JP2002099509A - Portable terminal equipment - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a portable terminal equipment which, when a line is disconnected during the reception of encrypted content data and a license, automatically reconnects to continue the reception of the encrypted content data and the license. SOLUTION: A portable telephone, when the line is disconnected during the reception of encrypted content data, judges in which step the connection has occurred (step S40), when the disconnection has occurred in a transaction ID acquisition step, reconnects with a basic distribution session (step S10), when the disconnection has occurred in a content acquisition step, reconnects with a reconnection distribution session 1 (step S20), and when the disconnection has occurred in a license acquisition step, reconnects with a reconnection distribution session 2 (step S30).

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

[0001] 1. Field of the Invention [0002] The present invention relates to a portable terminal device used in a data distribution system capable of protecting copyright of copied information.

[0002]

2. Description of the Related Art In recent years, with the progress of information communication networks such as the Internet, it has become possible for each user to easily access network information using a personal terminal using a cellular phone or the like.

In such an information communication network, information is transmitted by digital signals. Therefore, for example, even when music or video data transmitted in the information communication network described above is copied by each individual user, the data is copied with almost no deterioration in sound quality or image quality due to such copying. It is possible.

[0004] Therefore, in the case where a creation, such as music data or image data, for which a writer's right exists, is transmitted on such an information communication network, appropriate copyright protection measures must be taken. , The rights of the copyright holder may be significantly infringed.

On the other hand, giving priority to the purpose of copyright protection,
If it is not possible to distribute copyrighted work data through the rapidly expanding digital information communication network, basically, copyright owners who can collect a certain copyright fee when copying copyrighted work data It is rather disadvantageous.

Here, considering not a distribution via the digital information communication network as described above but a recording medium on which digital data is recorded as an example, a CD (compact disc) on which music data which is usually sold is recorded is considered. Regarding (2), music data can be freely copied from a CD to a magneto-optical disk (MD or the like) in principle as long as the copied music is stopped for personal use. However, an individual user who performs digital recording or the like indirectly pays a certain amount of the price of the digital recording device itself or a medium such as an MD as a deposit to the copyright holder.

Furthermore, when music data as a digital signal is copied from a CD to an MD, the music information is transferred from a recordable MD to another MD in consideration of the fact that the information is digital data with little copy deterioration. Copying as digital data is not possible due to copyright protection due to equipment configuration.

[0008] Even in such circumstances, distributing music data and image data to the public through a digital information communication network is itself an act limited by the public transmission right of the copyright holder. Sufficient measures need to be taken.

In this case, with respect to content data such as music data and image data which are copyrighted works transmitted to the public through the information communication network, it is possible to prevent content data once received from being copied without permission. Required.

[0010] Therefore, a distribution server that holds encrypted content data obtained by encrypting the content data is a data server that distributes the encrypted content data to a memory card mounted on a terminal device such as a mobile phone via the terminal device. A distribution system has been proposed. In this data distribution system, a public encryption key of a memory card and a certificate thereof, which have been authenticated by a certificate authority in advance, are transmitted to a distribution server at the time of a distribution request of encrypted content data. After confirming the reception, the encrypted content data and the license key for decrypting the encrypted content data are transmitted to the memory card. When distributing the encrypted content data and the license key, the distribution server and the memory card generate a different session key for each distribution, and encrypt the public encryption key with the generated session key. The keys are exchanged between the memory cards.

[0013] Finally, the distribution server transmits the license encrypted by the public encryption key of each memory card and further encrypted by the session key, and the encrypted content data to the memory card. Then, the memory card records the received license key and the encrypted content data in the memory.

[0012]

However, the line may be disconnected while receiving the encrypted content data and the license from the distribution server. In such a case, it is very inconvenient to receive the encrypted content data and the license again from the beginning. In particular, since it takes time to receive encrypted content data, it is very inconvenient to receive encrypted content data again from the beginning.

[0013] In addition, charging is performed for the distribution of the encrypted content data and the license. If the charging has already been performed when the line is disconnected, if the encrypted content data and the license are received again from the beginning, 1 is charged. There is a problem that a fee is paid twice for one encrypted content data.

Further, when the line is disconnected, it is very complicated for the user of the portable telephone to know the disconnection and to reconnect the line.

SUMMARY OF THE INVENTION The present invention has been made to solve such a problem, and an object of the present invention is to automatically reconnect and encrypt when a line is disconnected while receiving encrypted content data and a license. It is an object of the present invention to provide a portable terminal device that continues receiving encrypted content data and a license.

It is another object of the present invention to provide a portable terminal device that continues receiving encrypted content data and a license in accordance with a state when a line is disconnected.

[0017]

A portable terminal device according to the present invention receives encrypted content data obtained by encrypting content data and / or a license for reproducing the encrypted content data from a distribution server. A portable terminal device for recording the received encrypted content data and / or license in a data recording device, wherein the transmitting and receiving unit performs communication with the outside;
An interface for controlling data transfer with the data recording device, a key operation unit for inputting instructions, and a control unit, and when the line with the distribution server is disconnected when accessing the distribution server, the control unit , Selecting a different reconnection mode according to the disconnection mode in which the disconnection occurred,
The line with the distribution server is reconnected according to the selected reconnection mode.

In the portable terminal device according to the present invention,
When the line is disconnected while accessing the distribution server holding the encrypted content data and the license for reproducing the encrypted content data, the disconnected mode is detected, and the reconnection is performed in accordance with each disconnection mode. Reconnection with the distribution server is automatically performed according to the connection mode.

Therefore, according to the present invention, appropriate reconnection can be performed according to the line disconnection mode.
Also, reconnection is automatically performed, which is convenient.

Preferably, the control unit of the portable terminal device controls the transmission / reception unit to repeat reconnection until a reconnection time set by inputting in advance from the key operation unit is reached.

When the line is disconnected, reconnection is performed.
Then, the reconnectable time is limited by a preset reconnect time, and if the reconnect is not possible even after the reconnect time, the reconnect to the distribution server is stopped.

Therefore, according to the present invention, the portable terminal device can be reconnected for a certain period of time after the line is disconnected, and can continuously receive encrypted content data and the like.
Further, since the reconnection time is set, the period during which reconnection cannot be performed does not continue forever.

Preferably, the control unit of the portable terminal device controls the transmitting / receiving unit to repeat reconnection until the number of reconnection times set in advance by inputting from the key operation unit is reached.

When the line is disconnected, reconnection is performed.
Then, the number of times of reconnection is limited by a preset number of reconnections. If reconnection is not possible even after exceeding the number of reconnections, reconnection to the distribution server is stopped.

Therefore, according to the present invention, the portable terminal device can reconnect within the preset number of reconnection times, and can continuously receive encrypted content data and the like. Further, since the number of times of reconnection is set, the period during which reconnection is not possible does not continue forever.

Preferably, a different number of times of reconnection is set according to the disconnection mode. A different number of reconnections is set depending on the disconnection mode in which the line was disconnected.

Therefore, according to the present invention, the number of reconnections according to each disconnection mode can be set.

[0028] Preferably, the disconnection mode is a first disconnection mode before the user is charged for receiving the encrypted content data.
And a second disconnection mode for disconnecting after charging for receiving the encrypted content data. The number of reconnections set for the first disconnection mode is the second disconnection mode. Less than the number of reconnections set for

Billing is performed for receiving the encrypted content data and the license. The number of reconnections differs between a case where the line disconnection occurs before charging and a case where the line disconnection occurs after charging. Then, when the line is disconnected after charging is performed, it is possible to reconnect more times than when the line is disconnected before charging.

Therefore, according to the present invention, even if the line is disconnected after charging is performed, it is possible to continuously download encrypted content data and the like. As a result, by downloading the encrypted content data again from the beginning, it is possible to prevent the user from paying the same fee for receiving one encrypted content data.

Preferably, the disconnection mode includes a first disconnection mode for disconnecting while receiving the encrypted content data and a second disconnection mode for disconnecting while receiving the license. The number of reconnections set by the user is smaller than the number of reconnections set for the second disconnection mode.

Different numbers of reconnections are set for the case where the line is disconnected during reception of the encrypted content data and the case where the line is disconnected during reception of the license. Then, when the line is disconnected while receiving the license, reconnection is permitted up to many times. In general, charging for reception of encrypted content data is often performed for license acquisition.

Therefore, according to the present invention, even if the line is disconnected after the payment, the encrypted content data and the license can be continuously received.

Preferably, the control unit of the portable terminal device restarts the access to the distribution server from the beginning when the line is disconnected before requesting the distribution server for distribution of the encrypted content data.

When the line is disconnected before the distribution request of the encrypted content data is made, the portable terminal device does not substantially receive the encrypted content data and the license. Start over.

Therefore, according to the present invention, it is possible to redistribute the encrypted content data and the like within a range where the user is not substantially damaged.

Preferably, the encrypted content data is
It is divided into M (M is a natural number) blocks, and the transmitting / receiving unit of the mobile terminal device sequentially receives the M blocks,
In the first disconnection mode, when reconnected to the distribution server in the first disconnection mode, the control unit requests the distribution server via the transmission / reception unit to distribute a block next to the last block received before disconnection.

[0038] The encrypted content data is divided into a plurality of blocks, and the portable terminal device receives the encrypted content data in block units. That is, the portable terminal device receives the encrypted content data by packet-type communication. Then, when the line is disconnected during reception, the mobile terminal device sequentially retransmits the plurality of blocks, reconnects the line, and starts distribution from the block next to the last block received before disconnection. Request to server.

Therefore, according to the present invention, even if the line is disconnected during reception of the encrypted content data, the portable terminal device can continuously receive the encrypted content data after reconnecting the line.

Preferably, the control unit of the portable terminal device has a block number m (1 ≦ m <M) corresponding to the last block.
Is transmitted to the distribution server via the transmission / reception unit, and reception is started from the block with the block number m + 1 via the transmission / reception unit.

After reconnecting the line, the portable terminal device transmits the block number of the last block received before disconnection to the distribution server to request distribution of the encrypted content data. The distribution server transmits a block to which the next block number is assigned based on the received block number to the portable terminal device.

Therefore, according to the present invention, continuous encrypted content data can be accurately received even when the line is disconnected.

Preferably, the control unit of the portable terminal device, upon receiving the encrypted content data from the distribution server,
The transaction ID for managing the communication with the distribution server received from the distribution server is recorded in the data recording device, and when the line is reconnected, the transaction ID is read from the data recording device.
D is transmitted to the distribution server via the transmission / reception unit together with the block number m.

The portable terminal device obtains a transaction ID for specifying the distribution of the encrypted content data from the data recording device, and transmits the transaction ID together with the block number of the requested block to the distribution server. The distribution server specifies which mobile terminal device the communication is with based on the received transaction ID, and specifies the encrypted content data transmitted to the mobile terminal device before the line is disconnected. And
Next, a block to be transmitted next is extracted from the plurality of blocks of the specified encrypted content data based on the block number. Then, the distribution server transmits the extracted block to the mobile terminal device.

Therefore, according to the present invention, when the line is reconnected, the block of the encrypted content data to be received next by the portable terminal device can be quickly and accurately extracted.

Preferably, the control unit of the portable terminal device receives a transaction ID for specifying the distribution of the encrypted content data and the license from the distribution server from the distribution server via the transmission / reception unit, and receives the received transaction ID. Is recorded in the data recording device as a reception log indicating the processing state in the reception processing of the encrypted content data and the license. When the line is reconnected in the second disconnection mode, the latest reception log at the time of reconnection is transmitted to the interface. Read from the data recording device via the transmission / reception unit and transmitted to the distribution server via the transmission / reception unit. If the reception log matches the distribution log held in the distribution server, the license is received from the distribution server via the transmission / reception unit and received. License recorded on the data recording device via the interface

The data recording device records a reception log indicating a processing state in the reception processing of the encrypted content data and the license. Then, when the line is disconnected during reception of the license and then reconnected, the portable terminal device records the latest reception log among the reception logs received before the disconnection and recorded in the data recording device. Read from the device and transmit the latest reception log to the distribution server. Then, the distribution server compares the reception log with the distribution log held by the distribution server, and transmits the license to the portable terminal device when both match.

