JP2006268864A - Content information processing apparatus, content information processing method, and recording medium - Google Patents

Abstract

Provided is a content information processing apparatus that enables effective control over whether or not the encrypted content recorded on a storage medium is decrypted and used in a content information processing apparatus having a network function. To do.
When a condition regarding permission to use content in a DVD is satisfied, a decoder 210 decrypts the encrypted content in the DVD using information for decryption in the DVD. . If the condition is not satisfied, the telephone server procedure unit 204 establishes a connection with the server device via the interface 202 based on the address in the DVD, and the license update procedure unit 205 establishes a connection with the server device via the connection. To obtain a license between the two. When receiving the permission, the decoder 210 can decrypt the encrypted content using the information for decryption.
[Selection] Figure 2

Description

  The present invention relates to a content information processing apparatus, a content information processing method, and a recording medium having a function of connecting to a network and a function of processing encrypted content information recorded on a storage medium.

  Recently, rapid progress in communication technology such as the Internet or digital technology such as DVD has become a hot topic in various fields. These technologies are not limited to the field of information communication, but are spreading to broadcasting, AV, home appliances, etc. It is considered that the fusion of the above-mentioned fields will proceed rapidly in the future.

  In particular, even in homes where no advanced communication technology has been required so far, the advancement of the above communication technology is new, such as application to data communication technology due to the advancement of modem technology or home network technology such as IEEE 1394. Creating technology.

  Now, as the digitalization and networking of AV devices progress in the future, the handling of digitized content becomes a problem. That is, there are problems such as unauthorized copying of digital content and unauthorized processing.

  Therefore, a technique has been proposed in which an encryption technique is added to the digital content so that only a previously registered device can be reproduced.

  Further, in addition to the above reproduction, a method (Divx method) or the like in which the AV device remembers the fact of content reproduction, notifies the accounting server of the history later, and charges for the reproduction is proposed. In addition, as other methods, a method that permits reproduction only when the above reproduction conditions are satisfied, a method that permits reproduction by asking permission from an external license server even when the reproduction conditions are not satisfied, etc. Various schemes are possible.

  In these technologies, the AV device is provided with a network function, and the above procedure is performed when the AV server communicates with a license server / billing server arranged on a public network.

  In addition, it is predicted that many future AV devices such as Internet TV and push-type news distribution will be developed on the premise of networking.

  However, in a content information processing apparatus such as an AV device or a computer having a network function, there is an effective control method for permission / inhibition of use when decrypting and using encrypted content information recorded on a storage medium. Was not provided.

  The present invention has been made in consideration of the above circumstances, and in a content information processing apparatus such as an AV device or a computer having a network function, the encrypted content information recorded on the storage medium is decrypted and used. It is another object of the present invention to provide a content information processing apparatus, a content information processing method, and a recording medium that enable effective control of whether or not the use is permitted.

  A content information processing apparatus according to the present invention includes a network interface for connecting to a network, encrypted content information recorded on a predetermined storage medium, and content information recording on which the content information of the storage medium is recorded. When the condition for permission to use content information recorded in an area different from the area is satisfied, information for decryption recorded in an area different from the content information recording area of the storage medium is used. Decryption means for decryption and permission for using the content information when a condition regarding permission to use the content information recorded in an area different from the content information recording area of the storage medium is not satisfied Information of the server device to communicate with A connection control means for performing control for establishing a connection with the server device via the network interface based on the address information extracted from an area different from the content information recording area of the media; When the condition relating to permission to use the content information recorded in an area different from the content information recording area of the storage medium is not satisfied, the permission is received from the server device via the established connection. Processing means for performing a procedure for the decryption, and the decryption means uses the information for decryption to obtain the content information even when receiving the permission through the procedure performed by the processing means. It is characterized by decoding.

  The invention relating to each of the above devices can be realized as an invention relating to a method, and also as a computer-readable recording medium recording a program for causing a computer to execute a procedure for controlling predetermined hardware. To establish.

  According to the present invention, in a content information processing apparatus such as an AV device or a computer having a network function, when the encrypted content information recorded on the storage medium is decrypted and used, it is effective for whether to permit the use or not. Control becomes possible.

  Hereinafter, embodiments of the invention will be described with reference to the drawings.

  FIG. 1 shows an example of the overall configuration of a network system according to an embodiment of the present invention.

  First, in the present embodiment, a local network 104 using an IEEE 1394 bus will be described as an example of a local network as shown in FIG. The local network 104 may be provided in any organization or place, but for the purpose of more specific description, the local network 104 will be described as a home network provided in a certain home.

  Next, consider a case where a device that handles some content (hereinafter referred to as a content processing device) such as an AV device or a computer is connected to the local network. In addition to having an interface for connecting to at least a local network (IEEE1394 bus 104 in FIG. 1), the content processing apparatus needs to communicate with other apparatuses via a network other than the local network. To do.

