certificate data indicated to be invalid by the discard flag. A data providing system that regulates communication with a data processing device. 77. A data providing system having a data providing device, a data distribution device, a data processing device, and a management device, wherein the data providing device converts content data and right document data indicating handling of the content data into the data. A first module for providing to the distribution apparatus, the data distribution apparatus distributes the provided content data and the rights document data to the data processing apparatus, and the data processing apparatus communicates with the data distribution apparatus. And determining at least one of a purchase form and a use form of the distributed content data based on the distributed rights document data,
A second module for transmitting history data indicating the history of the determined purchase mode and usage mode to the management apparatus, wherein the management apparatus manages a data providing apparatus, a data distribution apparatus, and a data processing apparatus; Based on the history data received from the second module, obtained by the data processing device receiving the distribution of the content data, and by purchasing and using the content data. A payment function for performing a profit distribution process for distributing profits to the parties of the data providing device and the data distribution device, and performing a payment based on the result of the profit distribution process, and a right for registering the rights document data A data providing system having a management function. 78. The data providing system according to claim 77, wherein said management device comprises: a first management device having said settlement function; and a second management device having said right management function. 79. The settlement according to claim 77, wherein the settlement is electronic settlement.
2. A data providing system according to 1. 80. A data providing system having a data providing device, a data distribution device, a data processing device, and a management device, wherein the data providing device converts content data and right document data indicating handling of the content data into the data. The data distribution device has a charging function of performing a payment process using the payment request right data distributed from the management device, and the provided content data and the rights document data are provided to the distribution device. A first module that communicates with the data distribution device, and a purchase mode of the content data distributed based on the distributed rights document data; And at least one of the usage forms,
A second module for transmitting history data indicating the history of the determined purchase mode and usage mode to the management apparatus, wherein the management apparatus manages a data providing apparatus, a data distribution apparatus, and a data processing apparatus; Based on the history data received from the second module, obtained by the data processing device receiving the distribution of the content data, and by purchasing and using the content data. Performs a profit distribution process for distributing profits to the parties of the data providing device and the data distribution device, and generates payment claim right data used when performing payment based on the result of the profit distribution process. A data having a settlement claim data generation function to be supplied to the data distribution device, and a rights management function for registering the rights document data. Provide system. 81. A data providing system having a data providing device, a data distribution device, a data processing device, and a management device, wherein the data providing device performs a payment process using payment claim right data distributed from the management device. A billing function to perform, providing the data distribution device with content data and rights document data indicating the handling of the content data, wherein the data distribution device transmits the provided content data and the rights document data to the data distribution device. A first module that communicates with the data distribution device, and a purchase mode of the content data distributed based on the distributed rights document data; And at least one of the usage forms,
A second module for transmitting history data indicating the history of the determined purchase mode and usage mode to the management apparatus, wherein the management apparatus manages a data providing apparatus, a data distribution apparatus, and a data processing apparatus; Based on the history data received from the second module, obtained by the data processing device receiving the distribution of the content data, and by purchasing and using the content data. Performs a profit distribution process for distributing profits to the parties of the data providing device and the data distribution device, and generates payment claim right data used when performing payment based on the result of the profit distribution process. A data having a billing right data generation function to be distributed to the data providing device and a right management function to register the right data. Provide system. 82. A data providing method using a data providing device, a data processing device, and a management device, wherein the data providing device transmits, to the data processing device, content data and right certificate data indicating handling of the content data. In the data processing device, at least one of a purchase mode and a use mode of the distributed content data is determined based on the distributed rights document data, and the determined purchase mode and use mode are determined. The history data indicating at least one history is transmitted to the management device, and the management device obtains the content data based on the received history data with the purchase and use of the content data in the data processing device. Profit
A data providing method for performing a profit sharing process for distributing the data to a related person of the data providing apparatus. 83. A data providing method using a data providing device, a data distributing device, a data processing device, and a management device, wherein the data providing device provides the data distributing device with content data and a right indicating handling of the content data. Providing the content data and the rights document data provided from the data distribution device to the data processing device, wherein the data processing device provides the content data and the rights document data based on the received rights document data. And determining at least one of a purchase mode and a usage mode of the distributed content data, and transmitting history data indicating a history of the determined purchase mode and usage mode to the management device. The data processing is performed based on the history data received from the second module. The distribution device receives the distribution of the content data, and distributes the profit obtained by purchasing and using the content data to a person who is involved in the data providing device and the data distribution device. Data providing method to perform profit sharing process for 84. A data providing method using a data providing device, a data distribution device, a data processing device, and a management device, wherein the data providing device transmits to the data distribution device a content data and a right indicating handling of the content data. Providing the content data and the rights document data to the data processing device from the data distribution device to the data processing device; and distributing the data from the data distribution device in the data processing device. Generated purchase history data for a data distribution device indicating the history of purchase of the received content data, transmitted to the data distribution device, and received the distribution based on the distributed rights document data. Determine at least one of a purchase mode and a use mode of the content data, and The management device transmits history data for the management device indicating the history of the purchased form and the usage form to the management device. The profit obtained with the use is distributed to the parties related to the data providing device and the data distribution device, and the data distribution device uses the data distribution device purchase history data received from the data processing device. ,
A data providing method for performing a charging process regarding the distribution of the content data.