Therefore, according to the present invention, the distribution server and the data recording device hold logs, which are records of communication with each other, so that even if the line is disconnected,
In addition, licenses can be accurately distributed.

Preferably, the control unit of the portable terminal device receives the common key used in the distribution specified by the transaction ID and generated in the distribution server via the transmission / reception unit, and stores the received common key in the distribution server. The data is transmitted to the data recording device via the interface, and when the line is reconnected, the encrypted reception log encrypted by the data recording device using the common key is read from the data recording device via the interface, and the read encrypted reception log is read. Is transmitted to the distribution server via the transmission / reception unit.

When the line is disconnected during the reception of the license, the portable terminal device encrypts the latest reception log recorded in the data recording device with the common key sent from the distribution server, and stores the data in the data recording device. , And transmits the encrypted reception log to the distribution server.

Therefore, according to the present invention, a third party cannot access the reception log, which is a record of communication, and can accurately transmit the reception log to the distribution server.

Preferably, the control unit of the portable terminal device reads the transaction ID from the data recording device via the interface, and reads the read transaction ID.
Is transmitted to the distribution server together with the encrypted reception log, and is stored in the distribution server, and the encrypted reception log is decrypted using the common key specified by the transaction ID,
If the decrypted reception log matches the distribution log held in the distribution server and there is no charge for the distribution of the encrypted content data and the license, the log is generated in the distribution server and the transaction ID is generated.
A new common key used in the distribution specified by the transmission / reception unit from the distribution server and transmitted to the data recording device, and another common key generated in the data recording device and encrypted The license is received via the transmission / reception unit by transmitting the license to the distribution server via the transmission / reception unit.

When the line is disconnected during reception of the license, the portable terminal device obtains the latest reception log recorded in the data recording device, which is encrypted with the common key, from the data recording device, and obtains the data together with the transaction ID. Send to distribution server. Then, the distribution server determines the received transaction ID based on the transaction ID.
The common key used in the distribution of the encrypted content data and the like specified by the above is specified. The distribution server decrypts the received encrypted reception log using the specified common key to acquire the reception log. The receiving log matches the delivery log,
When the distribution of the encrypted content data is not charged, the distribution server generates a new common key and transmits it to the portable terminal device. The mobile terminal device receives the license from the distribution server by sending the received new common key to the data recording device, obtaining another encrypted common key from the data recording device, and transmitting it to the distribution server.

That is, when the line is disconnected and reconnected when the distribution of the encrypted content data is not charged, the distribution server and the data recording device again perform the distribution of the encrypted content data. Mutual authentication is performed by generating a common key to be used and exchanging the common key with each other. And
When the mutual authentication is successful, the mobile terminal device receives the license from the distribution server.

Therefore, according to the present invention, the portable terminal device can receive encrypted content data or the like suitable for the disconnection mode that has occurred when the user is not charged.

Preferably, the control unit of the portable terminal device reads the transaction ID from the data recording device via the interface, and reads the read transaction ID.
Is transmitted to the distribution server together with the encrypted reception log, and is stored in the distribution server, and the encrypted reception log is decrypted using the common key specified by the transaction ID,
If the decrypted reception log matches the distribution log held in the distribution server, and the distribution of the encrypted content data and the license has already been charged, the license specified based on the transmitted transaction ID Is received from the distribution server via the transmission / reception unit.

When the line is disconnected during the reception of the license, the portable terminal device obtains the latest reception log recorded in the data recording device, which is encrypted with the common key, from the data recording device, and obtains the information together with the transaction ID. Send to distribution server. Then, the distribution server determines the received transaction ID based on the transaction ID.
The common key used in the distribution of the encrypted content data and the like specified by the above is specified. The distribution server decrypts the received encrypted reception log using the specified common key to acquire the reception log. The receiving log matches the delivery log,
In addition, when charging for distribution of the encrypted content data is performed, the license specified based on the transaction ID is transmitted to the portable terminal device.

Therefore, according to the present invention, the portable terminal device can receive encrypted content data or the like suitable for the disconnection mode generated after the charge.

[0059] Preferably, the portable terminal device has a call function of a portable telephone. The mobile terminal device receives the encrypted content data and the like, and also performs a normal call function.

Therefore, according to the present invention, it is possible to receive encrypted content data and the like in a portable telephone capable of making a normal call. .

[0061]

Embodiments of the present invention will be described in detail with reference to the drawings. In the drawings, the same or corresponding portions have the same reference characters allotted, and description thereof will not be repeated.

FIG. 1 is a schematic diagram conceptually illustrating the overall configuration of a data distribution system for distributing encrypted content data to be received by a portable terminal device to a memory card according to the present invention.

In the following, the configuration of a data distribution system for distributing digital music data to each mobile phone user via a mobile phone network will be described as an example. As will be apparent from the following description, the present invention is based on this configuration. The present invention is not limited to such a case, and can be applied to the case of distributing content data as another copyrighted work, for example, image data, moving image data, and the like.

Referring to FIG. 1, distribution carrier 20 relays a distribution request (delivery request) from each mobile telephone user obtained through its own mobile telephone network to a license server. The license server 10 that manages the music data having the copyright determines whether or not the memory card 110 attached to the mobile phone 100 of the mobile phone user who has accessed for data distribution has valid authentication data. In other words, authentication processing is performed to determine whether or not the memory card is a legitimate memory card, music data (hereinafter, also referred to as content data) is encrypted with the predetermined memory card by a predetermined encryption method, and then the data is distributed. A license as information necessary for reproducing the encrypted content data and the encrypted content data is given to the mobile phone company which is the distribution carrier 20 of the company.

The distribution carrier 20 transmits the encrypted content data and license to the memory card 110 attached to the mobile phone 100 that has transmitted the distribution request through its own mobile phone network, via the mobile phone network and the mobile phone 100. To deliver.

In FIG. 1, for example, a removable memory card 11 is attached to a mobile phone 100 of a mobile phone user.
0 is attached. Memory card 110
Receives the encrypted content data received by the mobile phone 100, decrypts the encryption performed for the distribution, and provides the decrypted encryption data to a music playback unit (not shown) in the mobile phone 100.

Further, for example, a portable telephone user can "play" such content data through headphones 130 or the like connected to portable telephone 100 and listen to it.

In the following, such a license server 1
The distribution server 30 is collectively referred to as “0” and the distribution carrier 20.

The process of transmitting content data from the distribution server 30 to each mobile phone or the like is referred to as “distribution”.

With such a configuration, first, unless the memory card 110 is used, it becomes difficult to receive the distribution of the content data from the distribution server 30 and reproduce the music.

Moreover, the distribution carrier 20 counts the frequency each time one piece of content data is distributed, for example, so that the mobile phone user receives (downloads) the content data and receives a copyright fee. Is collected by the distribution carrier 20 together with the communication charge of the mobile phone, the copyright holder can easily secure the copyright charge.

In the configuration as shown in FIG. 1, in order for the content data distributed in an encrypted form to be reproducible on the user side of the portable telephone, the system firstly requires communication. The second is the method itself for encrypting the content data to be distributed, and the third is the unauthorized copy of the content data distributed in this way. This is a configuration for implementing content data protection for prevention.

In the embodiment of the present invention, especially when each session of distribution and reproduction occurs, the authentication and check functions for the destination of these contents data are enhanced, and the non-authentication or decryption key is broken. A configuration for enhancing the copyright protection of content data by preventing output of content data to a recording device and a content reproduction device (mobile phone) will be described.

FIG. 2 is a diagram for explaining characteristics of data, information, and the like for communication used in the data distribution system shown in FIG.

First, data distributed from the distribution server 30 will be described. Data is content data such as music data. In the content data Data,
The encryption that can be decrypted with the license key Kc is performed. The encrypted content data {Data} Kc, which has been encrypted by the license key Kc, is distributed from the distribution server 30 to the mobile phone user in this format.

In the following, it is assumed that the notation {Y} X indicates that data Y has been encrypted by means of decryption key X.

Further, the distribution server 30 distributes, along with the encrypted content data, additional information Data-inf as plain text information such as a copyright relating to the content data or server access. Further, a transaction ID, which is a management code for specifying the distribution of the encrypted content data and the license key from the distribution server 30, is exchanged between the distribution server 30 and the mobile phone 100. Further, the license information includes a content ID which is a code for identifying the content data Data, a license ID which is a management code for specifying issuance of a license, the number of licenses and a function limitation determined by designation from the user side. And the like, which are generated based on the license purchase condition AC including information such as the access restriction information AC1 and the reproduction circuit which is control information in the data reproduction circuit (cellular phone). Control information AC2 and the like exist. Hereinafter, the license key Kc, the content ID, the license ID, the access control information AC1, and the reproduction circuit control information AC2 are collectively referred to as a license.

FIG. 3 is a diagram for explaining characteristics of data, information, and the like for use in the authentication and inhibition class list used in the data distribution system shown in FIG.

In the embodiment of the present invention, for each class of a recording device (memory card) or a portable telephone for reproducing content data, a distribution class list C is set so that distribution and reproduction of the content data can be restricted.
RL (Class Revocation List)
The operation of. In the following, data in the prohibited class list may be represented by the symbol CRL as necessary.

The prohibited class list related information includes prohibited class list data CRL listing classes of mobile phones and memory cards for which distribution and reproduction of licenses are prohibited.

The prohibited class list data CRL is managed in the distribution server 30 and is also recorded and held in a memory card. Such a prohibition class list needs to be upgraded and updated at any time, but data changes are basically made when distributing licenses such as encrypted content data and / or license keys. Based on the date and time, it is determined whether or not the prohibited class list received from the mobile phone has been updated. If the list has not been updated, the updated prohibited class list is distributed to the mobile phone. Further, with respect to the change of the prohibited class list, the distribution server 30 may generate difference data CRL_dat reflecting only the changed point, and the prohibited class list CRL in the memory card may be rewritten accordingly. is there. For the version of the prohibited class list, CRL_ver is output from the memory card side, and this is confirmed on the distribution server 30 side to execute version management. Difference data CRL_dat
Contains the information of the new version.

As described above, the prohibited class list CRL is
By holding and operating not only in the distribution server but also in the memory card, the class-specific, that is, the decryption key specific to the type of the mobile phone and the memory card is broken,
Prohibit the supply of license keys to mobile phones and memory cards. For this reason, it is impossible to reproduce the content data on the mobile phone and move the content data on the memory card.

As described above, the prohibited class list CRL in the memory card is configured to sequentially update data at the time of distribution. The prohibited class list C in the memory card
The management of the RL is performed independently of the upper level in the tamper resistant module (Tamper Re
banned class list data CRL from a higher level by a file system, an application program, etc.
Has a configuration that cannot be tampered with. As a result, copyright protection for data can be further strengthened.

The mobile phone and the memory card are provided with unique public encryption keys KPpn and KPmci, respectively. Decryptable. These public encryption key and secret decryption key have different values for each type of mobile phone and each type of memory card.
These public encryption keys and secret decryption keys are collectively called class keys.

Crtfn and Cmci are provided as class certificates for the data reproducing circuit (cellular phone) and the memory card, respectively. These class certificates have different information for each class of the mobile phone and the memory card. For the class key for which the encryption with the class key has been broken, that is, the secret decryption key has been obtained,
It is listed in the prohibition class list and is subject to prohibition of license issuance.

The public encryption key and the class certificate specific to the class of the portable telephone and the memory card are the authentication data {KPpn // Crtfn} KPma and $ KP
In the format of mci // Cmci @ KPma, it is recorded on a mobile phone (content reproduction circuit) and a memory card at the time of shipment. As will be described in detail later, KPma
Is a public authentication key common to the entire distribution system.

