JP2003069548A - Authoring system, authoring key generation device, authoring device, authoring method, computer program, and storage medium - Google Patents

Abstract

(57) [Summary] [PROBLEMS] To provide an information distribution system capable of preventing unauthorized copying. SOLUTION: This is an authoring system for authoring content data distributed via an information distribution terminal 400 by encrypting copyright protection. The authoring key generation device 160 includes a content identifier (CID) uniquely assigned to each content data and an authoring key use key (CEK) uniquely assigned to each authoring device that authors the content data.
And the content key (K
c) and an authoring key (CED) in which the content key is encrypted with the root key (Kroot) and the second content key (EKc) is encrypted with CID and CEK. The authoring device 316 uses the CED
Decryption means for decrypting Kc and EKc using CID and CEK, and encrypting content data using the decrypted Kc to generate authored encrypted content data (E (Kc, Content)) It has encryption means.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an information distribution system for securely distributing contents such as music pieces, and more particularly to an information providing device and information distribution device capable of securely downloading contents to a storage medium such as a memory stick. A terminal, an information providing method, a computer program, and an authoring system that authors by performing copyright protection encryption on content data distributed via a storage medium, an authoring key generation device that generates an authoring key, and content. The present invention relates to an authoring device, an authoring method, a computer program, and a storage medium that encrypt and author.

[0002]

2. Description of the Related Art In recent years, along with the spread of networks such as the Internet, various information (hereinafter, referred to as contents) such as music data, images (including still images and moving pictures) data, game programs, etc. are provided to users via the network. It has been proposed to build an information distribution system for distribution. In constructing such an information distribution system, how to secure the protection of the copyright associated with each content is an important premise. That is, a large amount of digital copy of each content is possible via the network. Therefore, some copyright protection technologies have been developed to prevent illegal copying of contents.

[0003]

It is generally said that two encryption steps are required to protect the distributed content from illegal copying. The first encryption step is a step of encrypting the content when authoring the content and protecting an illegal copy when delivering the content. The second encryption step is a step of encrypting the content when writing the content to a storage device owned by the user via an information distribution terminal such as a kiosk terminal, and preventing subsequent illegal copying.

In this respect, in the conventional content distribution service, the encryption method at the time of authoring is different from the encryption method at the time of writing. Therefore, when writing the content to the storage device owned by the user, it is necessary to perform the steps of once decrypting the content and then encrypting the content again, which requires extra time for processing. Also, when decrypting at the time of writing, the content is temporarily in a raw state, which is a security problem.

Further, in the conventional information distribution system, since the content writing module is not provided with the use permission authentication function, the writing module itself is vulnerable to theft. That is, there is also a problem that a stolen writing module makes it possible to illegally make a large amount of digital copy of contents.

Furthermore, in the conventional information distribution system, there is a problem that the authoring process itself is not protected so that anyone can author the content by obtaining the authoring specification.

Furthermore, in the conventional information distribution system, when the content is music data, for example, when the user downloads the content to the storage device owned by the user and then wants to move the content to another medium. However, there is also a problem that even a legitimate user who has obtained the content legally cannot move the content freely without degrading the sound quality.

Further, in the conventional information distribution system, for example, when the content is music data, only the music and the title can be recorded in a medium such as MD, and accompanying data such as jacket photo and lyrics data (so-called, There was also a problem that the fringe data) had to be obtained by printing out with a printer.

An object of the present invention is to solve various problems of the conventional information distribution system as mentioned above and below.

[0010]

In order to solve the above problems, according to an aspect of the present invention, copyright protection encryption is applied to content data (Content) distributed via an information distribution terminal. An authoring system for authoring is provided. This authoring system is composed of an authoring key generation device and an authoring device.

The authoring key generation device includes a content identifier (CID) uniquely assigned to each content data (Content), an authoring key use key (CEK) uniquely assigned to each authoring device, and the content data (Content).
The content key (Kc) for encrypting t) and the second content key (EKc) obtained by encrypting the content key with a root key (Kroot) are used for the content identifier (CI).
D) and the authoring key (CED) encrypted using the authoring key use key (CEK).

The authoring device uses the content identifier (CID) and the authoring key use key (CEK) from the authoring key (CED) to write the content key (Kc) and the second content key (EKc).
And a decryption means for decrypting the content data (Cont) using the decrypted content key (Kc).
ent) to generate encrypted authored encrypted content data (E (Kc, Content)).

The authoring device uses the encrypted content data (E (Kc, Co
content)) and the content identifier (CID)
And a packaging means for packaging the second content key (EKc) as one package data.

In order to solve the above problems, according to another aspect of the present invention, authoring for performing copyright protection encryption on content data (Content) distributed via an information distribution terminal for authoring. An authoring key generation device for generating a key, comprising: a content identifier (CID) uniquely assigned to each content data (Content), and an authoring key use key (C) uniquely assigned to each authoring device.
EK), a content key (Kc) for encrypting the content data (Content), and a second content key (EKc) obtained by encrypting the content key with a root key (Kroot) and the content identifier (CID) and the There is provided an authoring key generation device characterized by generating an authoring key (CED) encrypted using an authoring key use key (CEK).

According to another aspect of the present invention, content data (Conte) to be distributed via an information distribution terminal.
nt) in the authoring device for performing copyright protection encryption and authoring: content storage means for storing the content data (Content); content identifier (CID) uniquely assigned to each content data (Content) )When,
An authoring key use key (CEK) uniquely assigned to each authoring device and a content key (K) for encrypting the content data (Content)
c) and the content key as a root key (Kroot)
The second content key (EKc) encrypted by the authoring key (CE) encrypted using the content identifier (CID) and the authoring key use key (CEK).
D) and key information storage means for storing key information consisting of:
From the authoring key (CED), the content identifier (CID) and the authoring key use key (CEK)
Decrypting means for decrypting the content key (Kc) and the second content key (EKc) by using; and the content data (Content) using the content key (Kc) for encryption. An encryption device for generating encrypted content data (E (Kc, Content)) is provided.

The authoring device further includes encrypted content data (E
(Kc, Content)), the content identifier (CID), and the second content key (EKc) may be packaged as one package data.

The authoring key (CED) is
The authoring key generation device having authority, which is configured separately from the package data generation device, may be configured to perform encryption.

Further, the packaging means may be configured to further package fringe data which is additional information regarding the content data (Content).

According to another aspect of the present invention, a computer program that causes a computer to function as the authoring key generation device or the authoring device, and a computer-readable storage medium storing the computer program. Media is provided.

In the authoring system, the authoring key generation device, and the authoring device, the content key (Kc) is a key obtained from the second content key (EKc) and the root key (Kroot),
The encrypted content data (E (Kc, Content
t)) can be decrypted, and the content data (Content) can be played back by a playback device that securely holds the root key (Kroot).

The root key (Kroot) is incorporated and held in the content enable key (EKB) encrypted by the device key (Kdevice) related to the playback device, and the authoring key (CEK).
In addition, in addition to the content key (Kc) and the second content key (EKc), the content enable key (EKB) may be encrypted.

The authoring key (CEK) may be configured to encrypt checksum information in addition to the content key (Kc) and the second content key (EKc).

Furthermore, when the authoring key (CEK) is updated, the authoring key (CE before update) is updated.
It may be configured to further include a discarding unit for discarding K).

The content data (Content), which is the information distribution target of the information distribution system, includes main content data and additional information of the main content data.

According to another aspect of the present invention, content data (Conte) to be distributed via an information distribution terminal is provided.
nt) is copyright-encrypted and authored: a content identifier (CID) uniquely assigned to each content data (Content), and authoring uniquely assigned to each authoring device. Key usage key (CE
K), a content key (Kc) for encrypting the content data (Content) and a second content key (EKc) obtained by encrypting the content key with a root key (Kroot) and the content identifier (CID) and the An authoring key generation step of generating an authoring key (CED) encrypted using the authoring key use key (CEK); and from the authoring key (CED),
Using the content identifier (CID) and the authoring key use key (CEK), the content key (Kc)
And a decryption step of decrypting the second content key (EKc); the content data (Content) is encrypted using the decrypted content key (Kc), and the encrypted content data authored ( E
An encryption step to generate (Kc, Content));
An authoring method is provided, which comprises:

The above-mentioned authoring method further includes encrypted content data (E
(Kc, Content)), the content identifier (CID), and the second content key (EKc) may be packaged as one package data.

The root key (Kroot) is incorporated in a content enable key (EKB) encrypted by a device key (Kdevice) associated with a playback device capable of generating the content data (Content), and is retained. In addition to the content key (Kc) and the second content key (EKc), the authoring key (CEK) includes the content enable key (E).
KB) may also be configured to be encrypted.

The authoring key (CEK) includes the content key (Kc) and the second content key (EK).
In addition to c), the checksum information may be encrypted.

When the authoring key (CEK) is updated, it may be configured to further include a discarding step of discarding the authoring key (CEK) before updating.

Further objects, features, and operational effects of the present invention will be apparent from the embodiments of the invention described below and the accompanying drawings.

[0031]

BEST MODE FOR CARRYING OUT THE INVENTION A preferred embodiment of an information distribution system or the like according to the present invention will be described below with reference to the accompanying drawings when the system is applied to an information distribution system for distributing music data as contents. . In the following description and the accompanying drawings, members having substantially the same functional configuration will be denoted by the same reference numerals, and redundant description will be omitted.

(1. Information to be Distributed) First, in order to facilitate understanding of the information distribution system according to the present embodiment, information to be distributed by the information distribution system will be described.