  In the present embodiment, the necessity of communicating with the other device is that the device connected to the local network needs to obtain permission to use or process content that cannot be freely used or processed. Shall occur. For example, it is assumed that the content itself can be obtained, but a certain condition must be satisfied in order to perform some processing on the content in the content processing apparatus. More specifically, for example, for any processing on the content or specific processing on the content (for example, decryption of encrypted content, display of displayable content, execution of executable content, etc.) If a specific institution or organization requires permission, and if it has not been received or has not been received, the specific institution or organization has a certain procedure (in this case, using communication means) If it is necessary to obtain the license free of charge or for a fee, or the period of this license is limited, if this period is exceeded, the specific institution or organization, etc. This is the case when it is necessary to obtain permission for free or for a fee. In any case, in order to use or continue to use a certain content, it is necessary to perform communication for the above-described certain procedure between the content processing device and a server device in a specific organization or organization. Suppose that can occur.

  In addition, as said content information, it is possible to target various types of data such as text files and programs, such as moving images, still images, sounds, moving images with sound, still images, etc. Alternatively, as processing, for example, decryption, reproduction, display, browsing, storage, copying, execution, and the like can be considered. Further, as the above-mentioned permission, for example, charging or license agreement may be considered, whereby license information (for example, a playback condition described later) for enabling the use or processing of content can be acquired. it can.

  As the above-described content processing apparatus connected to the home network (IEEE 1394 bus) 104, for example, various apparatuses such as a computer, a VTR, and a TV can be considered. In this embodiment, as shown in FIG. An example will be described.

  Further, the license server 103 will be described as an example as shown in FIG. 1 as a server device in the specific organization or organization to be communicated with the DVD player 101.

  Furthermore, the content processing apparatus (DVD player 101) communicates with a server apparatus (license server 103) in a specific institution or organization as necessary via a network other than the local network (home network 104). Now, a telephone network 105 will be described as an example of a network other than the local network (home network 104) as shown in FIG.

  That is, as illustrated in FIG. 1, the DVD player 101 is connected to the home network 104, and the home network 104 is connected to the telephone network 105 via the home gateway 102 having a function as a telephone server. The server 103 is also connected to the telephone network 105 directly or through another network or gateway.

  Note that the content processing apparatus (DVD player 101) connected to the local network may or may not have an interface for directly connecting to a network other than the local network (the telephone network 105 in FIG. 1). . However, even if an interface for directly connecting to a network other than the local network is provided, it is not essential to actually connect to the network.

  In the network system illustrated in FIG. 1, the DVD player 101 is connected to the license server 103 in a network manner by calling the license server 103 as necessary, and license information (for example, playback conditions described later) and necessary Exchange billing information, etc. according to Hereinafter, an embodiment of the present invention will be described in more detail using such specific examples.

  FIG. 2 shows an example of the internal structure of the DVD player 101 according to this embodiment.

  As shown in FIG. 2, the DVD player 101 includes a telephone modem 201, an IEEE 1394 interface 202, an interface selection unit 203, a telephone server procedure unit 204, a license update procedure unit 205, a license determination unit 206, a DVD drive 207, additional information. An extraction unit 208, a content extraction unit 209, and a decoder 210 are provided.

  First, the hardware / software configuration of the DVD player 101 will be described.

  This DVD player 101 has a function of decrypting encrypted content, and it is assumed that decrypted content or information that can easily be obtained is not received. . For example, the circuit portion of the DVD drive 207, the additional information extraction unit 208, the content extraction unit 209, the decoder 210, the license determination unit 206, and the license update procedure unit 205 are preferably formed as semiconductor chips. The additional information extraction unit 208 and the content extraction unit 209 are formed as one semiconductor chip (or the circuit part of the DVD drive 207 is made independent), and the decoder 210 is formed as one semiconductor chip, and the license determination unit 206 and the license update A configuration in which the procedure unit 205 is formed as one semiconductor chip is conceivable. Of course, other combinations of semiconductor chips are possible, and each of the six parts can be formed as a single semiconductor chip, or all of the six parts can be combined into a single semiconductor chip. Is possible.

  The DVD player 101 can also be configured using software within a range where security can be ensured.

  Further, a configuration in which the DVD player 101 is configured as a single DVD player and a configuration in which a DVD drive is connected to a computer can be implemented. In the latter case, for example, a board on which a semiconductor chip on which a circuit for realizing a part of the function of the DVD player 101 according to this embodiment is formed is mounted on the computer, and one of the functions of the DVD player 101 is provided. A program for realizing the program is read from a recording medium on which the program is recorded, installed in the computer (or connected to a ROM in which the program is written), and executed by the CPU. A configuration in which the semiconductor chip is connected to a CPU bus of a computer is also conceivable.

  In this embodiment, as an example, at least the license determination unit 206 and the decoder 210 are separate chips, and the license determination unit 206 and the license update procedure unit 205 are the same chip. Therefore, as will be described later, a content key Kc necessary for decrypting the encrypted content is encrypted and transferred between the license determination unit 206 and the decoder 210.