FIG. 4 is a diagram for collectively explaining the characteristics of keys related to encryption in the data distribution system shown in FIG.

Each time content data is distributed and reproduced, it is generated in distribution server 30, mobile phone 100, and memory card 110 as an encryption key for maintaining confidentiality in data transfer between the memory card and the outside of the memory card. Common keys Ks1 to Ks3 are used.

Here, the common keys Ks1 to Ks3 are unique common keys generated for each “session” which is a unit of communication or access between the distribution server, the mobile phone, or the memory card. The common keys Ks1 to Ks3 are also referred to as “session keys”.

These session keys Ks1 to Ks3
Is managed by the distribution server, the mobile phone, and the memory card by having a unique value for each communication session. Specifically, the session key Ks1 is
Generated by the distribution server for each distribution session.
The session key Ks2 is generated for each distribution session and reproduction session by the memory card, and the session key Ks3 is generated for each reproduction session in the mobile phone. In each session, these session keys are exchanged, a session key generated by another device is received, encryption is performed using the session key, and a license such as a license key is transmitted. Security strength can be improved.

Further, as a key for managing data processing in the memory card 110, a public encryption key KPm and a public encryption key KPm set for each medium called a memory card are used.
There is a unique secret decryption key Km for each memory card capable of decrypting the data encrypted by.

FIG. 5 shows the license server 1 shown in FIG.
FIG. 3 is a schematic block diagram illustrating a configuration of a zero.

The license server 10 includes an information database 304 for storing data obtained by encrypting content data according to a predetermined method, distribution information such as a license ID, and the like, for starting access to content data for each mobile phone user. A charging database 302 for storing the corresponding charging information, a CRL database 306 for managing a prohibited class list CRL, a menu database 307 for storing a menu of content data stored in the information database, content data and a license key, etc. Record database 308 holding a transaction ID for specifying the distribution of the information, information database 304, charging database 302, CRL database 306, menu database 307, and distribution record database Data from 08 receives via bus BS1, data processing unit 3 for performing a predetermined process
And a communication device 350 for exchanging data between the distribution carrier 20 and the data processing unit 310 via a communication network.

The data processing section 310 is controlled by the distribution control section 315 for controlling the operation of the data processing section 310 in accordance with the data on the bus BS1 and the session key Ks1 during the distribution session. And a authentication key {KPmci // Cmc for authentication of the memory card transmitted from the memory card via the mobile phone.
i {authentication key holding unit 313 for holding a public authentication key for decrypting KPma, and authentication data {KPmci // Cmci} for authentication of the memory card sent from the memory card via the mobile phone. A decryption processing unit 312 that receives KPma via communication device 350 and bus BS1 and performs decryption processing using public authentication key KPma from authentication key holding unit 313;
Decrypts the session key Ks1 generated from
12 using the public encryption key KPmci obtained by step 12 and outputting it to the bus BS1.
18 and a decryption processing unit 320 that receives data encrypted and transmitted by the session key Ks1 from the bus BS1 and performs decryption processing.

The data processing unit 310 further encrypts the license key Kc and the reproduction circuit control information AC2 given from the distribution control unit 315 with the public encryption key KPm unique to the memory card obtained by the decryption processing unit 320. Encryption processing unit 326 and encryption processing unit 326
And an encryption processing unit 328 for further encrypting the output of FIG. 3 with the session key Ks2 given from the decryption processing unit 320 and outputting the encrypted data to the bus BS1.

The operation of the license server 10 in a distribution session will be described later in detail with reference to flowcharts.

FIG. 6 is a schematic block diagram for describing the configuration of mobile phone 100 shown in FIG.

The mobile phone 100 has an antenna 1102 for receiving a signal wirelessly transmitted by the mobile phone network.
And a transmitting / receiving unit 1104 for receiving a signal from the antenna 1102 and converting it to a baseband signal, or for modulating data from a mobile phone and giving it to the antenna 1102.
And a bus BS2 for exchanging data with each unit of the mobile phone 100, and the mobile phone 100 via the bus BS2.
And a controller 1106 for controlling the operation of.

The portable telephone 100 further includes a key operation unit 11 for giving an external instruction to the portable telephone 100.
08, a display 1110 for providing information output from the controller 1106 or the like as visual information to a mobile phone user, and a display for reproducing sound based on data received via the database BS2 in a normal call operation. And a sound reproducing unit 1112.

The portable telephone 100 further includes a DA converter 1113 for converting the output of the audio reproduction unit 1112 from a digital signal to an analog signal, and a terminal 1114 for outputting the output of the DA converter 1113 to an external output device or the like. including.

The mobile phone 100 further includes a microphone 1115 for inputting a voice signal spoken by the user of the mobile phone 100 and an AD conversion for converting a voice signal from the microphone 1115 from an analog signal to a digital signal in a normal call operation. A digital signal from the AD converter 1116 and the AD converter 1116 is encoded according to a predetermined method, and the bus BS
2 and a speech coding unit 1117 to be provided to the second unit.

The portable telephone 100 further includes a removable memory card 110 for storing and decoding content data (music data) from the distribution server 30.
And a memory interface 1200 for controlling data transfer between the memory card 110 and the bus BS2.

The portable telephone 100 further decrypts the public encryption key KPp1 and the class certificate Crtf1, which are set for each type (class) of the content reproducing circuit built in the portable telephone, with the public decryption key KPma. An authentication data holding unit 1202 holds the encrypted authentication data {KPp1 // Crtf1} KPma so that its validity can be authenticated. Here, it is assumed that the class n of the mobile phone (content reproduction circuit) 100 is n = 1.

The mobile phone 100 further generates a Kp1 holding unit 1204 for holding a decryption key Kp1 unique to the mobile phone (content reproduction circuit), and decrypts the data received from the bus BS2 with the Kp1 and generates the data by the memory card 110. And a decryption processing unit 1206 for obtaining the obtained session key Ks2.

Mobile phone 100 further has a session key Ks3 for encrypting data exchanged with memory card 110 over bus BS2 in a reproduction session for reproducing content data stored in memory card 110. And a cryptographic processing unit 1208 that encrypts the generated session key Ks3 with the session key Ks2 obtained by the decryption processing unit 1206 and outputs it to the bus BS2.

The mobile phone 100 further includes a bus BS2
A decryption processing unit 1212 for decrypting the above data with the session key Ks3 and outputting the decrypted data.

The mobile phone 100 further includes a bus BS2
The license key Kc obtained from the decryption processing unit 1212 upon receiving the encrypted content data {Data} Kc
Decoding unit 1214 for decoding and outputting the content data, a music playback unit 1216 for receiving the output of the decoding processing unit 1214 and playing back the content data, and converting the output of the music playback unit 1216 from a digital signal to an analog signal. DA converter 1218 and the DA converter 11
13 and a switch 1222 for selectively outputting from the terminal 1114 or the terminal 1220 according to the operation mode,
And a connection terminal 1224 for receiving the output of the second and connecting to the headphones 130.

In FIG. 6, for the sake of simplicity, only blocks related to the distribution and reproduction of music data of the present invention are shown in the cellular phone, and blocks relating to the call function originally provided in the cellular phone are shown. Is partially omitted.

The operation of each component of the mobile phone 100 in each session will be described later in detail with reference to flowcharts.

FIG. 7 is a schematic block diagram for explaining a configuration of memory card 110. Referring to FIG. As described above, KPmci and Kmci are provided as a public encryption key and a secret decryption key unique to the memory card, and a class certificate Cmci of the memory card is provided. In the memory card 110, these are natural numbers i = 1, respectively.

Therefore, the memory card 110 has an authentication data holding unit 1400 for holding the authentication data {KPmc1 // Cmc1} KPma and a K for holding the unique decryption key Kmc1 set for each type of memory card.
mc1 holding unit 1402 and Km1 holding unit 14 holding secret decryption key Km1 uniquely set for each memory card
21 and a public encryption key KPm1 that can be decrypted by Km1
And a KPm1 holding unit 1416 for holding the The authentication data holding unit 1400 decrypts the secret encryption key KPmc1 and the class certificate Cmc1 set for each type and class of the memory card with the public authentication key KPma, thereby encrypting the authentication so that the validity can be authenticated. The data is held as {KPmc1 // Cmc1} KPma.

As described above, by providing an encryption key for a recording device called a memory card, management of distributed content data and an encrypted license key is executed for each memory card, as will be apparent from the following description. It becomes possible to do.

The memory card 110 further includes an interface 1423 for transmitting / receiving signals to / from the memory interface 1200 via the terminal 1201, a bus BS3 for transmitting / receiving signals to / from the interface 1423,
From the data supplied from the interface 1423 to the bus BS3, a unique secret decryption key Kmc1 for each type of memory card is received from the Kmc1 holding unit 1402, and the session key Ks1 generated in the distribution session by the distribution server 30 is output to the contact point Pa. Decryption processing unit 1404
And a decryption processing unit 1408 that receives the authentication key KPma from the KPma holding unit 1414, performs a decryption process using KPma from the data supplied to the bus BS3, and outputs the decryption result to the encryption processing unit 1410, and a changeover switch 1442.
And an encryption processing unit 1406 for encrypting data selectively provided by the changeover switch 1444 with a key selectively provided by the switch and outputting the encrypted data to the bus BS3.

The memory card 110 further stores a session key Ks2 in each of distribution and reproduction sessions.
And a session key Ks2 output from the session key generator 1418
To the public encryption key KP obtained by the decryption processing unit 1408
Bus BS3 encrypted by pn or KPmci
And a decryption process of receiving data encrypted by the session key Ks2 from the bus BS3 and decrypting the data by the session key Ks2 obtained from the session key generation unit 1418, and transmitting the decryption result to the bus BS4. Unit 1412.

The memory card 110 further includes a bus BS.
No. 3 is decrypted by the secret decryption key Km1 unique to the memory card 110 paired with the public encryption key KPm1, and the prohibition is sequentially updated by the data CRL_dat for updating the version of the prohibition class list. Bus BS4 with class list data CRL
And a log holding unit 1436 for recording the distribution status in receiving the license.
And a memory 1415 for receiving and storing the encrypted content data {Data} Kc, additional information Data-inf, and the transaction ID from the bus BS3. The memory 1415 is configured by, for example, a semiconductor memory. Also, a Header including a content ID,
The encrypted content data {Data} Kc and the related information Data-inf of the encrypted content data are recorded in a data area 1415A in the memory 1415.

The memory card 110 further stores a license ID, a content ID, access restriction information AC1, and reproduction circuit restriction information A obtained by the decryption processing unit 1422.
The license information holding unit 1440 for holding C2 and the license key Kc exchanges data with the outside via the bus BS3, receives reproduction information and the like with the bus BS4, and operates the memory card 110. And a controller 1420 for controlling the

The license information holding unit 1440 is connected to the bus B
Data of the license ID, the content ID, the access restriction information AC1, the reproduction circuit restriction information AC2, and the license key Kc can be exchanged with S4. The license information holding unit 1440 has N (N: natural number) banks, and holds license information corresponding to each piece of encrypted data for each bank.

In FIG. 7, the area enclosed by the solid line indicates that if an unauthorized external opening process or the like is performed in the memory card 110, internal data is erased or the internal circuit is destroyed. On the other hand, it is assumed that the module is incorporated in a module TRM for disabling reading of data and the like in a circuit existing in the area.

Of course, the configuration including the memory 1415 may be incorporated in the module TRM. However, with the configuration shown in FIG. 7, the reproduction information required for reproduction held in the memory 1415 is:
Since all of them are encrypted data, it is impossible for a third party to reproduce music only with the data in the memory 1415, and it is necessary to provide the memory 1415 in an expensive tamper resistance module. There is an advantage that the manufacturing cost is reduced because there is no such device.

