JP2005160032A - Content reproduction control system, server device, terminal device, and content reproduction control method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a content reproduction control system in which a business operator can securely control use of a content specific part of a user without adding control information to the content.
[Solution]
A content reproduction control system 1 including a server device (content distribution server 101b) connected via a communication channel (network 103) and a terminal device 102, the server device being based on time information given to content A control information generating unit that generates control information that specifies a range in which a user's predetermined operation on the content in the terminal device 102 is permitted or prohibited, and a distribution unit that distributes the control information to the terminal device 102. 102 includes content use means for using content, reception means for receiving control information, and content use control means for controlling reproduction included in the use of content by the content use means based on the received control information. .
[Selection] Figure 1

Description

  The present invention relates to a system in which digital content such as video and music is distributed from a server device using communication and broadcasting, and a user uses the digital content in a terminal device. The present invention relates to a system or the like that can reliably control special playback (trick play) such as time skip and fast forward according to the intention of a business operator.

  In recent years, digital content such as music, video, and games (hereinafter referred to as content) is distributed from a server device to a terminal device through communication such as the Internet, digital broadcasting, CATV (Cable Television), and the like. Content distribution services that can use the Internet are entering the practical stage. In a general system used for this content distribution service, copyright protection technology is used to protect the copyright of the content and prevent unauthorized use of the content by a malicious user or the like. Specifically, copyright protection technology is a technology that securely controls the use of content such as the user playing back content or copying it to a recording medium using encryption technology or authentication technology. is there. By using the copyright protection technology, a provider such as a content provider or a service provider can securely control the use of the content in the user terminal device.

  By the way, in recent years, in a terminal device having a large-capacity storage means such as a hard disk drive (HDD), the distributed content is temporarily stored in the terminal device, and the user's convenience is to watch the favorite content when the user likes it. A highly practical use form is being studied. In ARIB (Association of Radio Industries and Businesses), which is a digital broadcasting standardization organization in Japan, a server-type broadcasting system is standardized as a digital broadcasting system that utilizes a large-capacity storage function. As for the server type broadcasting system, ARIB STD-B25 4.1 version is detailed.

  However, in a terminal device having such a storage function, content including commercials (CM) is temporarily stored in the terminal device, and the CM portion is skipped, fast-forwarded, or rewinded when viewed by time shift. As a result, a situation in which the user does not view the CM may occur. As a result, there is a possibility that disadvantages such as a decrease in the CM effect and a decrease in the CM fee may occur for the operator. As a technique for solving such a problem, for example, Patent Document 1 discloses that in a terminal device, a server device embeds a CM skip prohibition signal or a CM skip prohibition release signal before and after a CM portion of content. A system for controlling CM skip is described as an example of a content reproduction control system.

As described above, in the conventional content reproduction control system, by embedding control information indicating that in the content provider side such as the CM portion of the content that is prohibited from special reproduction, it is contrary to the intention of the operator. The user can be prevented from using the content.
Japanese Patent Laid-Open No. 2002-290878

  However, in the conventional content reproduction control system, it is necessary to embed control information for controlling CM viewing in the content in order to prevent special reproduction of the CM portion. In general, an encoder that digitally encodes content generally has not only a function of identifying a CM portion of the content but also a function of inserting information for CM viewing control. Therefore, in order to generate content that can control CM viewing, a dedicated encoder is required, and as a result, there is a problem that the cost burden on the operator increases.

  The present invention solves such a conventional problem, by securely realizing use control of a specific part of content such as a CM part of content in a terminal device without adding control information to the content. Another object of the present invention is to provide a content reproduction control system capable of preventing a user from using content that is contrary to the intention of a business operator at a low cost.

  In order to achieve the above object, in the content reproduction control system according to the present invention, a content reproduction control system comprising a server device and a terminal device connected via a communication path, wherein the server device is a content reproduction control system. Control information generating means for generating control information designating a range in which a user's predetermined operation on the content in the terminal device is permitted or prohibited based on the time information attached to the terminal device, and distributing the control information to the terminal device The terminal device is adapted to use the content by the content using means based on the received control information, a content using means for using the content, a receiving means for receiving the control information, and the control information. Content usage control means for controlling the included playback is provided.

  With this configuration, it is possible to securely control the use of a specific part of the content without inserting special information for use control in the content.

  According to the present invention, it is possible to control the user's CM viewing using the existing time information in the content without embedding control information for controlling the viewing of the CM in the content main body. It is possible to apply the content generated in the above, and to reduce the cost burden on the operator. Furthermore, when existing time information is encrypted in the content, for example, when the content is securely bound to the content, the user's CM viewing can be controlled securely using the time information.

  The present invention can be realized not only as such a content reproduction control system, but also as a server device or a terminal device constituting such a content reproduction control system, or a server constituting a content reproduction control system. It can be realized as a content reproduction control method using steps characteristic of the device or terminal device, or as a program for causing a computer to execute these steps. Needless to say, such a program can be distributed via a recording medium such as a CD-ROM or a transmission medium such as the Internet.

  Hereinafter, a content reproduction control system according to an embodiment of the present invention will be described in detail with reference to the drawings.

  FIG. 1 is a diagram showing an overall schematic configuration of a content reproduction control system 1 according to an embodiment of the present invention.

  The content playback control system 1 is a system that performs playback control securely when a user uses encrypted content distributed from a distribution center (that is, a service provider) through a network or the like on a terminal device. As shown in FIG. 1, a distribution center 101 that distributes content and a license that gives permission to use the content, a plurality (three in the figure) of terminal devices 102a to 102c that use the content, and these are connected to each other It consists of a network 103 such as the Internet.

  The distribution center 101 manages rights (use conditions) for using content owned by the user, generates a license for the content, and distributes the content to the terminal devices 102a to 102c and the terminal devices 102a to 102c. A content distribution server 101b for distributing content; a charging server 101c for charging users; a web server 101d for transmitting web screens for providing various services to the terminal devices 102a to 102c through the network 103; The LAN 101n interconnects these components.

  The rights management server 101a is a server device that manages usage conditions of content owned by the user and grants a license for the user to decrypt the encrypted content. Specifically, the right management server 101a manages the usage conditions of the contents owned by each user or each terminal device 102a to 102c, and uses the license through the network 103 based on a request from the user. Is distributed to the terminal devices 102a to 102c. In addition, when distributing push-type broadcast content in digital broadcasting or broadband Internet, the generated license is transmitted to the content distribution server 101b in order to distribute the license together with the content.

  The license is composed of an encryption key for decrypting the encrypted content and usage conditions such as a usage period and the number of usages of the content. An example of the license data structure will be described later in detail with reference to the drawings.

  Also, when data such as a license to ensure security is transmitted and received between the distribution center 101 and the terminal devices 102a to 102c via the network 103, SSL (Secure Socket Layer), TLS (Transport Layer Security), etc. A secure authentication channel (Secure Authenticated Channel, hereinafter also referred to as “SAC”) is established, and data is transmitted and received.

  The content distribution server 101b is a server device for distributing content to the terminal devices 102a to 102c through the network 103, and is realized by dedicated hardware or a workstation. Specifically, the content distribution server 101b is digitally compressed by a compression method such as MPEG-2 or MPEG-4, and a common key such as AES (Advanced Encryption Standard) or Triple DES (Data Encryption Standard) as necessary. Encrypted with an encryption algorithm or the like, and then distributes the encrypted content by streaming or download.

  In particular, in a server type broadcasting system in BS (Broadcasting Satellite) digital broadcasting, CS (Communication Satellite) digital broadcasting, and terrestrial digital broadcasting, MPEG-2 and MPEG-4 contents (Elementary Stream, hereinafter referred to as ES) A system for distributing stream-type content that can be shared between real-time viewing and stored viewing, multiplexed by PES (Packetized Elementary Stream) / TS (Transport Stream), has been standardized. Is done.

  Here, an encryption key scheme in content distribution based on the server type broadcasting system type I will be briefly described.

FIG. 2 is a diagram showing an outline of the encryption key scheme.
Here, a description will be given separately for the transmitting side that distributes the content / encryption key and the receiving side that receives the content / encryption key.

  First, on the transmission side, the content is encrypted (202), that is, scrambled with an encryption key called a scramble key Ks201, and transmitted to the reception side. For content scrambling, the payload portion of the TS packet is scrambled in units of MPEG-2 TS packets. The scramble key Ks201 is a time-varying key that is changed every few seconds to improve security against unauthorized reception.

  Also, the scramble key Ks201 for scrambling the content is encrypted (204) using the work key Kw203 and transmitted to the receiving side. The work key Kw203 is an encryption key assigned to each contract and group for each broadcasting company used in the conventional general conditional access system. In order to ensure the security of the work key Kw203 itself, several months are required. Generally renewed in a period of several years. A data structure that includes at least the scramble key Ks201 and transmits information related to the content is called an ECM (Entity Control Message) and is configured as a private section of the MPEG-2 Systems. The ECM encrypted with the work key Kw203 is called ECM-Kw and is used in real-time viewing of broadcast content.

  The scramble key Ks201 for scrambling the content is encrypted (204) using the content key Kc205 and transmitted to the receiving side. The content key Kw205 is an encryption key assigned to each content unit, and is configured as a MPEG-2 Systems private section, like the ECM-Kw. An ECM that includes at least the scramble key Ks201 and encrypted with the content key Kc205 is called an ECM-Kc, and is used for accumulating and viewing broadcast content.

  Further, the content key Kc205 is encrypted with the work key Kw203 and transmitted to the receiving side. An ECM that includes at least the content key Kc205 and is encrypted with the work key Kw203 is called an ECM for Kc distribution, and is used for storing and viewing broadcast content. Similar to ECM-Kw and ECM-Kc, the ECM for Kc distribution is configured as a private section of MPEG-2 Systems.

  An example of the data structure of the ECM-Kw, ECM-Kc, and ECM for Kc distribution will be described in detail later with reference to the drawings.

  The encrypted content, ECM-Kw, ECM-Kc, and Kc delivery ECM generated as described above are converted into MPEG-2 TS packets, and PSI (Program Specific Information) / SI (Service Information), etc., as necessary. After being multiplexed (207) with this data, it is transmitted to the receiving side.

  On the other hand, the receiving side receives the MPEG-2 TS packet in which the encrypted content, ECM-Kw, ECM-Kc, and Kc delivery ECM are multiplexed, separates them (210), and encrypts the encrypted content, ECM. -Obtain Kw, ECM-Kc, and ECM for Kc distribution, respectively.

  At the time of real-time viewing, ECM-Kw is acquired, and ECM-Kw is decrypted (212) with a work key Kw203 held in advance by the receiving side to acquire a scramble key Ks201. As a result, the encrypted content can be decrypted (213) and used. Since ECM-Kw is used only during real-time viewing, it is not necessary to record it in a storage unit (not shown).

  On the other hand, at the time of storage viewing, the encrypted content, ECM-Kc, and Kc distribution ECM recorded in the storage unit (not shown) are read. The Kc distribution ECM is decrypted (214) with the work key Kw 203 to obtain the content key Kc 205. Then, the ECM-Kc is decrypted (212) with the content key Kc205, and the encrypted content is decrypted (213) so that the content can be used.

  In addition, in the ARIB STD-B25 4.1 version, in addition to the above description, a method for sharing the work key Kw 203 between the transmitting side and the receiving side is described. However, in the embodiment of the present invention, A case where a SAC is established between the transmission side and the reception side and the work key Kw 203 is shared by communication will be described. Of course, as described in the ARIB STD-B25 4.1 edition, by using a data structure called EMM (Entitlement Management Message), the work key Kw203 is distributed by broadcasting, and the transmission side and the reception side. The work key Kw203 may be shared with the side. In this case, in order to prevent the EMM from being wiretapped, it is encrypted and distributed with a unique key for each receiving terminal called a master key. The master key is an encryption key shared in advance between the transmission side and the reception side, and is managed in a secure location of the terminal device 102 on the reception side or written in advance in a tamper-resistant module called a security module. The security module is inserted into the terminal device 102 and used.

  Further, here, for the sake of simplicity in storing the ECM for Kc distribution encrypted with the work key Kw 203 in the storage unit (not shown in FIG. 2), an example in which the ECM is stored as it is without performing cryptographic conversion is shown. As shown, in order to prepare for regular or irregular update of the work key Kw 203, an encryption key held in advance by the receiving side, for example, an encryption key (group key) shared in advance by the plurality of terminal devices 102 or the terminal device 102 is provided. The Kc distribution ECM may be subjected to cryptographic conversion using a unique master key.

  Hereinafter, the content reproduction control system 1 according to the embodiment of the present invention will be described based on an encryption key scheme based on the server type broadcasting system type I.

  Returning to FIG. 1, the content distribution server 101b further controls the playback of the content in the terminal devices 102a to 102c, so that the content distribution server 101b is based on the attribute information preset in the content, such as the CM portion and the preview portion of the content. Reproduction control information for performing reproduction control of a specific location is generated and distributed to the terminal devices 102a to 102c together with the ECM.

  The billing server 101c is a server device for performing online billing when purchasing content usage conditions and the like via the Internet. Specifically, the billing server 101c performs billing and settlement using a credit card, or registers a user's bank account number in the billing server 101c in advance, and from the terminal devices 102a to 102c via the network 103. Billing and settlement based on uploaded purchase history.

  The web server 101d provides a content purchase screen for the user to access various services from the terminal devices 102a to 102c. Specifically, the web server 101d provides a web page described in a script language such as HTML (HyperText Markup Language) or XML (Extensible Markup Language) via a protocol such as HTTP over the Internet, or in digital broadcasting. , Provide a page described in BML (Broadcasting Markup Language).

  The LAN 101n is a network for connecting the rights management server 101a, the content distribution server 101b, the web server 101d, and the accounting server 101c to each other in the distribution center 101. For example, it can be realized using a wired network such as IEEE802.3 or a wireless network such as IEEE802.11b.