The information to be distributed in the information distribution system according to this embodiment is "distribution content". The distribution content includes the main content and additional information. In this specification, when simply referred to as "content (data)", it includes both main content and additional information described later.

"Main content (data) (Main
"Content Data)" is information that is a main distribution target in the information distribution system according to the present embodiment. More specifically, it is music data, image data (including still image data and moving image data) produced by the content holder, a game program, and the like.

"Additional information" is data associated with the main content. For example, when the main data is music data, the fringe data (Fringe Data) such as the jacket photo and lyrics attached to the main data is used.
a), metadata such as song title and artist name (Metadata), and usage condition information such as the number of times checkout (Check Out) to other devices and the number of moves (Import) to a computer are possible. Contains.

“Package (data) (package information (Package Data))” is an encryption of copyright protection for distribution content data distributed from an information distribution terminal in the information distribution system according to the present embodiment. It is packaged by applying. The package data is generated by the package information generation unit 316 of the authoring studio 300. In the package,
In addition to the encrypted content data (E (Kc, Content)) obtained by encrypting the main content and the additional information, a second content key (EKc) and a content enablement key (EKB) described later are also included.

(2. Overview of information distribution system) FIG.
1 shows a schematic configuration of the information distribution system 100 according to the present embodiment. As shown in FIG. 1, the information distribution system 1
00 mainly includes a content holder unit 120, a content distribution unit 140, a key management device 160, and a user unit 180. Hereinafter, each component will be described.

(2.1 Content Holder (Conte
nt Holder) section 120) Content holder section 1
Reference numeral 20 denotes an information processing device group such as a server belonging to a record company. The content holder unit is composed of a plurality of content holders 120a to 120n having the same function. Each content holder 120a-120n
Is, for example, as shown in FIG.
2, content creation unit 124, and content output unit 1
26 and a content database 128, such as a computer.

(Content Management Section 122) The content management section 122 manages content such as music data produced by a record company or the like related to the content holder 120a. If the content is music-related information, in addition to the main content such as song data, fringe data such as jacket photo and lyrics data, metadata such as song title and artist name, and usage condition information are managed. It includes additional information such as.

(Content Creation Unit 124) The content creation unit 124 creates the content related to the content holder 120a. If the content is music-related information, the content created here includes main content such as song data, fringe data such as jacket photos and lyrics data, metadata such as song titles and artist names, and usage condition information. It includes additional information such as.

(Content Output Unit 126) The content output unit 126 transfers the content created and managed by the content holder 120a to the content aggregator 200 of the content distribution unit 140, which will be described later. The contents may be delivered via a network such as the Internet, or a CD
It may be performed via a storage medium such as -R or DVD-RAM.

(Content Database 128) The content database 128 is a large-capacity storage medium that stores the content created by the content creating unit 124. The contents stored and managed here include:
When the content is music-related information, in addition to the main content such as song data, fringe data such as jacket photo and lyrics data, metadata such as song title and artist name, and additional information such as usage condition information are included. .

(2.2 Content Distribution Unit) The content distribution unit 140 is the core of the information distribution system according to this embodiment. This content distribution unit 14
At 0, the content for distribution is encrypted for copyright protection and packaged as package data. The packaged package data is
It is sent to the information distribution terminal 400 such as a kiosk terminal via the network 600, and provided from the information distribution terminal 400 to the storage device 182 owned by the user.

The content distribution unit 140 includes a content aggregator unit 200 and an authoring studio unit 300.
And an information distribution unit (kiosk terminal unit) 400, an authentication server unit 500, and a network 600.

(2.2.1 Content Aggregator 200) The content aggregator 200 includes the content holder 12
From 0, collect content such as music and perform planning and organization. If the content is music-related information, in addition to the main content such as song data, fringe data such as jacket photos and lyrics data, metadata such as song titles and artist names, and usage condition information are collected. It includes additional information such as.

The content aggregator 200 includes a content management section 210, a content collection section 220, a content output section 230, and a content database 240.
It is mainly composed of and.

(Contents Management Unit 210) The contents management unit 210 selects the information distribution system 1 from the contents held by the contents holders 120a to 120n.
Use 00 to select content that is attractive and valuable for distribution. In addition, the content management unit 210 sends the content collection unit 220 a predetermined content holder 1
20a is directly accessed, or a medium distributed from a predetermined content holder 120a is accessed to instruct to collect the content. The content management unit 210 also plans and organizes the content collected from the content holder 120.

(Content Collection Unit 220) The content collection unit 220 receives a command from the content management unit 210 and directly accesses the predetermined content holder 120a or accesses a medium distributed from the predetermined content holder 120a. Then, the content is fetched and stored in the content database 240.

(Content Database 240) The content database 240 temporarily stores and manages the content captured by the content collection unit 220. Further, the content database 240 stores and manages various histories regarding the operation of the content aggregator 200.

(Content Output Unit 230) The content output unit 230 reads the content collected by the content collection unit 220 from the content database 240 and outputs it to the authoring studio 300 in response to a request from the authoring studio 300 described later. . The output of the content to the authoring studio 300 may be performed via a public line network such as the Internet, or may be performed via a more secure dedicated line network. Furthermore, it may be performed via a storage medium such as a CD-R or a DVD-RAM.

(2.2.2 Authoring Studio 30
0) The authoring studio 300 has a function of processing the content to be distributed so as to be suitable for the information distribution system according to the present embodiment. More specifically, the processing of the content data is performed through a first step of compressing the content so that it can be easily distributed, and a second step of authoring, encrypting, and further packaging.

As shown in FIG. 4, the authoring studio 300 is mainly composed of an authoring section 310, a product management section 330, and a database server 340.

(Authoring Unit 310) The authoring unit 310 is, for example, a computer program that operates on a computer device, and as shown in FIG. 5, a content management unit 312, a data compression unit 314, a package generation module 316, The GUI production unit 318 and the distribution unit 320 are provided.

(Content Management Unit 312) The content management unit 312 manages the content received from the content aggregator 200. If the content is music-related information, in addition to the main content such as song data, fringe data such as jacket photo and lyrics data, metadata such as song title and artist name, and usage condition information are managed. It includes additional information such as.

(Data Compressor 312) Data Compressor 31
2 is software for compressing the content delivered from the content management unit 312, for example. As the compression method, for example, when the content is music data, the ATRAC3 method can be used to compress the original data to about 1/10. Of course, the compression method is ATRAC3 (Adaptive T
transform Acoustic Coding
3) but not limited to MP3 (MPEG-1 Audio)
Layer3) method, AAC (Advanced A)
audio coding, WMA (Window)
s (registered trademark) Media Audio) method, Tw
in VQ (Transform-Domain Wein)
advanced Interleaved Vector
It goes without saying that a voice compression method such as a Quantization method or a QDX method can be adopted.

(Package generation unit (authoring device)
316) Package generation unit (authoring device) 316
Is configured as software having a function of encrypting and packaging the content data compressed by the data compression unit 314 for authoring. That is, the package generation unit 316
Functions as an authoring device that authors content data.

Details of the structure of the authoring device 316 and some keys used in the authoring device will be described later in connection with the authoring key generating device 160, and only a brief description will be given here.

As shown in FIG. 6, the authoring device 316 includes a content key (Kc) decryption means 3162, a content encryption means 3164, and a packaging means 316.
It is mainly composed of 6 and 6.

(Content key (Kc) decryption means 316
2) The content key (Kc) decryption unit 3162 receives the authoring key (CED), the content identifier (CID), and the authoring key use key (CEK) from the authoring key generation device 160 described later. Then, from the authoring key (CED), the content key (Kc) and the second content key (EK) are used by using the content identifier (CID) and the authoring key use key (CEK).
c) and are decrypted.

(Content Encryption Unit 3164) The content encryption unit 3164 has the content key (Kc) decrypted by the content key (Kc) decryption unit 3162.
Using c), the content data is encrypted to generate encrypted content data (E (Kc, Content)). In the information distribution system according to the present embodiment, this encrypted content data (E (Kc, Content
t)) is packaged together with predetermined information and transmitted to the information distribution terminal 400.

(Packaging Means 3166) The packaging means 3166 has the encrypted content data (E (Kc, Cont) obtained by the content encryption means 3164.
ent)), the content identifier (CID), and the second content key (EKc) are packaged as one package data. In addition to the main contents such as song data, the package also includes fringe data such as jacket photos and lyrics data, metadata such as song titles and artist names, and additional information such as usage condition information.

(Functional configuration diagram of the package generation unit 316)
FIG. 7 is a block diagram showing the function of the package generation unit 316 more specifically. As illustrated, the package generation unit 316 is configured as an authoring application 310b that operates on an OS 310a such as Windows 2000. In the authoring application 310b, a data compression unit 314, a package generation unit 316, and the like are provided in the DLL (Dynamic).
Link Library).
Note that other applications such as the content management unit 312 incorporated in the authoring application 310b are not shown for convenience of description.

As shown in the figure, a predetermined voice format, for example, W
The uncompressed music data configured in the AV format is sent to the data compression unit 314, and a predetermined compression format such as ATRAC is used.
It is compressed in 3 formats. The main content such as the music data compressed by the data compression unit 314 is sent to the package generation unit 316, together with additional information including fringe data, metadata, usage condition information, etc.
Encrypted and packaged.