Referring to FIGS. 8 to 12, a distribution session that occurs when the encrypted content data is purchased in the data distribution system shown in FIG. 1, that is, distribution server 30, mobile phone 100, and memory card 110 in the first connection. Will be described in detail.

FIGS. 8 to 12 are first to fourth flowcharts for explaining a distribution operation (hereinafter, also referred to as a distribution session) that occurs when the encrypted content data is purchased in the data distribution system shown in FIG. is there. In addition,
The second to fourth flowcharts in FIGS.
9 is a flowchart of a basic distribution session (step S10) in the first flowchart shown in FIG.

Referring to FIG. 8, when a user of portable telephone 100 requests distribution of content data via key operation unit 1108, portable telephone 100 connects a line to distribution server 30 (step S1). Then, a transmission request for the content menu is transmitted to the distribution server 30 (step S2). When receiving the content menu transmission request via communication device 350 and bus BS1 (step S3), distribution control unit 315 of distribution server 30 reads the content menu from menu database 307 via bus BS1, and reads the read content. The menu is displayed on the mobile phone 1 via the bus BS1 and the communication device 350.
00 (step S4). Mobile phone 100
Receives the content menu via the transmission / reception unit 1104, and the controller 1106 displays the content menu on the display unit 1110 (step S5).

The user operates the display unit 11 of the mobile phone 100.
Then, the user selects the desired encrypted content data from the content menu displayed at 10. Display unit 1110
Is provided with a transition section for transitioning to another screen. When the desired encrypted content data is not displayed in the content menu displayed on the display unit 1110, the user clicks the transition unit. In the transition section,
Contains the address to go to another screen.

Controller 1106 of mobile phone 100
Determines whether the content is selected (step S
6) When the transition unit of the display unit 1110 is clicked, the controller 1106 transmits the address included in the transition unit to the distribution server 30 via the transmission / reception unit 1104, and requests that another screen be transmitted. Then, step S2
To S6 are repeated. In other words, the content menu is
A plurality of screens including a content menu composed of a certain number of encrypted content data are arranged in a hierarchy, and each screen is composed of encrypted content data of a different genre, the same genre, but other cryptographic data. The content menu is composed of structured content data and the like.

When the desired encrypted content data is not included in the content menu transmitted from the distribution server 30 through a plurality of screens, the distribution operation shifts to step S192 and ends.

The content menu includes a content ID for specifying the encrypted content data.
When the encrypted content data is selected in step S6, the content ID of the encrypted content data selected from the content menu is extracted (step S7).

Then, purchase condition AC for purchasing a license of the encrypted content data is input via key operation unit 1108 (step S8). That is, the license key K for decrypting the selected encrypted content data
In order to purchase the content c, the number of playbacks AC1 of the encrypted content data and the playback time limit AC2 are set and the purchase condition A is set.
C is input.

When the purchase condition AC of the encrypted content data is input, the controller 1106 sets the number of connections Nd with the distribution server 30 at the time of data download to “1”, and sets the distribution server 30 at the time of license download.
Is set to "1" times. Mobile phone 1
00 sets in advance the maximum number of times of reconnection when the line with the distribution server 30 is disconnected when downloading the encrypted content data and the license before the distribution server 30 starts distribution of the encrypted content data and the license. It is possible. Since the screen shown in FIG. 13A is displayed on the display unit 1110 in the setting mode,
The user of the mobile phone 100 can use the key operation unit 1108 to specify the number of permitted reconnections Ndmax when the line is disconnected when downloading the encrypted content data and the number of permitted reconnections NLmax when the line is disconnected during the license download from the key operation unit 1108. input. For example, Ndmax = 5
Time, NLmax: 10 is input. The reason why the number of permitted reconnections when the line is disconnected at the time of license download is larger is that, as will be described later, when the license is downloaded, the encrypted content data is received and the encrypted content data is already received. This is because the fee is paid to the distribution server, so that the chance of ending the license download continuously when the line is disconnected is increased.

Therefore, mobile phone 100 executes reconnection up to five times when the line is disconnected during the download of the encrypted content data, and reconnects up to ten times when the line is disconnected during the download of the license. Perform the connection. And the mobile phone 100 is Ndm
If reconnection is not possible even after reconnection is performed up to ax: 5 times and NLmax: 10 times, connection of the line to the distribution server 30 is stopped.

[0130] The mobile phone 100 is connected to the distribution server 3.
The number of connections Nd, NL to 0 is set as Nd = 0, NL = 0 before shipment. Therefore, in step S9, the number of connections Nd = 1 and NL = 1 to the distribution server 30 is set.

When the number of connections to the distribution server 30 is set, the flow shifts to the basic distribution session (step S10). This basic distribution session is described in FIGS.
The details will be described later with reference to FIG. When the basic distribution session ends, the line with the distribution server 30 is disconnected (step S11), and the operation of distributing the encrypted content data and the license ends (step S192).

[Basic Distribution Session] Next, FIGS.
Referring to FIG. 2, step S in the flowchart shown in FIG.
10 will be described.

Referring to FIG. 9, portable telephone 100 makes a distribution request by designating the content ID (see step S7) extracted by the user selecting the encrypted content data (step S100).

In response to the distribution request, authentication data {KPmc1 // Cmc1} KPma is output from memory card 110 to memory card 110 (step S102).

The mobile phone 100 has a memory card 110
Authentication data for authentication from KPmc1 // Cmc
In addition to 1 @ KPma, the content ID and the license purchase condition data AC are transmitted to the distribution server 30 (step S104).

In the distribution server 30, the content ID and the authentication data {KPmc1 // Cmc
1 @ KPma, the license purchase condition data AC is received (step S106), and the decryption processing unit 312 decrypts the authentication data output from the memory card 110 with the public authentication key KPma (step S10).
8).

The distribution control unit 315 determines from the decryption processing result of the decryption processing unit 312 whether the processing has been performed normally, that is, the memory card 110 transmits the public encryption key KPmc1 and the certificate Cmc1 from the authorized memory card. In order to authenticate the holding, authentication processing is performed to determine whether or not an authorized organization has received encrypted authentication data for certifying its validity (step S110).
If it is determined that the authentication data is valid, the distribution control unit 315 determines the public encryption key KPmc1 and the certificate Cmc1.
Approve and accept. Then, the next processing (step S1)
Go to 12). If it is not valid authentication data,
Unapproved, public encryption key KPmc1 and certificate Cmc
1 is not received and the process is terminated (step S19).
2).

As a result of the authentication, when it is recognized that the device is a legitimate device, the distribution control unit 315 then proceeds to the memory card 1
Ten class certificates Cmc1 are prohibited class list CRL
The CRL database 306 is inquired as to whether or not it is listed in the list. If these class certificates are targets of the prohibited class list, the distribution session is ended here (step S192).

On the other hand, if the class certificate of the memory card 110 is out of the prohibited class list, the process proceeds to the next step (step S112).

As a result of the authentication, when it is confirmed that the access is from a mobile phone equipped with a memory card having valid authentication data and the class is out of the target of the prohibited class list, the distribution server 30 315 is
A transaction ID, which is a management code for specifying distribution, is generated (step S113). Further, the session key generation unit 316 generates a session key Ks1 for distribution (step S114). The session key Ks1 is encrypted by the encryption processing unit 318 using the public encryption key KPmc1 corresponding to the memory card 110 obtained by the decryption processing unit 312 (step S115). Then, the distribution control unit 315 determines the transaction ID, the content ID, the public encryption key KPmc.
1, the session key Ks1, the purchase condition AC, and information indicating that distribution is started are recorded in the distribution record database 308 as a distribution log (step S116).

The transaction ID and the encrypted session key Ks1 have the transaction ID //
It is output as {Ks1} Kmc1 to the outside via the bus BS1 and the communication device 350 (step S11).
7).

The mobile phone 100 executes the transaction I
When D // {Ks1} Kmc1 is received (step S1)
18) In the memory card 110, the decryption processing unit 1404 converts the received data given to the bus BS3 via the memory interface 1200, the terminal 1201, and the interface 1423 into the memory card 110 unique to the memory card 110 held in the holding unit 1402. The session key Ks1 is decrypted and extracted by performing decryption processing using the secret decryption key Kmc1 (step S119). Then, the controller 1420 checks the transaction ID on the bus BS3.
Is recorded as a reception log in the log holding unit 1436 (step S120). Note that the reception log indicates a processing state in the reception processing of the encrypted content data and the license.

Steps S100 to S12
The steps up to 0 are referred to as “transaction ID acquisition step”.

Referring to FIG. 10, controller 1106 of portable telephone 100 has memory 1 in memory card 110.
The transaction ID recorded in the transaction ID 415 is acquired via the memory interface 1200, and the acquired transaction ID and the content distribution request (0) for requesting distribution of the first block of the encrypted content data are transmitted to the transmission / reception unit 1104. The data is transmitted to the distribution server 30 via the server (step S122). The encrypted content data is divided into M blocks, and each of the M blocks is transmitted to the distribution server 3 by packet-type communication.
0 to the memory card 110 via the mobile phone 100.

Distribution controller 315 receives transaction ID // content distribution request (m) via communication device 350 and bus BS1, and sets m of the content distribution request (m) to m + 1 (step S124).
In this case, since the delivery of the first block is requested, m =
1 is set. The distribution control unit 315 transmits the encrypted content data {Data} Kc and the encrypted content data \ Da from the information database 304 via the bus BS1.
The related information Data-inf of ta @ Kc and the total data amount are acquired from the information database 304 (step S1).
26). Then, the distribution control unit 315 sets the total number of blocks M and the block number m to {Data} Kc // Da
M // m // attached to block m of ta-inf
({Data} Kc // Data-inf) (m) is transferred to the mobile phone 10 via the bus BS1 and the communication device 350.
0 (step S127).

The portable telephone 100 has a format of M // m // (｛D
data @ Kc // Data-inf) (m) is received,
M, m and ({Data} Kc // Data-in
f) (m) is received (step S128). And
The controller 1106 of the mobile phone 100 transmits one block of the encrypted content data {Data} Kc and the related information Dat via the memory interface 1200.
a-inf is transmitted to the memory card 110. In memory card 110, controller 1420 transmits one block of encrypted content data {Data} K onto bus BS3 via terminal and interface 1423.
c and the related information Data-inf are received, and the encrypted content data {Data} Kc for one block and the related information Data-inf are recorded in the data area of the memory 1415 (step S130).

Then, the controller of portable telephone 100 determines whether or not block number m is equal to total block number M based on received total block number M and block number m (step S132). If it is M, the receiving operation of the encrypted content data {Data} Kc is terminated, and the process shifts to step S138. Step S1
32, if it is determined that m is not M, the mobile phone 100 transmits the transaction ID and the content distribution request (m) to the distribution server 30 (step S1).
34).

The distribution control unit 315 of the distribution server 30 receives the transaction ID // content distribution request (m) via the communication device 350 and the bus BS1, and sets m of the content distribution request (m) to m + 1 ( Step S136). Then, the process returns to step S127, and the operations from step 127 to step S136 are performed in step S1.
The process is performed until it is determined at 32 that m = M. That is, the controller 1106 of the mobile phone 100 transmits the encrypted content data {Da
The operations from step 127 to step S136 are repeated until it is determined that all blocks of ta｝ Kc have been received. If it is determined in step S132 that m = M, the process proceeds to step S138.

Steps S122 to S13
Steps up to 6 are referred to as “data acquisition steps”.

Referring to FIG. 11, controller 1420 of memory card 110 transmits encrypted content data $ D
When the last block of data @ Kc is recorded in the data area of the memory 1415, the session key generation unit 1418 is instructed to generate the session key Ks2 generated during the distribution operation in the memory card 110. Then, the session key generation unit 1418 generates a session key Ks2 (Step S138). Then, the controller 1420 acquires the session key Ks2 via the bus BS4, and additionally records the session key Ks2 and the license reception wait in the log holding unit 1436 via the bus BS3 (step S140). In the distribution session, the controller 1420 extracts the prohibited class list data CRL_dat recorded in the memory 1415 in the memory card 110 from the memory 1415 and outputs the data CRL_dat to the bus BS4 (step S142).