  The network 103 is a network that connects the distribution center 101 and the terminal devices 102a to 102c to each other. For example, the network 103 is a communication network such as the Internet, digital broadcasting, or a network in which these are combined.

  The terminal devices 102a to 102c have a function of connecting to the network 103, and are terminals for the user to use the content on a monitor screen or the like and write the content on a recording medium. Specifically, the terminal devices 102a to 102c are content display devices such as an STB (Set Top Box), a digital TV, a DVD (Digital Versatile Disc) recorder, an HDD recorder, and a PC (Personal Computer) for receiving digital broadcasting. , A recorder, or a composite device of these.

  In the content reproduction control system 1 configured as described above, content and licenses are distributed through the network 103 such as digital broadcasting and broadband Internet, and the terminal devices 102a to 102c are configured to view the content based on the license and the reproduction control information. This will be described in more detail. However, hereinafter, the terminal devices 102a to 102c will be described as the terminal device 102 with the terminal device 102a as a representative.

  FIG. 3 is a functional block diagram showing a detailed configuration of the right management server 101a shown in FIG.

  The rights management server 101a is broadly divided into a database unit 300 realized by a data file stored in an HDD or the like, and a program executed by using hardware such as a system LSI, CPU, RAM, ROM, or the like. The license processing unit 310 is realized by the above.

  The database unit 300 includes a key information DB 301, a user information DB 302, a use condition DB 303, a content information DB 304, and the like.

  The key information DB 301 includes a work key Kw 203 given when a user contracts a service with a business operator (service provider) and a content key Kc 205 for storage and viewing assigned for each content, a work key management table and a content key management. A database managed by each table. When the content distribution server 101b generates the ECM-Kw, ECM-Kc, and ECM for Kc distribution, the work key Kw203 and the content key Kc205 are provided, or the work key Kw203 is provided from the terminal device 102. Is used when searching for the work key Kw 203 corresponding to the user's contract (contract ID).

  FIG. 4 is a diagram illustrating a configuration example of the work key management table 400 included in the key information DB 301.

  As shown in FIG. 4, the work key management table 400 includes fields of contract ID 401, work key ID 402, and work key Kw 203, and manages a set of work key ID 402 and work key Kw 203 corresponding to the contract ID 401. .

  For example, FIG. 4 shows that the work key ID 402 corresponding to the contract ID 401 “CONTRACT-ID-00001” is “Kw-ID-00001”, and the work key Kw203 of the set is “0x2340685453109911”. Here, the contract ID 401 indicates a kind of contract form for a service provided by a business, and examples thereof include a “sports content pack” that allows viewing of sports-related content and a “movie content pack” that allows viewing of movie content. . However, instead of assigning the work key Kw 203 for each contract ID, the work key Kw 203 is assigned for each service provider, and the identification of the contract ID 401 is determined based on the usage conditions set in the license, or the contract ID is set as an ECM item. It can also be included. The work key ID 402 is information used to specify the work key Kw 203 that encrypts the ECM.

  FIG. 5 is a diagram illustrating a configuration example of the content key management table 500 included in the key information DB 301.

  As shown in FIG. 5, the content key management table 500 has fields of a content ID 501 for uniquely identifying content in the content reproduction control system 1 and a content key Kc 205 corresponding to the content ID 501. The content key Kc is managed as a key.

  For example, the content key Kc205 for decrypting the encrypted content whose content ID 501 is “CONTENT-ID-00001” is “0x1234567890abcdef”.

  The user information DB 302 is a database having a user information management table for managing information related to users, and includes a terminal device 102 that accesses the right management server 101a, a user who owns the use conditions managed by the use condition DB 303, and Used to associate

  FIG. 6 is a diagram illustrating a configuration example of a user information management table 600 included in the user information DB 302.

  As shown in FIG. 6, the user information management table 600 has a user ID 601 for uniquely identifying a user in the content reproduction control system 1 and a terminal device 102 for uniquely identifying the user in the content reproduction control system 1. Each terminal ID 602 field manages user IDs and terminal IDs.

  For example, FIG. 6 shows that a user whose user ID 601 is “USER-ID-00001” owns the terminal device 102 whose terminal ID 602 is “TERMINAL-ID-00001”. A user whose user ID 601 is “USER-ID-00002” has two terminal apparatuses 102 whose terminal IDs 602 are “TERMINAL-ID-12345” and “TERMINAL-ID-54321”, and both terminals It shows that the right management server 101a can be accessed from the device 102.

  Note that data registration in the user information DB 302 is performed when a user registers as a member in order to receive a service provided by a service provider. This member registration process may be performed online by the distribution center 101 and the terminal device 102 on the member registration screen provided by the web server 101d via the network 103 by the user, or by using a postcard for member registration. You can go. In the member registration process, first, the service provider assigns a user ID 601 to the user. Thereafter, the terminal ID 602 of the terminal device 102 owned by the user is notified to the service provider online or offline, so that the user ID 601 and the terminal ID 602 are associated and registered in the user information management table 600 of the user information DB 302. . As a result of performing the member registration process as described above, the user information DB 302 is constructed.

  The usage condition DB 303 is a database that manages usage conditions for contracts with business operators for each user using a usage condition management table. Whether the usage conditions owned by the user are satisfied in response to a license acquisition request from the terminal device 102. It is used to determine whether or not to generate a license when the usage condition is satisfied.

  FIG. 7 is a diagram illustrating a configuration example of the use condition management table 700 provided in the use condition DB 303.

  As shown in FIG. 7, the usage rule management table 700 uniquely identifies a user in the content reproduction control system 1, a user ID 701 indicating the owner of the usage rule, and a usage rule owned by the user indicated by the user ID 701. A usage condition ID 702 for identifying the contract, a contract ID 703 for uniquely identifying the user's contract form in the content reproduction control system 1, a validity period 704 indicating the start date / time and end date / time of the contract indicated by the contract ID 703, and a contract ID 703 Each field has a remaining issuable count 705 indicating the remaining number of licenses issued corresponding to the contract form shown in FIG. 5 and manages user usage conditions using the user ID as a key.

  For example, a user whose user ID 701 is “USER-ID-00001” holds a use condition whose use condition ID 702 is “URUs-ID-00001”. The use condition “URUs-ID-00001” is a contract in which the contract signed by the user with the business operator is “CONTRACT-ID-00001” indicated in the contract ID 703, and the validity period 704 is “2002/12 / 31-2003”. / 1/30 ", which indicates that the number of times that a license can be issued is" 1 "shown in the remaining number of issuables 705. A user whose user ID 701 is “USER-ID-00002” has two usage conditions whose usage condition ID 702 is “URUs-ID-00002” and “URUs-ID-10011”. Among these, the use condition “URUs-ID-00002” is a use condition for a contract form in which the contract ID 703 is “CONTRACT-ID-13542”, and the valid period 704 is “2002/12/1 to 2002/12/31”. The remaining issuable count 705 is “1”, which indicates that the license having the valid period can be issued once. The use condition “URUs-ID-10011” is a use condition for a contract form in which the contract ID 703 is “CONTRACT-ID-99999”, the valid period 704 is unlimited (∞), and the remaining issuable count 705 is 3. Indicates that the number of times.

  The content information DB 304 is a database that includes a content information management table that is used to generate a license (sublicense to be described later) set for each content and stores usage conditions for each content.

  FIG. 8 is a diagram illustrating a configuration example of the content information management table 800 included in the content information DB 304.

  As shown in FIG. 8, the content information management table 800 includes a content ID 801 for uniquely specifying a content within the content reproduction control system 1 and a license for uniquely identifying a license within the content reproduction control system 1. Each field includes an ID 802, a valid period 803 indicating a period during which the license is valid, and a usable number 804 indicating the number of times the license can be used, and the content usage conditions are managed using the content ID as a key. .

  For example, in FIG. 8, a content whose content ID 801 is “CONTENT-ID-00001” has a license ID 802 of “LICENSE-ID-00001”, a validity period 803 of “2003/12/31 to 2004/1/30”, This indicates that the usable count 804 is “∞ (no limit)”, and these values are set in the sublicense.

Next, each part of the license processing unit 310 will be described in detail.
As shown in FIG. 3, the license processing unit 310 includes a license issuing unit 311 and a server transmission / reception unit 312.

  The license issuance unit 311 is a unit for generating a license for a user (a main license to be described later) in response to a license issuance request from the terminal device 102. In addition, since the content key Kc205 is transmitted to the terminal device 102 together with the content via digital broadcasting, the license issuing unit 311 issues a license (sublicense described later) including the content key Kc205 and transmits the license to the content distribution server 101b. I do.

  Specifically, the license issuance unit 311 receives a license issuance request from the terminal device 102, and uses the work key management table 400, the user information DB 302, and the use condition DB 303 of the key information DB 301 to issue a license issuance request. After determining whether or not the user's usage condition is satisfied, a process for generating a license corresponding to the user's contract is performed. A license that is issued for a user contract and that can use a plurality of contents corresponding to the contract is called a main license, and the main license includes the work key Kw 203 shown in FIG.

  On the other hand, the license transmitted to the content distribution server 101b is a license issued to a single content and is called a sublicense. The sublicense includes the content key Kc205 shown in FIG. 2, and is encrypted with the work key Kw203. The sublicense is set to ECM by the content distribution server 101b and transmitted to the terminal device 102. Therefore, in order to use the content for which the sub license is set, it is necessary to acquire the main license in which the work key Kw 203 for encrypting the sub license is set.

  The server transmission / reception unit 312 is a unit for communicating with the terminal device 102 via the network 103.

  Here, the main license and the sublicense generated by the license issuing unit 311 will be described in detail.

FIG. 9 is a diagram illustrating an example of the configuration of the main license.
As shown in FIG. 9, the main license 900 includes a license header 901, an action tag block 902, an encryption key tag block 903, and a license footer 904.

  The license header 901 includes a set of contents licensed by the main license 900, that is, a contract ID for identifying the type of subscription (contract), an expiration date of the main license 900 (a contract expiration date), and the like. An action tag block 902 indicates usage conditions regarding content reproduction, copying to a recording medium, and the like. The encryption key tag block 903 includes a work key Kw 203 for decrypting the encrypted content key Kc 205. The license footer 904 is a hash value for detecting falsification of the main license 900.

  More specifically, the license header 901 includes a license identifier 911 for identifying the main license 900, a license ID 912 that is an identifier that can uniquely identify the main license 900 for each user or for each system, and the length of the entire main license 900. License size 913 indicating the length of the license, and a license valid period 914 indicating a period during which the main license 900 can be used.

  More specifically, the action tag block 902 includes an action ID 921 for specifying a user action for content such as “play”, “copy”, and “print”, and a portion that performs playback, copy, and the like of the content. It is comprised from the utilization part specific condition 922 which shows a specific utilization condition. Here, the usage unit specific condition 922 is a usage condition that depends on the type and performance of a content usage unit that provides a function of using content in the terminal device 102. For example, the audio channel of the movie content can be specified (whether it can be played back with 5.1 ch or 2 ch), and the resolution and size of the video content can be specified.

  More specifically, the encryption key tag block 903 is used for decrypting an ECM in which the work key Kw 203 is set as a binary value and includes a sublicense such as ECM-Kw or ECM for Kc distribution.

  More specifically, the license footer 904 detects tampering when the main license 900 is stored in a non-secure area such as a hard disk and ensures its validity. Each time is updated, a hash value is calculated for a portion where it is desired to prevent falsification of the main license 900 and the calculation result is managed. This hash value must be managed in an area that is tamper resistant in terms of hardware. As a specific hash algorithm, SHA-1 (Secure Hash Algorithm 1), SHA-256, or the like can be used.

FIG. 10 is a diagram illustrating an example of the configuration of a sublicense.
Similar to the main license 900, the sublicense 1000 includes a license header 1001, an action tag block 1002, an encryption key tag block 1003, and a license footer 1004. The license header 1001 further includes a content ID 1014 in addition to a license identifier 1011, a license ID 1012, a license size 1013, and a validity period 1015. The action tag block 1002 further includes a number counter 1022 in addition to the action ID 1021 and the utilization unit specific condition 1023.

  Compared with the main license 900, the sublicense 1000 can set a content ID 1014 in the license header 1001 in order to specify a single content that the sublicense 1000 permits use of. The action tag block 1002 includes a number counter 1022 indicating usage conditions such as the number of times content can be reproduced and copied to a recording medium. In the encryption key tag block 1003, a content key Kc205 for decrypting the ECM-Kc is set as a binary value. The other items in the sublicense 1000 are the same as those in the main license 900, and thus description thereof is omitted here. If the main license 900 and the sublicense 1000 have the same items, the value set in the sublicense 1000 is applied. However, which license is preferentially applied according to the operation. You may decide.

Next, a detailed configuration of the content distribution server 101b will be described.
FIG. 11 is a functional block diagram showing a detailed configuration of the content distribution server 101b shown in FIG.

  The content distribution server 101b is a device that outputs content such as MPEG-2 and MPEG-4 in the form of MPEG-2 TS packets. The content distribution server 101b includes a content DB 1101, a content attribute information DB 1102, a clock unit 1103, and time information addition. Unit 1104, content encoding unit 1105, reproduction control information generation unit 1106, ECM generation unit 1107, content multiplexing unit 1108, content encryption unit 1109, content transmission unit 1110, and the like.

  The content DB 1101 is a database for storing content. Specifically, the content DB 1101 is, for example, a VCR (Video Cassette Recorder) that stores movies, documentaries, or the like, or a video camera for shooting video and audio during live broadcasting (live broadcasting). There is.

  The content attribute information DB 1102 is a database including a content attribute information management table for accumulating various information related to content such as content names and configuration contents in the content.

  FIG. 12 is a diagram illustrating a configuration example of a content attribute information management table 1200 included in the content attribute information DB 1102.

  As shown in FIG. 12, the content attribute information management table 1200 includes a content ID 1201 for uniquely specifying a content in the content reproduction control system, a content name 1202 indicating the content name, and a PPV (Pay Per). View) type content, each field has a previewable section 1203 indicating a section permitting trial listening before content purchase, and a CM section 1204 indicating a CM portion included in the content, and the content ID is Various information related to content is managed as a key.