As described above, according to the authoring device (package generation device) 316 according to the present embodiment, it is possible to perform data compression, encryption and packaging at the time of authoring. As a result, it is possible to reduce calculation load and communication load when the content is distributed or when the content is sold. In particular, the download time at the information distribution terminal can be greatly reduced, and the user can download the authored content in a time almost the same as the content copy time.

(GUI Creation Section 318) Referring again to FIG. 5, the GUI creation section 318 of the authoring section 310
A GUI (Graphical User Interface) displayed on a kiosk terminal which is an information distribution terminal described later.
ace) is produced. G produced here
The UI is distributed to each kiosk terminal via the distribution unit 320. A user who wants to download the content purchases the content and downloads it to a predetermined storage medium or moves the downloaded content to a computer device or the like while navigating to the screen displayed on the kiosk terminal based on this GUI. (Imppo
rt) or check out from the computer device to another playback device or storage medium.

(Distribution Unit 320) The distribution unit 320 has the data compression unit 314 and the package generation unit 31 as described above.
Compressed by a packaged application including 6
Packaged contents and GUI production unit 318
It has a function of distributing the GUI created in (1) to the information distribution terminal 400 such as a kiosk terminal.

(Product Management Unit 330) Referring again to FIG. 4, the product management unit 330 manages the content processed for distribution in the authoring unit 310 as a package product. Specifically, the product management unit 330 monitors the distribution of the packaged contents, and cooperates with the sales management unit of the kiosk management center or the like to perform product sales and payment collection work. The product management unit 330 also statistically grasps and manages the sales history of the kiosk terminal 400, which is an information distribution terminal, and uses it as a material for future product development. The work history of the product management unit 330 is stored in the database server 340.

(Database Server 340) The database server 340 stores and manages various data related to the authoring studio 300. Specifically, the database server 340 stores the content processed for distribution in the authoring 310. If the content is music-related information, in addition to the main content such as song data, fringe data such as jacket photo and lyrics data, metadata such as song title and artist name, and usage condition information are managed. It includes additional information such as.

Further, the database server 340 stores and manages the business history of the product management unit 330, that is, the sales information of the packaged products, the price collection information, the sales history of the kiosk terminal which is an information distribution terminal, and the like.

(2.2.3 Information Distribution Terminal 400) The information distribution terminal 400, which is also called a kiosk terminal, stores the packaged contents distributed from the authoring studio 300, and stores it from the user 180. It has a function of downloading the corresponding content to the storage medium 182 of the user 180 in response to a request. The kiosk terminal 400 may be installed in a place where people easily gather, such as a convenience store or a gas station, or a personal computer device installed in a place used by each individual may be used as an information distribution terminal.

The information distribution terminal 400 includes an information distribution terminal management unit 410 and an information providing unit 4 as shown in FIG.
20, reader / writer (R / W) 430, sales management unit 4
40, a charging control unit 450, and a database 460.

(Information Distribution Terminal Management Unit 410) The information distribution terminal management unit 410 is, for example, software that manages various tasks in the information distribution terminal 400. The information distribution terminal management unit 410 cooperates with the information providing unit 420 and the reader / writer (R / W) 430 to manage external authentication and internal authentication of the information distribution terminal device, and after the authentication is completed, the reader / writer. The writing of the content to the storage device 182 such as a memory stick is permitted via the (R / W) 430.

The information distribution terminal management section 410 cooperates with the sales management section 440 and the charging control section 450 to cooperate with the user section 1.
It also has a function of managing content sales operations and billing operations for 80. The information distribution management unit 410 further manages a database 460 that stores packaged contents or stores a history of sales and billing operations.

(Information Providing Section 420) Information Providing Section 420
Performs a verification operation and an authentication operation such as whether the package is created by a legitimate authoring system, and if the authentication is affirmative, the content is read / read.
It has a function of writing to a storage device 182 such as a memory stick via a writer (R / W) 430.

The information providing unit 420, as shown in FIG.
The external authentication unit 422, the internal authentication unit 424, and the reproduction control unit 428 can be configured as software mainly.

The information providing unit 420 is, for example, a DLL (Dynamic Li) incorporated in the information distribution terminal 400.
nk Library). The information providing unit 420 is set to a predetermined OS, for example, Windows2000.
FIG. 12 shows an example incorporated as an application that operates above. The information providing unit 420 shown in FIG.
Is composed of a GUI application unit 423, a secure module unit 425, and an interface unit 427 for easy understanding.

(External Authentication Unit 422) Referring again to FIG. 9, the external authentication unit 422 provides whether the information providing unit 420 is authentic, that is, provides the content stored in the information distribution terminal 400 to the outside. Whether or not the user has the authority to do so is determined by a first external authentication key (Kauth (1)) stored in advance by the information providing unit 420 and a second external authentication key (Kauth (2)) stored by the authentication server 500. It has a function to compare and authenticate by using.

External authentication must be performed every time the information providing unit 420 is activated. However, once the authentication is successful, it may not be performed again while the information providing unit 420 is being activated.

The external authentication section 422, as shown in FIG. 10, has an external authentication management section 4221 and a key holding means 4222.
, Random number generation means 4223, and first encryption means 422
4, second encryption means 4225, and comparison means 4226.
And a transmitting / receiving means 4227.

(External Authentication Management Unit 4221) The external authentication management unit 4221 manages the authentication operation of the external authentication unit 422 as a whole. When the information providing unit 420 is activated, the external authentication management unit 4221 performs external authentication, which will be described later, and when the external authentication succeeds, the external authentication management unit 4221 transfers the process to the internal authentication unit 424.

(Key holding means 4222) Key holding means 422
2 securely holds the first external authentication key (Kauth (1)). First external authentication key (Kauth (1))
Is provided in advance by the information providing unit 420 from the authentication server unit 500.
The first external authentication key (Kauth
(1)) is a tamper resistant (Tamper Re) in the authentication unit (secure module) of the information providing unit 420.
Since it is hidden by "sistant", it is difficult to check the value even if reverse engineering is performed.

(Random Number Generating Unit 4223) Random Number Generating Unit 4
223 generates a random number for external authentication. On the other hand, the random number generated by the random number generation means 4223 is sent to the first encryption means 4224 and sent to the first external authentication key (Kauth).
The first encrypted data is generated by being encrypted by (1)). On the other hand, the random number generated by the random number generation means 4223 is sent to the second encryption means 4224 and encrypted by the second external authentication key (Kauth (2)) to generate second encrypted data.

(First Encryption Means 4224) The first encryption means 4224 is basically software installed in the information providing unit 420. The first encryption unit 4224 encrypts the random number generated by the random number generation unit 4223 using the first external authentication key (Kauth (1)) securely held in the key holding unit 4222.
Generate encrypted data for.

(Second Encrypting Means 4225) The second encrypting means 4225 uses the route different from the first encrypting means 4224 to send the random number generated by the random number generating means 4223 to the first external authentication. The second external authentication key (Kauth (2)), which is the same as the key (Kauth (1)), is used to encrypt the second key.
Get the encrypted data of.

As for the configuration of the second encrypted data acquisition by the second encryption means 4225, various embodiments can be adopted according to the required security level.

(Local External Authentication) In the embodiment having the lowest security level, as shown in FIG. 13, external authentication is performed locally, that is, in the information providing unit 420. In this embodiment, the second encryption means 422
5 is also incorporated in the information providing unit 420, and the information providing unit 42
Second external authentication key (Kaut)
The random number is encrypted using h (2) to obtain the second encrypted data.

However, in such a mode of local external authentication, the second external authentication key (Kauth (2)) may be stolen by a person who operates the information distribution terminal 400 maliciously. Further, if the information distribution terminal 400 itself is stolen, the package stored in the information distribution terminal 400 can be downloaded. Therefore, the above-mentioned local external authentication is effective when the information distribution terminal itself is designed not to be stolen or when the data is destroyed if stolen.
The external authentication operation in the embodiment shown in FIG. 13 will be described later.

(Remote External Authentication) On the other hand, in the embodiment with the highest security level, as shown in FIG. 14, external authentication is performed remotely, that is, using the authentication server 500 outside the information providing unit 420. I do. In this embodiment, the authentication server unit 500 takes in the random number in the authentication server unit 500 and uses the second external authentication key (Kauth (2)) to generate the second encrypted data.

Therefore, the second external authentication key (Kaut
h (2) is not stolen, and information distribution terminal 4
Information distribution terminal 40 even if 00 is stolen
It is not possible to download packages stored in 0. The external authentication operation in the embodiment shown in FIG. 14 will be described later.

(Semi-local external authentication) Furthermore, FIG.
FIG. 15 shows an embodiment having a medium security level between the embodiment shown in FIG. 14 and the embodiment shown in FIG. In this embodiment, the authentication server unit 500 temporarily transfers the second external authentication key (Kauth (2)) to the information providing unit 420 as needed, for example, when downloading. The information providing unit 420 is the authentication server unit 500.
The second external authentication key (Kauth passed from
The random number is encrypted using (2)) to generate the second encrypted data. The second external authentication key (Kauth (2)) is deleted from the information providing unit 420 after the second encrypted data is generated or each time the information distribution terminal 400 is powered off.

According to this embodiment, the second external authentication key (Kauth) is used only when downloading is necessary.
Since (2)) is temporarily transferred to the information distribution terminal 400, the risk of damage due to the theft of the second external authentication key (Kauth (2)) itself is significantly reduced. Further, even if the information distribution terminal 400 itself is stolen, the second external authentication key (Kauth (2)) can be transferred to the information distribution terminal 400.
If the configuration is such that the package is erased when the power of the device is cut off, the package stored in the information distribution terminal 400 cannot be downloaded. The external authentication operation in the embodiment shown in FIG. 15 will be described later.

