WO2006095726A1 - 情報配信システム、ノード装置、及び解除データ発行方法等 - Google Patents
情報配信システム、ノード装置、及び解除データ発行方法等 Download PDFInfo
- Publication number
- WO2006095726A1 WO2006095726A1 PCT/JP2006/304356 JP2006304356W WO2006095726A1 WO 2006095726 A1 WO2006095726 A1 WO 2006095726A1 JP 2006304356 W JP2006304356 W JP 2006304356W WO 2006095726 A1 WO2006095726 A1 WO 2006095726A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- information
- node
- data
- authentication
- release data
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
- H04L9/0833—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
- H04L9/0836—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key using tree structure or hierarchical structure
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/60—Digital content management, e.g. content distribution
- H04L2209/603—Digital right managament [DRM]
Definitions
- the present invention relates to a peer-to-peer (P2P) type information distribution system including a plurality of node devices that can communicate with each other via a network, and in particular, a plurality of reproduction-restricted information.
- P2P peer-to-peer
- the present invention relates to a technical field such as a content information distribution system in which digital contents are distributed and stored in a plurality of node devices.
- DRM Digital Rights Management
- Patent Document 1 content for a client to make a license acquisition request to a license server so that the license server authenticates the license and reproduces the content data that has been signed.
- a content distribution system that issues a key ( ⁇ key) is disclosed.
- Patent Document 2 also discloses a technique when a license server issues a license corresponding to content data.
- Patent Document 1 Japanese Patent Application Laid-Open No. 2004-227283
- Patent Document 2 Japanese Unexamined Patent Application Publication No. 2004-046856
- P2P peer-to-peer
- the present invention has been made in view of the above-described problems and the like, and imposes an excessive processing burden on a specific device such as a server while ensuring safety related to copyright protection. It is an object of the present invention to provide an information distribution system, a node device, a release data issuing method, and the like that can prevent such a situation.
- a plurality of node devices that can communicate with each other via a network, and distribution information that is restricted in reproduction and includes a plurality of the distributions.
- authentication processing relating to permission to issue release data for canceling the reproduction restriction of each distribution information is distributed in the plurality of node devices. It is characterized by being performed.
- the authentication process corresponding to each piece of distribution information is performed by a node device corresponding to each piece of distribution information.
- the authentication process is performed by the node device corresponding to each piece of distribution information, it is possible to protect a specific device such as a server that performs a conventional authentication process while ensuring safety regarding copyright protection. It is possible to prevent an excessive processing burden from being imposed.
- the first node device that requests the release data corresponding to the delivery information of 1 has acquisition authority certificate data that proves the acquisition authority of the release data.
- a second node device that performs the authentication process corresponding to the distribution information of 1 receives the acquisition authority data.
- Acquisition authority certificate receiving means and validity of the received acquisition authority data Authenticating means for authenticating the authentication, release data issuing means for issuing the release data corresponding to the distribution information of 1 when the authentication means authenticates, and the release data issued above
- release data transmission means for transmitting for transmitting.
- the second node device that performs the authentication process corresponding to the distribution information of 1 performs authentication of the validity of the acquisition authority data certifying the acquisition authority of the release data and issuance of release data. Therefore, it is possible to prevent imposing an excessive processing burden on a specific device such as a server that performs a conventional authentication process while ensuring safety related to copyright protection.
- the first node device that requests the release data corresponding to the delivery information of 1 has acquisition authority certificate data that proves the acquisition authority of the release data, and the first node device And a second node device that performs the authentication process corresponding to the distribution information of 1 receives the acquisition authority data.
- the acquisition authority certificate receiving means, the authentication means for authenticating the validity of the received acquisition authority certificate data, and the release corresponding to the distribution information of 1 when authenticated by the authentication means Issuance permission information transmitting means for transmitting issuance permission information indicating data issuance permission
- the third node device is the issuance permission information receiving means for receiving the issuance permission information and the received issuance permission information.