  For example, for a content whose content ID 1201 is “CONTENT-ID-00001”, the content name 1202 is “Tetsuya Inoue NEWS23”, and the previewable section 1203 is “0-10 minutes” as a relative value from the top of the content. In other words, the CM section 1204 has attributes of “5 to 8 minutes”, “20 to 25 minutes”, and “40 to 43 minutes” as relative values from the top of the content. In addition, for the content with the content name 1202 “product X” whose content ID 1201 is “CONTENT-ID-00002”, a previewable section (0 to 10 minutes) during real-time viewing and a previewable section during stored viewing (5 minutes to 10 minutes, 20 minutes to 30 minutes, etc.) have different attributes, and content attributes that make use of the characteristics of stored viewing are set. The CM section 1204 is “-(no CM)” because it is not content including CM. It should be noted that the content for which the previewable section 1203 is not set indicates that the preview is not permitted, and the content for which the CM section 1204 is not set is a content that does not include a CM. This indicates that there is no part that prohibits playback. Although the designation is made with the accuracy of the hour and minute units here, it goes without saying that the designation may be made with the accuracy of the second unit (hours, minutes and seconds).

  The timer unit 1103 is a unit that outputs a reference time in the content distribution server 101b. Specifically, the time measuring unit 1103 generates a 42-bit reference time having an accuracy of 27 MHz called STC (System Time Clock) and supplies it to the time information adding unit 1104.

  The time information adding unit 1104 is a unit that acquires time information from the time measuring unit 1103 and adds time information to the content encoding unit 1105. Specifically, the time information adding unit 1104 obtains the STC value from the time measuring unit 1103, and the PTS (Presentation Time) with an accuracy of at least 700 ms is obtained from the content encoding unit 1105 in accordance with the MPEG-2 Systems convention. Time stamps for Stamp and DTS (Decoding Time Stamp) are given. In addition, a time stamp for PCR (Program Clock Reference) is given with an accuracy of at least 100 ms in accordance with the MPEG-2 Systems convention.

  Here, an example in which the timer unit 1103 and the time information adding unit 1104 are provided outside the content encoding unit 1105 described below is shown, but it may be provided inside the content encoding unit 1105. good.

  The content encoding unit 1105 is a unit that reads content to be sent to the terminal apparatus 102 from the content DB 1101 and encodes the content in MPEG format.

  Specifically, the content encoding unit 1105 is a real-time encoder that generates an MPEG stream, and reads video, audio, and the like from the content DB 1101 according to an instruction from an upstream system (for example, a program operation management system). MPEG-2 or MPEG-4 ES such as voice and data is generated. Further, a PES packet including these ESs is generated, finally converted into an MPEG-2 TS packet, and sent to the content multiplexing unit 1108.

Here, an outline of the configuration of the PES packet will be described.
FIG. 13 is a diagram showing an outline of the configuration of the PES packet.

  As illustrated in FIG. 13, the PES packet 1300 includes a packet start code prefix 1310 that is a code indicating the start of the PES packet, a stream id 1320 that indicates the type of data such as audio and video included in the PES, and a PES packet 1300. A PES Packet Length 1330 indicating a length, an Optional PES Header 1340 that is an optional PES header, a Stuffing Bytes 1350 that is stuffing, and a PES Packet Data Bytes 1360 in which data (ES) such as audio and video is set.

  Further, the Optional PES Header 1340 includes elements of a 10 field 1341, a PES Header Data Length 1342, and an Optional Fields 1343. In addition, Optional Fields 1343 includes elements of PTS 1343a, DTS 1343b, ESCR 1343c, and PES Extension 1343d. Further, the PES Extension 1343d includes elements of 5 flags 1380, PES Private Data 1381, and PES Extension Field 1382.

FIG. 14 is a diagram showing an outline of the structure of a TS packet.
The TS packet 1400 includes a TSP Header 1410, an Adaptation Field 1420, and a TSP Payload 1430.

  The TSP Header 1410 indicates whether or not the code indicating the start of the TS packet 1400, the PID (Packet ID) for specifying the type of data set in the TS packet, and the TS packet payload (TSP Payload 1430 to be described later) are encrypted. This is a header of a TS packet 1400 that includes a transport_scramble_control that is a flag to indicate.

  The Adaptation Field 1420 is used as an option, and time information and private data can be set.

  This Adaptation Field 1420 includes elements of Length 1421, Discuninity Indicator 1422, PCR_Flag 1424, Optional Field 1s 1425, and Stuffing Bytes 1426. In addition, Optional Field 1s 1425 includes PCR 1425a, OPCR 1425b, Slice Countdown 1425c, Private Data Length 1425d, Private Data 1425e, Adaptation Field Extension 1425c, and Private Field Extension 1425c.

  The TSP Payload 1430 is a payload in which a TS packet 1400, PSI / SI, and the like are set.

  The MPEG-2 Systems PES packet and TS packet are detailed in ISO / IEC 13818-1, which is an international standard.

  Next, time information set by the content encoding unit 1105 will be described using the PES packet 1300 described in FIG. 13 and the TS packet 1400 described in FIG.

  When the content encoding unit 1105 generates the PES packet 1300 using the time information acquired from the time information adding unit 1104, that is, the STC value, the PTS 1343a and DTS 1343b, which are the elements of the Optional Fields 1343, in the Optional PES Header 1340. It is added to the PES packet 1300. Note that the PTS 1343a is information indicating the time at which the terminal devices 102a to 102c display video, audio, and the like included in the PES packet 1300. The DTS 1343b is information indicating the time for decoding video, audio, and the like included in the PES packet 1300.

  These PTS 1343a and DTS 1343b are provided with an appropriate PES to ensure that each terminal device 102a to 102c can decode and display individual PES packets each time it matches the STC held by the terminal devices 102a to 102c. This is set in the packet 1300.

  Further, when generating the TS packet 1400, the content encoding unit 1105 is an element in the Optional Fields 1425 of the Adaptation Field 1420 of the TS packet 1400 using the value of the time information (STC) acquired from the time information adding unit 1104. PCR1425a is added. The terminal devices 102a to 102c can use this PCR 1425a as a reference when synchronizing a plurality of ESs (video, audio, data, etc.) and can reproduce a reference clock (STC) synchronized with the STC of the transmitting device. It becomes.

  Hereinafter, returning to FIG. 11, the description of the configuration of the content distribution server 101b is continued.

  The reproduction control information generation unit 1106 is a unit that generates information for controlling reproduction of a specific part of the content. Specifically, the playback control information generation unit 1106, for the content sent from the content distribution server 101b, from the content attribute information management table 1200 managed by the content attribute information DB 1102, can preview the corresponding content 1203 and the CM section 1204. And corresponding preview control information and CM skip control information are generated as reproduction control information. In order to set the reproduction control information in the sublicense 1000 generated by the right management server 101a, a control information tag block having a format that can be set in the sublicense 1000 is generated, and the reproduction control information is included in the control information tag block. Set.

FIG. 15 is a diagram illustrating a data structure of the control information tag block.
As shown in FIG. 15, the control information tag block 1500 includes a control information tag value 1501 indicating that this tag block is the control information tag block 1500, a control information length 1502 indicating the size of the control information tag block 1500, , And control information 1503 indicating reproduction control information such as preview control information and CM skip control information. Also, the control information 1503 performs playback control, a control information number 1510 indicating the number of playback control information included in the control information 1503, a control ID 1511 indicating playback control content, a control time limit 1512 indicating a playback control time limit, and playback control. The number of times of control 1513 indicating the number of times, and a control range 1514 for designating a specific portion of the content to be played back using the time information added to the content. Further, the control range 1514 specifies a specific part of the content to be played back using a set of control start time (1521, 1523) and control end time (1522, 1524). Further, since there may be a plurality of sets of control start time and control end time included in the control range 1514, the control start time and the control end set in the control range 1514 are set as the control time information number 1520. It shows the number of sets of time.

  At this time, since the previewable section 1203 and the CM section 1204 of the content attribute information management table 1200 are relative times from the beginning of the content, the time information (PTS 1343a) actually added to the content is used. Need to convert. Since the PTS 1343a has a clock value of 90 KHz, the relative time from the beginning of the content is divided by 90000, so that it can be converted to a relative time based on the PTS 1343a from the beginning of the content. Furthermore, by obtaining the value of the first PTS 1343a of the content, the previewable section and the CM skip control section can be expressed using the PTS 1343a added to the content. A set of control start time and control end time set in the control range 1514 is thus set as time information using the PTS 1343a.

  By the way, the reproduction control information including the control range 1514 is set in the sublicense 1000, further set in the ECM, and distributed from the content distribution server 101b to the terminal device 102. At this time, in order to realize seamless playback of continuous content on the terminal device 102, the ECM is sent out several seconds before the content actually starts. For this reason, it is necessary to generate the playback control information before encoding and sending the content, and when generating the playback control information, it is necessary to calculate the leading PTS 1343a of the content.

  FIG. 16 is a conceptual diagram of a method for calculating the leading PTS 1343a of the content by calculation. Note that FIG. 16 illustrates an example in which content starts to be transmitted from the content distribution server 101b to the terminal device 102 at time t2.

  Incidentally, as described above, the content distribution server 101b needs to send the ECM before β (time t1) prior to the start of sending the content. At this time, it is necessary to determine the timing (time t0) for generating the reproduction control information in consideration of the time α required for generating the reproduction control information and the ECM. Here, α can be expressed as the sum of time A to time D, and as a specific value of time A to time D, the value of PTS when time A is time t0 is acquired from the content encoding unit 1105. The time required for the time B, the time B for calculating the value of the PTS at the beginning of the content, the time C for generating the playback control information and setting it to the sublicense 1000, the time D for generating the ECM, This is the time required for encryption with the work key Kw203 and the content key Kc205. That is, the value of PTS 1343a at the start of content transmission (the PTS 1343a at the beginning of the content) can be calculated as the value obtained by adding time α and time β to the value of PTS 1343a acquired from content encoding unit 1105 at time t0. it can.

  Here, an example in which the value of the PTS 1343a calculated at the control start time and the control end time is set as it is as the control range 1514 is shown. However, the control range 1514 includes a value from the beginning of the content using the value of the PTS 1343a. A relative time may be set, and the value of the PTS 1343a at the beginning of the content may be set separately in the playback control information or the like. By doing so, it is possible to reduce the amount of time information computation in the reproduction control information generation process (corresponding to the time C described above).

  An example of the reproduction control information (control information 1503) generated in this way is shown in FIG. Below, it demonstrates using FIG. 15 and FIG.

  In FIG. 17, the number of control information 1510 is “2” (1701), and is composed of two pieces of information for preview control and information for CM skip control, as will be described later.

  As the first information, the control ID 1511 is “Preview is possible” (1702), the control time limit 1512 is “2004/9/14” (1703), the control count 1513 is “1” (1704), and the control range 1514 is “ 110000-100000 ”(1705a, 1705b, 1706), the preview control related to the content is a value of 10000 as the part that can be previewed in the period up to 2004/9/14. This indicates that the portion of ˜100,000 may be previewed only once. Here, the number of times of control 1513 is realized by recording the PTS 1343a of the content playback location as a viewing history and managing how many times that location has been viewed when using the content in the terminal device 102.

  Further, as the second information, the control ID 1511 is “special reproduction impossible” (1711), the control time limit 1512 is “2004/7/6” (1712), the control count 1513 is “3 times” (1713), and the control range. Since 1514 is “220000-100000” (1714a, 1714b, 1715), “500000-1000000” (1716, 1717), etc., the special reproduction control related to the CM portion of the content is 2004/9. In the period up to / 14, it is indicated that control is performed so that a part with a PTS 1343a value of 20000 to 100000, 500000 to 1000000, etc. is viewed at least three times during normal playback as a part where CM skip is impossible.

  The control information tag block 1500 including the reproduction control information generated as described above is set in the sublicense 1000 and further set in the ECM, and is transmitted to the ECM generation unit 1107. Note that an ID of a license for setting the reproduction control information may be set in the reproduction control information so that it is possible to clearly identify which license is the reproduction control information.

  Hereinafter, returning to FIG. 11 again, the description of the configuration of the content distribution server 101b is continued.

  The ECM generation unit 1107 is a unit that generates an ECM including the scramble key Ks201 and the sublicense 1000. Specifically, the ECM generation unit 1107 receives the work key Kw203, the content key Kc205, and the sublicense 1000 from the right management server 101a, and also receives the control information tag block 1500 from the reproduction control information generation unit 1106. Then, in response to an instruction from the ECM generation unit 1107 and the upstream system, ECM-Kw, ECM-Kc, and Kc distribution ECM are generated, and the scramble key of the content generated by the scramble key generation unit (not shown in FIG. 11) In addition to setting Ks201, the control information tag block 1500 is inserted into the sublicense 1000 and set in the ECM for Kc distribution. Further, the ECM generation unit 1107 encrypts each generated ECM with the work key Kw 203 and the content key Kc 205 and transmits the generated ECM to the content multiplexing unit 1108. Also, the ECM generation unit 1107 transmits the generated scramble key Ks201 to the content encryption unit 1109 that encrypts content.

  Here, the data structure of the ECM-Kw, ECM-Kc, and ECM for Kc distribution will be described in detail.

  FIG. 18 is a diagram illustrating an example of the data structure of an ECM that mainly transmits the scramble key Ks201. In the terminal device 102, the formats of the ECM-Kw1800 encrypted with the real-time viewing work key Kw203 and the ECM-Kc1810 encrypted with the stored viewing content key Ks205 are the same, and encryption is performed. Only the encryption key (work key Kw203 and content key Ks205) is different.

