JPH07297818A - Digital information communication system and method thereof - Google Patents

Abstract

(57) [Summary] [Purpose] Regarding the paid digital information received / purchased through communication, for a specific authorized user group consisting of multiple people, it is possible to copy it freely such as backup and to use it on terminals other than the receiving terminal. (EN) Provided are a digital information communication system and a method for enabling copyright protection and for copyright owners and information providers to prevent unauthorized use by groups other than a legitimate user group and to protect copyrights. [Structure] A card 2 having a security information storage unit 21 that stores a different user identification number for each card and a group private key etc.
The card 2 is connected to the terminal device 3, the user identification number stored in the card 2 is transmitted from the terminal device 3 to the information center device 1 to request information, and the received information body is group secret. The information body is encrypted by using the key and stored in the terminal device 3. When the information body is used, the information body is decrypted by the group secret key.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention is used in actual use after receiving and storing encrypted digital copyrighted material information such as music, video, programs, etc. from an information distribution center using a communication line in a receiving terminal. In the case of a group of users who each have a legitimate individual card and know the password, can be used without being restricted by the terminal by connecting to the receiving terminal, and copyright for the information provider. The present invention relates to a digital information communication system and its method in consideration of protection of data.

[0002]

2. Description of the Related Art Conventionally, due to the development of digital information compression technology for voice, moving images, still images, etc., and high-speed digital communication technology, copyrighted works such as music, video, software, etc. are converted into digital information, compression-coded, and communication lines It has become possible to send using. In particular, for software, there are cases in which delivery services using personal computer communications have already been implemented, and in this way, so-called "on-demand", where information delivery centers send desired digital information using communication lines. The “service” simplifies the conventional distribution channel, and has the advantage of being able to deliver information nationwide economically and quickly.

[0003]

However, it is generally difficult to take measures such as restrictions on use of digital information received and stored through communication, and if the digital information is a pay work, the pay digital information is purchased. In addition to legitimate users who have received and accumulated the information, there is a problem that copyrights are infringed by inviting unauthorized use by other people or by illegal copy proliferating, which damages the profits of copyright holders and information providers. there were.

On the other hand, in order to prevent illegal use or illegal copying, measures may be taken to prohibit the copying itself. In this case, a legitimate user cannot back up the data, and only use the terminal device that has received the information. Inconvenience such as not being possible occurs. In this way, if the use restrictions or restrictions are increased, the number of users is limited to one, and it is difficult to realize services such as group contracts (family / in-company section, etc.).

In view of the above-mentioned problems, an object of the present invention is to freely pay or receive a copy of paid digital information received or purchased through communication for a specific authorized user group composed of a plurality of people. Provide a digital information communication system and a method for enabling copyright protection and preventing unauthorized use by a copyright holder or an information provider other than a legitimate user group. Especially.

[0006]

To achieve the above object, the present invention provides, in claim 1, encrypted digital information comprising at least one of voice, music, video and characters from an information center device. In a digital information communication system that receives data via a communication line, stores it in a terminal device, and then uses it after decoding, a plurality of cards to be issued are provided for one group, and each card has a different card. The information center device has a user identification number, a user signature key, a group code and a group secret key that are set only one for each group, and a security information storage unit that stores a center verification key common to the system. A communication control means for controlling communication with the terminal device, a group code corresponding to each card, a user identification number, and a center registration password. And a user verification key and user information storage means for storing provided service information that defines a service that can be provided, service permitting means for determining whether or not information can be provided based on the provided service information, and a digital A session key generation means for generating a session key for encrypting the information body, a user authorized person designation means for designating a user who can use the received / stored information, and a center signature key storage means for storing the center signature key. , Signature generation means for generating a digital signature for the session key by the center signature key, public key decryption means for decrypting encrypted signature information received from the terminal device by a public key cryptosystem, and terminal device Means for verifying digital information from the terminal, and signature information accumulating means for accumulating the digital information from the terminal device The terminal device includes security information storage means for the card, which comprises: conventional encryption means for encrypting the digital information using the session key by a conventional encryption method; and center information storage means for storing the main body of digital information. Card interface means for reading information in the information, communication control means for controlling communication between the information center device, verification means for verifying digital signature information received from the information center device, password input and service Input means for inputting information specifying a user who can use
A collating means for collating users, a session key extracting means for extracting a session key that encrypts the digital information body, and a digital signature using the user signature key stored in the card for the session key. , A public key encryption means for encrypting the signature information obtained by the signature generation means by the center verification key by a public key encryption method, and an encryption / decryption by a conventional encryption method. A digital information communication system is proposed, which comprises conventional encryption means for performing, information storage means for storing received information, and information output means for reading the received information and converting it into usable media information for output.