- the node device that authenticates the validity of the acquisition authority data and the node device that issues the release data are configured to be independent, the request between the requester of the release data and the issuer Prevent improper collusion and improve the safety and reliability of copyright protection, and prevent excessive burden on specific devices such as servers that perform conventional authentication processing. Can do.
- the second node device has authentication authority data certifying the authentication authority, and the issuance permission information transmitting means transmits the issuance permission information and the authentication authority certificate data.
- the issuance permission information receiving means of the third node device is the issuance permission Receiving the information and the authentication authority data, and the third node device further comprises an authentication means for authenticating the validity of the received authentication authority data, and the release data issuing means The release data is issued only when it is authenticated by the means that it is valid.
- the configuration is such that the release data is issued only when the authentication authorization data is verified to be valid, thus further enhancing the safety and reliability of copyright protection. I can do it.
- the release data transmitting means of the third node device transmits the release data and location information indicating the location of the one distribution information corresponding to the release data.
- the first node device further includes release data receiving means for receiving the release data, and cancels the reproduction restriction of the delivery information of 1 by the received release data, And reproducing means for reproducing.
- the first node device further includes release data receiving means for receiving the release data and the location information, and a delivery for acquiring the delivery information of 1 based on the received location information. It comprises an information acquisition means, and a reproduction means for releasing the reproduction restriction of the one piece of distribution information acquired by the received release data and reproducing the distribution information.
- the information processing system functions as a first node device included in the information distribution system.
- a computer is caused to function as the first node device.
- the information processing system functions as a second node device included in the information distribution system.
- a computer is caused to function as the second node device.
- the information processing system functions as a third node device included in the information distribution system.
- a computer is caused to function as the third node device.
- a plurality of node devices that can communicate with each other via a network, and is distribution information that is restricted in reproduction. Is distributed and stored in a plurality of node devices, and authentication processing relating to permission to issue release data for releasing the reproduction restriction of each distribution information is distributed in the plurality of node devices.
- the release data issuance method in the information distribution system is performed, wherein the first node device that requests the release data corresponding to the delivery information of 1 has acquisition authority certificate data that proves the acquisition authority of the release data.
- the first node device transmits the acquisition authority data, and the second node device that performs the authentication process corresponding to the distribution information of the 1
- the acquisition authority certificate data is received, the validity of the acquisition authority certificate data is authenticated, and when it is verified that the acquisition authority certificate data is effective, the release data corresponding to the distribution information of 1 is issued and the cancellation is performed. It is characterized by transmitting data.
- a plurality of node devices that can communicate with each other via a network, and the distribution information is restricted in reproduction, and the plurality of distribution information Is distributed and stored in a plurality of node devices, and authentication processing relating to permission to issue release data for releasing the reproduction restriction of each distribution information is distributed in the plurality of node devices.
- the release data issuance method in the information distribution system is performed, wherein the first node device that requests the release data corresponding to the delivery information of 1 has acquisition authority certificate data that proves the acquisition authority of the release data.
- the first node device transmits the acquisition authority data, and the second node device that performs the authentication process corresponding to the distribution information of the 1
- the acquisition authority certificate data is received, the validity of the acquisition authority certificate data is authenticated, and when it is verified that the acquisition authority certificate data is effective, the issuance permission indicating the issuance permission of the release data corresponding to the distribution information of 1
- the information is transmitted, and the third node device receives the issue permission information, issues the release data indicated in the issue permission information, and transmits the release data.
- the authentication processing relating to the issuance permission of the release data for canceling the reproduction restriction of each distribution information is performed in a distributed manner in the plurality of node devices, so that the server that performs the conventional authentication processing If an excessive processing burden is imposed on a specific device such as this, it can be prevented.
- FIG. 1 is a diagram showing an example of a connection mode of each node device in the content distribution system according to the present embodiment.
- FIG. 2 is a diagram showing an example of DHT notification when a user node acquires a content protection key in the DHT node ID space.