  Next, the structure and operation of the DVD player 101 will be described in detail. As shown in FIG. 2, the DVD player 101 has two network interfaces: a telephone modem 201 that can be directly connected to the telephone network 105, and an IEEE 1394 interface 202 that can be directly connected to the home network (IEEE 1394) 104. Is provided.

  The interface selection unit 203 selects an appropriate interface side that is actually connected to the network from these two interfaces (if both are connected, the telephone modem 201 is selected), and the license is selected. Communication by the update procedure unit 205 via the telephone network 105 or the home network 104 (from the home gateway 102 and the telephone network 105) is supported.

  The telephone server procedure unit 204 is for establishing a connection with the license server 103 as will be described in detail later.

  The DVD drive 207 is a disk drive for reading information from and writing information to a set DVD disk.

  Here, it is assumed that the DVD (DVD-RAM or the like) set in the DVD drive 207 has a configuration as illustrated in FIG. In other words, content such as video (301) previously encrypted with the content key Kc and additional information (302) encrypted with the master key Km are recorded on the DVD.

  In the following, data encrypted with the key Ki is described as [Data] Ki. For example, content encrypted with the content key Kc is described as [content] Kc, and additional information encrypted with the master key Km is described as [additional information] Km.

  In the case of the configuration illustrated in FIG. 3, in order to decrypt the content, first, the encrypted additional information ([additional information] Km) is decrypted with the master key Km, and the content included in this additional information It is necessary to take out the key Kc (303) and decrypt the encrypted content ([content] Kc) using the content key Kc.

  Decoding of this [additional information] Km is executed by the license determination unit 206.

  The master key Km for decrypting the additional information 302 is incorporated in the license determination unit 206 in the DVD player 101 (for example, the license determination unit 206 itself is formed and sealed as a semiconductor element). And

  That is, the master key km and the additional information [additional information] Km encrypted with the master key km are incorporated in advance when the DVD player or DVD disc is manufactured, and the contents of the master key km as a common key and its encryption method. Are strictly controlled so that they will not leak outside.

  As shown in FIG. 3, the reproduction information 304 is also included in the additional information. The reproduction condition 304 describes a condition that must be satisfied in order to permit the license determination unit 206 to decrypt the content.

  Various conditions can be considered as this condition. In this embodiment, the time limit for permitting the decryption of the content (for example, information on the final limit permitting the decryption such as “December 31, 1999”) ) Is written. That is, the DVD disc can be played if this playback condition is satisfied, but cannot be played if the playback condition is not satisfied. In the present embodiment, the encrypted content cannot be decrypted unless the condition is satisfied, so that it cannot be reproduced.

  As will be described in detail later, even if the playback condition is not satisfied, the DVD disc is again updated by performing license update (by communicating with the license server 103 via the telephone network 105 in FIG. 1). Can be played.

  For this reason, when the reproduction condition or the entire portion of the additional information is set as a RAM area so that the license determination unit 206 can rewrite the license, and the license is updated, the corresponding area is changed to a new update condition or a new update condition. It may be possible to rewrite the playback conditions to reflect various update conditions. However, it is desirable that this area is rewritable to a general DVD-RAM drive and can be read / written only by a special device such as the license determination unit 206.

  When reproducing the content recorded on the DVD disc set in the DVD drive 207, first, the content ([content] Kc) 301 encrypted with the content key Kc and the master key Km are used for encryption. The additional information ([additional information] Km) 302 is extracted by the additional information extraction unit 208 and the content extraction unit 209, respectively.

  The additional information ([additional information] Km) encrypted by the master key Km is sent to the license determination unit 206. The license determination unit 206 includes the master key Km as described above, and decrypts the encrypted additional information ([additional information] Km) with the master key Km, thereby adding additional information (in the case of FIG. 3). , Content key Kc, reproduction condition, license server address).

  Next, the license determination unit 206 first checks the reproduction condition in the decoded additional information. The license determination unit 206 has a built-in clock, and checks the reproduction conditions such as whether or not it is within the expiration date as described above.

  If the reproduction condition is cleared, it means that the license judgment unit 206 has permitted reproduction, and the content key Kc decrypted with the master key Km is passed to the decoder 210 for the first time.

  However, as described above, when there is a possibility of receiving a signal between the license determination unit 206 and the decoder 210 (for example, when the license determination unit 206 and the decoder 210 are formed in separate chips). In order to securely transfer the content key Kc between the license determination unit 206 and the decoder 210, the temporary key Kt agreed in advance between the license determination unit 206 and the decoder 210 is used. It is preferable to pass in encrypted form ([Kc] Kt).

  That is, in this case, first, the license determination unit 206 encrypts the content key Kc with the temporary key Kt, passes this [Kc] Kt to the decoder 210, and the decoder 210 decrypts [Kc] Kt with the temporary key Kt, The key Kc is obtained.