Further, in claim 2, voice, music, video,
Receives encrypted digital information consisting of at least one of the characters from the information center device via the communication line,
A digital information communication method that is used after being stored in a terminal device and then decrypted, in which each card has a different user identification number, user signature key, and group code and group that are commonly set to only one group. A card having a secret information and security information storage means for storing a center verification key common to the system is provided, and the card is
Multiple cards are issued to a group, and the terminal device extracts the stored data of one of the group cards and uses the information received / stored after connecting to the information center device. Enter the user list consisting of the user identification numbers of all or some of the members of the group that can be entered, and enter the user list together with the group code and user identification number extracted from the security information storage means of the card. The information center device is requested to transmit the digital information by transmitting it to the information center device, and the information center device having received the request, the center registration password and the user verification key corresponding to the user identification number received from the user information storage means. , And providing service information, and then providing the requested digital information based on the providing service information. Is determined, and if not, the line is disconnected. If yes, two types of session keys, a pseudo session key and a verification session key, are generated, and the first session key is generated from the pseudo session key and the verification session key. Center registration extracted based on the user identification number specified in the user list, the group code and the specified user identification number from the user information storage means after the session key is generated by a secret function. A collation list is created from the password and the collation session key by the second secret function, and the received user identification number and the extracted center registration password, the pseudo session key, the collation session key and the collation list are displayed. A conversion is performed by the third secret function, and the conversion result is signed by the center signature key extracted by the center signature key storage means. The signature information is transmitted to the terminal device, and the terminal device receiving the information extracts the user identification number from the center signature information by using the center verification key extracted from the security information storage means of the card, and transmits the information. The user identification number is verified, the line is disconnected in the case of disagreement, the password is requested to the user in the case of coincidence, and the first password is input from the entered password and the center signature information. Four
The pseudo session key, the collation session key, and the collation list are converted by the secret function of the above, and the session key is constructed from the pseudo session key and the collation session key by the first secret function. , The user verification data is created from the password and the verification session key by the second secret function, the user verification data and the verification list are compared and verified, and if the comparison result does not match, the line is connected. If the two match, the user signature information is generated using the user signature key extracted from the configured session key by the security information storage means of the card, and then the user signature information is generated using the center verification key. The information center that encrypts the information and sends it to the information center device and receives the user signature information uses the center signature key. Decrypts the encrypted user signature information, stores the user signature information in the signature information storage means, and then the user verification key stored in the user information storage means from the user signature information. The session key is extracted by using, and the extracted session key is collated with the generated session key. If the collation results do not match, the line is disconnected, and if they match, the digital transmission requested Information is taken out from the center information storage means, the digital information is encrypted with the session key and then transmitted to the terminal device, and the terminal device that receives the encrypted digital information extracts the pseudo information extracted by the session key extracting means. The session key, the verification session key and the verification list are encrypted with the group secret key extracted from the security information storage means of the card, An information delivery process of storing in the information storage means together with the received encrypted digital information, and storage of the card from one of a plurality of group cards including the card used in the information delivery process in the terminal device. While extracting the data,
Request the user to input a password, decrypt the encrypted collation session key and collation list corresponding to the information to be used in the information storage means with the group secret key, and input the password , The user verification data is created by the second secret function from the decrypted verification session key and the user storage number stored in the card, and the user verification data is compared with the decrypted verification list. Performs comparison and collation, prohibits use of information when the comparison and collation results do not match, decrypts the encrypted pseudo session key with the group secret key when the results match, and decrypts the pseudo session After reconstructing the session key from the key and the collation session key by the first secret function, the digital information body encrypted by the session key is reconstructed. Issue to propose a digital information communication method and an information utilization step of outputting the information output means.

[0008]

According to the digital information communication system of the first aspect of the present invention, when the user receives / stores the information in the information center device in the terminal device, the card owned by the user is the terminal device. Is connected to the card interface means, and the terminal device and the information center device are connected via the communication control means. Thereafter, the password and the information designating the user are input via the input means, and the information, the group code extracted from the security information storage means of the card, and the user identification number are transmitted to the information center device,
A request for transmission of digital information is made. Further, the information content stored in the security information storage means of the card is physically protected.