  ECM-Kw1800 and ECM-Kc1810 shown in FIG. 18 are information used for transmission of information related to the scramble key Ks201 and content, and include an operator ID 1802, a work key ID 1803, a content ID 1804, a scramble key Ks201, content-related information 1806, Falsification detection 1807. Further, a section header 1801 and a section tailor (error detection) 1807 are added to the ECM-Kw 1800 and ECM-Kc 1810 for multiplexing in the transport stream in the MPEG-2 Systems private section format.

  The provider ID 1802 is a code for identifying a provider that provides a service in the content reproduction control system 1, and is referred to together with a work key ID 1803 described below.

  The work key ID 1803 is information for identifying the work key Kw 203 for encrypting the ECM, and is set in the non-encrypted part of the ECM. When decrypting the encrypted ECM, it is possible to determine which work key Kw 203 should be used to decrypt the ECM by referring to the work key ID 1803.

  The content ID 1804 is an identifier assigned to each content, and is a code for uniquely identifying the content in the content reproduction control system 1.

  The scramble key Ks201 is an encryption key that encrypts the payload portion (TSP_Payload 1430) of the TS packet 1400 of the content. In order to shorten the time required for the terminal device 102 to acquire the scramble key Ks201 that is changed every few seconds, generally, a plurality of encryption keys are set in the scramble key Ks201.

  Content-related information 1806 is variable-length data, and information indicating content attributes and the like is set as necessary.

  In the falsification detection 1807, a hash value for detecting falsification of the encrypted ECM is set.

  FIG. 19 is a diagram illustrating an example of a data structure of an ECM for Kc distribution that transmits a content key Kc205 for decrypting an ECM-Kc 1810 mainly for stored viewing.

  As shown in FIG. 19, the ECM 1900 for Kc distribution is information used for transmission of the content key Kc205 and the sublicense 1000, and is composed of an operator ID 1902, a work key ID 1903, a sublicense 1000, and an alteration detection 1904. Yes. The content key Kc205 and the content ID are included in the sublicense 1000. Similarly to ECM-Kw1800 and ECM-Kc1810, a section header 1901 and a section tailor (error detection) 1905 are added to the ECM 1900 for Kc distribution.

  The operator ID 1902, work key ID 1903, and falsification detection 1904 are the same as the description of the operator ID 1802, work key ID 1803, and falsification detection 1808 in the ECM-Kw 1800 and ECM-Kc 1810, and thus the description thereof is omitted here.

  For the sublicense 1000 in the ECM 1900 for Kc distribution, as shown in FIG. 20, the control information tag block 1500 acquired from the reproduction control information generation unit 1006 is inserted into the sublicense 1000 acquired from the right management server 101a. 10 and FIG. 15, the items of the sublicense 1000 and the control information tag block 1500 have been described, and thus the description thereof is omitted here.

  The time information can also be included in the ECM-Kw 1800, ECM-Kc 1810, and ECM 1900 for Kc distribution. In this case, since each ECM is encrypted and distributed, viewing control using secure time information set in the ECM can be performed especially in real-time viewing.

  Hereinafter, returning to FIG. 11 again, the description of the configuration of the content distribution server 101b is continued.

  The content multiplexing unit 1108 multiplexes the transport stream including video, audio, data, etc. received from the content encoding unit 1105 and the transport stream including one or more ECMs received from the ECM generation unit 1107. This is a unit that sends the multiplexed transport stream to the content encryption unit 1109. Specifically, the content multiplexing unit 1108 receives the TS packetized content received from the content encoding unit 1105, the TS packetized ECM-Kw1800, ECM-Kc1810, and Kc distribution received from the ECM generation unit 1107. The ECM 1900 for use is multiplexed to generate a transport stream to be transmitted to the terminal apparatus 102.

  The content encryption unit 1109 is a unit that securely binds content protection and time information to the content by encrypting the content using AES or the like. Specifically, the content encryption unit 1109 uses the scramble key Ks201 acquired from the ECM generation unit 1107 for the payload portion excluding the adaptation field of the TS packet in CBC (Cipher Block Chaining) + OFB (Output FeedBack) mode. Encrypt (scramble). Thereby, the time information is securely bound to the content.

  The content sending unit 1110 is a unit that sends the TS packet 1400 encrypted by the content encryption unit 1109 to the terminal device 102. Specifically, the content sending unit 1110 sends the transport stream received from the content encryption unit 1109 to the terminal device 102 through the network 103 as a broadcast wave.

  In this example, the content stored in the content DB 1101 is read, and real-time encoding is performed in the content encoding unit 1105. However, a PES (ES) or TS is generated in advance offline and stored in the content DB 1101. By accumulating, the encoding process in the content encoding unit 1105 may be omitted at the time of content transmission.

  Also, here, an example in which the non-encrypted content stored in the content DB 1101 is encrypted at the time of transmission by the content encryption unit 1109 is shown, but the previously encrypted MPEG-2 TS content is stored. It can also be made to leave.

  Note that the detailed configuration of the billing server 101c and the web server 101d in the distribution center 101 is not the main point of the present invention, and is omitted here.

  Next, the configuration of the terminal device 102 in the content reproduction control system 1 will be described.

FIG. 21 is a functional block diagram showing a detailed configuration of the terminal apparatus 102 shown in FIG.
The terminal device 102 includes a terminal transmission / reception unit 2101 that provides an external communication interface, a separation unit 2102 that separates the received transport stream into content and data other than content, a content storage unit 2103 that stores content, A license processing unit 2104 that processes and manages licenses, a license DB 2105 that accumulates licenses, a content usage control unit 2106 that performs secure usage control of content, a content decryption unit 2107 that decrypts encrypted content, and content A content usage unit 2108 to be used, a viewing history recording unit 2109 for recording a viewing location of the content as a viewing history, a viewing history DB 2110 for accumulating the viewing history, and a terminal application mainly providing an interface to the user. And Deployment 2111, and a clock section 2112 or the like for measuring secure.

  The terminal transmission / reception unit 2101 is a unit for communicating with the distribution center 101 via the network 103.

  The separation unit 2102 acquires encrypted content multiplexed by MPEG-2 TS, refers to PSI information such as PAT (Program Association Table) and PMT (Program Map Table) included in the transport stream, and Is the part that acquires the PID of the TS packet 1400 in which the PCR 1425a is inserted and the TS packet 1400 including the ECM-Kw1800, ECM-Kc1810, and Kc distribution ECM1900 . At the same time, the separation unit 2102 refers to the PCR_PID described in the PMT (indicating the PID that includes the PCR), so that the TS packet 1400 of the PID in which the PCR 1425a is inserted into the adaptation_field 1420 of the TS packet 1400 And is supplied to the time measuring unit 2112 as a reference clock for content reproduction in the terminal device 102. In addition, when content is temporarily stored in the content storage unit 2103, the separation unit 2102 selects necessary information from PSI information such as PAT and PMT, and selects SIT (Selection Information Table), DIT (Discontinuity Information Table), etc. PSI information is generated, and a process called a partial transport stream (hereinafter referred to as partial TS) is generated from the received transport stream.

  The content accumulation unit 2103 is a unit that accumulates the generated partial TS. Specifically, the content storage unit 2103 is realized by a large capacity HDD or the like, and stores the partial TS generated from the transport stream received by the separation unit 2102.

  The license processing unit 2104 securely determines whether to use the content based on the license. Specifically, the license processing unit 2104, based on usage conditions included in the main license 900 acquired from the right management server 101a or the sublicense 1000 acquired together with the content when the user requests use of the content. Determine whether the content can be used. Then, only when the use condition permits the use of the content, a process of passing an encryption key for decrypting the encrypted content to the content use control unit 2106 is performed.

  For example, the license processing unit 2104 refers to the validity period 914 set in the license header 901 of the main license 900 and determines whether the content is usable. With reference to the current time provided by the secure timekeeping unit 2112 held in the terminal device 102, if the current time is within the valid period 914, it is determined that the content can be reproduced.

  Note that the content key Kc205 is securely transmitted / received among the license processing unit 2104, the content usage control unit 2106, and the content decryption unit 2107, so that the SAC is established and the content key Kc205 is securely transmitted / received. However, if the license processing unit 2104, the content usage control unit 2106, and the content decryption unit 2107 are in the same tamper-resistant area such as in the same system LSI, the content key Kc205 can be transmitted and received safely, so the SAC is not necessarily used. There is no need to establish.

  The license DB 2105 is a database for managing licenses securely, and stores the main license 900 acquired by the license processing unit 2104 and the like. Specifically, the license DB 2105 stores and manages the main license 900 acquired from the right management server 101a shown in FIG. 9 and prevents the unauthorized operation such as tampering, and the main license 900 in the license DB 2105. Are stored in a tamper-resistant area in terms of hardware or software.

  The content usage control unit 2106 is a unit for securely controlling the usage of content using the work key Kw 203 and usage conditions from the license processing unit 2104. Specifically, the content usage control unit 2106 acquires the ECM-Kw 1800 TS packet 1400 from the transport stream received from the separation unit 2102 and reconstructs the ECM-Kw 1800 during real-time viewing. Then, the content use control unit 2106 decrypts the ECM-Kw 1800 obtained in this way with the work key Kw 203, acquires a scramble key Ks 201 for descrambling the content, and supplies the scramble key Ks 201 to the content decryption unit 2107. At the time of stored viewing, the content usage control unit 2106 acquires the sublicense 1000 by decrypting the ECM 1900 for Kc distribution from the transport stream read from the content storage unit 2103 with the work key Kw203. Then, the content usage control unit 2106 uses the content key Kc205 included in the sublicense 1000 to determine the ECM-Kc1810 only when the content can be used after determining the usage conditions included in the sublicense 1000. The scramble key Ks201 is obtained by decryption.

  Further, the content usage control unit 2106 controls the content usage according to the usage conditions by measuring the content usage time using the secure clocking unit 2112.

  The content decrypting unit 2107 is a unit that decrypts the encrypted content. Specifically, the content decryption unit 2107 obtains the content multiplexed by the encrypted MPEG-2 TS, refers to the PSI information such as PAT and PMT included in the transport stream, and displays the video of the content The PID of the TS packet including the voice and data and the TS packet in which the PCR is inserted is acquired. Then, the payload of the TS packet 1100 encrypted with reference to the transport_scramble_control (not shown in FIG. 14) included in the TSP Header 1410 is decrypted by the scramble key Ks201 acquired from the content usage control unit 2106.

  The content using unit 2108 is a unit for decoding the content and outputting it to a monitor or the like not shown in FIG. Specifically, the content use unit 2108 acquires the PCR 1425a in the transport stream, and uses the PLL (Phased Lock Loop) function of the content use unit 2108, and the STC (timer 1103) of the content distribution server 101b. Synchronization with an STC (not shown) of the content use unit 2108 is performed. Then, the data of the PES packet 1300 is acquired from the TSP Payload 1430 of the TS packet 1400, and the ES of MPEG-2 or MPEG-4 video, audio, data, etc. is decoded and output to the monitor. Further, when the use of the content is finished, a use end notification is notified to the content use control unit 2106.

  The viewing history recording unit 2109 collects information on the viewing location of the content viewed by the content using unit 2108 as a viewing history. Specifically, the viewing history recording unit 2109 obtains the PTS 1343a at the start and end of playback by the content using unit 2108, receives the value of this PTS 1343a as the viewing history, and describes UL (Usage Log, hereinafter referred to as UL). ) In the viewing history DB 2110. The UL data structure will be described in detail later with reference to the drawings.

  The viewing history DB 2110 is a database that accumulates the UL acquired by the viewing history recording unit 2109.

Here, the data structure of UL will be described.
FIG. 22 is a diagram illustrating an example of the configuration of the UL data structure.

  The UL 2200 includes a UL identifier 2201 that is an identifier that can be uniquely specified for each content reproduction control system 1 or for each user, a UL size 2202 that indicates the size of the entire UL 2200, and a user for specifying the user who generated the UL 2200. ID 2203, terminal ID 2204 for specifying the terminal device 102 that generated the UL 2200, content ID 2205 for associating the content used by the user with the UL 2200, and the licenses used by the user (main license 900 and sub license 1000) License ID 2206 for associating with UL 2200, action type 2207 for specifying the content (type) of the user operating the content, and use that is the absolute time when the user started the operation of the content The start time 2208, the time information number 2209 indicating the number of time information 2210 set in the UL 2200, and the time information (PTS 1343a of the PES packet 1300) at the time when the use of the content acquired by the content use unit 2108 ends. It consists of time information 2210 which is a value.

  Here, for example, in the case of a content reproduction control system that returns the main license 900 from the terminal device 102 to the rights management server 101a, the license ID 2206 is used to collect the UL 2200 together with the main license 900, thereby The license 900 can be associated with the sublicense 1000, and the distribution center 101 can manage the viewing history and the license in association with each other.

  The action type 2207 is a type for specifying the user's action for the content such as “play”, “copy”, “print”, and the value of the action ID 1021 of the sublicense 1000 is set. Here, an example of “Play” indicating content reproduction is shown.

  Furthermore, the time information 2210 is information for specifying a part where the user has used the content, and is start time information that is time information that indicates the start of use of the content and time information that indicates the end of use of the content. There are as many sets as the time information number 2209 as a set with certain end time information. Here, there are N sets of “start time information, end time information”, “start time information 1, end time information 1” is “13957084, 13999999”, “start time information N, end time information N” is “ 32141683, 39705843970 "are shown.

  The UL 2200 does not have a hash value or the like for detecting falsification of the UL 2200, but falsification detection may be added as necessary.

  The generated UL 2200 may be transmitted to the distribution center 101 at an arbitrary timing or periodically as required.

  The terminal application 2111 is a unit that provides an interface for acquiring the main license 900 from the right management server 101a and instructing start and end of content use. Specifically, the terminal application 2111 generates expected license information (Expected License Information, hereinafter referred to as ELI) as a license acquisition request according to the user's contract, and transmits the license information to the rights management server 101a. A license is acquired from the management server 101a.