(Comparison means 4226) Comparison means 4226
Compares the first encrypted data generated by the first encrypting means 4224 with the second encrypted data generated by the second encrypting means 4225. As a result of the comparison, when the first encrypted data and the second encrypted data match, the external authentication is completed.

(Transmitting / receiving means 4227) Transmitting / receiving means 422
The external authentication unit 422 sends and receives information.
The transmission / reception means 4227 is, for example,
Generated random number is sent to the outside or the authentication server 500
For example, the second encrypted data acquired by the second encryption unit 4225 is fetched.

(Internal Authentication Unit 424) Internal Authentication Unit 424
Has a function of performing internal authentication performed after completion of external authentication of the information providing unit 420. The internal authentication unit 424 is shown in FIG.
As shown in (1), the first authentication means 4242 and the second authentication means 4244 are included.

(First Authenticating Means 4242) The first authenticating means 4242 uses the authoring system (authoring studio 30
0) to provide a means for authenticating whether or not the content is created. Specifically, the first authentication is a MAC (Message Authentica) written in the content data by a legitimate authoring system.
function code) value is verified.

As for the MAC value, the usage condition information in the accompanying data accompanying the main content is the content key (Kc).
Is calculated using. Therefore, the MAC value cannot be calculated without knowing the content key (Kc) and the root key (Kroot), so that the package data can be created only by the person who has been supplied with the information providing unit 420 and the authoring key (CED). .

(Second Authentication Means 4244) The second authentication means 4244 provides means for performing mutual authentication between the reader / writer 430, which is a recording means, and the information providing device 420, which is an information recording management means. . Second authentication means 424
4, the regular authoring system 300 first receives the content enable key (EKB), which is the root key (Kroot) encrypted with the device key (Kdevice), in both the reader / writer 430 and the information providing device 420. hand over. The reader / writer 430 and the information providing device 420 are
Each device key (Kdev
ce) is used to decrypt the root key (Kroot). Then, when the decrypted root keys (Kroot) match each other, positive authentication is performed.

(Playback Control Unit 428) Playback Control Unit 428
The content data can be reproduced on a predetermined storage medium such as a memory stick, which is authenticated as a result of the internal authentication and sharing of the root key (Kroot). When the reader / writer 430 collectively records a plurality of content data on the storage medium, the reproduction control unit 428
After the recording of all the plurality of contents is completed, the plurality of contents can be reproduced.

(Reader / Writer (R / W) 430) The reader / writer (R / W) 430 is hardware for downloading contents to a storage medium such as a memory stick, a memory card, or a smart medium.
As described above, before performing the download, the information providing unit 420 and the reader / writer (R / W) 430 perform internal authentication, and after confirming that they are mutually legitimate devices, the download is performed. To do.

(Sales Management Department 440) Sales Management Department 440
Manages various operations that occur when selling packaged content. The sales management unit 440 further manages sales history and collects sales information. Sales management unit 44
0 collects statistical information about, for example, at what time of day, for what age of men and women, for what price, for what content of what genre, and in what quantity. Therefore, it can be used for future product development.

(Billing control unit 450) Billing control unit 450
Manages billing-based operations that occur when selling packaged content. The charging control unit 450 manages a settlement operation such as change when the user pays in cash. When the user pays with a credit card or the like, the billing control unit 450 manages business such as person verification and credit inquiry.

The database 460 is the information distribution terminal 40.
Stores and manages various information related to 0. The database 460 stores, for example, packaged contents to be distributed by the information distribution system 100 according to the present embodiment, various history information such as sales history and billing history.

(2.2.4 Authentication Server Unit 500) The authentication server unit 500 has a function of performing external authentication whether a certain information distribution terminal 400 is a legitimate information distribution terminal having the authority to download contents. ing. In the information distribution system 100 according to the present embodiment, the information distribution terminal 400 is configured such that the information providing unit 420 having the download permission authority in the predetermined storage medium is a regular device before downloading the predetermined packaged contents. External authentication is required.

The authentication server unit 500 includes the information providing unit 420.
It has a function to perform external authentication. In the external authentication, as will be described later, on the other hand, in the information providing unit 420, the random number generated by the random number generation unit 423 is used as the key holding unit 4
The first external authentication key (Ka
uth (1)) is used to generate the first encrypted data. First external authentication key (Kauth (1))
Is provided in advance by the information providing unit 420 from the authentication server unit 500.
The first external authentication key (Kauth
(1)) is a tamper resistant (Tamper Re) in the authentication unit (secure module) of the information providing unit 420.
Since it is hidden by "sistant", it is difficult to examine the value even if reverse engineering is performed.

On the other hand, the second external authentication key (Ka) that is the same as the first external authentication key (Kaauth (1)) is routed through another route.
Uth (2)) is used to encrypt the same random number to obtain the second encrypted data. Then, the first encrypted data generated in the information providing unit 420 and the second encrypted data generated by a different route from the first encrypted data are compared, and if the two match. , Information providing unit 420
Is configured to authenticate externally as genuine.

The authentication server unit 500 basically uses the second external authentication key (Kauth) in the external authentication step.
(2)) is managed. As will be described later, in one embodiment, the authentication server unit 500 includes the authentication server unit 5
The above-mentioned random number is taken into 00 and the second external authentication key (Ka
The second encrypted data is generated using uth (2)). In another embodiment, the authentication server unit 500 is
The second external authentication key (Kauth (2)) is used as the information providing unit 4
Then, the second encrypted data is generated by passing it to 20. In another embodiment in which the second external authentication key (Kauth (2)) is securely held in the information providing unit 420, the authentication server unit 500 preliminarily sets the second external authentication key (Kauth (2)).
Auth (2)).

The first server managed by the authentication server unit 500
As for issuing and managing the second external authentication key (Kauth (1)) (2), the authorized key management device 16
It is possible to outsource to 0. The key management device 160 is
First and second external authentication keys (Kauth (1))
In addition to issuing (2), for example, the information distribution terminal 4
If 00 is stolen, the contents of the first and second external authentication keys (Kauth (1)) (2) are updated, and the information providing unit 420 of the stolen information distribution terminal 400 is invalidated. Is possible.

(2.2.5 Network Unit 600) The network unit 600 stores the contents packaged in the authoring studio 300 in the information distribution terminal 4.
00 is a communication network. Network unit 600
Includes both a wireless communication network 600a such as a satellite communication network and a leased line network 600b. In order to ensure security, it is preferable that the network unit 600 is composed of the closed dedicated line network 600b, but of course, it may be structured as an open network such as the Internet. In addition, many information distribution terminals 4
If simultaneous delivery is made to 00, it is preferable to use a wireless communication network 600a such as a satellite communication network.

(2.3 Key Management Device) Key Management Device 160
Is an administrator who has the authority to manage the keys used in each stage of the information distribution system according to the present embodiment. The key management device 160 functions as an authoring key generation device for the authoring device 316. The keys and key-related information managed here are as follows. Also, the key information is updated regularly or as needed,
It is possible to deal with environmental changes and improve security.

(2.3.1 Authoring Studio 30)
Key information used in 0) "content key (K
c) ”is a key used when the content is encrypted in the authoring studio 300. The content key (Kc) is encrypted by the root key (Kroot), and the second content key (EK) encrypted by the root key is encrypted.
processed into c).

The "content identifier (CID)" is an identifier assigned to each content. Content ID
The (CID) is an identifier unique to each content and is not set redundantly. Content identifier (CI
The generation of D) is managed not by the authoring work site but by the authoring key generation device 160, so that the uniqueness of the content identifier (CID) can be completely guaranteed.

The "root key (Kroot)" is a key used when encrypting the content key (Kc). The root key (Kroot) may also be referred to as a “content key encryption key”. Commonly used root key (K
Root) is a very important key, but according to this system, the root key (Kroot) is not directly passed to the authoring device 316, but the second content encrypted by the content key (Kc) and the root key is used. By passing the set of keys (EKc) as the authoring key (CED) to the authoring device 316, it is possible to improve security and prevent mistakes in combination.

The "second content key (EKc) encrypted with the root key" is the content key (Kc) encrypted with the root key (Kroot). EKc = E
It can be expressed as (Kroot, Kc). Content key (K
c) and the second content key (EK) encrypted with the root key
By combining c) with and generating it as an authoring key (CED), a mistake in combination can be avoided.

The "device key (Kdevice)" is key information relating to the playback device that can use the packaged content. The device key is used by each playback device in terms of hardware or tamper resistant software.
It is the key information that is securely stored.

[Content enablement key (EKB: En
“Abling Key Block” is the root key (K
Root) is encrypted with a device key (Kdevice). The content enablement key (EKB) includes E (KdeviceA, Kroot), E (Kde)
The data such as the video data B, Kroot) is stored in the playback device A (Device A) and the data E (Kdev).
It is possible to know Kroot by solving iceA, Kroot). Similarly, the playback device B (Devi
ceB) can know Kroot by solving E (KdeviceB, Kroot).

[Authoring Key Usage Key (CEK (Con
(tent enabling key)) is shared secret information (key) shared between the business operator authoring the content and the administrator. It is different for each authoring company and is issued and managed by the administrator. Used with authoring key (CED) when authoring.