In the information center device that has received the transmission request, the user information storage means retrieves and extracts the center registration password, the user verification key, and the provided service information corresponding to the user identification number received from the terminal device. Along with
Based on the extracted provided service information, the service permission means determines whether or not the digital information requested to be transmitted can be provided. If the result of this determination is no, the line is disconnected and the information center device and the terminal device are connected. Communication is interrupted.
If the result of the determination is yes, the session key generation means generates a session key, and the authorized user designation means designates a user who can use the information.
A digital signature is generated by the signature generation means, center signature information is created from the digital signature with the signature key stored in the center signature key storage means, and is transmitted to the terminal device.

In the terminal device that has received the center signature information, the user identification number is extracted from the center signature information by using the center verification key extracted from the security information storage means of the card by the verification means, and by the verification means. It is compared with the transmitted user identification number. As a result of this comparison, if there is no match, the line is disconnected, and if there is a match, the user is requested to enter the password by the input means, and then the session key extracting means uses the entered password and the center. The session key is extracted from the signature information. Further, the verification means verifies the user based on the user identification number, and if the verification result matches, the signature generation means extracts the session key from the security information storage means of the card. User signature information is generated by signing with a key, and the user signature information is encrypted by the public key encryption means by the center verification key and transmitted to the information center device.

In the information center device that has received the encrypted signature information, the received encrypted user signature information is decrypted by the public key decryption means using the center signature key, and the user signature information is stored in the signature information storage means. To be done. After that, the verification means extracts the session key from the user signature information by using the user verification key, and the generated session key is compared and verified. As a result of this verification, if they match, the requested digital information is taken out from the center information storage means, is conventionally encrypted by the conventional encryption means using the session key, and is transmitted to the terminal device.

In the terminal device receiving the encrypted digital information, the session key extracted by the session key extracting means is encrypted by the conventional secret encryption means with the group secret key extracted from the security information accumulating means of the card, It is stored in the information storage means together with the received encrypted digital information.

When the encrypted digital information received from the information center device and stored in the terminal device is used, the terminal device and the card are connected to each other through the card interface means and the input means is provided to the user. You will be prompted to enter the password from. After this, the encrypted session key corresponding to the digital information desired to be used in the information storage means is decrypted by the conventional encryption means with the group secret key extracted from the security information storage means of the card, and the verification means determines the user's password. Matching is done. When the result of this matching is matched, the session key encrypted by the conventional encryption means is decrypted by the group secret key,
The digital information encrypted by the session key is decrypted by the conventional encryption means and output from the information output means.

By this, by incorporating the user information necessary for using the system into the card and physically protecting it, it is possible to prevent fraudulent acts such as counterfeiting of the card itself, and to identify different users for each card. The user who receives the information can be identified by incorporating the number and the user signature key. Further, since the terminal device does not include security information, any terminal device can operate under exactly the same conditions.

According to the digital information communication method of the second aspect, the user identification number, the user signature key, and the group code and group secret key that are commonly set for each group are different for each card. Further, a card having a security information storage means for storing a center verification key common to the system is provided, and a plurality of cards are issued to one group. When requesting digital information from the information center, the terminal device extracts the stored data of one of the plurality of group cards and connects the terminal device and the information center device. After that, the user list consisting of the user identification numbers of all or some of the members in the group who can use the information to be received / stored is input from the input means, and the group code extracted from the security information storage means of the card is input. The user list is transmitted to the information center device together with the user identification number, and transmission of digital information is requested.

In the information center device receiving the request, the center registration password corresponding to the received user identification number, the user verification key, and the provided service information are extracted from the user information storage means, and the provided service information is obtained. Whether or not the digital information requested to be transmitted can be provided is determined based on. If the result of the judgment is negative, the line is disconnected,
If yes, 2 of pseudo session key and verification session key
A session key of a type is generated, and after the session key is generated from the pseudo session key and the collation session key by the first secret function, the user identification number specified in the user list and the user information storage means. A reference list is created by a second secret function from the center registration password extracted based on the group code and the specified user identification number, and the verification session key, and the received user identification number and The extracted center registration password, the pseudo session key, the verification session key and the verification list are converted by the third secret function, and the conversion result is signed by the center signature key extracted by the center signature key storage means. Information is transmitted to the terminal device.