- FIG. 3 is a diagram showing a schematic configuration example of node 1.
- FIG. 4 is a diagram showing a schematic configuration example of an IC card.
- FIG. 5 is a diagram showing a schematic configuration example of a license server 2.
- FIG. 6 is a diagram showing a schematic configuration example of a tamper resistant secure board.
- FIG. 7 is a diagram showing an example of the overall processing flow in the content distribution system S
- FIG. 8 is a flowchart showing content data encryption and storage processing in the control unit 31 of the license server 2.
- FIG. 9 shows an example of protection key management information registered in the content protection key management table.
- FIG. 10 is a diagram showing an example of how the content protection key is updated.
- FIG. 11 is a flowchart showing a license authentication authority delegation issuance process in the control unit 31 of the license server 2.
- FIG. 12 is a flowchart showing a license certificate purchase process in the control unit 11 of the user node la.
- FIG. 13 is a flowchart showing a license certificate issuing process in the control unit 31 of the license server 2.
- FIG. 14 is a conceptual diagram showing an example of contents described in a license certificate.
- FIG. 15 is a flowchart showing DRM processing (processing when a content protection key is requested) in the control unit 11 of the user node la.
- FIG. 17 is a flowchart showing protection key issuing processing in the control unit 11 of the root node ly.
- FIG. 18 is a flowchart showing DRM processing (processing when a content protection key is used) in the control unit 11 of the user node la.
- FIG. 19 is a flowchart showing blacklist registration processing in the control unit 11 of the root node ly.
- FIG. 21 is a flowchart showing a DRM process in the control unit 11 of the user node la when the license certificate is updated.
- FIG. 1 is a diagram showing an example of a connection state of each node device in the content distribution system according to the present embodiment.
- IX Internet eXchange
- ISP Internet Service
- a network (real world network) 8 such as the Internet is constructed Yes.
- the content distribution system S is configured to include a plurality of node devices la, lb, lc---lx, ly, 1 ⁇ ⁇ that are connected to each other via such a network 8. It has become a peer-to-peer network system. Each node device la, lb, lc --- lx, ly, 1 ⁇ ⁇ is assigned a unique serial number and IP (Internet Protocol) address. The serial number and IP address are not duplicated among the plurality of node devices 1. In the following description, the node devices la, lb, lc ⁇ lx, ly, 1 ⁇ ... Are collectively referred to as “node 1”.
- the content distribution system S includes a license server 2 that is connected to the network 8.
- this content distribution system S a specific algorithm, for example, an algorithm using a distributed hash table (hereinafter referred to as DHT (Distributed Hash Table)) described later is used in the upper frame 100 of FIG.
- DHT Distributed Hash Table
- the overlay network 9 is constructed by an algorithm using DHT, and the node 1 arranged on the overlay network 9 is a node participating in the overlay network 9. 1 Participation in overlay network 9 is performed by sending a participation request to any node 1 that has already participated by node 1 that has not yet participated.
- Each node 1 participating in the overlay network 9 has a node ID.
- the node ID is a hash function (for example, SHA-1) using a common IP address or serial number.
- Etc. is a hashed value (eg, bit length is 160 bits), and is distributed and distributed in one ID space without any bias.
- the node ID obtained (hashed) by the common hash function has a very low probability of having the same value if the IP address or serial number is different.
- the hash function is publicly known Therefore, detailed explanation is omitted.
- a node ID is a value obtained by hashing an IP address (global IP address) with a common hash function.
- Each node 1 participating in the overlay network 9 holds a DHT.
- this DHT the route information to other nodes 1, that is, the node IDs of other nodes 1 that are appropriately separated in the node ID space and their IP addresses are registered.
- Such a DHT is given when node 1 participates in overlay network 9.
- node 1 frequently joins or leaves the overlay network 9, so it is confirmed whether it is necessary to update DHT periodically (for example, at intervals of several tens of minutes to several hours).