[Authoring Key (CED (Content
t Enabling Data)) is a key used when authoring content. Issued and managed by an authorized administrator. Content ID
It is associated with (CID), and one content is authored using one authoring key (CED). The authoring key is the content key (Kc) and the second content key (EKc) encrypted with the root key.
Is encrypted with a content ID (CID) and an authoring key use key (CEK).

[Redundant Content Key Block (RKcB
(Redundant Kc Block) ”is the version information of the content key (Kc), the second content key (EKc) encrypted with the root key, and the content enablement key that should be included in the authoring key (CED). This is a data block in which (EKB-Version) is concatenated and redundant random number information is added to make illegal decoding difficult. When the authoring key (CED) is generated, it is generated during the generation process. Authoring key (C
The data is used in the process of generating ED) and is not recognized by the user or application developer.

The “redundant content key block with checksum (CRKcB)” is the redundant content key block (RKcB).
This is a data block obtained by calculating the checksum (CS) of KcB) and concatenating it with the redundant content key block (RKcB).

The "final encryption key (Kcid)" is the key data used for the final encryption in the authoring key (CED) creation flow. Content ID (CID)
And the authoring key usage key (CEK). The final encryption key (Kcid) itself is the authoring key (CE
Since the data is used in the process of generating D), it is not noticed by the user or application developer. When using the authoring key (CED), the content I
If D (CID) and the authoring key usage key (CEK) are known, the content key (Kc) included in the authoring key (CED) and the second content encrypted by the root key are generated by generating Kcid inside the module. The key (EKc) and version information (EKB-Version) of the content enablement key can be acquired.

(2.3.2 Key information and key related information used in information distribution terminal 400) Information distribution terminal 4
00, the encrypted content data (E (K
c, Content)) Key information and key-related information are used for decryption, external authentication, and internal authentication, respectively.

(Information used at the time of decryption) The "encrypted content data (E (Kc, Content))" is the device key (Kdevice), the content enablement key (EKB), and the second content key (EKc). It is decrypted using the content key (Kc) obtained from.

The "device key (Kdevice)" is key information relating to the playback device that can use the packaged content. The device key is used by each playback device in terms of hardware or tamper resistant software.
It is the key information that is securely stored.

"Content enablement key (EKB)"
Replaces the root key (Kroot) with the device key (Kdev).
ce). The content enablement key (EKB) contains E (KdeviceA, Kroo)
t), E (KdeviceB, Kroot) and other data are stored in the playback device A (DeviceA).
Can know Kroot by solving E (KdeviceA, Kroot). Similarly, the playback device B (DeviceB) is set to E (KdeviceB,
It is possible to know Kroot by solving (Kroot).

(Key Information Used in External Authentication) During external authentication of the information providing unit 420, the first external authentication key (Ka
auth (1)) and the second external authentication key (Kauth
(2)) is used.

[First External Authentication Key (Kauth
(1)) ”is an external authentication key distributed from the authentication server unit 500 to the information providing unit 420 in advance. The first external authentication key (Kauth (1)) is used by the information providing unit 420.
Since it is hidden by a tamper resistant (Tamper Resistant) in the authentication unit (secure module) of, it is difficult to check the value even by reverse engineering. First external authentication key (Kauth
(1)) is used when the first encryption unit 4224 encrypts the random number to generate the first encrypted data.

[Second external authentication key (Kauth
(2)) ”is the same key as the first external authentication key (Kauth (1)) issued by the authentication server unit 500. The second external authentication key (Kauth (2)) is used when the second encryption unit 4225 encrypts the random number to generate the second encrypted data.

(Key Information Used in Internal Authentication) At the time of internal authentication of the information providing unit 420, the device key (Kd) which the information providing unit 420 and the reader / writer 430 have respectively,
The root key (Kroot) obtained by decrypting the content enablement key (EKB) is referred to.

(2.4 User Section) The user section 180 is
Access the information distribution terminal 400 such as a kiosk terminal,
It is an information processing terminal such as a computer device having a function of downloading favorite contents.

As shown in FIG. 1, the user section 180 includes a storage medium 182 such as a memory stick and a playback device 184.
Is the main component. Further, the user section 180
May include another storage medium and / or playback device 186, and within a permitted number of times, download the content downloaded to the storage medium 182 to another storage medium and / or
Alternatively, the playback device 186 can be checked out or moved.

(3 Authoring Operation) Next, the authoring operation in the authoring studio 300 will be described. Information distribution system 10 according to the present embodiment
In 0, the content is encrypted and packaged at the time of authoring, and the authoring key generation device 160 that generates the authoring key and the authoring device 316 that actually encrypts the content by using the authoring key have different configurations. Further, it is characterized in that the content can be encrypted without directly passing the root key to the authoring device 316.

Further, since it is not necessary to know the contents of the authoring key when performing the authoring, it is possible to completely separate the generation of the authoring key and the authoring work. Furthermore, by separating the authoring work and the authoring key generation, it is possible to control the number of packages that can be correctly generated in the authoring work outside the authoring work.

Further, as an encryption key to be used at the time of authoring key generation, in addition to the content identifier (CID), an authoring key use key (CEK) that can be arbitrarily specified at the time of authoring key generation is added to generate the authoring key. It is possible to limit the people who can use the key correctly to those who know the authoring key usage key (CEK).

Further, tampering with the package can be prevented by adding a MAC value using a key that can be known only to the correct system to the contents such as the usage conditions set at the time of authoring.

(3.1 Authoring Key Generation Operation) The authoring key generation operation in the authoring key generation device (key management device) 160 will be described.

The authoring key (CED) is basically the second key encrypted with the content key (Kc) and the root key.
The information of the content key (EKc) is included. In addition, E
Kc can be expressed as E (Kroot, Kc). The root key (Kroot) is a key used to encrypt the content key (Kc), and is a very important key for security. As will be described later, according to the present system, the commonly used root key (Kroot) is not directly passed to the authoring device 316, but the content key (Kc) and the second content key (EKc) encrypted by the root key are used. By passing the set of) as an authoring key (CED) to the authoring device 316, it is possible to improve security and prevent mistakes in combination.

As shown in FIG. 17A, the authoring key (CED) includes a content key (Kc) for encrypting content data and a second content key (EKc) encrypted with a root key. It is encrypted with a content identifier (CID) uniquely assigned to each content data and an authoring key use key (CEK) uniquely assigned to each authoring device 316.

Authoring key generation means 166 shown in FIG.
In the above, what is needed to generate the authoring key (CED) is the content identifier (CID) generated by the content identifier generating means 162, the content key (Kc), and the content key encrypted with the root key (Kroot). (EKc) and the authoring key use key (CEK) by the authoring key use key generation means 164.

FIG. 16 shows the authoring key generation means 166.
2 shows a detailed flow of an authoring key (CED) generation process executed in.

First, in step S1602, the version information of the content key (Kc), the second content key (EKc) encrypted with the root key, and the content enablement key that should be included in the authoring key (CED). Redundant content key block (RKcB), which is a data block in which (EKB-Version) is concatenated and further redundant random number information is added to make illegal decryption difficult.
(RedundantKc Block)) is generated.

The content enable key (EKB)
Replaces the root key (Kroot) with the device key (Kdev).
ce), and version information (EKB-Version) of the content enablement key is version information of the content enablement key. Thus, the version (Versio) of the root key (Kroot) that should be specified for a certain content key (Kc).
By also setting the information indicating n) as a set, it is possible to prevent an error in the combination of the content key (Kc), the second content key (EKc) encrypted with the root key, and the root key (Kroot).

Next, in step S1604, the checksum (C) of the redundant content key block (RKcB) is
S) and, for example, concatenating the checksum (CS) after the redundant content key block (RKcB), the redundant content key block with checksum (CR)
KcB).

In the process of generating the authoring key (CED) as described above, the checksum information is loaded in addition to the content key (Kc) and the second content key (EKc) encrypted with the root key. The use by the authoring key (CED) by the content identifier (CID) can be prevented with a very high probability.

Next, in step S1606, the content identifier (CID) and the authoring key use key (CE
The final encryption key (Kcid) is generated from K). FIG. 17
As described later in relation to (2), the authoring key (C
When using the ED), if the content ID (CID) and the authoring key use key (CEK) are known, the Kcid is generated inside the module, so that the content key (Kc) included in the authoring key (CED), Second content key (EKc) encrypted with the root key, version information of content enablement key (EKB-Vers)
Ion) can be acquired.

Here, in the process of generating the final encryption key (Kcid), by using the unique content identifier (CID) for each content, the correct content identifier (CID) can be used in the encryption work by the authoring key. ), The correct authoring work is possible, so the authoring accuracy can be improved. Further, by managing the generation of the content identifier (CID) in the authoring key generation device 160, the uniqueness of the content identifier (CID) can be completely guaranteed.

Finally, in step S1608, the redundant content key block with checksum (CRKcB) is encrypted with the final encryption key (Kcid) to generate an authoring key (CED).

(3.2 Encryption Operation by Authoring Key) Next, the content encryption operation by the authoring key generated in the authoring key generation device (key management device) 160 will be described with reference to FIG.

First, as shown in step S1902, the content key decryption means 316 of the authoring device 316.
2 obtains the authoring key use key (CEK) which is the shared secret key from the authoring key generation device (key management device) 160. In the following, the authoring key generation device that generates the authoring key and the key management device that manages key information such as the authoring key will be described as the same device, but the authoring key generation device and the key management device are configured separately. It doesn't matter.

Next, in step S1904, the content key decryption means 3162 acquires from the authoring key generation device (key management device) 160 a content identifier (CID) and authoring key (CED) pair for the content to be authored.