  Upon obtaining the content key Kc from the license determination unit 206, the decoder 210 decrypts the encrypted content ([content] Kc) input from the content extraction unit 209 using the content key Kc. Further, the decoder 210 performs necessary processing such as decoding on the content, and then outputs the content as, for example, a video signal or an audio signal.

  Various functions can be set as the function of the decoder 210. For example, when the content is encrypted after being encoded in MPEG2 or the like, the [content] Kc is decrypted. A form that is decoded and output after being converted into an NTSC signal, a form that outputs content in a state encoded in MPEG2, etc., a form that is converted into bitmap data when the content is image data, and the like Various things are applicable.

  In the check of the playback condition by the license determination unit 206, if the playback condition is not cleared (in this example, the expiration date has expired), the license is not valid (in this example, the license has expired). Is). Therefore, for example, the license determination unit 206 displays a message indicating that the license has expired and inputs an instruction on whether or not to update the license from the user. Try to update. However, if the user inputs an instruction not to update the license, the processing related to the content ends at this point.

  Next, a case where the license is not cleared in the reproduction condition check by the license determination unit 206 and the license is updated will be described. When the license is to be updated, the license update procedure unit 205 performs a specific license update procedure.

  First, the license update procedure unit 205 checks the license server address 305 in the additional information 302 decrypted in the license determination unit 106. Here, the address of the license server to be accessed when the license is updated is described.

  FIG. 4 shows an example of a method for describing the address of the license server. In FIG. 4, the address of the license server is composed of an address type and an actual address. The address type includes, for example, an address system such as a telephone number, an IP address, an ATM address, a JAVA (registered trademark) name space, a CORBA name space, or a domain name, and an actual address is entered as the address. Note that this description may be standardized by a URL (Universal Resource Locator). In FIG. 4, the license server addresses may be described in order of priority. In this case, it is desirable to try the addresses written above first.

  In the present embodiment, a connection is established with one of the addresses described in the license server address 305 in the additional information 302, and a predetermined protocol is established between the license server and the DVD player 101. The license renewal procedure will be performed.

  Here, assuming that this DVD player 101 does not have an IP protocol as a protocol stack, it is not possible to communicate with an IP address, so a telephone number is selected. Or, if the address of the license server in FIG. 4 is tried first, the telephone number is selected first.

  Now, the license update procedure unit 205 refers to this license server address information, and when one is selected, passes the selected address information to the telephone server procedure unit 204 and requests establishment of a connection.

  Upon receiving a connection establishment request, the telephone server procedure unit 204 attempts to establish a connection with the license server 103 according to a predetermined procedure. FIG. 5 shows an example of a connection establishment procedure by the telephone server procedure unit 204.

  First, the telephone server procedure unit 204 checks whether or not a telephone modem is connected to the telephone number or a telephone cable is connected to the telephone modem in order to directly call the telephone number described ( Step S501).

  If the telephone modem 201 is connected to the telephone modem 201 and a telephone cable is connected to the telephone modem 201 and the telephone network 105 can be used (Yes in step S501), the telephone server procedure unit 204 Tries to establish a connection with the license server 103 by the telephone modem 201. When the connection is established, the license update procedure unit 205 communicates with the license server 103 through the interface selection unit 203, the telephone modem 201, and the telephone network 105. Then, a license update procedure is performed in accordance with a protocol defined in advance between the DVD player 101 and the license server 103 (step S502).

  If the telephone modem 201 is not connected, the telephone cable is not connected to the telephone modem 201, or the telephone modem 201 is not connected to the telephone network 105 (No in step S501), In order to establish a connection by the telephone server, it is checked whether or not a 1394 cable is connected to the IEEE 1394 interface 202 (step S503).

  If the 1394 cable is not connected to the IEEE 1394 interface 202, it means that the DVD player 101 cannot access the license server 103. Therefore, it is determined that communication with the license server is impossible, and the license server 103 Abandon the update and notify the user that the update is impossible (or a message prompting the user to connect a telephone cable, a 1394 cable, etc.) (step S505).

  If the 1395 cable is connected (Yes in step S503), it is determined whether or not a telephone server (in this embodiment, the home gateway 102 provides this function) exists on the IEEE 1394 bus. investigate. As will be described later, the presence / absence of the telephone server can be checked by reading the IEEE 1212 register of the device on the IEEE 1394 bus, executing the service location protocol, or the like (step S506).

  The telephone server is connected to both the home network 104 and the telephone network 105, and mediates communication between a device connected to the home network 104 and a device connected to a position via the telephone network 105. That is, a device connected directly to the telephone network 105 or via another network (in this embodiment, the license server 103) and a device connected to the home network 104 (in this embodiment, a DVD player). 101) provides a mechanism for transparently realizing data communication between them. Details thereof will be described later.