- the update information is transmitted to the other node 1 via the route registered in the DHT. This makes it possible to keep the DHT up to date. Since the DHT generation method is publicly known, detailed explanation and explanation are omitted.
- any one of the plurality of nodes 1 participating in the overlay network 9 holds (owns) the public key of the license server 2 (the public key in the so-called public key cryptosystem).
- the node 1 uses the public key, for example, the electronic data (for example, a license certificate or license authentication described later) encrypted by the license server 2 using the private key of the license server 2 (a secret key in a so-called public key cryptosystem). (Hash value of authority delegation certificate) can be decrypted.
- the encryption of the electronic data with the private key means that the license server 2 signs the electronic data (electronic signature). It means to do.
- the node 1 decrypts the electronic data signed (encrypted with the private key) by the license server 2 with the public key of the license server 2, it means that the source of the electronic data is verified. .
- content data for example, movies and music
- content data of a movie with the title XXX is stored in the node la
- content data of a movie with the title YYY is stored in the node lb.
- Distributed and stored on multiple nodes 1 Is done.
- certain content data is not necessarily stored in one node 1, and the same content data can be stored in a plurality of nodes 1.
- a content name (title) or the like is given to each.
- playback restriction means that content data cannot be normally played back as it is, and the viewer is restricted from viewing the content.
- Playback is restricted by entering the content data with the encryption key.
- the reproduction restriction of content data, that is, encryption is released by a decryption key (hereinafter referred to as “content protection key”) as release data, so that the viewer can view the content.
- the content data is encrypted by the license server 2, and the content data that has been signed is distributed from the license server 2 to an appropriate node 1 and stored. Will be.
- content data encrypted in this way is referred to as protected content data
- node 1 where the protected content data is stored is referred to as a replica node (content holder node).
- the location information indicating the location of the protected content data distributed and stored in this way also participates in the overlay network 9. It is distributed and stored in multiple nodes 1.
- the content name of some content data (or the first few bytes of the content data may be hashed) using the same hash function as when obtaining the node ID (that is, the hash value of the IP address of node 1) 1), the hash value (the hash value becomes the content ID) and the node that has the closest node ID (for example, the higher digit matches more) (hereinafter “root node”) ”),
- the location information of the content data is stored.
- the location information indicating the location of the content data can be managed by one root node (in this embodiment, the location information of the content data corresponding to the content ID of 1 is stored in the root node of 1 (that is, the root node). There is a one-to-one relationship between the node and the above location information), but this is not a limitation)).
- a node used by a user who wants to acquire (download) certain content data sends a query (inquiry information) to which the content ID of the content data is added to other nodes.
- the query stores location information indicating the location of the content data via some nodes 1 (hereinafter referred to as “relay nodes”) by DHT routing. It reaches the root node.
- relay nodes Each of the above relay nodes compares the content ID added to the received query with the node ID registered in the DHT, and identifies node 1 to be transferred next (for example, the highest number of content IDs).
- the user node acquires (receives) location information from the root node, stores the content data based on the location information, connects to the replica node, and acquires the content data therefrom ( Receive).
- a method for transferring a query using DHT from the user node to the root node is well-known, for example, "Pastry", and thus further detailed description is omitted. Further, it may be configured such that the same location information as that of the root node is cached until the query reaches the root node, and the location information is acquired (received) from node 1.
- an authentication process related to permission to issue the content protection key is performed.
- Node 1 hereinafter referred to as “authentication node”
- node 1 that performs content protection key issuance processing hereinafter referred to as “content protection key issue node”
- each protected content data that is, content data ( If the content ID is different, the authentication node and the content protection key issuing node are different)
- the authentication processing for permission to issue the content protection key is performed at the authentication node corresponding to each protected content data.
- content protection key issuance processing The content protection key corresponding to each protected content data (for each content ID) is performed at the issuing node (that is, distribution of the issuing process).