In the terminal device that has received the information, the user identification number is extracted from the center signature information by using the center verification key extracted by the security information storage means of the card, and the extracted user identification number is used. Verification is done. As a result of this verification, if they do not match, the line between the terminal device and the information center device is disconnected, and if they match, the user is required to enter a password. After that, the input password and the center signature information are converted by a fourth secret function to extract a pseudo session key, a collation session key, and a collation list,
The first from the pseudo session key and the verification session key
After the session key is constructed by the secret function of, the user verification data is created by the second secret function from the user identification number, the password and the verification session key. Further, the user collation data and the collation list are compared and collated. If the comparison results do not match, the line is disconnected, and if they match, the configured session key is used to determine the security information of the card. After the user signature information is generated by using the user signature key extracted by the storage means, the user signature information is encrypted by the center verification key and transmitted to the information center device.

In the information center which has received the user signature information, the encrypted user signature information is decrypted by using the center signature key, and the user signature information is stored in the signature information storage means. , A session key is extracted from the user signature information using a user verification key stored in the user information storage means, and the extracted session key and the generated session key are collated, If the verification results do not match, the line is disconnected, and if they match, the requested digital information is retrieved from the center information storage means, and the digital information is encrypted with the session key and then the It is transmitted to the terminal device.

In the terminal device receiving the encrypted digital information, the pseudo session key extracted by the session key extracting means, the collation session key, and the collation list are the group secret key extracted by the security information accumulating means of the card. The data is encrypted in step S1 and is stored in the information storage means together with the received encrypted digital information.

When utilizing the information accumulated in the information accumulating means, in the terminal device, from one of a plurality of group cards including the card used in accumulating the information, The stored data of the card is extracted, the user is requested to input a password, and the encrypted collation session key and collation list corresponding to the information to be used in the information storage means are stored in the group. User verification data is created by a second secret function from the password that has been decrypted with the secret key, the entered verification session key, and the user storage number stored in the card. Furthermore, the user collation data and the decrypted collation list are compared and collated. If the comparison and collation results do not match, the use of the information is prohibited, and if they match, the information is encrypted. After the pseudo session key is decrypted by the group secret key, and the session key is reconstructed by the first secret function from the decrypted pseudo session key and the collation session key,
The digital information body encrypted with the session key is decrypted and output from the information output means.

As a result, unless the card and password are correctly entered and the information center device approves the service, the information cannot be provided. Furthermore, regarding the use of the received, received and accumulated information, the card and password are correctly entered, and the information is limited to the members in the group included in the matching list. Furthermore, if you copy the received / stored information, you will be able to use the maximum number of people included in the verification list, but even in that case, the person who can use it is a legitimate card holder who also knows the correct password. In addition, since it is only the person who is included in the collation list created by the information center device in advance, it can be considered as a substantially legitimate user. No problems such as copyright infringement occur.

[0022]

DESCRIPTION OF THE PREFERRED EMBODIMENTS An embodiment of the present invention will be described below with reference to the drawings. FIG. 1 is a block diagram showing a digital information communication system according to an embodiment of the present invention. In the figure, reference numeral 1 is an information center device, a communication control unit 101 for controlling communication with a terminal device, a group code corresponding to each card 2 described later, a user identification number, a center registration password, a user verification key, and a provided service. A user information storage unit 102 that stores information and the like, a service permission unit 103 that determines whether information can be provided based on the provided service information, a session key generation unit 104 that generates a session key, and information received and stored by the terminal device. By the authorized user designating unit 105 that designates all or some members in the usable group, the center signature key storing unit 106 that stores the signature key of the center, the signature generating unit 107 that generates a digital signature, and the public key cryptosystem. A public key decryption unit 108 for decryption, a verification unit 109 for verifying a digital signature from the terminal device, a terminal device A digital signature, a signature information storage unit 110 for storing digital signatures, a conventional encryption unit 111 for performing encryption by a conventional encryption method, and a center information storage unit 112 for storing a digital information body, which are connected to each other via a bus. There is.

Reference numeral 2 denotes a card issued as a group card, which can be, for example, a magnetic card, an IC card, a card composed of an optical storage medium, or the like, and a user identification number and a user signature key corresponding to each card. , A group code and a group secret key that are commonly set for each group, and a security information storage unit 21 that stores a center verification key common to the system, and these information contents are physically protected.

Reference numeral 3 denotes a terminal device, which is a card insertion unit 301 having an interface function for reading information stored in the card 2, a communication control unit 302 for controlling communication with an information center device, and digital information from the information center. A verification unit 303 for verifying the password, an input unit 304 including a keyboard for inputting a password and the like, a verification unit 305 for verifying a user, a session key extraction unit 306 for extracting a session key, and a signature generation for generating a digital signature. Unit 307, public key encryption unit 308 that performs encryption by the public key encryption method, conventional encryption unit 309 that performs encryption / decryption by the conventional encryption method, and information storage unit 31 that stores received information.
0, an information output unit 3 that reads the received information and outputs it in a format that can be used on a display screen, sound, information recording medium, etc.
11 are connected to each other via a bus.