  If there is no telephone server on the IEEE 1394 bus (No in step S504), it means that the DVD player 101 cannot access the license server 103 as described above. Determines that communication is not possible, gives up renewing the license, and informs the user that the renewal is impossible (or a message prompting the user to connect a telephone cable or start the telephone server) Notification is made (step S505).

  If there is a telephone server on the IEEE 1394 bus (Yes in step S504), the telephone server procedure unit 204 requests the home gateway 102 from the IEEE 1394 interface 202 through the IEEE 1394 bus 104 to connect to the license server 103. When the connection is established, the license update procedure unit 205 communicates with the license server 103 through the interface selection unit 203, the IEEE 1394 interface 202, the IEEE 1394 bus 104, and the home gateway 102, and performs the license update procedure. (Step S506).

  The specific contents of the license renewal procedure can be determined according to the license server. Basically, for example, information for billing or license contracts can be exchanged and the content can be used or processed. In the case of this embodiment, the content is such that a new reproduction condition is received.

  Now, after the license update procedure is completed as described above, the license update procedure unit 205 notifies the license determination unit 206 that the license update has been completed and also notifies the new reproduction conditions.

  Then, the license determining unit 206 performs processing for updating the new reproduction condition for the DVD. For example, the item related to the playback condition in the additional information read from the DVD on the DVD drive 207 and decrypted is rewritten based on a new update with the license server, and the updated additional information is encrypted with the master key Km. Again, save it in the appropriate area of the DVD. Alternatively, when this DVD player 101 itself stores this update information and the same DVD (for example, one having the same disk ID) is set in the DVD drive 207 again, it is based on the updated reproduction condition. Determine the playback conditions.

  In addition, the license determination unit 206 permits reproduction and passes the content key Kc decrypted with the master key Km to the decoder 210. As described above, the decoder 210 decrypts the encrypted [content] Kc by using the passed content key Kc, and further decodes the content as necessary, so that a video signal or an audio signal is obtained. And so on.

  Next, a communication sequence will be described with reference to FIG. 6, FIG. 7, and FIG. 6 shows an example of the communication sequence, FIG. 7 shows an example of the operation sequence of the DVD player, and FIG. 8 shows an example of the operation sequence of the home gateway.

  This communication sequence is executed when the DVD player 101 communicates with the license server 103 through the telephone server (that is, the home gateway 102) in the above procedure. That is, the DVD player 101 wishes to communicate with the license server 103 via the home gateway 102 and perform a license update procedure.

  First, the DVD player 101 reads the contents of the IEEE 1212 register of the device existing on the IEEE 1394 bus 104 and examines it to detect a device having a telephone server function (step S601 in FIG. 6, FIG. 7). Step S701). The address of the IEEE 1212 register is determined in advance between devices connected on the IEEE 1394 bus, and the information about the function of the device or the service provided by the device is recorded on the IEEE 1212 register. To do. For this detection, in addition to the method using the IEEE1212 register, a method using a service location protocol is also conceivable. The service location protocol is a protocol for detecting or notifying a service on a network on a protocol such as the Internet protocol. The details are shown in RFC2165.

  Note that the home gateway 102 has registered in advance in the IEEE 1212 register that its own device functions as a telephone server through the procedure illustrated in FIG. That is, when the telephone server process is activated on the own apparatus and the telephone interface of the own apparatus is connected to the telephone cable and communication with the telephone network 105 is possible (steps S910 and S912), the own apparatus Confirms that it can operate as a telephone server, and registers that its own device has a telephone server function in its own IEEE 1212 register (step S801 in FIG. 8, step S903 in FIG. 9). .

  In this way, by registering that the own device functions as a telephone server in the IEEE 1212 register, it is possible to notify the device connected to the IEEE 1394 bus 104 that the own device functions as a telephone server.

  When it is recognized that the telephone server (in this embodiment, the home gateway 102 has a telephone server function) exists on the IEEE 1394 bus 104 (step S702 in FIG. 7), the DVD player 101 is recognized. Calls the license server address (telephone number) previously read from the additional information 302 and tries to perform a license update procedure. In order to do this via the IEEE 1394 bus 104, which is a home network, the DVD player 101 sends a call setting request to the home gateway 102 (step S602 in FIG. 6 and step S704 in FIG. 7). This call setting request means making a request to the home gateway 102 “Please call the telephone number #x to the telephone network”. Later, in order to communicate through the telephone line established by this request, a transaction number is simultaneously defined in order to name this telephone line (or session). That is, the address type = POTS, address = # x, and transaction number = α are transferred from the DVD player 101 to the home gateway 102.

  Upon receiving the call setting request (step S802 in FIG. 8), the home gateway 102 sends a call setting request to the telephone network 105 based on this request (step S603 in FIG. 6 and step S803 in FIG. 8). This call setting request is made to the telephone number included in the previous call setting request.

  When this call setup is successful, a call setup success message is sent from the telephone network 105 side (step S604 in FIG. 6).