FIG. 23 is a diagram showing an example of ELI.
The ELI 2300 includes an ELI identifier 2301, a terminal ID 2302, a use condition ID 2303, and a contract ID 2304. In the ELI identifier 2301, information indicating that this data is the ELI 2300 is described. The terminal ID 2302 describes the terminal ID of the terminal device 102 that generated the ELI 2300, that is, the terminal device 102 that requests the license. In the use condition ID 2303, a use condition ID 702 for specifying the use condition of the user managed in the use condition DB 303 of the right management server 101a is described. As this usage rule ID 702, a usage rule ID notified by a response when the user inquires about a right that can be used from the right management server 101a is used. The contract ID 2304 describes a contract ID corresponding to the main license 900. In addition to the above, a license validity period expected by the user (a validity period 915 described in the license header 901 of the main license 900 or a validity period 1015 described in the license header 1001 of the sublicense 1000) is requested. You may do it.

  Of the terminal device 102, a unit that processes data that particularly requires security, specifically, a license processing unit 2104, a license DB 2105, a content use control unit 2106, a content decryption unit 2107, a content use unit 2108, viewing and listening. The history recording unit 2109 and the viewing history DB 2110 are realized by a hardware tamper resistant system LSI or a software tamper resistant program in order to prevent unauthorized use by a malicious user or the like. It is common to be done. Further, it is assumed that an ID (terminal ID) for uniquely identifying the terminal device 102 in the content reproduction control system 1 is also held in a tamper-resistant place not shown in FIG.

  Now, in the terminal device 102 configured as described above, the user acquires content and a license from the distribution center 101, uses the content securely, and uses the playback control information and the content viewing history to view the content. A series of operations for secure control will be described with reference to the flowcharts shown in FIGS.

  Note that when the user acquires the main license 900 from the rights management server 101a, it is necessary to perform member registration in advance with a service provider using the web server 101d, purchase of content usage conditions, and the like. Since the processing is not the main point of the present invention, it will be omitted in the following description.

  First, an operation in which the user acquires the main license 900 from the right management server 101a in the terminal device 102 will be described with reference to the flowchart shown in FIG.

  FIG. 24 is a flowchart showing processing performed when the main license 900 is acquired.

  First, when a user acquires a user usage condition (license) list managed by the right management server 101a by using a user interface provided by the terminal application 2111, and selects a license for a contract to be acquired from the usage condition list, the terminal device 102 creates an ELI 2300 for requesting the main license 900 from the rights management server 101a and transmits it to the rights management server 101a (S2401).

  Specifically, the terminal application 2111 transmits a contract ID corresponding to the user's contract to the license processing unit 2104. The license processing unit 2104 generates the ELI 2300 shown in FIG. 23 based on the received contract ID. Note that the usage condition ID 2303 set in the ELI 2300 is obtained by the terminal application 2111 or the license processing unit 2104 inquiring the usage conditions owned by the user directly in advance to the rights management server 101a or via the web server 101d. It is assumed that the use condition ID 2303 has been acquired. The ELI 2300 generated in this way is transmitted to the right management server 101a through the terminal transmission / reception unit 2101. The main license 900 may be acquired only once from the right management server 101a during the expiration date.

  Upon receiving the ELI 2300 received by the server transmission / reception unit 312 from the terminal device 102, the license issuing unit 311 of the right management server 101a refers to the user information DB 302 and identifies the user to perform user authentication (S2402).

  Specifically, user authentication is performed in two stages. In general, when exchanging data such as a license that requires security, it is common to establish a SAC so that communication can be performed safely. Therefore, as the first stage, the SAC is established between the right management server 101a and the terminal device 102 by SSL or TLS. By this mutual authentication, the right management server 101a can confirm that the terminal device 102 has the correct terminal ID 2302. As a second stage, the license issuing unit 311 specifies a user who owns the terminal device 102 having the terminal ID 2302. Therefore, the license issuing unit 311 acquires the terminal ID 2302 included in the ELI 2300, refers to the user ID 601 and the terminal ID 602 of the user information management table 600 of the user information DB 302, and matches the terminal ID 2302 included in the ELI 2300. A terminal ID 602 of 600 is searched. If a matching terminal ID 602 is found, the related user ID 601 can be acquired, but if a matching terminal ID 602 is not found, user authentication fails.

  The license issuing unit 311 confirms the user authentication result in step S2402 (S2403).

  If NO in step S2403, that is, if user authentication has not been performed correctly, it is determined that the license issuance is impossible, and the license issuance unit 311 transmits a license issuance disapproval notification to the terminal apparatus 102.

  If YES in step S2403, that is, if user authentication is correctly performed, step S2404 is executed to confirm the use conditions for issuing the main license 900.

The license issuance unit 311 executes a license issuance permission determination process (S2404).
FIG. 25 is a flowchart showing a subroutine of the license issuance determination process in step S2404.

  First, the license issuing unit 311 checks whether or not the usage condition ID 2203 specified by the ELI 2300 exists in the usage condition management table 700 of the usage condition DB 303 (S2501). Specifically, the license issuing unit 311 refers to the ELI 2300 received from the terminal device 102 and acquires the use condition ID 2203. It is confirmed whether or not there is a usage condition ID 2203 that matches the usage condition ID 702 in the usage condition management table 700.

  If YES in step S2501, that is, if the usage rule ID 702 that matches the usage rule ID 2203 of the ELI 2300 exists in the usage rule management table 700, the user ID 701 having the usage rule ID 702 is further changed to the step in FIG. In S2402, it is confirmed whether or not the user ID 601 in the user information management table 600 of the user information DB 302 has been successfully authenticated.

  If the user IDs match (YES in S2501), the license issuing unit 311 next determines whether the user usage conditions satisfy the expiration date (S2502). Specifically, the license issuing unit 311 refers to the validity period 704 in the usage rule management table 700 of the usage rule DB 303, acquires the current time from a secure timer (not shown in FIG. 3), It is determined whether or not the time is included between the start date and time and the end date and time indicated by the validity period 704.

  For example, when the validity period 704 in the use condition management table 700 is “2002/12/20 12:12:12” and the current time is “2002/12/18 12:34:56”, the user If the current use time is “2002/12/31 19:00:00”, it is determined that the user's use condition is not valid.

  If YES in step S2502, that is, if the usage condition of the user is within the expiration date, the license issuing unit 311 determines whether the number of licenses that can be issued remains (S2503). Specifically, the license issuance unit 311 confirms whether the remaining issuable count 705 of the use condition management table 700 is 1 or more.

  If YES in step S2503, for example, if the remaining issuable count in the use condition management table 700 is “2”, the remaining issuable count 705 is 1 or more, the license issuing unit 311 It is determined that the license 900 can be issued (S2504), and the process returns to the main routine shown in FIG.

  On the other hand, if NO in step S2501 to step S2503, that is, if the usage rule ID 702 that matches the usage rule ID 2203 of the ELI 2300 does not exist in the usage rule management table 700 in step S2501, the user in step S2502 If the usage condition is outside the expiration date, in step S2503, the license issuing unit 311 determines that the main license 900 cannot be issued as a result of one of the cases where the remaining issuable count 705 is 0 ( S2505), the process returns to the main routine shown in FIG.

  When the license issuance determination process is finished, the license issuing unit 311 refers to the result of the license issuance determination process and determines whether the main license 900 can be issued (S2405).

  If NO in step S2405, that is, if it is determined that the license cannot be issued, the license issuance unit 311 transmits a license issuance notifying notification to the terminal device 102.

  If YES in step S2405, that is, if it is determined that the license can be issued, the license issuing unit 311 generates the main license 900 (S2406). Specifically, the license issuing unit 311 refers to the use condition management table 700 of the ELI 2300 and the use condition DB 303, and from the work key management table 400 of the key information DB 301, the work key Kw203 corresponding to the contract ID 2204 (contract ID 401). And the main license 900 requested by the ELI 2300 is generated.

  The license issuing unit 311 updates the use condition management table 700 of the use condition DB 303 (S2407). Specifically, the license issuing unit 311 performs a process of subtracting the usage conditions of the user by the usage conditions included in the issued main license 900. For example, in the use condition management table 700, when it is requested to issue the main license 900 for the use condition with the user ID 701 “USER-ID-00003” and the use condition ID 702 “URUs-ID-24024”, the remaining number of times that can be issued Since 705 is “2”, processing is performed to update the remaining issuable count 705 in the use condition management table 700 to “1”.

  The license issuing unit 311 transmits the main license 900 generated in step S2406 to the terminal device 102 (S2408). Specifically, the license issuing unit 311 performs processing for transmitting the main license 900 to the terminal device 102 via the server transmission / reception unit 312.

  The license processing unit 2104 of the terminal device 102 receives the main license 900 received from the right management server 101a, and registers the main license 900 in the license DB 2105 (S2409). Specifically, the license processing unit 2104 acquires the main license 900 as a response to the ELI 2300 generated in step S2401 through the terminal transmission / reception unit 2101, writes the main license 900 in the license DB 2105, and updates the hash value of the license DB 2105. Then, this process ends.

  In step S2403 or step S2405, when the license issuance notification is transmitted because the main license 900 cannot be issued, the license processing unit 2104 of the terminal apparatus 102 receives the license issuance notifying notification (S2410). Specifically, the license processing unit 2104 of the terminal apparatus 102 receives the license issuance notification from the right management server 101a, notifies the user of the fact through the user interface of the terminal application 2111, and ends this processing. To do.

  Next, generation processing of the sublicense 1000 and transmission processing of the work key Kw203, the content key Kc205, and the sublicense 1000 to the content distribution server 101b will be described.

  FIG. 26 is a flowchart showing processing for generating the sublicense 1000 and processing for transmitting the work key Kw203, the content key Kc205, and the sublicense 1000 in the right management server 101a.

  When the rights management server 101a receives the request for the work key Kw203, the content key Kc205, and the sublicense 1000 from the content distribution server 101b by the request receiving unit (not shown in FIG. 3) through the LAN 101n, the license issuing unit 311 Information about the corresponding content is acquired from the content information DB 304 (S2601). Specifically, the license issuing unit 311 uses the necessary conditions for generating the sublicense 1000 from the content information management table 800 of the content information DB 304 based on the content ID included in the request from the content distribution server 101b. , License ID 802, validity period 803, and usable count 804.

  The license issuing unit 311 acquires the work key Kw 203 corresponding to the contract and the content key Kc 205 for the content from the key information DB 301 of the database unit 300 (S2602). Specifically, the license issuing unit 311 determines the contract ID 401 and the content from the work key management table 400 and the content key management table 500 of the key information DB 301 based on the contract ID and the content ID included in the request from the content distribution server 101b. The work key Kw 203 and the content key Kc 205 that match the ID 501 are acquired. Note that the case where the contract ID 401 and the content ID 501 corresponding to the request from the content distribution server 101b do not exist in the work key management table 400 and the content key management table 500 is not shown in FIG. Then, processing for notifying the content distribution server 101b as an error is performed.

  The license issuing unit 311 generates the sublicense 1000 (S2603). Specifically, the license issuing unit 311 obtains the usage conditions of the corresponding content acquired from the content information management table 800 of the content information DB 304 and the content key Kc 205 of the corresponding content acquired from the content key management table 500 of the key information DB 301. The sublicense shown in FIG. 10 is generated.

  The license issuing unit 311 transmits the generated sublicense 1000, the work key Kw203, and the content key Kc205 to the content distribution server 101b (S2604). Specifically, the license issuing unit 311 acquires the sublicense 1000 generated in step S2603, the work key Kw203 acquired from the work key management table 400 of the key information DB 301, and the content key management table 500 of the key information DB 301. The content key Kc205 is transmitted to the content distribution server 101b through the LAN 101n.

Next, ECM generation processing and content transmission processing will be described.
FIG. 27 is a flowchart showing ECM generation processing and content transmission processing of the content distribution server 101b.

  In the content distribution server 101b, the playback control information generation unit 1106 acquires the current PTS 1343a from the content encoding unit 1105 in response to the content transmission instruction, and calculates the value of the first PTS 1343a of the content (S2701). Specifically, upon receiving a content transmission instruction from an upstream system (not shown in FIG. 11) such as a program operation management system, the reproduction control information generation unit 1106 receives the value of the PTS 1343a at this time from the content encoding unit 1105, That is, the STC value set by the time information adding unit 1104 is acquired. Using the value of PTS 1343a thus obtained (time t0 in FIG. 16), the value of PTS 1343a at the beginning of the content (time t2 in FIG. 16) is calculated by the method described in FIG. Hold.

  The reproduction control information generation unit 1106 generates reproduction control information based on the information in the content attribute information DB 1102 and transmits it to the ECM generation unit 1107 (S2702). Specifically, the playback control information generation unit 1106 refers to the content attribute information management table 1200 of the content attribute DB 1102, acquires the previewable section 1203 and the CM section 1204 of the corresponding content ID 1201, and previews as necessary. Reproduction control information for control and reproduction control information for CM skip control are generated. At this time, the description of the time information in the content attribute information management table 1200 is converted into a description using the PTS 1343a using the value of the PTS 1343a at the head of the content calculated in step S2701.

  The content sending unit 1010 determines whether or not the content sending is completed (S2703). Specifically, the content transmission unit 1110 determines whether all of the content has been transmitted to the terminal device 102 as a TS packet 1400.

  If NO in step S2703, that is, if content transmission has not been completed, step S2704 is executed.

  The ECM generation unit 1107 generates and encrypts an ECM using the reproduction control information received from the reproduction control information generation unit 1106 and the sublicense 1000, work key Kw203, and content key Kc205 received from the rights management server 101a. The generated ECM is transmitted to the content multiplexing unit 1108 (S2704). Specifically, the ECM generation unit 1107 acquires information necessary for generating an ECM, such as the provider ID 1801 and the content related information 1806 shown in FIG. 18, from a database (not shown in FIG. 11), etc. ECM-Kw1800 and ECM-Kc1810 are generated and encrypted with the corresponding work key Kw203 and content key Kc205 received from the rights management server 101a to generate encrypted ECM-Kw1800 and ECM-Kc1810. Also, the reproduction control information (control information 1503) acquired from the reproduction control information generation unit 1106 is set in the sublicense 1000 received from the right management server 101a, and the plaintext Kc distribution ECM 1900 is set using the business operator ID 1901 or the like. Generate. The plaintext Kc delivery ECM 1900 is encrypted using the work key Kw 203 to generate an encrypted Kc delivery ECM 1900. The ECM-Kw 1800, the ECM-Kc 1810, and the ECM 1900 for Kc distribution generated in this way are converted into TS packets and then transmitted to the content multiplexing unit 1108.