- the content name of content data (protected content data) (or the first few bytes of the content data may be acceptable) + suffix (for example, in content distribution system S) (Uniform specific character string) is hashed by the same hash function as when obtaining the above node ID, and the hash value (the hash value becomes the authentication ID) and the closest (for example, the higher digit is more Node 1 having a node ID (which matches many) becomes an authentication node corresponding to the content data.
- the root node functions as a content protection key issuing node.
- FIG. 2 is a diagram showing an example of DHT routing when a user node acquires a content protection key in the DHT node ID space.
- the user node la is the acquisition authority certificate data that proves the acquisition authority of the content protection key of the protected content data to be acquired (for example, content data related to the content that the user wants to view).
- a license certificate (signed by license server 2) is purchased from license server 2, and is authentication request information indicating an authentication request for the license certificate.
- the license certificate, authentication, and user node 1 a Authentication request information with the IP address etc. added is sent to the other node 1.
- the sent authentication request information is passed through the relay nodes lb and lc by DHT notification using the authentication ID as a key, and the authentication node corresponding to the protected content data (that is, the corresponding Content data content name + suffix hash value (authentication ID) closest to the node ID (for example, a node having a node ID that matches more high-order digits) lx.
- the authentication ID added to the authentication request information is compared with the node ID registered in the DHT to identify the node 1 to be transferred next (for example, the authentication ID
- the IP address of node 1 corresponding to the node ID that matches the upper digits is specified), and the authentication request information is transferred there.
- the authentication node lx Upon receiving this authentication request information, the authentication node lx, on the basis of the license certificate attached thereto, performs an authentication process related to permission to issue a content protection key corresponding to the protected content data, that is, the license certificate is valid. Perform sex verification (validity check). In addition, the power described later in detail
- This license node lx is given license authorization authority from the license server 2 (in other words, license authorization authority is delegated from the license server 2).
- the license authentication authority transfer certificate signed by the license server 2 is included.
- the authentication node lx authenticates that the license certificate is valid in the authentication process, the authentication key issuance permission indicating permission to issue the content protection key corresponding to the protected content data is issued.
- the protection key issuance permission information including the license authorization authority delegation, the content ID of the protected content data, the IP address of the user node la, etc., as shown in FIG. Send to node 1.
- the transmitted protection key issuance permission information is transmitted by the content protection key issuing node corresponding to the protected content data via the relay nodes Id and le by DHT routing using the content ID as a key.
- a certain root node that is, a node having a node ID closest to the content ID of the content data) ly is reached.
- the root node ly that has received this protection key issuance permission information confirms the authentication authority of the authentication node lx, that is, authenticates the validity of the license authentication authority delegation added to the protection key issuance permission information (valid If the license authorization authorization delegation is valid, the location information of the protected content data and the content protection key corresponding to the protected content data, etc.
- the protection key transmission information to which is added is transmitted to the user node la. In this way, the user node la connects to the replica node lz storing the protected content data based on the received location information, acquires the protected content data therefrom, and uses the received content protection key.
- the protected content data is decrypted and reproduced.
- FIG. 3 is a diagram illustrating an example of a schematic configuration of the node 1
- FIG. 4 is a diagram illustrating an example of a schematic configuration of the IC card.
- each node 1 is composed of a CPU having a calculation function, a working RAM, various data and programs (including an OS (operating system) and various applications), a ROM for storing the data, and the like.
- the control unit 11 as a computer, various data (eg, protected content data), HDD etc. for storing and storing (storing) DHT, etc.
- the configured storage unit 12 and the received protected content Buffer memory 13 for temporarily storing data, decryption accelerator 14 for decrypting protected content data, and encoded video data (such as data compression) included in the decrypted content data ( Video information) and audio data (audio information), etc., for decoding (data decompression, etc.) 15 and the decoded video data, etc.
- a video processing unit (including a video chip) 16 that performs predetermined drawing processing and outputs it as a video signal, a CRT that displays video based on the video signal output from the video processing unit 16, a liquid crystal display, etc.