  When the home gateway 102 receives the call setup success message (step S804 in FIG. 8), the home gateway 102 notifies the DVD player 101 that the connection with the license server 103 is successful, together with the transaction number (α) (FIG. 6). Step S605, Step S806 in FIG. 8).

  Upon receiving this notification (step S605 in FIG. 6 and step S705 in FIG. 7), the DVD player 101 follows the predetermined protocol procedure between the DVD player 101 and the license server 103 to update the license server 103 and the license update. Communication is performed (step S606 in FIG. 6, step S707 in FIG. 7, and steps S807 and S808 in FIG. 8). Here, in the communication related to the license update procedure, it is desirable that the exchanged data is encrypted by the network key Kn. The network key Kn is an encryption key that has been agreed in advance by both the DVD player 101 and the license server 103. Here, it is assumed that the key is a common key, but it is also possible to realize this by using a public key.

  When the home gateway (telephone server) 102 exchanges data between the DVD player 101 and the license server 103, the home gateway (telephone server) 102 performs modem processing as shown in FIG.

  That is, data sent from the DVD player 101 to the license server 103 is sent to the home gateway 102 as a normal digital signal according to the IEEE 1394 standard. The home gateway 102 modulates this signal, gets on the telephone network 105, and communicates with the license server 103.

  As for data transmitted from the license server 103 to the DVD player 101, a signal modulated for telephone is transmitted to the home gateway 102 via the telephone network 105. The home gateway 102 demodulates this signal and sends it to the DVD player 101 as an IEEE 1394 signal.

  At this time, for the DVD player 101 or the license server 103, the protocol for performing the license update procedure is in operation, and the physical layer difference such as the modem processing is hidden. That is, in the home gateway 102, the difference in the physical layer is concealed by entering the modem processing between them.

  If the DVD player 101 cannot detect the telephone server function on the IEEE 1394 bus 104, it cannot make a call, and communication with the license server 103 becomes impossible, and the process ends here (see FIG. 7 step S703).

  If the home gateway 102 fails to set up the call, the DVD player 101 is notified that further processing is impossible (step S805 in FIG. 8). Since it cannot be applied, the process ends here (step S706 in FIG. 7).

  Next, an example of the internal structure of the home gateway 102 that realizes the provision of the service as described above in FIG. 10 will be shown.

  As shown in FIG. 10, the home gateway 102 includes an IEEE 1394 interface 1001, a service notification unit 1002, a filter unit 1003, a telephone server unit 1004, a data modulation / demodulation unit 1005, and a telephone network interface 1006.

  The function of the home gateway 103 as a telephone server is included in the telephone server unit 1004. That is, the telephone server unit 1004 controls the sequence of FIG.

  The IEEE 1394 interface 1001 is an interface with the IEEE 1394 bus 104, and the telephone network interface 1006 is an interface with the telephone network 105.

  The service notification unit 1002 is a function for notifying that the own apparatus has a telephone server function through the IEEE 1394 interface 1001. In the present embodiment, this corresponds to the IEEE 1212 register.

  The data modulation / demodulation unit 1005 performs the modem processing of FIG.

  The filter unit 1003 extracts the license update procedure data from the data input via the IEEE 1394 interface 1001 and has this along with the data modulation / demodulation unit 1005.

  Under the control of the telephone server unit 1004, transparent data communication is provided between the DVD player 101 and the license server 103 by the functions of the filter unit 1003 and the data modulation / demodulation unit 1005.

  In this way, the DVD player can communicate with the license server on the public network. In other words, the DVD player can communicate with the public license server without directly connecting the telephone line to the DVD player, and it is not necessary to connect the telephone line directly to the DVD player as in the past. Therefore, if the IEEE 1394 wiring is provided and the telephone server (in this embodiment, the home gateway 102) exists on the IEEE 1394, it is not necessary to perform the telephone wiring, and the wiring is greatly simplified. Can be realized.

  In the description so far, the protocol used for the license update procedure has been agreed upon in advance between the DVD player 101 and the license server 103.

  In this case, it is necessary to operate a common protocol for the license update procedure on all DVD players.

  For this reason, as shown in FIG. 11, a protocol program 1106 for a license update procedure may be included in the additional information included in the DVD. In such a case, it is expected that the DVD player has a common interface such as a JAVA virtual machine, and if a license update procedure is required, the license update procedure included in the additional information of the DVD is included in the JAVA virtual machine. By downloading a protocol program for the license server and allowing the program to perform a license update procedure, it becomes possible to select a license update procedure protocol for each license server. In this case, the protocol processing program is described in JAVA, and the processing protocol is described using a standard API defined on the JAVA virtual machine.

  Also, as shown in FIG. 12, protocol processing programs written in a plurality of program languages may be prepared, and the program to be downloaded may be changed depending on the software platform of the DVD player. In FIG. 12, the protocol processing program is described in a programming language such as JAVA or visual basic script. Therefore, even if the software platform of the DVD player is a JAVA virtual machine, Windows (registered trademark), which is a Microsoft OS, is installed. Even in the case of a personal computer, it can be handled in either case. In this way, even when the software platform cannot be expected to be unified, such as a personal computer, several programs can be prepared and flexible support can be provided. It becomes possible.