Regarding steps S1902 and S1904, it is not necessary to acquire the authoring key (CED) at the same timing as the pair of the content identifier (CID) and the authoring key (CED). Content identifier (C
The pair of (ID) and authoring key (CED) is different for each content, but the authoring key use key (CEK) is a unique value for the authoring device 316, so it may be obtained once before the authoring process.

Further, the pair of the content identifier (CID) and the authoring key (CED) does not need to be obtained each time each content is authored.
When authoring a plurality of contents, the content may be collectively acquired.

Next, in step S1906, the content key decryption means 3162 uses the content identifier (CID) and the authoring key use key (CEK) from the authoring key (CED) as shown in FIG. 17B. , And decrypts the content key (Kc) and the second content key (EKc) encrypted with the root key.

Next, in step S1908, the content encryption means 3164 of the authoring device 316.
Uses the content key (Kc) decrypted by the content key decryption means 3162 to encrypt the content data to obtain the encrypted content data E (Kc, Content).
generate t).

In step S1910, the packaging means 3166 packages the encrypted content data E (Kc, Content) together with the content identifier (CID) and the second content key (EKc) encrypted with the root key. Then, a series of authoring work is completed.

(4 Information Distribution Operation) The content for which the authoring process has been completed as described above is transmitted to the information distribution terminal 400 such as a kiosk terminal via a predetermined network 600 as shown in FIG. Information distribution terminal 4
00, the encrypted content (E
(Kc, Content)), the content key (EKc) encrypted with the root key, and the content enablement key (EKB) are sent. The encrypted content E (K
The MAC value calculated using the content key Kc is added to the header part of (c, Content) for tampering prevention.

In the information distribution terminal 400, after the predetermined authentication operation consisting of the external authentication and the internal authentication is completed, the decryption processing is performed and the data is downloaded to the predetermined storage medium 182. Hereinafter, the details of the information distribution operation will be described along the flow shown in FIG.

(4.1 External Authentication Operation) As described above, in the external authentication unit 422 of the information distribution terminal 400, whether the information providing unit 420 is a proper one, that is, the information distribution terminal 400 stores it. Whether the user has the authority to provide the content to the outside is determined by a first external authentication key (Kauth (1)) stored in advance by the information providing unit 420 and a second external authentication key (Kauth) stored by the authentication server 500.
(2)) is used to perform comparative authentication (step S210).
2). If the external authentication succeeds in step S2102, the internal authentication performed in step S2104 and subsequent steps proceeds, but if the external authentication fails, the content information distribution (DL) operation is rejected (step S211).
2).

External authentication must be performed every time the information providing unit 420 is activated. However, once the authentication is successful, it may not be performed again while the information providing unit 420 is being activated.

External authentication is performed by the second encryption unit 4225 according to the required security level.
Various embodiments can be adopted by changing the mode of acquiring the encrypted data of.

(4.1.1 Local External Authentication Operation) In the embodiment with the lowest security level, as shown in FIG. 13, external authentication is performed locally, that is, in the information providing unit 420. In this embodiment, the second external authentication key (Kauth (2)) is incorporated in the application in the information providing unit 420.

First, the first external authentication key (Kauth
Secure module 42 that securely holds (1))
5 is a first random number generated by the random number generation means 4223.
The external encrypted key (Kauth (1)) is used to obtain the first encrypted data.

The random number generated by the random number generating means 4223 is sent to the application 421 via the application interface 423. Application 4
21 is a second external authentication key (Kaut) stored in advance.
The random number is encrypted using h (2) to obtain the second encrypted data.

The second encrypted data is sent to the secure module 4 via the application interface 423.
Returned to 25. In the secure module 425, the first encrypted data and the second encrypted data are compared, and if they match, the external authentication work according to the present embodiment ends.

However, in this mode of local external authentication, the second external authentication key (Kauth (2)) may be stolen by a person who operates the information distribution terminal 400 maliciously. Further, if the information distribution terminal 400 itself is stolen, the package stored in the information distribution terminal 400 can be downloaded.

(4.1.2 Remote External Authentication Operation) On the other hand, in the embodiment having the highest security level, as shown in FIG. 14, the authentication server 500 located remotely, that is, outside the information providing unit 420, is used. Perform external authentication using.

First, the first external authentication key (Kauth
Secure module 42 that securely holds (1))
5 is a first random number generated by the random number generation means 4223.
The external encrypted key (Kauth (1)) is used to obtain the first encrypted data.

The random number generated by the random number generation means 4223 is sent to the authentication server section 500 via the application interface 423 and the application 421. The authentication server unit 500 fetches the random number into the authentication server unit 500, and outputs the second external authentication key (Kauth).
(2)) is used to generate the second encrypted data.

The second encrypted data is sent to the secure module 4 via the application interface 423.
Returned to 25. In the secure module 425, the first encrypted data and the second encrypted data are compared, and if they match, the external authentication work according to the present embodiment ends.

As described above, according to the external authentication operation according to the present embodiment, the second external authentication key (Kauth (2))
Cannot be stolen, and even if the information distribution terminal 400 itself is stolen, the package stored in the information distribution terminal 400 cannot be downloaded.

(4.1.3 Semi-local external authentication operation) Further, FIG. 15 shows an embodiment having a medium security level between the embodiment shown in FIG. 13 and the embodiment shown in FIG. In this embodiment, the authentication server unit 500 temporarily transfers the second external authentication key (Kauth (2)) to the information providing unit 420 as needed, for example, when downloading.

First, the first external authentication key (Kauth
Secure module 42 that securely holds (1))
5 encrypts the random number generated by the random number generation means 4223 with the first external authentication key (Kauth (1)),
Get the first encrypted data.

The random number generated by the random number generation means 4223 is sent to the application 421 via the application interface 423. Application 4
21 is a second external authentication key (Kaut) stored in advance.
The random number is encrypted using h (2) to obtain the second encrypted data.

Here, the second external authentication key (Kauth
(2)) is managed by the authentication server unit 500, and every time the information providing unit 420 is activated, the application 421 receives a second external authentication key (Kauth) from the authentication server unit 500.
(2)) is received and the random number is encrypted.
The second external authentication key (Kauth (2)) is deleted from the information providing unit 420 after the second encrypted data is generated or each time the information distribution terminal 400 is powered off.

The second encrypted data is sent to the secure module 4 via the application interface 423.
Returned to 25. In the secure module 425, the first encrypted data and the second encrypted data are compared, and if they match, the external authentication work according to the present embodiment ends.

According to this embodiment, the second external authentication key (Kauth) is used only when downloading is necessary.
Since (2)) is temporarily transferred to the information distribution terminal 400, the possibility of theft of the second external authentication key (Kauth (2)) itself is significantly reduced. The information distribution terminal 40
If the configuration is such that the second external authentication key (Kauth (2)) is erased when the power of the information distribution terminal 400 is cut off even if 0 itself is stolen, if the information distribution terminal 400 is adopted. It is not possible to download packages stored within.

(4.2 Internal Authentication Operation) Internal Authentication Unit 42
The internal authentication operation of 4 is performed after the external authentication of the information providing device 420 is completed. The internal authentication operation is a content verification operation (first content verification operation performed by the first authentication means 4242).
Authentication operation) and the second authentication operation performed by the second authentication means 4244.

The content verification operation shown in step S2104 of FIG. 20 provides means for verifying whether the content data to be distributed is content created by a regular authoring system (authoring studio 300). . Specifically, the first authentication is a MAC (Message Authen) written in the content data by a legitimate authoring system.
Tication Code). If the content verification succeeds in step S2104, the procedure proceeds to the second internal authentication performed in step S2106, but if the content verification fails, the content information distribution (DL) operation is rejected (step S2106).
2112).

In step S2106, the second authenticating means 4244 causes the reader / writer 430 which is a recording means.
And means for performing mutual authentication with the information providing device 420 which is an information record managing means. Second authentication means 42
44, first, the regular authoring system 300,
Root key (Kroot) to device key (Kdevice)
Content enablement key (EKB) encrypted in e)
Is delivered to both the reader / writer 430 and the information providing device 420. Reader / writer 430 and information providing device 4
20 is a device key (K
device) to decrypt the root key (Kroot). Then, the decrypted root key (Kroo
If t) match each other, positive authentication is performed. If the second internal authentication succeeds in step S2106, the download is permitted in step S2108, but if the second internal authentication fails, the content information distribution (DL) operation is rejected (step S211).
2).

(4.3 Download Operation) After the internal authentication is completed in step S2106 shown in FIG. 20 as described above, the content is downloaded to a predetermined storage medium such as a memory stick in step S2206.

In the following, referring to FIG. 22, internal authentication,
The cooperation between the decryption process and the download process will be described in detail.

First, the information providing apparatus 420 that securely holds the device key (KdeviceA) checks the MAC value of the download target package, and the download target package was created by a regular authoring system. Make sure that it is not.

The information providing apparatus 420 decrypts the content enable key (EKB) included in the package with the device key (KdeviceA) and then the root key (Kroot).
A) is acquired. The information providing device 420 transmits the content enablement key (EKB) to the reader / writer 430. Like the information providing apparatus 420, the reader / writer 430 also securely holds the device key (KdeviceB). The reader / writer 430 is the information providing device 4
Content enablement key (EKB) received from 20
Is decrypted with the device key (KdeviceB) to obtain the root key (KrootB).

Information providing device 420 and reader / writer 43
0 is both root keys (KrootA, KrootB)
And perform second internal authentication.