  In addition, the ECM generation unit 1107 performs processing of sequentially transmitting the scramble key Ks201 generated internally and updated every few seconds to the content encryption unit 1109 together with the PID of the TS packet 1400 to be encrypted.

  The content encoding unit 1105 reads the content with the corresponding content ID from the content DB 1101 (S2705). Specifically, the content encoding unit 1105 searches the content DB 1101 using a content ID received from an upstream system (not shown in FIG. 11) as a key, and performs a process of sequentially reading out the corresponding content.

  The content encoding unit 1105 encodes the content read from the content DB 1101, sequentially generates a PES packet 1300 and a TS packet 1400, and adds time information (S2706). Specifically, the content encoding unit 1105 sequentially encodes the video, audio, and the like of the content read from the content DB 1101 in step S2705, and uses the STC acquired from the time information addition unit 1104 to use the video ES, audio ES. PTS 1343a and DTS 1343b for realizing the synchronization are provided. Further, the PES packet 1300 is converted to a TS packet, and the STC acquired from the time information adding unit 1104 is used to synchronize the reference clock in the terminal device 102 with the reference clock (timer 1103) of the content distribution server 101b. PCR1425a is given.

  The content multiplexing unit 1108 multiplexes the content and the ECM and transmits the multiplexed content to the content encryption unit 1109 (S2707). Specifically, the content multiplexing unit 1108 includes the TS packet 1400 of the content acquired from the content encoding unit 1105, and the TS packet 1400 of the ECM-Kw 1800, ECM-Kc 1810, and ECM 1900 for Kc distribution acquired from the ECM generation unit 1107. Is generated, a transport stream in which information related to the content is multiplexed is generated. At this time, the content multiplexing unit 1108 also generates other TS packets 1400 such as PSI (PAT, PMT, etc.) and null packets, and multiplexes them together with the TS packets 1400 of the content and ECM. Further, correction of the PCR 1425a is performed as necessary. The transport stream generated in this way is transmitted to the content encryption unit 1109.

  After the transport stream is scrambled in the content encryption unit 1109, the transport stream is transmitted from the content transmission unit 1110 (S2708). Specifically, the content encryption unit 1109 uses the PID such as video and audio to be scrambled acquired from the ECM generation unit 1107 for the transport stream received from the content multiplexing unit 1108, and transmits the TS packet 1400. The payload part (TSP Payload 1430) is scrambled with a scramble key Ks201 that is sequentially acquired from the ECM generation part 1107.

  In addition, the content transmission unit 1110 sequentially transmits the encrypted TS packet 1400 received from the content encryption unit 1109 to the terminal device 102. Thereafter, step S2703 is executed.

  If YES in step S2703, that is, if content transmission has been completed, this is notified to the content encoding unit 1105, the reproduction control information generation unit 1106, or the upstream system, and this processing is performed. Exit.

Next, an operation of accumulating and viewing content on the terminal device 102 will be described.
FIG. 28 is a flowchart showing a processing operation in which the user accumulates and views the content accumulated in the content accumulation unit 2103 in the terminal device 102.

  First, the user selects content to be used from the content list through the terminal application 2111. The license ID corresponding to the corresponding content notified to the content usage control unit 2106 is transmitted to the license processing unit 2104 (S2801). Specifically, the content usage control unit 2106 receives a content ID selected by the user and a URI (Unified Resource Identifier) indicating the location of the content from the terminal application 2111, and uses metadata related to the content held by the terminal device 102. The license ID for the content ID is acquired. At this time, if the content ID is subscription content and is associated with some contract ID, a license ID corresponding to the contract ID is acquired. The license ID acquired in this way is transmitted to the license processing unit 2104 to request use of the corresponding content.

  The license processing unit 2104 acquires a license corresponding to the corresponding license ID from the license DB 2105 (S2802). Specifically, the license processing unit 2104 searches the license DB 2105 using the license ID received from the content usage control unit 2106 as a key.

  The license processing unit 2104 acquires the license searched in step S2802, and determines whether the license is an available license (S2803). Specifically, the license processing unit 2104 first checks whether a license having the license ID designated by the content usage control unit 2106 exists in the license DB 2105. If the license exists, the validity of the license is confirmed by referring to the validity period of the license. The validity of the validity period is confirmed using the time information acquired from the secure timer 2112 in the terminal device 102. If the license corresponding to the license ID designated by the content use control unit 2106 does not exist in the license DB 2106, step S2807 is executed.

  If YES in step S2803, that is, if it is determined that the license is available, step S2804 is executed.

  If NO in step S2803, that is, if it is determined that the license is not available, step S2807 is executed.

  The license processing unit 2104 acquires the main license 900 and acquires the work key Kw 203 (S2804). Specifically, the license processing unit 2104 acquires the work key Kw 203 set in the encryption key tag block 903 of the main license 900 and holds it inside.

  The license processing unit 2104 acquires the content key Kc205 and the reproduction control information by acquiring the sublicense 1000 included in the ECM 1900 for Kc distribution, and transmits it to the content usage control unit 2106 (S2805). Specifically, when the license processing unit 2104 acquires the ECM 1900 for Kc distribution separated by the separation unit 2102, the license processing unit 2104 decrypts the encrypted ECM 1900 for encrypted Kc using the work key Kw 203 obtained from the main license 900. When the sublicense 1000 included in the ECM 1900 for Kc distribution is obtained, the validity of the sublicense 1000 is confirmed by the same method as the validity determination of the main license 900 shown in step S2803, and then the encryption key tag of the sublicense 1000 is confirmed. The content key Kc205 included in the block 1003 is acquired. Also, reproduction control information (control information 1503) included in the control information tag block 1500 is acquired. The content key Kc 205 and the playback control information acquired in this way are established as necessary and transmitted to the content usage control unit 2106. The content key Kc205 is transmitted to the content decryption unit 2107 in order to acquire the content scramble key Ks201.

  The content decryption unit 2107 and the content use unit 2108 securely use the content based on the content key Kc205 and the reproduction control information acquired by the content use control unit 2106 (S2806).

  In step S2803, if there is no available license, the content usage control unit 2106 receives a usage unavailability notification from the license processing unit 2104 (S2807). The content usage control unit 2106 notifies the user to that effect through the user interface unit provided by the terminal application 2111.

  Here, the content use processing in step S2806 will be described with reference to FIG.

  FIG. 29 is a flowchart showing a subroutine of content use processing (S2806).

  The content usage control unit 2106 instructs the terminal transmission / reception unit 2101 to receive the content, and receives the content from the content distribution server 101b (S2901). Specifically, the content usage control unit 2106 receives the content transmitted from the content distribution server 101b based on the URI of the content received from the terminal application 2111 (corresponding to a channel in the case of digital broadcasting).

  The content usage control unit 2106 determines whether or not the content reproduction has been completed (S2902). Specifically, the content usage control unit 2106 receives a content reproduction end instruction from the terminal application 2111, whether or not content reception from the content distribution server 101b is completed, or a break (change) in content. Is detected using PSI / SI or the like to determine whether the reproduction of the content is completed.

  If YES in step S2902, that is, if the content reproduction end notification is received from the user through the terminal application 2111 or the reception of the content is completed, the user is notified through the terminal application 2111. Then, the process returns to the main routine and the present process is terminated.

  If NO in step S2902, that is, if content reproduction has not been completed, step S2904 is executed.

  The content decryption unit 2107 obtains the TS packet 1400 of the ECM-Kc 1810 and obtains the scramble key Ks201 (S2903). Specifically, the content decryption unit 2107 reconstructs the ECM-Kc 1810 from the TS packet 1400 of the ECM-Kc 1810 received from the separation unit 2102 and uses the content key Kc 205 acquired from the content usage control unit 2106 to encrypt the content. The decrypted ECM-Kc 1810 is decrypted, and the scramble key Ks201 is obtained and held in an internal register or the like.

  The content decryption unit 2107 acquires the TS packet 1400 of the content, performs descrambling of the TS packet 1400 using the scramble key Ks201 held in the internal register, and executes decoding of the reconstructed content (S2904). Specifically, the content decryption unit 2107 descrambles the TS packet 1400 in which the payload part (TSP Payload 1430) is encrypted by using the scramble key Ks201 by referring to the transport_scramble_control included in the TSP Header 1410. The descrambled TS packet 1400 is sequentially transmitted to the content use unit 2108. The content utilization unit 2108 receives the TS packet 1400 decrypted from the content decryption unit 2107, acquires the decrypted PES packet 1300 from the payload portion (TSP Payload 1430) of the TS packet 1400, and performs content video ES, audio ES, etc. Are decoded, and each ES is decoded and output to a monitor (not shown in FIG. 21) while synchronizing video and audio. At this time, the content use unit 2108 acquires the PCR 1425a of the adaptation field 1420 of the TS packet 1400, and uses the STC included in the content use unit 2108 as a stable clock by using a PLL (not shown in FIG. 15). Keep the process. Therefore, normal content reproduction is realized by decoding and displaying the video ES, audio ES, etc. of the PES Packet Data Bytes 1360 of the PES packet 1300 when this STC value matches the PTS 1343a and DTS 1343b of the PES packet 1300. To do.

  The viewing history recording unit 2109 acquires the PTS 1343a of the content displayed by the content using unit 2108 and records it in the viewing history DB 2110 (S2905). Specifically, the viewing history recording unit 2109 obtains the value of the PTS 1343a (the PTS 1343a included in the displayed PES packet 1300) when the content use unit 2108 reproduces the content from the content use unit 2108, and reproduces at least the content. The value of the PTS 1343a at the start and end of playback is recorded in the viewing history DB 2110 as a viewing history. In order to reduce the database processing load of the viewing history DB 2110, recording of the PTS 1343a may hold and update the displayed PTS 1343a value in the internal memory as needed, and update the viewing history DB 2110 at an appropriate timing. good. Further, by recording together the date and time information acquired from the secure timing unit 2112, “Play (play)” as an action instructed by the user, and the user ID and terminal ID that performed the playback, the UL 2200 shown in FIG. 22 is recorded. Is generated and stored in the viewing history DB 2110.

  Note that the operation of the terminal device 102 during real-time viewing is obtained by acquiring the work key Kw203 instead of the content key Kc205 and decrypting the ECM-Kw1800 using the work key Kw203 in step S2805 described with reference to FIG. The only difference from the flowchart shown in FIG. 28 is that the scramble key Ks201 is obtained, and the other steps are the same as those shown in FIGS.

  Next, an operation when content time skip is performed while viewing the stored content shown in FIGS. 28 and 29 will be described.

  FIG. 30 is a flowchart showing the processing operation when the content is skipped while viewing the stored content.

  When the user requests time skip of the content being played back through the terminal application 2111, the content usage control unit 2106 acquires the skip destination position (S3001). Specifically, the content usage control unit 2106 obtains time information (such as the number of seconds from the currently playing point) about the skip destination specified by the user.

  The content usage control unit 2106 obtains the PTS 1343a (hereinafter referred to as PTS_Src) of the current playback location and the PTS 1343a (hereinafter referred to as PTS_Dst) of the skip destination (S3002). Specifically, the content usage control unit 2106 acquires the PTS 1343a of the location currently being played from the content usage unit 2108 (PTS 1343a attached to the recently displayed frame), and skip destination acquired in step S3001. Is converted into a value based on the PTS 1343a. For example, if the time information acquired in step S3001 is the number of seconds from the current playback location, a value obtained by dividing the time information by 90000 which is the clock of the PTS 1343a is added to PTS_Src, thereby skipping the destination. The value of PTS_Dst, which is the PTS 1343a, is obtained. An example of a method in which the content usage control unit 2106 acquires the value of PTS_Src is a method of writing the value of the PTS 1343a of the currently playing location to the internal register of the content usage unit 2108 accessible from the outside as needed. It is done.

  The content usage control unit 2106 determines whether it is within the time skip (special playback) control period based on the playback control information acquired from the license processing unit 2104 (S3003). Specifically, the content usage control unit 2106 includes the date and time information acquired from the secure time measuring unit 2112 when the control ID 1511 of the playback control information (control information 1503) includes information indicating “special playback is impossible”. By comparing with the value of the control time limit 1512, it is determined whether or not the present time is the period for which the special reproduction is to be controlled.

  If YES in step S3003, that is, if the present is a period during which special playback should be controlled, step S3004 is executed.

  If NO in step S3003, that is, if the current time is not a period for controlling special playback, step S3006 is executed.

  Based on the playback control information acquired from the license processing unit 2104, the content usage control unit 2106 determines whether it is a section in which time skip (special playback) can be performed (S3004). Specifically, the content usage control unit 2106 includes information within the PTS 1343a specified by the control range 1514 when the control ID 1511 of the playback control information (control information 1503) includes information indicating “special playback disabled”. Whether or not a certain control start time to control end time is included in PTS_Src to PTS_Dst is checked by the amount of control time information 1520. In other words, the section represented by the current playback location and the skip destination location includes a part or all of at least one CM skip prohibited section (control start time to control end time of the control information 1503). Is detected.

  If YES in step S3004, that is, if a CM skip prohibited portion is included in PTS_Src to PTS_Dst, step S3005 is executed.

  If NO in step S3004, that is, if no CM skip prohibited portion is included in PTS_Src to PTS_Dst, step S3006 is executed.