- the display unit 17, the audio processing unit 18 that performs D (Digital) / A (Analog) conversion of the decoded audio data into an analog audio signal, and then amplifies the signal by an amplifier, and outputs the audio processing unit 18.
- the communication unit 21 and the input unit 22 are connected to each other via a bus 23.
- control unit 11 performs overall control of the node 1 by reading and executing the program stored in the CPU power SROM or the storage unit 12 and the like, and at the same time the input unit 22 from the user.
- the request to participate in the overlay network 9 is processed to obtain the DHT described above.
- This causes node 1 to communicate with other nodes 1. It has basic functions such as exchange of data (for example, content data) between them and transfer of content data to other nodes 1.
- the node 1 in order for the node 1 to function as the user node la, the authentication node lx, and the root node ly described above, it is tamper-resistant (that is, reading confidential data by an unauthorized means).
- IC card 25 is required, and the IC card 25 is distributed to users from the license server 2 operator, for example.
- the IC card 25 includes an IC card controller 251 with CPU power, a RAM 2 52, an RM253, a tamper-resistant non-volatile memory (for example, EEPROM) 254, and an interface drive 255. Etc., and these components are connected to each other via a bus 256.
- the ROM 253 stores a program corresponding to the user node la, the authentication node lx, or the root node ly in which the node 1 functions
- the nonvolatile memory 2 54 stores the user node la, the authentication node lx, in which the node 1 functions. Or data corresponding to the root node ly is stored.
- the ROM 253 stores a license certificate purchase processing program and a DRM (Digital Rights Management) processing program in advance, and the non-volatile memory 254 has a unique setting for each user.
- the user ID (for example, given in the order of user registration when distributing the IC card 25) and the public key and IP address of the license server 2 are stored in advance.
- the non-volatile memory 254 stores a license certificate, a content protection key, a license authentication authority transfer certificate, and the like.
- the ROM 253 stores the license authentication processing program in advance
- the nonvolatile memory 254 stores the public key of the license server 2 in advance. It will be.
- the non-volatile memory 254 also has a license authentication authority delegation (may be stored in advance in the non-volatile memory 254), and the public key and private key of the authentication node lx (authentication node lx The public key and private key are created as a pair).
- ROM 253 has a protection key generation.
- a growth management processing program, a protection key issuance processing program, a blacklist registration processing program, and the like are stored in advance, and the public key and IP address of the license server 2 are stored in the nonvolatile memory 254 in advance.
- the nonvolatile memory 254 stores a content protection key management table (described later), a content protection key, a content protection key issue destination list, a black list, and the like.
- the control unit 11 of the node 1 and the IC card controller 251 of the IC card 25 perform data communication via the interface drive 255 or the like. It becomes possible.
- the control unit 11 of the node 1 reads the license certificate purchase processing program or the DRM processing program stored in the ROM 253 through the IC card controller 251, and develops and executes it in the RAM.
- the user node (the first node device of the present invention) la functions.
- the controller 1 of the node 1 reads the license authentication processing program stored in the ROM 253 through the IC card controller 251, expands it in the RAM, and executes it. 2 node device) will function as lx.
- a protection key generation / management processing program, a protection key issuance processing program, or a black list registration processing program stored in the ROM 253 through the control unit 11 power IC card controller 251 of the node 1 is read and expanded in the RAM.
- the node 1 functions as a root node (third node device of the present invention) ly.
- FIG. 5 is a diagram showing a schematic configuration example of the license server 2
- FIG. 6 is a diagram showing a schematic configuration example of the tamper resistant secure board.
- the license server 2 includes a CPU having a calculation function, working RAM, various data and programs (OS (operating system) and various applications).
- Control unit 31 composed of a ROM, etc. for storing data
- a storage unit 32 composed of an HDD etc. for storing and storing various data (for example, content data), etc., and content data 33 ⁇ ⁇ Accelerator 33 for generating protected content data by encrypting
- Encoder section 34 for encoding content data (codec conversion, etc.)