When the internal authentication succeeds, the content validity is further checked, and then the reader / writer 430 copies the content to a storage medium such as a memory stick.

At this stage, the content is still encrypted with the content key (Kc) and cannot be reproduced. Therefore, the content key (Kc) is used to make the copied content reproducible by the reproduction control apparatus, so that the user can enjoy the content with the reproduction apparatus 184 owned by the user.

(4.4 Batch Downloading Operation of Plural Contents) In the example shown in FIG. 22, one content is copied, but in the information distribution system according to the present embodiment, plural contents are simultaneously downloaded. It is also possible to download.

The batch download operation of a plurality of contents will be described with reference to FIG. After the predetermined authentication operation is successful, the information providing apparatus 420 sends information to the predetermined storage medium 182 via the reader / writer 430.
Copy the first package. At this stage, it is impossible to reproduce the content of the first package.
Next, the information providing device 420 receives the reader / writer 430.
The second and third packages are copied to a predetermined storage medium 182 via. In this way, when the batch download of the plurality of contents is completed, the reproduction control device puts the plurality of downloaded contents together into a reproducible state.

In this way, one song per download
By making it possible to play 3 songs at once after writing 3 songs in response to a download request for 3 songs, instead of making it possible to play songs, authentication and the like when downloading multiple contents at a time is greatly reduced. Can be reduced to

(4.5 Content Flow After Download) Next, the subsequent flow of the content downloaded by the information distribution system according to the present embodiment will be described with reference to FIG.

As shown in FIG. 24, according to this system, contents once packaged in a storage medium such as a memory stick are downloaded from the kiosk terminal (information distribution device) 400. The package also contains information about the usage conditions of the content, and the processing method of the downloaded content is determined according to this condition.

Normally, a storage medium 182 such as a memory stick is used to access a terminal device 19 such as a personal computer.
Import content to 0. And the terminal device 1
Mobile devices 192, 19 having a reproducing function from 90 again
It is possible to check out the content at 4,196. The number of check-outs is limited for copyright protection, and three check-outs are permitted in the illustrated example. Therefore, it is possible to copy the downloaded contents to the three types of mobile devices 192, 194, 196.

When it is desired to copy the content to a reproducing device other than the portable devices 192, 194, 196 after the number of check-outs is exceeded, one of the portable devices 192, 192 is selected.
From 194 and 196, the contents can be checked in to the personal computer 190 once and then copied within the permitted number of check-outs.

As described above, according to the information delivery system of the present embodiment, the content is encrypted at the time of authoring, so that the download time on the information delivery terminal side can be shortened and the information delivery terminal side can be shortened. The load can be reduced.

According to the information distribution system of the present embodiment, the information distribution terminal side limits the content created by the authorized authoring device so that it can be downloaded only by hand after the authoring. It is possible to prevent illegal acts such as rewriting. Moreover, even if the illegally authored content is brought to the information distribution terminal, the content cannot be downloaded.

According to the information distribution system of the present embodiment, even legitimate contents cannot be reproduced by simply copying them to a storage medium. In order to be reproducible, external authentication and internal authentication are required on the information providing device side, and thus illegal copying can be prevented.

According to the information distribution system of the present embodiment, the content file that has been legally purchased can be downloaded any number of times, and the content file that has been legally downloaded can be moved to the PC so that the PC and other devices can communicate with each other. You can check out / check in between.

According to the information distribution system of the present embodiment, it is possible to process not only the main content such as a music file but also associated data such as a jacket photo in association with the main content.

Although the preferred embodiments of the information distribution system and the like according to the present invention have been described above with reference to the accompanying drawings, it goes without saying that the present invention is not limited to such examples. It is obvious to those skilled in the art that various changes and modifications can be conceived within the scope of the technical idea described in the claims, and naturally, these are also technical aspects of the present invention. It is understood that it belongs to the range.

For example, in the above embodiment, as a preferred embodiment of the information distribution system according to the present invention,
The case where the system is applied to a system that distributes music data as distribution content has been described, but the present invention is not limited to this example. For example, the system can be applied to an information distribution system that distributes various content data such as image data (including still images and moving images), game programs, etc. to users via a network in addition to music data. Needless to say.

[0200]

As described above, according to the present invention,
It is possible to construct an information distribution system capable of effectively preventing illegal copying and distributing music data and the like. That is, according to the present invention, it is possible to effectively prevent an unauthorized operation during authoring, an unauthorized operation during distribution, an unauthorized operation of an information distribution terminal, and an unauthorized operation during download. Furthermore, according to the present invention, since compression and encryption are performed at the time of authoring, it is possible to construct an information distribution system that does not take much time to download.

[Brief description of drawings]

FIG. 1 is a block diagram showing a schematic configuration of an information distribution system 100 according to an embodiment of the present invention.

FIG. 2 is a block diagram showing a schematic configuration of a content holder 120 of the information distribution system 100 according to the embodiment of the present invention.

FIG. 3 is a block diagram showing a schematic configuration of a content aggregator 200 of the information distribution system 100 according to the embodiment of the present invention.

FIG. 4 is a block diagram showing a schematic configuration of an authoring studio 300 of the information distribution system 100 according to the embodiment of the present invention.

FIG. 5 is a block diagram showing a schematic configuration of an authoring unit 310 of an authoring studio 300 in the information distribution system 100 according to the embodiment of the present invention.

FIG. 6 is a block diagram showing a schematic configuration of a relationship between an authoring device 316 and an authoring key generation device 160 in the authoring system of the information distribution system 100 according to the exemplary embodiment of the present invention.

FIG. 7 is a block diagram showing a construction example of an authoring system of the information distribution system 100 according to the exemplary embodiment of the present invention.

FIG. 8 is a block diagram showing a schematic configuration of an information distribution terminal 400 of the information distribution system 100 according to the embodiment of the present invention.

FIG. 9 is a block diagram showing a schematic configuration of an information providing unit 420 of the information distribution system 100 according to the embodiment of the present invention.

FIG. 10 is a block diagram showing a schematic configuration of an external authentication unit 422 of the information providing unit 420 of the information distribution system 100 according to the embodiment of the present invention.

FIG. 11 is a block diagram showing a schematic configuration of an internal authentication unit 424 of the information providing unit 420 of the information distribution system 100 according to the embodiment of the present invention.

FIG. 12 is a block diagram showing a system configuration example of an information distribution terminal 400 of the information distribution system 100 according to the embodiment of the present invention.

FIG. 13 is a block diagram showing an example of external authentication (local) performed in the information distribution terminal 400 of the information distribution system 100 according to the embodiment of the present invention.

FIG. 14 is a block diagram showing an example of external authentication (remote) performed in the information distribution terminal 400 of the information distribution system 100 according to the embodiment of the present invention.

FIG. 15 is a block diagram showing an example of external authentication (semi-local) performed in the information distribution terminal 400 of the information distribution system 100 according to the embodiment of the present invention.

FIG. 16 is a flowchart showing an authoring key generation process of the information distribution system 100 according to the embodiment of the present invention.

FIG. 17 is an explanatory diagram showing an authoring key generation process of the information distribution system 100 according to the embodiment of the present invention.

FIG. 18 is a flowchart showing an authoring process of the information distribution system 100 according to the embodiment of the present invention.

FIG. 19 is an encrypted content (E (K
c, Content)), the content key (EKc) encrypted with the root key, and the content enablement key (E
It is explanatory drawing which shows the structure of (KB).

FIG. 20 is a flowchart showing an information delivery process in the information delivery terminal 400 of the information delivery system 100 according to the embodiment of the present invention.

FIG. 21 is a flowchart showing a content decoding process in the information distribution terminal 400 of the information distribution system 100 according to the embodiment of the present invention.

FIG. 22 is a flowchart showing a package download process in the information distribution terminal 400 of the information distribution system 100 according to the embodiment of the present invention.

FIG. 23 is a flowchart showing a download process of collectively downloading a plurality of packages in the information distribution terminal 400 of the information distribution system 100 according to the embodiment of the present invention.

FIG. 24 is an explanatory diagram showing a subsequent process of the content once downloaded in the information distribution terminal 400 of the information distribution system 100 according to the embodiment of the present invention.