  Also, as shown in FIG. 13, instead of leaving the license server address encrypted, it is not left in plain text, but instead of leaving the plaintext as it is, an authenticator 1304 of this address is set to prove that this address is correct. You can also add it. That is, the license server address using the “digest information” created by using a hash function such as MD5 based on the “license server address” or the license server address, for example, with the authenticator 1306 as information encrypted with the master key Km. Attached to 1305.

  The process of recognizing the address of the license server in the DVD player when reproducing this DVD is as follows, for example.

  First, this authentication method is agreed in advance between the DVD manufacturer and the DVD player. Here, the DVD player takes out the license server address 1305 of the additional information 1302 and executes a procedure agreed in advance (for example, a procedure for generating an authenticator from the license server address as described above). If the result is the same as the value of the address authenticator 1306, the address information is recognized as a correct value, and the address information written therein is recognized as the license server address. The reason why the address information can be recognized as correct is that it can be interpreted that only the one that knows the value of the master key Km can create the authenticator. Therefore, the reliable one that can know the master key Km in advance is this license server. This is because it can be interpreted that the address 1305 has been generated.

  In the above description, the DVD player architecture has been described as having both a public network interface (telephone modem 201) and a local network interface (IEEE 1394 I / F 202) as shown in FIG. 2, but it does not have both interfaces. For example, as shown in FIG. 14, it is possible to have a configuration in which only the local network interface 202 is provided without the public network interface. That is, in FIG. 5, the operation starts from step S503 and operates from the beginning as having only a 1394 interface. In this way, since there is no public network interface, the production cost can be greatly reduced.

  In the above description, the DVD player has been described as an example. However, the present invention can be applied to various devices such as a VTR, a TV, and a computer.

  The case where a device such as a DVD player is directly connected to the local network has been described above, but a device such as a DVD player is not connected directly to another local network connected to the local network. Even in this case, the present invention is applicable.

  In the above description, IEEE 1394 is described as an example of the local network. However, other networks such as Ethernet (registered trademark), ATM-LAN, power line network, and wireless network can be used.

  In the above description, the telephone network is taken as an example of a network other than the local network, but other networks such as other local networks, other public networks, the Internet, and personal computer networks may be used.

  In the above description, the DVD has been described as an example of the storage medium. However, the present invention can be applied to other media.

  In the above description, permission for use of content in units of discs has been described. However, it is also possible to perform a procedure for receiving permission by controlling whether or not use is possible in units of content in a disc.

  In the above description, the case where encryption or decryption is performed using the master key Km has been described as an example. Of course, if an agreement has been made in advance between the DVD supplier and the DVD player, the master key Km is used. It is also possible to use the key. Of course, public key cryptography can also be used. The present invention can also be applied to a case where a plurality of contents are stored in one storage medium and the contents are encrypted with different keys. The present invention is also applicable to cases where a plurality of contents are stored in one storage medium and different playback conditions are assigned to each content. Further, when an authenticator is used as shown in FIG. 14, the key used for content encryption may be different from the key used for generating the authenticator.

  The present invention is not limited to the embodiment described above, and can be implemented with various modifications within the technical scope thereof.

The figure which shows an example of the whole structure of the network system which concerns on one Embodiment of this invention The figure which shows an example of the internal structure of the DVD player which concerns on the embodiment The figure which shows an example of a structure of the information recorded on DVD A figure showing an example of the description method of the address of the license server The figure which shows an example of the connection establishment procedure by the telephone server procedure department Diagram showing an example of the overall communication sequence The figure which shows an example of the operation | movement sequence of the DVD player which concerns on the same embodiment The figure which shows an example of the operation | movement sequence of the home gateway which concerns on the embodiment The figure which shows an example of the service registration procedure of the home gateway which concerns on the embodiment The figure which shows the internal structure example of the home gateway which concerns on the embodiment The figure which shows the other example of a structure of the information recorded on DVD The figure which shows the further another example of the structure of the information recorded on DVD The figure which shows the further another example of the structure of the information recorded on DVD The figure which shows the other example of the internal structure of the DVD player which concerns on the same embodiment

Explanation of symbols

  DESCRIPTION OF SYMBOLS 101 ... DVD player, 102 ... Home gateway, 103 ... License server, 104 ... Local network, 105 ... Telephone network, 201 ... Telephone modem, 202 ... IEEE1394 interface, 203 ... Interface selection part, 204 ... Telephone server procedure part, 205 ... License update procedure section, 206 ... License determination section, 207 ... DVD drive, 208 ... Additional information extraction section, 209 ... Content extraction section, 210 ... Decoder, 1001 ... IEEE1394 interface, 1002 ... Service notification section, 1003 ... Filter section, 1004 ... Telephone server unit, 1005 ... Data modulation / demodulation unit, 1006 ... Telephone network interface