Next, an operation procedure (information delivery process) from the terminal device 3 to receiving and storing information from the information center device 1 in the present embodiment having the above-mentioned configuration will be described with reference to the flowchart shown in FIG. To do.

First, a user who wants to receive / store information in the information center device 1 in the terminal device 3 inserts his / her card 2 into the card insertion portion 301 of the terminal device 3. Next, after connecting to the information center apparatus 1 via the communication control units 302 and 101, the members in the group that can use the information received / stored this time are arbitrarily designated, and the set of user identification numbers AIDj of the designated members is set. User list LI
Input D from the input unit 304 and enter the user list LID
And the group code GC extracted from the security information storage unit 21 of the card 2 and the user identification number UIDj are sent together to the information center device 1, and the digital information M
Is requested (SA1). As shown in FIG. 3, the security information storage unit 21 of the card 2 has a group code GC, a user identification number UIDi, and a center verification key C.
p, user signature key Di, and group secret key GK information are included, and the contents of these information are physically protected.

In the information center device 1, the group code GCd and the user identification number U are in the format shown in FIG.
IDn, center registration password PWn, user verification key E
n, and the center registration password PWi corresponding to the user identification number UIDi received from the terminal device 3 from the user information storage unit 102 in which the provided service information is stored,
The user verification key Ei and the provided service information SVi are searched and extracted (SA2).

Next, based on the provided service information SVi extracted by the service permission unit 103, it is determined whether or not the digital information requested to be transmitted can be provided (SA3). If the result of this determination is no, the line is disconnected. (SA4), communication between the information center device 1 and the terminal device 3 is interrupted. Also,
If the determination result is yes, the session key generation unit 104 causes the pseudo session key KSI and the verification session key KS.
2 is generated, and the session key K for encryption of the information body is generated by the first secret function f1 () from the pseudo session key KS1 and the collation session key KS2.
S is generated (SA5). The pseudo session key KS1
As a method of generating the matching session key KS2, for example, a 64-bit random number sequence can be used. Also,
For example, the following equation (1) can be used for the first secret function f1 ().

[0029]

[Equation 1] After that, in the authorized user designating unit 105, the matching session key KS2, the user identification number AIDj for each user included in the user list LID, and the group code GC.
And a personal identification list ALTj is created by the second secret function f2 () from the center registration password APWj extracted from the user information storage unit 102 based on the user identification number AIDj for each user, and A matching list AL composed of a set of the matching individual list ALTj
Create T (SA6).

FIG. 5 shows the data formats of the user list LID and the collation list ALT. If the user identification numbers having different group codes are included, only the user identification numbers are invalidated. For the second secret function f2 (), for example, the following expression (2) can be used.

[0031]

[Equation 2] Finally, in the signature generation unit 107, the received user identification number UIDi, the extracted center registration password PWi, the pseudo session key KS1, the verification session key KS2, and the verification list ALT are stored in the third secret function f3.
After conversion by (), the center signature information CSign is created from the conversion result with the signature key Cs stored in the center signature key storage unit 106 (SA7) and transmitted to the terminal device 2. The third secret function f3 (), for example,
Equation (3) can be used.

[0032]

[Equation 3] Also, CSign = Cs (F3 (UIDi, PWi, KS1, KS2, ALT)).

Next, in the terminal device 3, as shown in the following equation (4), the center signature information CSign is used by the verification unit 303 using the center verification key Cp extracted from the security information storage unit 21 of the card 2. The user identification number is retrieved from and compared with the transmitted user identification number UIDi (SA8).

[0034]

[Equation 4] If the result of this verification is that they do not match, the line is disconnected (SA
9) If they match, the user is requested to input the password PWi from the input unit 304, and then the session key extraction unit 306 inputs the password PW.
i and the center signature information CSign, the pseudo session key KS1, the collation session key KS2, and the collation list ALT are extracted from the third secret function f3 () by inverse conversion (fourth secret function), and then the pseudo session ALT is extracted. Key KS
1 and the first secret function f1 from the verification session key KS2
The session key KS is constituted by () (SA10).