The encryption processing unit 1406 includes a changeover switch 1
A changeover switch 1 is provided by a session key Ks1 provided from the decryption processing unit 1404 via the contact point Pa of the switch 442.
Session key Ks2 and public encryption key KPm given by sequentially switching the contacts of 444 and 1446
1 and the data CRL_dat of the prohibited class list are set to 1
Encrypted as one data string, $ Ks2 // KPm1
// CRL_dat @ Ks1 is output to bus BS3.
Encrypted data @ Ks2 // KP output to bus BS3
m1 // CRL_dat @ Ks1 is output from the bus BS3 to the mobile phone 100 via the interface 1423, the terminal 1201, and the memory interface 1200 (step S144), and a transaction ID is added to the mobile phone 100.
Transaction ID // @ Ks2 // KPm1 // C
RL_dat @ Ks1 is transmitted to distribution server 30 (step S146).

The delivery server 30 has a transaction ID
/// {Ks2 // KPm1 // CRL_dat} Ks1
Is received (step S148), the decryption processing unit 320 performs decryption processing using the session key Ks1,
Session key Ks generated by memory card 110
2. The public encryption key KPm1 unique to the memory card 110 and the data CRL_dat of the prohibited class list in the memory card 110 are received (step S150).

The distribution control unit 315 generates a license ID, access restriction information AC1, and reproduction circuit control information AC2 according to the content ID and the license purchase condition data AC acquired in step S108 (step S152). Further, a license key Kc for decrypting the encrypted content data is stored in the information database 30.
4 (step S154).

The distribution control unit 315 generates the license, that is, the license key Kc, the reproduction circuit control information A
C2, the license ID, the content ID, and the access restriction information AC1 are provided to the encryption processing unit 326. The encryption processing unit 326 encrypts the license with the public encryption key KPm1 unique to the memory card 110 obtained by the decryption processing unit 320 (Step S156).

Then, distribution server 30 determines whether data CRL_dat of the prohibited class list transmitted from memory card 110 is the latest or not, and determines whether or not data CRL_dat is the latest.
When it is determined that _dat is the latest, the process proceeds to step S160. If the data CRL_dat is not the latest, the flow shifts to step S168 (step S15).
8).

When it is determined that data CRL_dat is the latest, encryption processing section 328 outputs encrypted data {Kc // AC2 // license ID // content ID // AC1} Km1 output from encryption processing section 326. To the session key Ks2 generated in the memory card 110.
Is encrypted by using the encrypted data {Kc // AC
2 // License ID // Content ID // AC1
Km1｝ Ks2 is output to the bus BS1. Then, the distribution control unit 315 determines that the encrypted data {Kc
// AC2 // License ID // Content ID //
AC1 @ Km1 @ Ks2 is transmitted to mobile phone 100 via communication device 350 (step S160).

Then, the distribution control unit 315 determines that the bus BS1
Via the public encryption key KPm1 and the session key Ks
2, and the issuance of the license is distributed record database 3
08 is recorded as a distribution log, and the accounting database 302
Is recorded (step S162).

[0158] The portable telephone 100 transmits the encrypted data $ K.
c // AC2 // license ID // content ID /
/ AC1｝ Km1｝ Ks2 (step S16)
4), bus BS2 and memory interface 1200
Through the memory card 110. The decryption processing unit 1412 of the memory card 110 stores the encrypted data {Kc
// AC2 // License ID // Content ID //
AC1 {Km1} Ks2 is received via terminal 1201 and interface 1423, decrypted by session key Ks2 generated by session key generation section 1418, and {Kc // AC2 // license ID //
Content ID // AC1 @ Km1 is received (step S166). Thereafter, the process proceeds to step S180 (see FIG. 12).

On the other hand, in distribution server 30, CRL_
If it is determined that dat is not the latest, the distribution control unit 315
Acquires the latest prohibited class list data CRL_dat from the CRL database 306 via the bus BS1 (step S168).

Referring to FIG. 12, encryption processing section 328
Receives the output of the encryption processing unit 326 and the latest data CRL_dat of the prohibited class list supplied by the distribution control unit 315 via the bus BS1, and encrypts the received data with the session key Ks2 generated in the memory card 110. The encrypted data output from the encryption processing unit 328 is transmitted to the mobile phone 100 via the bus BS1 and the communication device 350 (Step S170).

[0161] The distribution control unit 315 determines that the bus BS1
, The prohibition class list CRL_dat, the public encryption key KPm1, the session key Ks2, and the issuance of the license are recorded in the distribution record database 308 as a distribution log, and the charge is recorded in the charge database 302 (step S172).

As described above, the encryption keys generated by the distribution server and the memory card are exchanged, encryption is performed using the encryption keys received by each other, and the encrypted data is transmitted to the other party. In fact, mutual authentication can be performed in the transmission and reception of each encrypted data, and the security of the data distribution system can be improved.

Mobile phone 100 transmits the encrypted data {Kc // AC2 // license ID // content ID // AC1 \ Km1 // CRL_dat \ Ks
2 (step S174), and outputs it to the memory card 110 via the memory interface 1200. In the memory card 110, the received data provided to the bus BS3 is decoded by the decoding processing unit 1412 via the terminal 1201 and the interface 1423. The decryption processing unit 1412 uses the session key Ks2 given from the session key generation unit 1418 to
And outputs it to the bus BS4 (step S176).

At this stage, an encrypted license {Kc // AC2 // license ID that can be decrypted with the secret decryption key Km1 held in the Km1 holding unit 1421 is provided in the bus BS4.
// Content ID // AC1 @ Km1 and CRL_d
at are output. The latest prohibited class list CRL_dat received by the instruction of the controller 1420 indicates the prohibited class list CRL of the CRL holding unit 1438.
Is rewritten (step S178).

Steps S160, S162, S164,
S166 is an operation of distributing the license key Kc and the like to the memory card 110 when the prohibition class list CRL_dat sent from the memory card 110 is the latest. Steps S168, S170, S172, S174, and S1
76 and S178 are operations for distributing the license key Kc and the like to the memory card 110 when the prohibition class list CRL_dat sent from the memory card 110 is not the latest. In this way, it is confirmed whether or not the prohibited class list CRL_dat sent from the memory card 110 has been updated, and when it has not been updated, the latest prohibited class list CRL_dat is obtained from the CRL database 306, By distributing to the memory card 110, the encrypted content data $ Da to the memory card in which the TRM area is broken or the secret key is revealed
ta @ Kc can be prevented from being distributed, and the reproduction of the encrypted content data @ Data @ Kc by a mobile phone whose TRM area has been broken or whose secret key has been revealed can be prevented.

Step S166 or S178
After that, the encrypted license {Kc // AC2 // license ID // content ID // AC1} Km1 is decrypted by the decryption processing unit 1422 using the secret decryption key Km1, and the license ID, the content ID, the license key Kc, Access restriction information AC1 and reproduction circuit control information AC2 are received (step S180).

The controller 1420 has a license I
D, the content ID, the license key Kc, the access restriction information AC1, and the reproduction circuit control information AC2 are recorded in the license information holding unit 1440 (step S18).
2). Then, the controller 1420 stores the memory 141
The waiting state of the license reception of the log holding unit 1436 of No. 5 is changed to end (step S184).

Steps S138 to S18
The steps up to 4 are referred to as “license acquisition step”.

Controller 1106 of mobile phone 100
Transmits the transaction ID acquired from the memory card 110 to the distribution server 30 together with the reception of the distribution (step S186). Then, when the distribution server 30 receives the transaction ID // delivery receipt (step S1)
88), the end of the distribution is recorded in the distribution record database 308 (step S190), and the entire process ends (step S192).

As described above, the memory card 110 attached to the mobile phone 100 is an authorized device, and at the same time, the public encryption keys Kp1 and Kmc1 that can be encrypted and transmitted together with the class certificate Cmc1 are valid. Is confirmed, each class certificate Cmc1 is in a prohibited class list, that is, public encryption keys Kp1 and Kp1.
The content data can be distributed only in response to a distribution request from a memory card that is not listed in the class certificate list whose encryption by mc1 has been broken, and distribution to an unauthorized memory card and decrypted class key can be performed. The used distribution can be prohibited.

Referring to FIG. 14, various modes of portable telephone 100 will be described. When the power is turned on, an instruction waiting S21 is made. Then, the mode shifts to the setting mode S22 by giving a setting instruction. When the mobile phone 100 completes various settings such as the number of permitted reconnections at the time of line disconnection, the process returns to the instruction waiting S21 again. When a connection instruction is input in the instruction waiting S21, the process proceeds to the first connection S24 described above. And the first connection S2
When the encrypted content data and the license are distributed to the mobile phone 100 without disconnecting the line with the distribution server 30 in 4, the process ends and returns to the instruction waiting S 21. Thereafter, in the instruction waiting S21, when a reproduction instruction is input, the process shifts to the reproduction mode S23, and the encrypted content data is reproduced by a method described later. When the reproduction is completed, the process returns to the instruction waiting S21.

On the other hand, in the initial connection S24, if the line with the distribution server 30 is disconnected while the mobile phone 100 is receiving the encrypted content data and the license, the mode shifts to the automatic reconnection mode S25 described later. In the automatic reconnection mode S25, reconnection is performed, and reception of the encrypted content data and the license is resumed. Then, in the automatic reconnection mode S25, when disconnection is performed during reception of the encrypted content data and the license, reconnection is performed up to the above-described number of permitted reconnections. Then, in the automatic reconnection mode S25, when the reception of the encrypted content data and the license from the distribution server 30 is completed within the reconnection permission number, or when the memory card 110
If you can not receive because of the removal of
The receiving process by the reconnection process is completed, and the process returns to the instruction waiting S21. Also, in the automatic reconnection mode S25, if the line is disconnected without receiving the encrypted content data and license from the distribution server 30 even if the number of reconnections exceeds the permitted number of reconnections, the encrypted content data and license are When the reception of is stopped, the flow shifts to the instruction waiting S26 without performing the reconnection.

In the first connection S24, when the user abandons the reception of the encrypted content data and the license according to the user's intention, the process is interrupted and the process proceeds to the instruction waiting S26. Then, in the instruction waiting S26, when a connection is input by a user operation to receive new content data or a license, the first connection S24
Then, when a reproduction instruction is input, the flow shifts to the reproduction mode S23, and when a setting instruction is input, the flow shifts to the setting mode S22. In waiting for instruction S26,
When a reconnection instruction for resuming reception of the interrupted or stopped content data and license is input by a user operation, the process proceeds to manual reconnection S27.

Then, in the manual reconnection S27, when the connection is disconnected, the flow shifts to the automatic reconnection S25, and when stopped by the user's will, the operation is interrupted and the flow returns to the instruction waiting S26.
In addition, in the manual reconnection S27, when the reception of the encrypted content data and the license is completed, or when the reception becomes impossible due to the removal of the memory card 110 or the like, the processing ends and returns to the instruction waiting S21.

As described above, portable telephone 100 shifts from the instruction waiting state to various modes. In the following,
A description will be given of the reconnection in the case where the first connection S24 shifts to the automatic reconnection mode S25.

In the basic distribution session described above,
There are a “transaction ID acquisition step”, a “data acquisition step”, and a “license acquisition step”. Therefore, as shown in FIG. 15, the reconnection mode is separated into three depending on which of these three steps causes the line disconnection. That is, referring to FIG.
When the line to the distribution server 30 is disconnected while receiving the encrypted content data and the license, the mobile phone 100
Controller 1106 determines which step is the cutting occurrence step (step S40).