  The content usage control unit 2106 acquires the viewing history of the content, and determines whether or not the past number of viewings of the CM skip prohibited portion included in the PTS_Src to PTS_Dst is equal to or greater than the specified number (S3005). Specifically, the content usage control unit 2106 searches the viewing history DB 2110 and refers to the time information 2210 that is the viewing history of the UL 2200 with the matching content ID 2205 in the UL 2200 stored in the viewing history DB 2110. Since the time information 2210 describes the value of the PTS 1343a in which the content has been viewed in the past, the number of times the CM skip prohibited portion included in the PTS_Src to PTS_Dst is included is counted, and the control count 1513 of the control information 1503 is counted. The process to compare with.

  In step S3005, when the past number of viewings of the CM skip prohibited portion included in PTS_Src to PTS_Dst is equal to or greater than the control count 1513, step S3006 is executed.

  In step S3005, if the past number of viewings of the CM skip prohibited portion included in PTS_Src to PTS_Dst is less than the control count 1513, step S3007 is executed.

  The content usage control unit 2106 executes time skip (S3006). Specifically, the content use control unit 2106 controls the content decryption unit 2107 and the content use unit 2108 so as to acquire the designated skip destination TS packet 1400 from the content storage unit 2103. The processing operation after the skip is the same as the operation described in FIG.

  The content use control unit 2106 prohibits the time skip operation (S3007). Specifically, the content usage control unit 2106 notifies the user through the user interface of the terminal application 2111 that the time skip operation is not possible (along with the reason if necessary).

  Although an example in the case of performing time skip is shown here, the same control is performed in other special playback (for example, fast-forwarding or rewinding of the content), so that a special part of a specific part of the content such as a CM is performed. It is possible to prevent regeneration.

  FIG. 31 is a flowchart showing an operation when fast-forwarding content while viewing the stored content shown in FIGS. 28 and 29.

  In FIG. 31, when the user requests fast-forwarding of the content being reproduced through the terminal application 2111, the content usage control unit 2106 receives a fast-forward instruction (S3101). Specifically, the content usage control unit 2106 receives an action ID indicating fast-forwarding from the terminal application 2111.

  Based on the playback control information acquired from the license processing unit 2104, the content usage control unit 2106 determines whether it is within the fast-forward (special playback) control period (S3102). Specifically, the content usage control unit 2106 includes the date and time information acquired from the secure time measuring unit 2112 when the control ID 1511 of the playback control information (control information 1503) includes information indicating “special playback is impossible”. By comparing with the value of the control time limit 1512, it is determined whether or not the present time is the period for which the special reproduction is to be controlled.

  If YES in step S3102, that is, if the present is a period during which special playback should be controlled, step S3103 is executed.

  If NO in step S3102, that is, if the current time is not a period for controlling special playback, step S3106 is executed.

  The content usage control unit 2106 acquires the PTS 1343a (hereinafter referred to as PTS_Src) of the current playback location (S3103). Specifically, the content use control unit 2106 obtains the PTS 1343a (PTS 1343a assigned to the recently displayed frame) of the location currently being played from the content use unit 2108.

  Based on the playback control information acquired from the license processing unit 2104, the content usage control unit 2106 determines whether or not it is a section where fast-forward (special playback) can be performed (S3104). Specifically, the content usage control unit 2106 includes information within the PTS 1343a specified by the control range 1514 when the control ID 1511 of the playback control information (control information 1503) includes information indicating “special playback disabled”. Whether or not PTS_Src is included in a certain control start time to control end time is checked by the amount of control time information 1520. That is, a case is detected in which the currently reproduced portion is included in at least one CM skip prohibition section (control start time to control end time of control information 1503).

  If YES in step S3104, that is, if PTS_Src is included in a CM skip prohibited portion, step S3105 is executed.

  If NO in step S3104, that is, if PTS_Src is not included in the CM skip prohibited portion, step S3106 is executed.

  The content usage control unit 2106 acquires the viewing history of the content, and determines whether the past number of viewings of the CM skip prohibited portion including the PTS_Src is equal to or greater than the specified number (S3105). Specifically, the content usage control unit 2106 searches the viewing history DB 2110 and refers to the time information 2210 that is the viewing history of the UL 2200 with the matching content ID 2205 in the UL 2200 stored in the viewing history DB 2110. Since the time information 2210 describes the value of the PTS 1343a that has viewed the content in the past, the number of histories of viewing the CM skip prohibited portion including the PTS_Src is counted and compared with the control count 1513 of the control information 1503. Process.

  If, in step S3105, the past number of viewings of the CM skip prohibited portion including PTS_Src is equal to or greater than the control count 1513, step S3106 is executed.

  In step S3105, if the past number of viewings of the CM skip prohibited portion including PTS_Src is less than the control number 1513, step S3107 is executed.

  The content usage control unit 2106 executes fast forward (S3106). Specifically, the content use control unit 2106 controls the content decryption unit 2107 and the content use unit 2108 so as to obtain TS packets 1400 corresponding to the fast-forward speed from the content storage unit 2103. Normally, only fast I-pictures are displayed in fast-forwarding, so processing for selecting TS packets 1400 containing only I-pictures is performed while referring to information in the TSP header 1410 and adaptation field 1420 of the TS packet 1400. The processing operation after the skip is the same as the operation described in FIG. In addition, in order to sequentially determine whether or not the playback location that changes with fast-forwarding is a CM skip prohibition location, the processing from step S3102 to step S3106 is repeatedly executed. Note that when the processes in steps S3102 to S3106 are repeatedly executed, the process in step S3105 may be omitted as necessary. In this case, all the processes in step S3105 are processed as NO, and step S3107 is executed.

  The content usage control unit 2106 prohibits the fast-forward operation (S3107). Specifically, the content usage control unit 2106 notifies the user through the user interface of the terminal application 2111 that the fast-forward operation is not possible (along with the reason if necessary).

  As described above, the special reproduction of the corresponding portion can be controlled with respect to the specific portion of the content for a limited time and a limited number of times. Although the case of fast-forwarding has been described here, CM rewinding can be similarly controlled.

  Furthermore, the control method described in the embodiment of the present invention can be used not only for special reproduction but also for the purpose of controlling viewing of a specific part of content. As an example of this case, an operation for controlling viewing of the preview portion of the PPV content will be described with reference to FIG.

  FIG. 32 is a flowchart showing an operation for previewing content while viewing the content, as in FIGS. 30 and 31.

  When the user requests preview playback of a certain content through the terminal application 2111, the content usage control unit 2106 receives a preview instruction (S3201). Specifically, the content usage control unit 2106 receives an action ID indicating a preview from the terminal application 2111.

  Based on the playback control information acquired from the license processing unit 2104, the content usage control unit 2106 determines whether it is within the preview control period (S3202). Specifically, the content use control unit 2106 controls the date and time information acquired from the secure time measuring unit 2112 and the control when the control ID 1511 of the reproduction control information (control information 1503) includes information indicating “Preview is possible”. By comparing with the value of the deadline 1512, it is determined whether or not the current period is a period in which the preview can be executed.

  If YES in step S3202, that is, if the current time is a period during which the preview can be executed, step S3203 is executed.

  If NO in step S3202, that is, if the current time is not a period during which the preview can be executed, step S3207 is executed.

  The content usage control unit 2106 acquires the PTS 1343a (hereinafter referred to as PTS_Src) of the current playback location (S3203). Specifically, the content use control unit 2106 obtains the PTS 1343a (PTS 1343a assigned to the recently displayed frame) of the location currently being played from the content use unit 2108.

  Based on the playback control information acquired from the license processing unit 2104, the content usage control unit 2106 determines whether or not it is a section where previewing is possible (S3204). Specifically, the content usage control unit 2106 is a range of the PTS 1343a designated by the control range 1514 when the control ID 1511 of the playback control information (control information 1503) includes information indicating “Preview is possible”. Whether the PTS_Src is included in the control start time to the control end time is checked by the control time information number 1520. That is, a case is detected where the currently reproduced portion is included in at least one previewable section (control start time to control end time of control information 1503).

  If YES in step S3204, that is, if PTS_Src is included in the previewable section, step S3205 is executed.

  If NO in step S3204, that is, if PTS_Src is not included in the previewable section, step S3207 is executed.

  The content usage control unit 2106 acquires the viewing history of the content, and determines whether the past number of viewing times of the previewable portion including the PTS_Src is equal to or greater than the specified number (S3205). Specifically, the content usage control unit 2106 searches the viewing history DB 2110 and refers to the time information 2210 that is the viewing history of the UL 2200 with the matching content ID 2205 in the UL 2200 stored in the viewing history DB 2110. Since the time information 2210 describes the value of the PTS 1343a that has viewed the content in the past, the number of histories of viewing the previewable part including the PTS_Src is counted and compared with the control count 1513 of the control information 1503 I do.

  In step S3205, if the past number of viewing times of the previewable portion including PTS_Src is equal to or greater than the control count 1513, step S3207 is executed.

  In step S3205, when the past number of viewing times of the previewable portion including PTS_Src is less than the control number 1513, step S3206 is executed.

  The content usage control unit 2106 executes preview (S3206). Specifically, the content use control unit 2106 permits content preview, and performs content decoding and content decoding. Since the playback location changes with the preview, the processing from step S3202 to step S3206 is repeatedly executed to sequentially determine whether or not the current playback location can be previewed. Note that when the processes in steps S3202 to S3206 are repeatedly executed, the process in step S3205 may be omitted as necessary. In this case, all the processes in step S3205 are processed as YES, and step S3206 is executed.

  The content usage control unit 2106 prohibits the preview (S3207). Specifically, the content usage control unit 2106 notifies the user through the user interface of the terminal application 2111 that the preview is impossible (along with the reason if necessary).

  Thus, with respect to the preview of the PPV content, the preview can be controlled for a limited time and a limited number of times.

  As described above, in the content reproduction control system 1, the distribution center 101 uses the existing secure time information added to the content to separate the reproduction control information for controlling the use of a specific part of the content from the content. Data is securely distributed to the terminal device, and the terminal device uses the existing secure time information and the playback control information acquired from the distribution center 101 to securely control the use of the content. ing. Therefore, the business operator can utilize the existing encoder, can reduce the cost related to the transmission facility, and the business operator can securely control the use of the specific part of the content by the user.

  In the embodiment of the present invention, an example in which PTS 1443a of a PES packet is used as time information added to content is shown, but the present invention is not limited to this, and DTS 1443b of PES packet, PCR 1425a of TS packet 1400 , MPEG-4 Systems SL (Sync Layer), MPEG-2 ES Group Of Picture Time Code, and other information that can be used to identify content parts can be used. . In this case, when using unencrypted time information such as the PCR 1425a of the TS packet 1400, the time information such as associating the value of the time information with the content encryption key or adding a hash value for the data including the value of the time information is used. In order to prevent falsification of content, a process for securely binding content and time information is required.

  In the embodiment of the present invention, an example of content multiplexed by MPEG-2 PES / TS has been shown. However, even content other than MPEG-2 PS (Program Stream) or MPEG is existing in the content. And can be applied if there is information that can identify the content part (for example, at least a unique ID or counter value for each packet in the content is not limited to time information) Needless to say.

  In the embodiment of the present invention, an example in which content is distributed based on the server type broadcasting system type I shown in the ARIB STD-B25 4.1 version has been described. Needless to say, it can be applied to the server type broadcasting system type II, streaming distribution on the Internet, and download distribution. In this case, since the content is generally encrypted with a single encryption key Kc ′, the encryption key Kc ′ is set in the license (corresponding to the main license 900 in the embodiment of the present invention), and the license is Distribution is performed from the right management server 101a to the terminal device 102 via communication such as the Internet. Similarly, playback control information is included in this license. In this way, if the content is not scrambled with a time-varying key and is encrypted with a single encryption key (that is, the license configuration of the main license 900 and the sublicense 1000 is not a single Even in the case of a license configuration), the usage control of a specific part of the content in the terminal device 102 can be performed securely.

  In the embodiment of the present invention, various information including the user ID 2103 and the terminal ID 2104 is recorded in the viewing history UL 2200. However, in order to use the content usage control based on the viewing history, Content ID 2105 or license ID 2106, or content ID 2105 and license ID 2106 (depending on how IDs are allocated in the content playback control system 1) and one or more starts A set of time information and end time information may be recorded.

  In the embodiment of the present invention, the viewing history recorded in the terminal device 102 is managed by the viewing history DB 2110. However, the viewing history is managed together with the license (main license 900) managed in the license DB 2105. Anyway.

  In the embodiment of the present invention, an example in which CM skip control is performed is shown as an example in which usage control of a specific part of content is performed. However, the present invention is not limited to this. It can also be applied to control in which only a specific part of content is used.

  In the embodiment of the present invention, an example has been shown in which the value of the PTS 1343a assigned to the content is specified as the playback control location information (control information 1545) in the playback control information. The control information 1545 may be configured using the value of the PTS 1343a at the head and the relative value from the head of the content based on the PTS 1343a. Further, in the control information 1545, the reproduction control location is expressed in the range specified by the control start time and the control end time, but may be expressed as a control start time and a control time (time width).

  In the embodiment of the present invention, an example in which a special playback prohibited section (a section in which only normal playback is permitted) is described as playback control location information (control information 1545) in the playback control information. The special reproduction permission section may be described in the control information 1545.

  In the embodiment of the present invention, the example in which the reproduction control information is set to the license (sublicense 1000) and the ECM and is distributed from the distribution center 101 to the terminal device 102 has been described. However, the present invention is not limited to this. Instead, it may be distributed using a secure channel such as SSL for communication, or distributed by EMM for broadcasting. Therefore, this method is a method that can be applied uniformly regardless of whether or not related information such as ECM is multiplexed on the content. In such a case, when the terminal device 102 does not acquire the playback control information (control information 1545) at the time of using the content, only normal playback is permitted or no preview is permitted for viewing the content. It is also possible to control such that special playback or preview is permitted after the playback control information is acquired.