Next, the collation unit 305 creates user collation data from the user identification number UIDi, password PWi and collation session key KS2 by the second secret function f2 () (SA11). And a personal list A for collation included in the collation list ALT
All the LTj are compared and collated (SA12), if all do not match, the line is disconnected (SA13), and if there is a match, the signature generation unit 307 sends the session key KS to the security information of the card 2. Accumulator 2
The user signature key Di extracted from No. 1 is used to generate the user signature information Sign [Di (KS)] (SA14),
The public key encryption unit 308 encrypts the user signature information with the center verification key Cp (SA15) and sends it to the information center device 1.

In the information center device 1, the public key decryption unit 108 decrypts the received encrypted user signature information with the center signature key Cs (SA16), and the user signature information Sign is stored in the signature information storage unit 110. Accumulate (SA1
7). Then, the verification unit 109 extracts a session key from the user signature information Sign using the user verification key Ei, and compares and verifies the generated session key KS (SA18). As a result of this verification, if they do not match, the line is disconnected (SA19), and if they match, the digital information M requested to be transmitted is sent to the center information storage unit 11
2, and the common encryption unit 111 performs common encryption [KS (M)] using the session key KS, and then transmits it to the terminal device 3 (SA20).

In the terminal device 3, the pseudo session key KS1, the verification session key KS2 and the verification list ALT extracted by the session key extraction unit 306 are extracted from the security information storage unit 21 of the card 2 in the conventional encryption unit 309. After encrypting with the group secret key GK (SA21), the information storage unit 3 together with the received encrypted digital information according to the format shown in FIG.
It is accumulated in 10 (SA22).

Next, the operation procedure (information utilization process) in the case of utilizing the digital information received from the information center device 1 and accumulated in the terminal device 3 will be described based on the flowchart of FIG. When using the stored information, in the terminal device 3, after inserting the card 2 into the card insertion unit 301, the password PW is input from the input unit 304 to the user.
Request the input of i (SB1).

Next, the encrypted verification session key GK (KS2) and verification list GH (ALT) corresponding to the digital information desired to be used in the information storage unit 310 are stored in the conventional encryption unit 309 in the security information of the card 2. The group secret key GK extracted from the storage unit 21 is used for decryption (SB2), and the collation unit 305 decrypts the password PW.
i, the verification session key KS2, and the user identification number UIDi extracted from the security information storage unit 21 of the card 2.
From the second secret function f2 () to create user verification data (SB3), and the user verification data is compared and verified with all of the verification personal lists ALTj included in the verification list ALT (SB4). ).

As a result of this collation, if all do not match, the use of the information is prohibited (SB5), and if there is a match, the pseudo session key GK (KS1) encrypted in the conventional encryption unit 309 is written as above. The session key KS is decrypted by the group secret key GK (SB6), the session key KS is reconstructed by the first secret function f1 () together with the collation session key KS2 (SB7), and then encrypted by the conventional encryption unit 309 by the session key KS. Digital information KS
(M) is decoded (SB8) and output from the information output unit 311 (SB9).

As described above, the information received from the information center device 1 and stored in the terminal device 3 is stored only when the user listed in the collation list uses the correct card 2 and the correct password PWi. It is possible to use. Therefore, even if the information is copied, there is no concern that it will be used illegally, so there is no need to put restrictions such as copy prohibition.

Further, a collation list, a collation session key, a pseudo session key, which are keys necessary for utilizing the information,
Since the session keys are used in association with each other, even if you tamper with some or all of the other information that you are not authorized to use and illicitly use it, the effect of the tampering is necessary to use the information. Since it spreads to all keys, the information cannot be used illegally. These guarantee the copyright protection of information.

On the other hand, this system is also a digital information communication system including an information access authority function for a closed group such as a family, a section in a company, or a club. That is, the group members 2 are given to the members of the group one by one from the information provider in exchange for the registration of the provided service information that defines the password and the type of service that can be used, and the card 2
Group code and group secret key common to the group,
A center verification key common to the system, a different user identification number and a different user signature key for each card 2 are recorded. Therefore, since the user signature key is used when receiving the information, it is possible to identify who has received the information even if there are a plurality of members of the group.

Further, since the collation list is created by the information center device (information provider) automatically incorporating the password one by one, based on the group code and the user list designating the members who can use the information, You don't need to know the member's password, and nobody else is included in the matching list.

Further, regarding the use of the information, since the user identification number and the password are not incorporated in the members that are not included in the collation list of the information, even the members of the same group can use the information. It is not possible. On the other hand, the members included in the collation list can be freely used, and the information may be copied and used if necessary. In other words, only the members listed in the matching list can be copied and used, and the information provider creates the matching list by itself, so by changing the information fee depending on the number of members in the matching list, This is because all the members included in the usage list can be regarded as regular users.