[0177] The interruption occurrence step is the transaction ID.
When it is the acquisition step, the process proceeds to step S41.
Then, it is determined whether or not the number of connections Nd exceeds the number of permitted reconnections Ndmax during data download.
If d> Ndmax, the disconnection message 1 is displayed on the display unit 11
10 is displayed (step S42). That is, FIG.
(B) is displayed on the display unit 1110. Thereby, the user of the mobile phone 100 knows that the line with the distribution server 30 has been disconnected. Then, the distribution operation is stopped (Step S43). Controller 1
When judging that the number of connections Nd does not exceed the number of permitted reconnections Ndmax, the number of connections is increased by one (step S44), and a line with the distribution server 30 is connected after a certain period of time (step S45). Then, the above-described basic distribution session (step S10) is executed. When the basic distribution session ends, the controller 1106
Disconnects the line with the distribution server 30 (step S1).
1), the reconnection operation ends (step S12). That is, in the transaction ID acquisition step,
When the line with the distribution server 30 is disconnected, the reception of the encrypted content data and the license is restarted from the beginning. This is the transaction ID acquisition step,
As described above, the distribution server 3 transmits the authentication data {KPmc1 // Cmc1} KPma held by the memory card 110.
0 and the distribution server 30 sends the authentication data $ KP
mc1 // Cmc1 @ KPma is authenticated until the distribution server 30 transmits the session key Ks1 and the transaction ID for distribution from the distribution server 30 to the mobile phone 100. In effect, the encrypted content data and the license are transmitted. This is because distribution to the memory card 110 is not performed.

In step S40, the controller 1
When it is determined that the disconnection occurrence step is the data acquisition step, the process proceeds to step S46. Then, the controller 1106 determines that the connection count Nd is equal to the reconnection permission count Nd.
It is determined whether or not it exceeds max (step S4).
6). If Nd> Ndmax, the process proceeds to step S43 via step S42 as described above, and the automatic reconnection is stopped.

If the controller 1106 determines that the number of connections Nd has not exceeded the number of permitted reconnections Ndmax,
The number of connections is increased by one (step S47), and a line with the distribution server 30 is connected after a certain period of time (step S47).
48). Then, a reconnection distribution session 1 (step S20) described later is executed. Reconnection distribution session 1
Is completed, the controller 1106 sets the distribution server 3
The line with 0 is disconnected (step S11), and the reconnection operation ends (step S12).

At the step S40, the controller 1
When it is determined that the disconnection occurrence step is the license acquisition step, the process proceeds to step S49. Then, the controller 1106 determines whether or not the number of connections NL exceeds the number of permitted reconnections NLmax at the time of license download (step S49). NL> NLmax
If it is, the process proceeds to step S50, and the controller 1106 displays the screen shown in FIG. Then, the automatic reconnection is stopped (step S43).

If the controller 1106 determines that the number of connections Nd has not exceeded the number of permitted reconnections Ndmax,
The number of connections NL is increased by one (step S51), and a line with the distribution server 30 is connected after a certain period of time has elapsed (step S52). Then, a reconnection distribution session 2 to be described later
(Step S20) is executed. When the reconnection distribution session 2 ends, the controller 1106 disconnects the line with the distribution server 30 (step S11), and the distribution processing by automatic reconnection ends (step S12).

The three modes of the automatic reconnection mode have been described above. If reconnection with the distribution server 30 is not possible even in the automatic reconnection mode, the mode shifts to the manual reconnection mode.

Referring to FIG. 16, when manual reconnection is started, controller 1106 sets the number of connections Nd for data download to one and the number of connections NL for license download to one. (Step S60). Then, the controller 1106 connects a line with the distribution server 30 (step S62). When the line to the distribution server 30 is connected, the controller 110
Step 6 determines at which step the disconnection occurred. When the line is disconnected in the transaction ID acquisition step, a basic distribution session (step S10) is executed. When the line is disconnected in the data acquisition step, a reconnection distribution session 1 (step S20) is executed and the license is transmitted. Reconnection distribution session 2 when the line is disconnected in the acquisition step
(Step S30) is executed.

Then, after the end of the basic distribution session and the reconnection distribution sessions 1 and 2, the line with the distribution server 30 is disconnected (step S11), and the operation of manual reconnection ends (step S13).

[Reconnection Distribution Session 1] The operation of the reconnection distribution session 1 will be described with reference to FIG. When the line with the distribution server 30 is reconnected (FIG. 15
Step S48), the controller 1106 of the mobile phone 100 acquires the transaction ID recorded in the memory 1415 of the memory card 110 via the memory interface 1200, and acquires the acquired transaction ID and the encryption received when the line is disconnected. A content distribution request (m) for requesting distribution of a block next to the block m of the content data is transmitted to the distribution server 30 via the transmission / reception unit 1104 (step S200).

Distribution controller 315 receives transaction ID // content distribution request (m) via communication device 350 and bus BS1, and sets m of the content distribution request (m) to m + 1 (step S201).
Distribution control section 315 transmits encrypted content data {Data} K from information database 304 via bus BS1.
c, related information Data-inf of the encrypted content data {Data} Kc, and the total data amount are acquired from the information database 304 (step S202). And
The distribution control unit 315 appends the total number of blocks M and the block number m to the block m of {Data} Kc // Data-inf, M // m // ({Data @ Kc //
Data-inf) (m) is transmitted to the mobile phone 100 via the bus BS1 and the communication device 350 (step S203).

[0187] The portable telephone 100 has a format of M // m // (｛D
data @ Kc // Data-inf) (m) is received,
M, m and ({Data} Kc // Data-in
f) (m) is received (step S204). And
The controller 1106 of the mobile phone 100 transmits one block of the encrypted content data {Data} Kc and the related information Dat via the memory interface 1200.
a-inf is transmitted to the memory card 110. In memory card 110, controller 1420 transmits one block of encrypted content data {Data} K onto bus BS3 via terminal and interface 1423.
c and the related information Data-inf are received, and one block of the encrypted content data {Data} Kc and the related information Data-inf are recorded in the data area of the memory 1415 (step S205).

Then, the controller of mobile phone 100 determines whether or not block number m is equal to total block number M based on received total block number M and block number m (step S206). If it is M, the receiving operation of the encrypted content data {Data} Kc is completed, and the process proceeds to step S138 of the basic distribution session shown in FIGS. 9 to 12, where the license is obtained. If it is determined in step S206 that m = M is not satisfied, the mobile phone 100
And a content distribution request (m) to the distribution server 30 (step S207).

The distribution control unit 315 of the distribution server 30 receives the transaction ID // content distribution request (m) via the communication device 350 and the bus BS1, and sets m of the content distribution request (m) to m + 1 ( Step S208). Then, returning to step S203, the operation from step 203 to step S208 is performed in step S2.
The process is performed until it is determined that m = M at 06. That is, the controller 1106 of the mobile phone 100 transmits the encrypted content data {Da
The operations from step 203 to step S208 are repeated until it is determined that all blocks of ta２０３Kc have been received. If it is determined in step S206 that m = M, the process proceeds to step S138 of the basic distribution session shown in FIGS. 9 to 12, and a license is acquired.

Thus, the operation of the reconnection distribution session 1 ends. [Reconnection Distribution Session 2] Referring to FIG. 18, when the line with distribution server 30 is connected (step 5 in FIG. 15).
2), the encryption processing unit 1410 of the memory card 110
The latest reception log recorded in the log holding unit 1436 of the memory 1415 is encrypted with the session key Ks1 received from the distribution server 30 and output. Then, the controller 1420 communicates with the bus BS3 and the interface 142.
3, and outputs the encrypted reception log to the memory interface 1200 via the terminal 1201 (step S30).
0).

Controller 1106 of Mobile Phone 100
Receives the encrypted reception log via the memory interface 1200, requests the license,
D and the encrypted reception log are transmitted to the distribution server 30 via the transmission / reception unit 1104 (step S301). The distribution control unit 315 of the distribution server 30 receives the license request, the transaction ID, and the encrypted reception log via the communication device 350 and the bus BS1 (Step S)
302). The distribution control unit 315 acquires the session key ks1 corresponding to the transaction ID received from the memory card 110 from the distribution record database 308 via the bus BS1, and acquires the acquired session key Ks1.
Then, the encrypted reception log received from the memory card 110 is provided to the decryption processing unit 320. Then, the decryption processing unit 320
Decrypts the encrypted reception log using the session key Ks1 (step S303).

The distribution control unit 315 acquires the distribution log from the distribution record database 308 via the bus BS1, and compares the reception log output from the decryption processing unit 320 with the distribution log (step S304). If the reception log does not match the distribution log or the license has already been distributed, the process moves to step S12 and ends. If the reception log matches the distribution log and there is no charge for the distribution of the encrypted content data and the license, the session key generation unit 316 generates a new session key Ks1 (step S305). This session key Ks1 is
This is a common key used in the distribution specified by the transaction ID sent from the memory card 110, but is different from the common key generated by the session key generating unit 316 before the line is disconnected.

Session key generating section 316 outputs session key Ks1 to encryption processing section 318, and encryption processing section 318 converts session key Ks1 to public encryption key KP1.
It encrypts with mc1 and outputs {Ks1} KPmc1 (step S306). Then, the distribution control unit 315
Stores the transaction I in the delivery record database 308.
The session key Ks1 and the distribution start for D are changed (step S307).

Then, distribution control section 315 determines the transaction ID and the encrypted session key Ks1.
As the transaction ID // {Ks1} Kmc1 via the bus BS1 and the communication device 350 (step S308).

[0195] The mobile phone 100 executes the transaction I
D / {Ks1} Kmc1 is received (step S30).
9), via the memory interface 1200, the transaction ID // {Ks1} Kmc1 memory card 11
Send to 0. The memory card 110 is connected to the terminal 1
The transaction ID // {Ks1} Kmc1 is received via the interface 201 and the interface 1423 (step S310). The controller 1420 converts the reception data given to the bus BS3 into a decoding processing unit 1404.
Decrypts and extracts the session key Ks1 by performing decryption processing using the secret decryption key Kmc1 unique to the memory card 110 stored in the storage unit 1402 (step S311). Then, the controller 1420
The transaction ID on S3 is recorded as a reception log in the log holding unit 1436 of the memory 1415 (step S3).
311A). Thereafter, the process proceeds to step S138 shown in FIG.

In step S304, if the reception log matches the distribution log and charging is made for the distribution of the encrypted content data and the license, the flow shifts to step S312. Then, the distribution control unit 315
Content ID and session key Ks for transaction ID recorded in distribution record database 308
2. Public encryption key KPm1 and prohibited class list CR
L_dat is acquired via the bus BS1 (step S
312). The distribution control unit 315 determines the license ID and the access restriction information A according to the content ID and the license purchase condition data AC acquired in step S108.
C1 and reproduction circuit control information AC2 are generated (step S313). Further, the distribution control unit 315 acquires the license key Kc for decrypting the encrypted content data from the information database 304 (step S31).
4).

The distribution control unit 315 generates the license, that is, the license key Kc, the reproduction circuit control information A
C2, the license ID, the content ID, the reproduction circuit control information AC2, the access restriction information AC1, and the public encryption key KPm1 are provided to the encryption processing unit 326. The encryption processing unit 326 encrypts the license using the public encryption key KPm1 unique to the memory card 110 obtained by the decryption processing unit 320 (Step S315).

Referring to FIG. 19, distribution server 30 determines whether data CRL_dat of the prohibited class list transmitted from memory card 110 is the latest or not, and when it is determined that data CRL_dat is the latest, proceeds to step S317. Transition. If the data CRL_dat is not the latest, the process shifts to step S320 (step S316).

When it is determined that data CRL_dat is the latest, encryption processing section 328 outputs encrypted data {Kc // AC2 // license ID // content ID // AC1} Km1 output from encryption processing section 326. To the session key Ks2 generated in the memory card 110.
Is encrypted by using the encrypted data {Kc // AC
2 // License ID // Content ID // AC1
Km1｝ Ks2 is output to the bus BS1. Then, the distribution control unit 315 determines that the encrypted data {Kc
// AC2 // License ID // Content ID //
AC1 @ Km1 @ Ks2 is transmitted to mobile phone 100 via communication device 350 (step S317).