Claims (11)

A network interface for connecting to the network;
When encrypted content information recorded in a predetermined storage medium satisfies a condition regarding permission to use content information recorded in an area different from the content information recording area in which the content information is recorded in the storage medium And decryption means for decrypting using the information for decryption recorded in an area different from the content information recording area of the storage medium,
The server device to be communicated in order to obtain permission for using the content information when the condition regarding the permission to use the content information recorded in an area different from the content information recording area of the storage medium is not satisfied. Address information is extracted from an area different from the content information recording area of the storage medium, and control is performed to establish a connection with the server device via the network interface based on the address information. Connection control means;
When the condition relating to permission to use the content information recorded in an area different from the content information recording area of the storage medium is not satisfied, the permission is received from the server device via the established connection. And processing means for performing a procedure for
The content information processing characterized in that the decryption means decrypts the content information using the information for decryption even when the permission is obtained through the procedure performed by the processing means. apparatus.   The content information processing apparatus according to claim 1, wherein the processing unit performs the procedure according to a predetermined protocol.   The processing means extracts a communication protocol program for performing the procedure for obtaining the permission with the server device from an area different from the content information recording area of the storage medium, and extracts the communication protocol The content information processing apparatus according to claim 1, wherein the procedure is performed by executing a program. In the storage medium, a plurality of programs having the same function described in a programming language used in each platform for a plurality of different platforms is recorded as the communication protocol program.
The content information processing apparatus according to claim 3, wherein the processing unit selects a program corresponding to a platform of the own apparatus from among the plurality of programs.   The communication protocol program is an area different from the content information recording area of the storage medium in a state where the communication protocol program is encrypted using a key different from the key used when the content information is encrypted. The content information processing apparatus according to claim 3, wherein the content information processing apparatus is recorded on the content information processing apparatus.   The information for decryption is encrypted using a key different from the key used when the content information is encrypted, and is separate from the content information recording area of the storage medium. The content information processing apparatus according to claim 1, wherein the content information processing apparatus is recorded in the area. The content information is encrypted with a predetermined content key,
The information for decryption is obtained by encrypting the predetermined content key,
The decrypting means decrypts the information for decryption extracted from an area different from the content information recording area of the storage medium when decrypting the content information, and the predetermined information obtained thereby The content information processing apparatus according to claim 6, wherein the content information is decrypted using the content key.   The content information usage permission condition is different from the content information recording area of the storage medium in a state where the content information is encrypted using a key different from the key used when the content information is encrypted. The content information processing apparatus according to claim 1, wherein the content information processing apparatus is recorded in the area.   The address information is encrypted in a different area from the content information recording area of the storage medium in a state where the address information is encrypted using a key different from the key used when the content information is encrypted. The content information processing apparatus according to claim 1, wherein the content information processing apparatus is recorded. The network interface for connecting to the network and the encrypted content information recorded on a predetermined storage medium are recorded in a different area from the content information recording area where the content information is recorded on the storage medium. Decoding means for decoding using information for decoding recorded in an area different from the content information recording area of the storage medium when a condition relating to permission to use content information is satisfied, and connection control And a content information processing method in a content information processing apparatus comprising processing means,
In order to use the content information prior to the decryption by the decryption means when the condition relating to permission to use the content information recorded in an area different from the content information recording area of the storage medium is not satisfied The address information of the server device to be communicated to obtain the license of the server is extracted from an area different from the content information recording area of the storage medium, and the server is connected via the network interface based on the address information. A step of performing control for establishing a connection with a device by the connection control means;
Performing the procedure for obtaining the permission with the server device via the connection established in this step by the processing means;
A step of decrypting the content information by using the information for decryption by the decryption means when the permission is obtained through the procedure performed in this step. Content information processing method. The network interface for connecting to the network and the encrypted content information recorded on a predetermined storage medium are recorded in a different area from the content information recording area where the content information is recorded on the storage medium. Decoding means for decoding using information for decoding recorded in an area different from the content information recording area of the storage medium when a condition relating to permission to use content information is satisfied, and connection control A computer-readable recording medium having recorded thereon a program for causing a computer to function as a content information processing apparatus comprising means and processing means,
In order to use the content information prior to the decryption by the decryption means when the condition relating to permission to use the content information recorded in an area different from the content information recording area of the storage medium is not satisfied The address information of the server device to be communicated to obtain the license of the server is extracted from an area different from the content information recording area of the storage medium, and the server is connected via the network interface based on the address information. A step of performing control for establishing a connection with a device by the connection control means;
Performing the procedure for obtaining the permission with the server device via the connection established in this step by the processing means;
In order to cause a computer to execute the step of decrypting the content information using the information for decryption by the decryption means when the permission is obtained through the procedure performed in this step A computer-readable recording medium on which the program is recorded.

Images