[0046]

As described above, according to the digital information communication system according to the first aspect of the present invention, the user information necessary for using the system is incorporated in the card, and the information is physically recorded. A protected card,
It is equipped with a terminal device that can be used by inserting a card and entering a correct password, and an information center device that sets a session key, encrypts digital information with the session key, and then transmits the encrypted digital information to the terminal device. Therefore, it is possible to prevent fraudulent acts such as counterfeiting of the card itself, and it is possible to identify the user when receiving the information by incorporating a different user identification number and user signature key for each card. Further, since the terminal device does not include security information, any terminal device can be operated under exactly the same conditions.

According to the digital information communication method of the second aspect, a group card composed of a plurality of persons is provided with a number of cards corresponding to the number of persons, and each card is provided from the information center device. By defining the services of digital information that can be received, and by specifying the members that can be used in the group for the digital information received from the information center device and received / stored in the terminal device, the card and password are required. Information cannot be provided unless the information is correctly entered and the information center device permits the service. Also, regarding the use of the received and received / accumulated information, it is limited to the members in the group whose card and password are correctly input and which are included in the verification list. Furthermore, if you copy the received / stored information, you can use the maximum number of people included in the verification list, but even in that case, the person who can use it is a legitimate card holder and you also know the correct password, Moreover, since only those who are included in the collation list created by the information center device in advance, they are considered to be substantially legitimate users. Problem does not occur.

[Brief description of drawings]

FIG. 1 is a configuration diagram showing a digital information communication system according to an embodiment of the present invention.

FIG. 2 is a flowchart showing an operation procedure in an information delivery process in the digital information communication method according to the embodiment.

FIG. 3 is a diagram showing the contents of information stored in a security information storage unit in the card in one embodiment.

FIG. 4 is an explanatory diagram of a data format accumulated in a user information accumulating unit in the information center device in one embodiment.

FIG. 5 is an explanatory diagram of data formats of a user list and a collation list in one embodiment.

FIG. 6 is an explanatory diagram of a data format when data is stored in an information storage unit in a terminal device according to an embodiment.

FIG. 7 is a flowchart showing an operation procedure in an information utilization process in the digital information communication method according to the embodiment.

[Explanation of symbols]

DESCRIPTION OF SYMBOLS 1 ... Information center apparatus, 101 ... Communication control part, 102 ... User information storage part, 103 ... Service permission part, 104 ... Session key generation part, 105 ... Use-authorized person designation part, 106
... Center signature key storage unit, 107 ... Signature generation unit, 108 ...
Public key decryption unit, 109 ... Verification unit, 110 ... Signature information storage unit, 111 ... Common encryption unit, 112 ... Center information storage unit,
2 ... Group card, 21 ... Security information storage unit,
3 ... Terminal device, 301 ... Card insertion section, 302 ... Verification section, 303 ... Verification section, 304 ... Input section, 305 ... Collation section, 306 ... Session key extraction section, 307 ... Signature generation section, 308 ... Public key encryption section , 309 ... Common encryption part, 31
0 ... Information storage unit, 311 ... Information output unit.

─────────────────────────────────────────────────── ─── Continuation of the front page (51) Int.Cl. ⁶ Identification code Internal reference number FI technical display location G09C 1/00 9364-5L

Claims (2)