[0200] The portable telephone 100 receives the encrypted data $ K.
c // AC2 // license ID // content ID /
/ AC1｝ Km1｝ Ks2 (step S31)
8), bus BS2 and memory interface 1200
To the memory card 110 via. The decryption processing unit 1412 of the memory card 110 stores the encrypted data {Kc
// AC2 // License ID // Content ID //
AC1 {Km1} Ks2 is received via terminal 1201 and interface 1423, decrypted by session key Ks2 generated by session key generation section 1418, and {Kc // AC2 // license ID //
Content ID // AC1 @ Km1 is received (step S319). Thereafter, the process proceeds to step S325.

On the other hand, in distribution server 30, CRL_
If it is determined that dat is not the latest, the distribution control unit 315
Acquires the latest prohibited class list data CRL_dat from the CRL database 306 via the bus BS1 (step S320).

The encryption processing unit 328 includes the encryption processing unit 32
6 and the latest data CRL_dat of the prohibition class list supplied by the distribution control unit 315 via the bus BS1, and encrypts it with the session key Ks2 generated in the memory card 110. Encryption processing unit 3
The encrypted data output from 28 is transmitted to mobile phone 100 via bus BS1 and communication device 350 (step S321).

As described above, the distribution server and the memory card respectively record the transmission log and the reception log in the license distribution processing, and upon reconnection after disconnection of the line, the content providing side is unlicensed due to double issuance of the license or impersonation. In addition, it is possible to provide the user with reconnection without losing the license due to disconnection of the line after charging, so as not to issue a license in response to a transmission request.

The portable telephone 100 transmits the encrypted data {Kc // AC2 // license ID // content ID // AC1 \ Km1 // CRL_dat \ Ks
2 (step S322), and outputs it to the memory card 110 via the memory interface 1200. In the memory card 110, the received data provided to the bus BS3 is decoded by the decoding processing unit 1412 via the terminal 1201 and the interface 1423. The decryption processing unit 1412 uses the session key Ks2 given from the session key generation unit 1418 to
Is decoded and output to the bus BS4 (step S323).

At this stage, an encrypted license {Kc // AC2 // license ID that can be decrypted with the secret decryption key Km1 stored in the Km1 storage unit 1421 is provided in the bus BS4.
// Content ID // AC1 @ Km1 and CRL_d
at are output. The forbidden class list CRL in the memory 1415 is rewritten with the latest forbidden class list CRL_dat received according to the instruction of the controller 1420 (step S324).

Steps S317, S318, S319
Is a distribution operation of the license key Kc and the like to the memory card 110 when the prohibition class list CRL_dat sent from the memory card 110 is the latest.
320, S321, S322, S323, and S324 are:
This is an operation of distributing the license key Kc and the like to the memory card 110 when the prohibited class list CRL_dat sent from the memory card 110 is not the latest.

Step S319 or step S324
After that, the encrypted license {Kc // AC2 // license ID // content ID // AC1} Km1 is decrypted by the decryption processing unit 1422 using the secret decryption key Km1, and the license ID, the content ID, the license key Kc, The access restriction information AC1 and the reproduction circuit control information AC2 are received (step S325).

The controller 1420 has the license I
D, the content ID, the license key Kc, the access restriction information AC1, and the reproduction circuit control information AC2 are recorded in the license information holding unit 1440 (step S32).
6). Then, the controller 1420 stores the memory 141
The license reception waiting in the log area 5 is changed to end (step S327).

The controller 1106 of the mobile phone 100
Transmits the transaction ID acquired from the memory card 110 to the distribution server 30 together with the reception of the distribution (step S186). Then, when the distribution server 30 receives the transaction ID // delivery receipt (step S1)
88), the end of the distribution is recorded in the distribution record database 308 (step S190), and the entire process ends (step S12).

[0210] Thus, the operation of the reconnection distribution session 2 ends. [Playback] Memory card 1 with reference to FIGS.
Mobile phone 100 of content data distributed to mobile phone 100
Will be described. Referring to FIG. 20, at the start of the reproduction operation, a reproduction instruction is input from the user of mobile phone 100 to mobile phone 100 via key operation unit 1108 (step S400). Then, the controller 1106 sends the authentication data $ KPp1 from the authentication data holding unit 1202 via the bus BS2.
// Reads Crtf1 @ KPma, and outputs authentication data {KPp1 // Crtf1} KPma to memory card 110 via memory interface 1200 (step S402).

Then, memory card 110 receives authentication data {KPp1 // Crtf1} KPma (step S404). Then, the decryption processing unit 1408 of the memory card 110 transmits the received authentication data {KPp1
// Crtf1 @ KPma is changed to the KPma holding unit 1414.
Is decrypted using the public authentication key KPma stored in the decryption processing unit 1 (step S406).
Authentication processing is performed based on the decryption processing result in 408.
That is, the authentication data {KPp1 // Crtf1} KP
ma can be decrypted with the public authentication key KPma, and whether or not the public encryption key KPp1 has been accepted
Authentication data sent from 0 ｛KPp1 // Crtf
It is determined whether 1 @ KPma is legitimate authentication data (step S408). If the decryption was not successful, the controller 1420 outputs the output
S3, interface 1423, and memory interface 120 of mobile phone 100 via terminal 1201
Output to 0. Then, controller 1106 of mobile phone 100 displays rejection of the authentication data on display unit 1110, and the reproduction operation ends (step S456). If the authentication data has been successfully decrypted, the controller 1420 of the memory card 110 determines whether or not the obtained certificate Crtf1 is included in the prohibited class list data read from the memory 1415 (step S410). in this case,
The certificate Crtf1 is provided with an ID, and the controller 1420 determines whether or not the ID of the received certificate Crtf1 exists in the prohibited class list data. If it is determined that the certificate Crtf1 is included in the prohibition class list data, the controller 1420 outputs the output of the rejection of the authentication data to the data BS3 and the interface 142.
3 and to the memory interface 1200 of the mobile phone 100 via the terminal 1201. Then, controller 1106 of mobile phone 100 displays rejection of the authentication data on display unit 1110, and the reproduction operation ends (step S456).

At step S410, the certificate Crt
If it is determined that f1 is not included in the prohibition class list data, the session key generation unit 1418 of the memory card 110 sets the session key Ks2 for the reproduction session.
Is generated (step S412). Then, encryption processing section 1410 encrypts session key Ks2 from session key generation section 1418 with public encryption key KPp1 decrypted by decryption processing section 1408, {Ks2} K
p1 is output to the bus BS3 (step S412). Then, the controller 1420 communicates with the interface 1
｛Ks2｝ Kp1 is output to the memory interface 1200 via the terminal 423 and the terminal 1201 (step S4).
16), the controller 1106 of the mobile phone 100
{Ks2} Kp via the memory interface 1200
Get 1 Then, Kp1 holding section 1204 outputs secret decryption key Kp1 to decryption processing section 1206.

[0213] The decryption processing section 1206 is the Kp1 holding section 12
{Ks2} Kp1 is decrypted by the secret decryption key Kp1 paired with the public encryption key KPp1 output from the server 04, and the session key Ks2 is output to the encryption processing unit 1208 (step S418). Then, session key generating section 1210 generates a session key Ks3 for the reproduction session, and outputs session key Ks3 to encryption processing section 1208 (step S420). The encryption processing unit 1208 encrypts the session key Ks3 from the session key generation unit 1210 with the session key Ks2 from the decryption processing unit 1206 and outputs {Ks3} Ks2. The controller 1106 transmits the data via the bus BS2 and the memory interface 1200. Te ｛Ks3｝ Ks2
Is output to the memory card 110 (step S42).
2).

[0214] Decryption processing unit 1412 of memory card 110
Inputs {Ks3} Ks2 via the terminal 1201, the interface 1423, and the bus BS3 (step S424), and {Ks3} Ks by the session key Ks2 generated by the session key generation unit 1418.
2 to obtain the session key Ks3 generated by the mobile phone 100 (step S426).

Referring to FIG. 21, session key Ks3
In response to the reception of the access restriction information AC in the license information holding unit 1440,
1 is confirmed (step S428).

In step S428, by checking the access restriction information AC1 which is information relating to the restriction on the access to the memory, the reproduction operation is terminated if the reproduction is not possible, and the number of reproductions is limited. After updating the data of the access restriction information AC1 and updating the number of reproducible times, the process proceeds to the next step (step S430). On the other hand, if the number of times of reproduction is not restricted by the access restriction information AC1, step S
Step 430 is skipped, and the process proceeds to the next step (step S432) without updating the reproduction control information AC1.

Further, even when the content ID of the requested music does not exist in license information holding section 1440, it is determined that reproduction is impossible and the reproduction operation is terminated.

If it is determined in step S428 that the reproduction operation can be performed, the license key Kc and reproduction circuit control information necessary for the reproduction process of the reproduction request music recorded in the license information holding unit 1440 are determined. AC2 is available on bus BS4.

[0219] The obtained license key Kc and reproduction circuit control information AC2 are sent to the encryption processing unit 1406 via the contact Pd of the changeover switch 1444. Encryption processing unit 14
06 encrypts the license key Kc and the reproduction circuit control information AC2 received from the bus BS4 with the session key Ks3 received from the decryption processing unit 1412 via the contact point Pd of the changeover switch 1442, and {Kc // AC2} Ks3
Is output to the bus BS3. The encrypted data output to the bus BS3 is transmitted to the interface 1423, the terminal 1202,
Then, it is sent to the mobile phone 100 via the memory interface 1200 (step S432).

In mobile phone 100, encrypted data {Kc // AC2} Ks3 transmitted to bus BS2 via memory interface 1200 is decrypted by decryption processing section 12
12, the decryption process is performed, and the license key Kc and the reproduction circuit control information AC2 are received (step S43).
4). The decryption processing unit 1212 transmits the license key Kc to the decryption processing unit 1214, and outputs the reproduction circuit control information AC2 to the bus BS2.

The controller 1106 receives the reproduction circuit control information AC2 via the bus BS2 and confirms whether or not reproduction is possible (step S436).

If it is determined in step S436 that the reproduction is impossible according to the reproduction circuit control information AC2,
The reproduction operation ends.

If it is determined in step S436 that reproduction is possible, controller 1106 requests one block of encrypted content data {Data} Kc from memory card 110 via memory interface 1200 (step S438). Then, the controller 1420 of the memory card 110 transmits the encrypted content data {Data} K for one block from the memory 1415.
c via the bus BS3, the interface 1423, and the terminal 1201.
(Step S440).

Controller 1106 of mobile phone 100
Obtains one block of encrypted content data {Data} Kc via the memory interface 1200 and supplies the one block of encrypted content data {Data} Kc to the decryption processing unit 1214 via the bus BS2. Then, the decryption processing unit 1214 converts the encrypted content data {Data} Kc for one block into the decryption processing unit 1
The content data is decrypted by the content key Kc output from 212 to obtain one block of content data Data (step S442).

The controller 1106 transmits the decoded content data Da for one block via the bus BS2.
ta is received from the decryption processing unit 1214, and it is determined whether or not the decrypted content data is content data to be reproduced. If the content data is not the content data to be reproduced, the reproduction operation ends (step S444).

[0226] When the corresponding content data of one block is decrypted, controller 1106 outputs a message to that effect to music reproducing unit 1216. Then, the music reproducing unit 1216 reproduces the decoded content data of one block, and the DA converter 1218 converts the digital signal into an analog signal and outputs the analog signal to the terminal 1220. Then, the switch 1222 selects the terminal 1220, and the music data is output to the headphones 130 via the terminal 1224 and reproduced (step S446).