- board slot 35 for installing tamper resistant secure board 40
- a communication unit (network interface) 36 for controlling communication of information with the node 1 through the network 8 and an instruction signal according to the instruction received from the operator.
- an input unit for example, a keyboard, a mouse, etc.
- these components are connected to each other via a bus 38.
- the storage unit 32 includes a protected content management database, an authentication authority transfer destination management database, and a license certificate issuance destination management database.
- the protected content management database includes Information related to the protected content data distributed (for example, the content name, the expiration date of the content data (for example, the time limit for reproduction or copying (copying)), the number of times the content data can be played, and the copy (copy) of the content data ) Possible number of times) and information related to the replica node storing the protected content data (for example, replica node IP address, authentication ID, etc.) are registered in association with each other and issued to the authentication authority transfer destination management database.
- License authorization authorization certificate issued and the authorization given the license authorization authorization certificate Information related to the node for example, the IP address of the authentication node, authentication ID, etc.
- the IP address of the authentication node, authentication ID, etc. is registered in association with each other.
- user node IP address, user ID, etc. are registered in association with each other.
- the tamper resistant secure board 40 is a board controller 4 having a CPU power.
- RAM402 RAM402, R ⁇ M403, tamper-resistant non-volatile memory (eg EEPROM)
- the ROM 403 stores a content data encryption processing program, an authentication authority delegation issuance processing program, a license certificate issuance processing program, a protection key issuance destination verification processing program, and the like. Is stored with a public key and a private key of the license server 2 (a public key and a private key are created by the license server 2 as a pair).
- the control unit 31 of the license server 2 and the board controller 401 of the tamper-resistant secure board 40 connect the interface drive 405 and the like.
- the control unit 31 of the license server 2 reads the various programs stored in the ROM 403 through the board controller 401, expands them in the RAM, and executes them.
- FIG. 7 is a diagram showing an example of the overall processing flow in the content distribution system S.
- FIG. 8 is a flowchart showing content data encryption and storage processing in the control unit 31 of the license server 2. In this description, it is assumed that the license server 2 acquires and stores in advance content data to be stored in the replica node lz.
- the process shown in FIG. 8 is performed by executing the content data encryption processing program by the control unit 31 of the license server 2, and in step S1, the license server 2 stores the content to be stored in the replica node lz. Data is selected (for example, by an instruction from the operator via the input unit 37), and a content protection key to be used for the content data is obtained from the root node ly of the content data.
- the license server 2 obtains protection key acquisition request information (information indicating a content protection key acquisition (acquisition) request) to which the content ID (hash value of the content name) and the IP address of the license server 2 are added. )
- the above root node by DHT routing (In other words, the license server 2 sends the protection key acquisition request information to the other node 1, and the transmitted protection key acquisition request information passes through the relay node by DHT routing. Thus, it will reach the root node ly having the node ID closest to the content ID (for example, the higher digit matches more).
- the root node ly generates a content protection key to be used for the content data, or selects a content protection key that has already been generated and stored, and transmits this to the license server 2. .
- control unit 31 of the license server 2 encrypts the selected content data by using the content protection key received and acquired from the root node ly and the encryption accelerator 33 to obtain protected content data.
- Generate step S2.
- control unit 31 of the license server 2 distributes the generated protected content data to arbitrarily selected replica nodes (step S3) and stores them.
- control unit 31 of the license server 2 associates the information about the distributed protected content data with the information about the replica node that stores the protected content data, and registers them in the protected content management database. (Step S4), and the process ends.
- the content protection key generation and management processing is performed by executing a protection key generation 'management processing program by the control unit 11 of the root node ly.
- the control unit 11 of the root node ly generates a content protection key at an arbitrary timing (for example, at a fixed period or when protection key acquisition request information is received), and the generated content
- the protection key is stored in the nonvolatile memory 254 of the IC card 25, and the protection key management information for managing the content protection key is registered in the content protection key management table stored in the nonvolatile memory 254. It is.