[Claims] 1. An encrypted digital information consisting of at least one of voice, music, video and characters is received from an information center device via a communication line, accumulated in a terminal device, and then used after being decrypted. In this digital information communication system, a plurality of cards to be issued are provided in one group, and each card has a user identification number, a user signature key, and a group that is commonly set to only one group. The information center device has a security information storage means for storing a code, a group secret key, and a center verification key common to the system, and the information center device has communication control means for controlling communication with the terminal device, and for each card. A proposal that specifies the corresponding group code, user identification number, center registration password, user verification key, and services that can be provided. User information storage means for storing service information to be provided, service permission means for determining whether or not information can be provided based on the provided service information, and session key generation means for generating a session key for encrypting the digital information body. , A licensed user designation means for designating a user who can use the received / stored information, a center signature key storage means for storing a center signature key, and a digital signature for the session key by the center signature key Signature generating means, a public key decrypting means for decrypting encrypted signature information received from the terminal device by a public key cryptosystem, a verifying means for verifying digital information from the terminal device, Signature information storage means for storing digital information, and the digital key using the session key by a conventional cryptosystem. The terminal device is provided with a conventional encryption means for encrypting information and a center information storage means for storing a digital information body, the terminal device is a card interface means for reading information in the security information storage means of the card, and the information center. For inputting communication control means for controlling communication with the device, verification means for verifying the digital signature information received from the information center device, and inputting information for inputting a password and specifying a user who can use the service Input means, collation means for collating users, session key extracting means for extracting a session key that encrypts the digital information body, and user signature key stored in the card for the session key Signature generation means for generating a digital signature using the A public key encryption means for encrypting the signature information obtained by means of the center verification key, a conventional encryption means for encryption / decryption by a conventional encryption method, an information storage means for storing received information, and a received information A digital information communication system, comprising: an information output unit that reads out and converts and outputs the usable media information. 2. The encrypted digital information including at least one of voice, music, video and characters is received from the information center device via the communication line, accumulated in the terminal device, and then used after being decrypted. This is a digital information communication method that stores different user identification numbers and user signature keys for each card, a group code and a group secret key that are commonly set for each group, and a center verification key that is common to all systems. A card having security information storage means is provided, and a plurality of cards are issued to one group. In the terminal device, one of the plurality of group cards is issued.
After extracting the stored data of the card from one card and connecting to the information center device, a user list consisting of user identification numbers of all or some members in the group that can use the information to be received / stored is displayed. The user list is input to the information center device together with the group code and the user identification number, which are input from the input means and extracted from the security information storage means of the card, and the digital information transmission is requested, and the request is received. The information center device extracts the center registration password, the user verification key, and the provided service information corresponding to the received user identification number from the user information storage means, and then the transmission request based on the provided service information. It is judged whether the provided digital information can be provided. If not, the line is disconnected. If it is possible, the pseudo session key and Generate two types of session keys, a matching session key,
After the session key is generated from the pseudo session key and the collation session key by the first secret function, the user identification number specified in the user list, the group code and the specified by the user information storage means. A center registration password extracted based on the user identification number, and a verification list is created from the verification session key by a second secret function, and the received user identification number and the extracted center registration password, the pseudo session A key, the verification session key, and the verification list are converted by a third secret function, and the conversion result is sent to the terminal device by the center signature information signed by the center signature key extracted by the center signature key storage means. In the terminal device receiving the information, the security information storage means of the card is extracted from the center signature information. The user identification number is extracted by using the extracted center verification key, the verification is performed with the transmitted user identification number, the line is disconnected in the case of disagreement, and to the user in the case of coincidence. A password is requested to be input, and the pseudo session key, the collation session key and the collation list are extracted by converting the inputted password and the center signature information by a fourth secret function, and the pseudo session key and the collation session are extracted. After constructing the session key from the key by the first secret function, the user verification data is created by the second secret function from the user identification number, the password and the verification session key, and the user verification data and the When the comparison result does not match, the line is disconnected, and when it matches, the session key configured as above Generating user signature information using the user signature key extracted from the security information storage means of the card, encrypting the user signature information with the center verification key, and transmitting the encrypted user signature information to the information center device; In the information center that has received the user signature information, the encrypted user signature information is decrypted using the center signature key, the user signature information is stored in the signature information storage means, and then the user signature is stored. A session key is extracted from the information by using the user verification key stored in the user information storage means, the extracted session key is collated with the generated session key, and when the collation result does not match. Disconnects the line, and in the case of coincidence, the requested digital information is taken out from the center information storage means, and the digital information is encrypted with the session key. Transmitted to the terminal device upon the, the terminal device receiving the encrypted digital information, the pseudo session key extracted by the session key extraction means,
An information delivery process of encrypting the verification session key and the verification list with the group secret key extracted from the security information storage means of the card and storing the encrypted digital information in the information storage means together with the received encrypted digital information; The stored data of one of the plurality of group cards including the card used in the information delivery process is extracted, and the user is requested to input the password, A user who decrypts the encrypted collation session key and the collation list corresponding to information to be used with the group secret key, and stores the input password, the decrypted collation session key, and the card. User verification data is created from the accumulated number by the second secret function, and the user verification data and the recovery When the comparison and comparison result does not match, the use of the information is prohibited, and when the comparison and comparison result does not match, the encrypted pseudo session key is decrypted by the group secret key. Then, after the session key is reconstructed by the first secret function from the decrypted pseudo session key and the collation session key, the digital information body encrypted by the session key is decrypted and output from the information output means. A digital information communication method comprising: an information utilization process.