The controller 1106 determines whether or not the encrypted content data {Data} Kc remains (step S448), and if so, via the memory interface 1200, the next one block of the encrypted content. A request for data {Data} Kc is output to memory card 110 (step S450). The controller 1420 of the memory card 110
In response to a request from the memory interface 1201, one block of encrypted content data {Data} Kc is obtained from the data area of the memory 1415, and the memory interface 120 via the bus BS3, the interface 1423, and the terminal 1201.
0 (step S452).

Controller 1106 of mobile phone 100
Is the encrypted content data for one block @ Dat
a｝ Kc is received via the memory interface 1200, and one block of encrypted content data {Data} Kc is provided to the decryption processing unit 1214. Then, the decryption processing unit 1214 decrypts the encrypted content data {Data} Kc for one block with the license key Kc, and decrypts the decrypted content data for one block.
Is given to the music reproducing unit 1216 (step S454).
Then, in step S446, the music playback unit 121
6 reproduces and outputs one block of content data Data as described above. Then, again in step S448, the encrypted content data {Dat
It is determined whether or not aｃKc remains.

That is, steps S446, S448,
S450, S452, and S454 are repeated until there is no remaining encrypted content data {Data} Kc. If it is determined in step S448 that there is no remaining encrypted content data {Data} Kc, the reproduction operation ends (step S456).

In the above description, when the line is disconnected while receiving the encrypted content data and the license from the distribution server, the number of permitted line reconnections is set separately for data download and license download. In the present invention, the number of reconnection permitted times may be set collectively.

When the line is disconnected, the reconnection may be limited by setting a fixed time after the line is disconnected, instead of limiting the number of reconnections. That is, the reconnection permission time is set. In this case, the mobile phone 100
Has a built-in clock (not shown) set to the same time as the distribution server 30, and the controller 1106 communicates with the distribution server 30 based on the time from the clock even if the reconnection permission time is exceeded. If the connection cannot be established, reconnect the line.

When the reconnection permission time is set, in particular,
It is not necessary to separate the reconnection time between data download and license download, but of course,
You may set separately.

According to the embodiment of the present invention, when the line with the distribution server is disconnected during the download of the encrypted content data or the like, the mobile phone automatically reconnects the line with the distribution server and performs encryption. Since the downloading of the encrypted content data and the like is continued, the user of the mobile phone does not need to manually reconnect, which is convenient.

The embodiments disclosed this time are to be considered in all respects as illustrative and not restrictive. The scope of the present invention is defined by the terms of the claims, rather than the description of the embodiments, and is intended to include any modifications within the scope and meaning equivalent to the terms of the claims.

[Brief description of the drawings]

FIG. 1 is a schematic diagram conceptually illustrating a data distribution system.

FIG. 2 is a diagram showing characteristics of data, information, and the like for communication in the data distribution system shown in FIG.

FIG. 3 is a diagram showing characteristics of data, information, and the like for communication in the data distribution system shown in FIG. 1;

4 is a diagram showing characteristics of data, information, and the like for communication in the data distribution system shown in FIG. .

FIG. 5 is a schematic block diagram illustrating a configuration of a license server.

FIG. 6 is a block diagram illustrating a configuration of a mobile phone.

FIG. 7 is a block diagram illustrating a configuration of a memory card.

FIG. 8 is a flowchart illustrating an operation of distributing encrypted content data in an initial connection to a distribution server.

FIG. 9 is a first flowchart of a basic distribution session of the flowchart shown in FIG. 8;

FIG. 10 is a second flowchart of the basic distribution session of the flowchart shown in FIG. 8;

FIG. 11 is a third flowchart of the basic distribution session in the flowchart shown in FIG. 8; .

FIG. 12 is a fourth flowchart of the basic distribution session in the flowchart shown in FIG. 8;

FIG. 13 is a diagram showing a screen displayed on the display unit of the mobile phone.

FIG. 14 is a diagram illustrating various modes in the mobile phone.

FIG. 15 is a flowchart of reconnection when a line is disconnected.

FIG. 16 is a flowchart for manual reconnection.

17 is a flowchart of a reconnection distribution session 1 in the flowchart shown in FIG.

18 is a first flowchart of the reconnection distribution session 2 of the flowchart shown in FIG.

FIG. 19 is a second flowchart of the reconnection distribution session 2 in the flowchart shown in FIG. 15;

FIG. 20 is a first flowchart for describing a reproducing operation in the mobile phone.

FIG. 21 is a second flowchart for describing a reproducing operation in the mobile phone.

[Explanation of symbols]

10 license server, 20 distribution carrier, 30
Distribution server, 100 mobile phone, 110 memory card, 130 headphones, 1106, 1420 controller, 302 charging database, 304 information database, 306 CRL database, 307 menu database, 308 distribution record database, 31
0 Data processing unit, 312, 320, 1206, 121
2,1214, 1404, 1408, 1412, 142
2 decryption processing unit, 313 authentication key holding unit, 315 distribution control unit, 316, 1210, 1418 session key generation unit, 318, 326, 328, 1208, 140
6,1410 Cryptographic processing unit, 350 Communication device, 110
2 antenna, 1104 transmission / reception unit, 1108 key operation unit, 1110 display, 1112 sound reproduction unit, 1113, 1218 DA converter, 1114, 12
01, 1220, 1224 terminals, 1115 microphone, 1
116 AD converter, 1117 voice coding unit, 120
0 memory interface, 1202, 1400 authentication data holding unit, 1204 Kp1 holding unit, 1216 music playback unit, 1222 switch, 1402 Kmc1 holding unit, 1414 KPma holding unit, 1415 memory,
1415A data area, 1416 KPm1 holding unit,
1421 Km1 holding unit, 1423 interface,
1436 Log holding unit, 1438 CRL holding unit, 14
40 license information holding unit, 1442, 1444, 1
446 Changeover switch.

──────────────────────────────────────────────────続 き Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI Theme coat ゛ (Reference) G06F 17/60 332 G06F 17/60 332 5K067 506 506 5K101 H04Q 7/38 H04B 17/00 D H04B 17/00 B H04H 1/00 F H04H 1/00 H04M 1/00 R H04L 9/08 1/725 9/32 11/08 H04M 1/00 H04B 7/26 109M 1/725 109B 11/08 H04L 9/00 601D 675A F term (reference) 5B049 AA05 BB00 CC05 CC08 DD01 EE01 FF04 GG03 GG06 GG07 GG10 5B085 AC04 AC17 AE13 AE29 BA07 BE07 BG04 BG07 5J104 AA07 AA16 EA01 EA06 EA16 EA26 KA02 KA04 NA38 NA04 NA37 NA04 NA11 CA15 DA18 EA01 EA14 FA11 HA02 JA01 LA13 NA02 5K067 AA21 AA29 AA34 BB04 DD17 DD51 EE02 FF02 GG07 HH23 H H28 HH36 KK15 5K101 KK16 KK18 LL01 LL12 NN01 NN11 NN21 RR14

Claims (15)

[Claims] An encrypted content data obtained by encrypting content data and / or a license for reproducing the encrypted content data are received from a distribution server, and the received encrypted content data and / or license are transmitted to a data server. A portable terminal device for recording on a recording device, a transmitting / receiving unit for performing external communication, an interface for controlling data transfer with the data recording device, a key operation unit for inputting an instruction, and a control unit. When the line with the distribution server is disconnected when accessing the distribution server, the control unit selects a different reconnection mode according to the disconnection mode in which the disconnection has occurred, The transmission and reception unit, A portable terminal device for reconnecting a line with the distribution server according to the selected reconnection mode. 2. The mobile phone according to claim 1, wherein the control unit controls the transmission / reception unit to repeat reconnection until a reconnection time set by inputting in advance from the key operation unit is reached. Terminal device. 3. The mobile phone according to claim 1, wherein the control unit controls the transmission / reception unit to repeat reconnection until the number of reconnections set by inputting in advance from the key operation unit is reached. Terminal device. 4. The mobile terminal device according to claim 3, wherein a different number of times of the reconnection is set according to the disconnection mode. 5. The disconnection mode includes: a first disconnection mode for disconnecting before charging for receiving the encrypted content data; and a disconnecting mode after charging for receiving the encrypted content data. The second disconnection mode, wherein the number of reconnections set for the first disconnection mode is less than the number of reconnections set for the second disconnection mode. Mobile terminal device. 6. The disconnection mode includes a first disconnection mode for disconnecting while receiving the encrypted content data, and a second disconnection mode for disconnecting while receiving the license, and the first disconnection. The mobile terminal device according to claim 4, wherein the number of reconnections set for the mode is smaller than the number of reconnections set for the second disconnection mode. 7. The distribution unit according to claim 6, wherein the control unit restarts the access to the distribution server from the beginning when the line is disconnected before requesting the distribution server to distribute the encrypted content data. Mobile terminal device. 8. The method according to claim 1, wherein the encrypted content data is M (M
Is a natural number) blocks, the transmitting / receiving unit sequentially receives the M blocks, and the control unit, when reconnected to the distribution server in the first disconnection mode, The mobile terminal device according to claim 6, wherein a request for distribution of a block next to a last block received before disconnection is made to the distribution server via the transmission / reception unit. 9. The control unit transmits a block number m (1 ≦ m <M) corresponding to the last block to the distribution server via the transmission / reception unit, and transmits the block number m via the transmission / reception unit. The mobile terminal device according to claim 8, wherein reception is started from a block that is m + 1. 10. The control unit, when receiving encrypted content data from the distribution server, records a transaction ID for managing communication with the distribution server received from the distribution server in the data recording device. 10. The portable terminal according to claim 9, wherein at the time of line reconnection, the transaction ID is read from the data recording device, and the read transaction ID is transmitted to the distribution server via the transmission / reception unit together with the block number m. apparatus. 11. The control unit receives a transaction ID for specifying distribution of encrypted content data and a license from the distribution server from the distribution server via the transmitting / receiving unit, and transmits the received transaction ID to the transaction server. When the line is reconnected in the second disconnection mode, the latest reception log at the time of reconnection is recorded in the data recording device as a reception log indicating a processing state in the reception processing of the encrypted content data and the license. Is read from the data recording device via the interface and transmitted to the distribution server via the transmission / reception unit. If the reception log matches the distribution log held in the distribution server, the license is transmitted to the transmission / reception unit. Received from the distribution server via the The portable terminal device according to claim 6, wherein the portable terminal device records on the data recording device via the interface. 12. The control unit is used in distribution specified by the transaction ID, and
The common key generated in the distribution server is received via the transmission / reception unit, and the received common key is transmitted to the data recording device via the interface. The method according to claim 11, wherein an encrypted reception log encrypted by the common key is read from the data recording device via the interface, and the read encrypted reception log is transmitted to the distribution server via the transmission / reception unit. The portable terminal device according to the above. 13. The control unit reads the transaction ID from the data recording device via the interface, transmits the read transaction ID together with the encrypted reception log to the distribution server, and stores the transaction ID in the distribution server. And the encrypted reception log is decrypted using the common key specified by the transaction ID, and the decrypted reception log matches the distribution log held in the distribution server, and If there is no charge for the distribution of the content data and the license, a new common key generated in the distribution server and used in the distribution specified by the transaction ID is transmitted from the distribution server via the transmission / reception unit. Receiving and transmitting to the data recording device, 13. The license according to claim 12, wherein the license is received via the transmitting / receiving unit by transmitting another common key generated and encrypted by the data recording device to the distribution server via the transmitting / receiving unit. Mobile terminal device. 14. The control unit reads the transaction ID from the data recording device via the interface, transmits the read transaction ID together with the encrypted reception log to the distribution server, and stores the transaction ID in the distribution server. And the encrypted reception log is decrypted using the common key specified by the transaction ID, and the decrypted reception log matches the distribution log held in the distribution server, and 13. When the distribution of the content data and the license is already charged, the license specified based on the transmitted transaction ID is received from the distribution server via the transmission / reception unit.
A mobile terminal device according to claim 1. 15. The portable terminal device according to claim 1, which has a telephone call function of the portable telephone.