[Explanation of symbols]

100 Information distribution system 120 content holders 140 Content Distribution Department 160 Key management device (authoring key generation device) 180 users 200 Content Aggregator 300 Authoring Studio 400 Information distribution terminal (kiosk terminal) 500 authentication server 600 networks

   ─────────────────────────────────────────────────── ─── Continued front page    (72) Inventor Shinichi Ueno             6-735 Kita-Shinagawa, Shinagawa-ku, Tokyo Soni             -Inside the corporation F-term (reference) 5B085 AA08 AE29                 5J104 AA01 AA13 AA16 EA04 EA26                       NA02

Claims (30)

[Claims] 1. An authoring system for authoring content data (Content) distributed via an information distribution terminal by performing copyright protection encryption: uniquely assigned to each content data (Content). Content identifier (CID)
, An authoring key use key (CEK) uniquely assigned to each authoring device that authors content data (Content), and a content key (K) that encrypts the content data (Content).
c) and the content key as a root key (Kroot)
The second content key (EKc) encrypted by the authoring key (CE) encrypted using the content identifier (CID) and the authoring key use key (CEK).
D) and an authoring key generation device for generating the content identifier (C) from the authoring key (CED).
ID) and the authoring key use key (CEK) to decrypt the content key (Kc) and the second content key (EKc), and the decrypted content key (Kc). The content data (Content) is encrypted by using the encrypted content data (E (Kc, Content)
t)), and an authoring device provided with an encryption means; 2. The encrypted content data (E (K
c, Content)) and the content identifier (C
The authoring system according to claim 1, further comprising packaging means for packaging the ID) and the second content key (EKc) as one package data. 3. The content key (Kc) is the second key.
Content key (EKc) and the root key (Kroo)
t) is a key that enables the encrypted content data (E (Kc, Content)) to be decrypted,
In the playback device that securely holds the root key (Kroot), the content data (Content)
The authoring system according to claim 1, wherein the authoring system is reproducible. 4. The root key (Kroot) is incorporated and held in a content enable key (EKB) encrypted by a device key (Kdevice) associated with the playback device, and the authoring key (Kroot) is stored. CE
4. The content enabling key (EKB) in addition to the content key (Kc) and the second content key (EKc) is also encrypted in K). Authoring system. 5. The content key (Kc) and the second content key (E) are included in the authoring key (CEK).
The authoring system according to claim 1, wherein checksum information is encrypted in addition to Kc). 6. The apparatus further comprises a discarding unit for discarding the authoring key (CEK) before the update when the authoring key (CEK) is updated.
The authoring system according to claim 1. 7. The content data (Content)
The t) is composed of main content data and additional information of the main content data.
Authoring system described in. 8. An authoring key generation device for generating an authoring key for performing copyright protection encryption on content data distributed via an information distribution terminal, the content data comprising: A content identifier (CID) uniquely assigned to each (Content), an authoring key use key (CEK) uniquely assigned to each authoring device that authors the content data (Content), and the content data (Conte).
nt) for encrypting the content key (Kc), and the second content key encrypted with the root key (Kroot)
Content key (EKc) of the content identifier (C
ID) and an authoring key (CED) encrypted using the authoring key use key (CEK), and an authoring key generation device. 9. The content key (Kc) is the second key.
Content key (EKc) and the root key (Kroo)
t) is a key that enables the encrypted content data (E (Kc, Content)) to be decrypted,
In the playback device that securely holds the root key (Kroot), the content data (Content)
9. The authoring key generation device according to claim 8, wherein the authoring key generation device is capable of reproducing. 10. The root key (Kroot) is incorporated and held in a content enable key (EKB) encrypted by a device key (Kdevice) related to the playback device, and the authoring key (Kroot) is stored. CE
9. The content enabling key (EKB) in addition to the content key (Kc) and the second content key (EKc) are also encrypted in K). Authoring key generator. 11. The authoring key (CEK) comprises:
9. The authoring key generation device according to claim 8, wherein checksum information is encrypted in addition to the content key (Kc) and the second content key (EKc). 12. The authoring key (CEK) before update when the authoring key (CEK) is updated
9. The authoring key generation device according to claim 8, further comprising a discarding unit that discards the. 13. An authoring key generation device for generating an authoring key for performing copyright protection encryption on content data distributed via an information distribution terminal, the computer comprising: A content identifier (CID) uniquely assigned to each content data (Content)
An authoring key use key (CEK) uniquely assigned to each authoring device authoring the content data (Content), a content key (Kc) for encrypting the content data (Content), and a root key for the content key. (Kroo
As an authoring key generation device for generating a second content key (EKc) encrypted in t) using the content identifier (CID) and the authoring key use key (CEK) A computer program characterized by causing it to function. 14. An authoring key generation device for generating an authoring key for performing copyright protection encryption on content data distributed via an information distribution terminal, the computer comprising: A content identifier (CID) uniquely assigned to each content data (Content)
An authoring key use key (CEK) uniquely assigned to each authoring device authoring the content data (Content), a content key (Kc) for encrypting the content data (Content), and a root key for the content key. (Kroo
As an authoring key generation device for generating a second content key (EKc) encrypted in t) using the content identifier (CID) and the authoring key use key (CEK) A computer-readable storage medium that stores a computer program to function. 15. In an authoring device that authors content data (Content) distributed via an information distribution terminal by performing copyright protection encryption, the content storage unit stores the content data (Content); The content data (Co
content) (CID) uniquely assigned to each author) and an authoring key use key (CEK) uniquely assigned to each authoring device
And a content key (Kc) for encrypting the content data (Content) and a second content key (EKc) obtained by encrypting the content key with a root key (Kroot), the content identifier (CID) and the authoring key. Key information storage means for storing key information composed of an authoring key (CED) encrypted using a use key (CEK); the content identifier (CID) and the authoring key use from the authoring key (CED) Using the key (CEK), the content key (K
c) and a decryption means for decrypting the second content key (EKc) and the content key (Kc) to encrypt the content data (Content) to obtain encrypted content data (E (Kc, Content). )) For generating an authoring device, 16. The encrypted content data (E (Kc, Content) obtained by the encryption means is further included.
t)), the content identifier (CID), and packaging means for packaging the second content key (EKc) as one package data: Authoring device. 17. The authoring key generator according to claim 15, wherein the authoring key (CED) is encrypted by an authorized authoring key generation device that is configured separately from the package data generation device. Authoring device. 18. The content key (Kc) is the second content key (EKc) and the root key (Kroo).
t) is a key that enables the encrypted content data (E (Kc, Content)) to be decrypted,
In the playback device that securely holds the root key (Kroot), the content data (Content)
16. The authoring device according to claim 15, wherein the authoring device is reproducible. 19. The root key (Kroot) is held as a content enablement key (EKB) encrypted by a device key (Kdevice) related to the playback device, and is stored in the authoring key (CEK). In addition to the content key (Kc) and the second content key (EKc), the content enable key (E
KB) is also encrypted.
8. The authoring device according to item 8. 20. The authoring key (CEK) comprises:
16. The authoring device according to claim 15, wherein checksum information is encrypted in addition to the content key (Kc) and the second content key (EKc). 21. When the authoring key (CEK) has been updated, the authoring key (CEK) before the update
16. The authoring device according to claim 15, further comprising a discarding unit that discards. 22. The content data (Content)
The t) is composed of main content data and additional information of the main content data.
5. The authoring device according to item 5. 23. The authoring device according to claim 15, wherein the packaging unit further packages fringe data which is additional information regarding the content data (Content). 24. In an authoring device for authoring content data (Content) distributed via an information distribution terminal by performing copyright protection encryption: a computer, the content data (Content)
content storing means for storing the content data; a content identifier (CID) uniquely assigned to each content data (Content); an authoring key use key (CEK) uniquely assigned to each authoring device; (Conte
nt) for encrypting the content key (Kc), and the second content key encrypted with the root key (Kroot)
Content key (EKc) of the content identifier (C
ID) and an authoring key (CED) encrypted using the authoring key use key (CEK), and key information storage means for storing key information; and from the authoring key (CED), the content identifier (CID) ) And the authoring key use key (CEK), the content key (Kc) and the second content key (EK
c) and the content key (K
The content data (Content) using c)
Encrypted content data (E (Kc, Co
computer program characterized by causing it to function as an encryption means for generating (. 25. In an authoring device, which authors content data (Content) distributed via an information distribution terminal, by performing encryption for copyright protection, wherein:
content storing means for storing the content data; a content identifier (CID) uniquely assigned to each content data (Content); an authoring key use key (CEK) uniquely assigned to each authoring device; (Conte
nt) for encrypting the content key (Kc), and the second content key encrypted with the root key (Kroot)
Content key (EKc) of the content identifier (C
ID) and an authoring key (CED) encrypted using the authoring key use key (CEK), and key information storage means for storing key information; and from the authoring key (CED), the content identifier (CID) ) And the authoring key use key (CEK), the content key (Kc) and the second content key (EK
c) and the content key (K
The content data (Content) using c)
Encrypted content data (E (Kc, Co
and a computer-readable storage medium recording a computer program to function as an encryption unit. 26. An authoring method for authoring content data (Content) to be distributed via an information distribution terminal by performing copyright protection encryption: uniquely assigned to each of the content data (Content). A content identifier (CID),
An authoring key use key (CEK) uniquely assigned to each authoring device and a content key (Kc) for encrypting the content data (Content)
And a second content key (EKc) obtained by encrypting the content key with a root key (Kroot) using the content identifier (CID) and the authoring key use key (CEK).
D) to generate an authoring key, and the content identifier (C) from the authoring key (CED).
ID) and the authoring key use key (CEK) to decrypt the content key (Kc) and the second content key (EKc); and the decrypted content key (Kc). The content data (Content) is encrypted by using the encrypted content data (E (Kc, Content)
t)) generating an encryption step; and an authoring method. 27. The encrypted content data (E (Kc, Content) obtained by the encryption device is further included.
27. The authoring method according to claim 26, further comprising a packaging step of packaging t)), the content identifier (CID), and the second content key (EKc) as one package data. . 28. The root key (Kroot) is incorporated in a content enablement key (EKB) encrypted by a device key (Kdevice) associated with a playback device capable of generating the content data (Content). It is held, and the authoring key (CE
27. The content enabling key (EKB) in addition to the content key (Kc) and the second content key (EKc) is also encrypted in K). Authoring method. 29. The authoring key (CEK) comprises:
27. The authoring method according to claim 26, wherein checksum information is encrypted in addition to the content key (Kc) and the second content key (EKc). 30. When the authoring key (CEK) has been updated, the authoring key (CEK) before the update
Characterized in that it further comprises a discarding step for discarding
The authoring method according to claim 26.