  Further, when the control information 1545 is configured using the value of the PTS 1343a at the beginning of the content and the relative value from the beginning of the content based on the PTS 1343a, the content of the content based on the PTS 1343a is transmitted when the streaming content is sent out by the content distribution server 101b. The playback control location may be specified by a relative value from the top, and after the top PTS 1343a of the content is determined, the top PTS 1343a of the content may be distributed from the content distribution server 101b to the terminal device 102. At this time, while the terminal apparatus 102 has not acquired the PTS 1343a at the beginning of the content, control is performed so that only normal reproduction is permitted or preview is not permitted.

  In the embodiment of the present invention, an example in which a license (sublicense 1000) is set in the ECM 1900 for Kc distribution and distributed from the distribution center 101 to the terminal device 102 has been described. However, the present invention is not limited to this. Alternatively, it may be distributed by ECM-Kw1800, ECM-Kc1810, or EMM (including EMM for Kc distribution in server type broadcasting system type I). Also, in broadcast distribution, ECM-Kw1800 and ECM-Kc1810 are used (an EMM for distribution of work key Kw203 may be used if necessary), and a license including content key Kc205 and reproduction control information is used. You may make it deliver via communication.

  In the embodiment of the present invention, an example in which information for reproduction control (reproduction control information) is distributed is shown as an example of control information for controlling use of a specific part of content. However, it is also applicable to usage control other than playback in the terminal device 102, such as printing and editing.

  In the embodiment of the present invention, the example in which the reproduction control information is generated in the content distribution server 101b has been described. However, it may be generated in the right management server 101a. In this case, needless to say, it is necessary to notify the right management server 101a of the information of the PTS 1343a assigned to the content from the content distribution server 101b. In the content distribution server 101b, the reproduction control information is set in the sublicense 1000, but may be set in the right management server 101a.

  In the embodiment of the present invention, an example in which the terminal device 102 records a viewing history for all content use has been shown. However, information for instructing the main license 900 or the sublicense 1000 to record the viewing history is shown. By including this, it may be controlled whether to record the viewing history for each content, each license, or each user.

  In the embodiment of the present invention, an example has been described in which the playback control information generation unit 1106 in the content distribution server 101b acquires the value of the PTS 1343a from the content encoding unit 1105 when generating the playback control information. You may make it acquire the value of STC directly from the information addition part 1104. FIG. In this case, however, it goes without saying that the STC value used by the content encoding unit 1105 and the STC value used by the reproduction control information generating unit 1106 need to match.

  In the embodiment of the present invention, when the playback control information generation unit 1106 in the content distribution server 101b performs streaming content (real-time encoding), the value of the PTS 1343a at the head of the content is calculated to generate playback control information. In the case of downloading content (pre-encoding), the value of the PTS 1343a at the beginning of the content of the content and the value of the PTS 1343a such as a CM location and a previewable location can be specified in advance. It is possible to generate playback control information based on the value of PTS 1343a actually added to the content.

  In the embodiment of the present invention, the example in which the IDs “special playback disabled” and “preview enabled” are used as the control ID 1511 of the playback control information (control information 1503) has been described. The identifier is not limited to this as long as it is an identifier for prescribing the operation and content processing.

  In the embodiment of the present invention, an example has been shown in which the control ID 1511 has a restriction such as a past viewing count based on the viewing history or a control time limit based on an absolute time. You may make it add restrictions, such as.

  In the embodiment of the present invention, an example in which playback control of a specific part of content is performed using the viewing history stored in the viewing history DB 2110 has been described. However, playback control information (control information) is based on the viewing history. 1545) may be changed. For example, when the special reproduction prohibited section is viewed more than a specified number of times, the information on the corresponding special reproduction prohibited section is deleted from the control information 1545. Thereby, even after the viewing history is transmitted to the distribution center 101 or the like, playback control based on the viewing history is possible.

  In the embodiment of the present invention, the example in which the reproduction control information is set in the ECM 1900 for Kc distribution has been described. However, the reproduction control information may be set in the ECM-Kw 1800 or ECM-Kc 1810. At this time, if different playback control information is set in ECM-Kw1800 and ECM-Kc1810, or ECM-Kw1800 and ECM1900 for Kc distribution, different playback control ranges can be realized during real-time viewing and storage viewing. For example, in the case of preview, it is necessary to have a uniform preview section such as a fixed time from the beginning when viewing in real time, but when previewing stored, set a preview range that makes use of content features such as digest viewing Therefore, it is possible to provide a service that makes full use of the storage function of the terminal device 102.

  Furthermore, in the embodiment of the present invention, an example in which contents, licenses, control information, etc. are acquired from a single distribution route has been shown. However, digital broadcasting and the Internet are used together, or package media and the Internet are used together. It is also possible to take in from a complex distribution route.

  The content reproduction control system according to the present invention controls the use of a specific part of content such as a CM part of content in a terminal device by using existing secure time information for the content without adding control information to the content. Realizing it securely has the effect of preventing the use of content by users against the operator's intention at low cost, and is useful as a content playback control system in content distribution services such as digital broadcasting, CATV, and the Internet. is there. The present invention can also be applied to a content reproduction control system in a content distribution service using portable media such as package media.

1 is a diagram showing an overall schematic configuration of a content reproduction control system 1 according to an embodiment of the present invention. It is a figure which shows the outline | summary of the encryption key scheme in the content delivery based on the server type broadcast system type I. It is a functional block diagram which shows the detailed structure of the rights management server 101a shown by FIG. It is a figure which shows the structural example of the work key management table 400 with which key information DB301 is provided. It is a figure which shows the structural example of the content key management table 500 with which key information DB301 is provided. It is a figure which shows the structural example of the user information management table 600 with which user information DB302 is provided. It is a figure which shows the structural example of the utilization condition management table 700 with which utilization condition DB303 is provided. It is a figure which shows the structural example of the content information management table 800 with which content information DB304 is provided. 2 is a diagram illustrating an example of a configuration of a main license 900. FIG. 2 is a diagram illustrating an example of a configuration of a sublicense 1000. FIG. It is a functional block diagram which shows the detailed structure of the content delivery server 101b shown by FIG. It is a figure which shows the structural example of the content attribute information management table 1200 with which content attribute information DB1102 is provided. 5 is a diagram showing an outline of the configuration of a PES packet 1300. FIG. 2 is a diagram illustrating an outline of a configuration of a TS packet 1400. FIG. 5 is a diagram illustrating a data structure of a control information tag block 1500. FIG. It is a conceptual diagram of the method of calculating | requiring the PTS1343a of the head of content by calculation. It is a figure which shows an example of the reproduction | regeneration control information (control information 1503) which concerns on embodiment of this invention. It is a figure which shows the structural example of ECM-Kw1800 and ECM-Kc1810. It is a figure which shows the structural example of ECM1900 for Kc distribution. It is a figure which shows the structural example of the sublicense 1000 after control information tag block 1500 insertion. It is a functional block diagram which shows the detailed structure of the terminal device 102 shown by FIG. It is a figure which shows an example of a structure of the data structure of UL2200. It is a figure which shows the structural example of ELI2300. 5 is a flowchart showing processing performed when a main license 900 is acquired. FIG. 25 is a flowchart showing a subroutine of a license issuance determination process (S2404) shown in FIG. 24. FIG. It is a flowchart which shows the process which produces | generates the sublicense 1000 in the rights management server 101a, and the process which transmits the work key Kw203, the content key Kc205, and the sublicense 1000. It is a flowchart which shows the ECM production | generation process and content transmission process of the content delivery server 101b. 10 is a flowchart showing a processing operation in which the user accumulates and views the content accumulated in the content accumulation unit 2103 in the terminal device 102. It is a flowchart which shows the subroutine of the content utilization process (S2806) shown by FIG. It is a flowchart which shows the processing operation in the case of performing time skip of a content during viewing of stored content. It is a flowchart which shows operation | movement in the case of fast-forwarding a content (CM part) during viewing of stored content. It is a flowchart which shows operation | movement in the case of previewing a content during viewing of a content.

Explanation of symbols

1 Content Playback Control System 101 Distribution Center 101a Rights Management Server 101b Content Distribution Server 101c Billing Server 101d Web Server 101n LAN
102, 102a, 102b, 102c Terminal equipment 103 Network 201 Scramble key Ks
203 Work key Kw
205 Content key Kc
301 Key information DB
302 User information DB
303 Usage conditions DB
304 Content information DB
311 License issuing unit 312 Server transmission / reception unit 1101 Content DB
1102 Content attribute information DB
1103 Timekeeping unit 1104 Time information adding unit 1105 Content encoding unit 1106 Playback control information generating unit 1107 ECM generating unit 1108 Content multiplexing unit 1109 Content encryption unit 1110 Content sending unit 2101 Terminal transmitting / receiving unit 2102 Separating unit 2103 Content storage unit 2104 License Processing unit 2105 License DB
2106 Content usage control unit 2107 Content decryption unit 2108 Content usage unit 2109 Viewing history recording unit 2110 Viewing history DB
2112 Timekeeping Department

Claims (32)

A content reproduction control system comprising a server device connected via a communication path and a terminal device,
The server device
Control information generating means for generating control information specifying a range in which a user's predetermined operation on the content in the terminal device is permitted or prohibited based on time information given to the content;
Distribution means for distributing the control information to the terminal device;
The terminal device
Content using means for using the content;
Receiving means for receiving the control information;
A content reproduction control system comprising: content use control means for controlling reproduction included in the use of content by the content use means based on the received control information. The content reproduction control system according to claim 1, wherein the control information indicates a special reproduction prohibition section of the content. The content reproduction control system according to claim 1, wherein the control information indicates a section in which only normal reproduction of the content is permitted. The content reproduction control system according to claim 1, wherein the control information indicates a section in which the content can be auditioned. The content reproduction control system according to claim 1, wherein the time information is a value of the time information given to the content. The time information is based on at least a TS (Transport Stream) PCR (Program Clock Reference), a PES (Packetized Elementary Stream) PTS (Presentation Time Stamp), and a PES DTS (Decoding Time Stamp). The content reproduction control system according to claim 5, wherein: The content reproduction control system according to claim 1, wherein the time information includes time information at the head of the content and time information at an offset from the head of the content. The time information is based on at least a TS (Transport Stream) PCR (Program Clock Reference), a PES (Packetized Elementary Stream) PTS (Presentation Time Stamp), and a PES DTS (Decoding Time Stamp). 8. The content reproduction control system according to claim 7, wherein The content reproduction control system according to claim 1, wherein the reception unit receives the control information by broadcasting from the server device. The control information is set for either a main license that represents a license that can be used for a plurality of contents corresponding to the contract and a sub-license that represents a license issued for a single content. The content reproduction control system according to claim 9, wherein The content reproduction control system according to claim 1, wherein the reception unit receives the control information through communication with the server device. The control information is set for either a main license that represents a license that can be used for a plurality of contents corresponding to the contract and a sub-license that represents a license issued for a single content. The content reproduction control system according to claim 9, wherein The content reproduction control system according to claim 1, wherein the control information includes a type of permitted operation. The content reproduction control system according to claim 1, wherein the control information includes at least one of a number of times of viewing, a time, and a time limit until a specific operation is permitted. The content reproduction control system according to claim 14, wherein the specific operation is any one of CM skip, CM fast forward, and CM rewind. The content reproduction control system according to claim 1, wherein the control information includes a restriction regarding a number of permitted operations or a time. The content reproduction control system according to claim 16, wherein the permitted operation is a preview of content. The control information is issued for a user's contract, and specifies either a main license representing a license that can use a plurality of contents corresponding to the contract or a sublicense representing a license issued for a single content. The content reproduction control system according to claim 1, further comprising: The content reproduction control system according to claim 1, wherein the content usage control unit performs control so that a predetermined operation cannot be performed when the control information is not acquired. The terminal device further comprises viewing history recording means for recording a viewing history including a viewing location of the content,
The content reproduction control system according to claim 1, wherein the content use control unit controls the use of the content by the content use unit using the control information and the viewing history. 21. The content playback control system according to claim 20, wherein when the viewing history exceeds a limit included in the control information, the content use control unit performs control to permit special playback of the content. The content reproduction control system according to claim 1, wherein, when the content is a stream type content, the control information generation unit generates the control information by predicting a value of time information. 2. The content reproduction control system according to claim 1, wherein, when the content is a stream type content, the control information generation unit generates the control information after the start of content transmission. The control information generation means further generates control information including only the content transmission start time,
The content reproduction control system according to claim 23, wherein the distribution unit distributes the generated control information later. 2. The content reproduction control system according to claim 1, wherein when the content is a file-type content, the control information generation unit generates the control information using time information after the value is determined. The content reproduction control system according to claim 1, wherein the control information is set to at least one of digital broadcast Kc distribution ECM (Entirement Control Message), ECM-Kw, and ECM-Kc. 27. The content reproduction control system according to claim 26, wherein different control information is set for the ECM-Kw and the Kc distribution ECM. 27. The content reproduction control system according to claim 26, wherein different control information is set for the ECM-Kw and the ECM-Kc. 2. The content reproduction control system according to claim 1, wherein a portion where the predetermined operation is permitted or prohibited is different between real-time viewing and storage viewing of the content. A server device in a content reproduction control system comprising a server device connected via a communication path and a terminal device,
Control information generating means for generating control information specifying a range in which a user's predetermined operation on the content in the terminal device is permitted or prohibited based on time information given to the content;
A server device comprising: distribution means for distributing the control information to the terminal device. A terminal device in a content reproduction control system comprising a server device connected via a communication path and a terminal device,
Content usage means for using the content;
Receiving means for receiving control information;
Content usage control means for controlling playback of content based on the received control information,
The terminal device according to claim 1, wherein the control information is information specifying a range in which a predetermined operation on the content in the terminal device is permitted or prohibited based on time information given to the content. A content reproduction control method used in a content reproduction control system including a server device connected via a communication path and a terminal device,
In the server device,
A control information generating step for generating control information designating a range for permitting or prohibiting a predetermined operation on the content in the terminal device based on time information given to the content;
A delivery step of delivering the control information to the terminal device,
In the terminal device,
A content using step of using the content;
Receiving step for receiving the control information;
A content use control step of controlling content playback based on the received control information.

Images