- the control unit 11 of the root node ly receives the protection key acquisition request information transmitted from the license server 2
- the control unit 11 transmits the generated content protection key to the license server. It will be sent to the license server 2 according to the IP address of 2.
- FIG. 9 is a diagram showing an example of protection key management information registered in the content protection key management table.
- the content protection key management table shown in FIG. 9 includes the generated content protection key management number (identification number), the content protection key pointer, the content protection key generation time I, and the content protection key validity. The deadline and index information of the replica are registered.
- the pointer of the content protection key means a pointer indicating the storage location of the content protection key in the nonvolatile memory 254, and the content protection key is referred to by the control unit 11 of the root node ly by referring to this. Can recognize the storage location.
- the expiration date of the content protection key means a time limit during which the protected content data can be decrypted by the content protection key.
- Information indicating the expiration date is added to the content protection key, and when the expiration date passes, the content protection key loses its function.
- the index information of the replica is the location information of the protected content data that is signed by the content protection key, that is, the IP address of the replica node where the protected content data is stored.
- the index information is transmitted to the root node ly by storing the protected content data in the replica node (for example, by the license server 2 or the replica node).
- a plurality of the same content data in other words, a plurality of copied content data (replicas), but the quality of video and audio may be different
- It is stored in 5 replica nodes, and the power S is shown.
- the content protection key whose expiration date has passed is deleted (erased) from the root node ly and the user node la, and protection key management information for managing the deleted content protection key Will also be deleted from the content protection key management table. Furthermore, the protected content data encrypted with the deleted content protection key is deleted from the replica node, and the content data before encryption is licensed with the content protection key newly generated by the root node ly. On server 2 Are re-encrypted and stored again in the replica node. In other words, the content protection key and protected content data will be updated regularly, which can reduce (reduce) damage even if, for example, the content protection key is leaked to a third party. it can.
- FIG. 10 is a diagram showing an example of how the content protection key is updated.
- FIG. 11 is a flowchart showing a license authentication authority delegation issuance process in the control unit 31 of the license server 2.
- the processing shown in FIG. 11 is performed by executing the authentication authority delegation issuance processing program by the control unit 31 of the license server 2, and in step S11, the license server 2 Obtains the public key of the authentication node lx from the authentication node lx to which the license authentication authority of certain protected content data (for example, the protected content data newly stored in the replica node) should be delegated.
- the license server 2 uses the authentication authority request information (request for subscribing the authentication authority) to which the authentication ID (content name and suffix hash value of the content data) and the IP address of the license server 2 are added. ) Is sent to the above authentication node lx by DHT routing (that is, the license server 2 sends the authentication authority request information to the other nodes 1 and sends out the authentication authority request sent). The information reaches the authentication node lx having the node ID closest to the authentication ID (for example, the higher digit matches more) via the relay node by DHT routing). On the other hand, the authentication node lx transmits its own public key to the license server 2 according to the IP address of the license server 2.
- the control unit 31 of the license server 2 generates a license authentication authority delegation including the public key of the authentication node lx received and acquired from the authentication node lx, and the signature data (that is, the license data)
- the license authentication authority delegation certificate is issued with the secret key of the server 2 added with the hash value of the license authentication authority delegation certificate (step S12).
- the control unit 31 of the license server 2 transmits the authentication ID and the issued license authentication authority delegation certificate to the authentication node lx by DHT routing (step S13).
- the authentication node lx receives the license authentication authority transfer certificate and stores it in the nonvolatile memory 254 in the IC card 25.
- control unit 31 of the license server 2 associates the issued license authentication authority delegation certificate with the information related to the authentication node that has given the license authentication authority delegation certificate and registers them in the authentication authority delegation destination management database. (Step S14), the process is terminated.
- the license authentication authority may be delegated with an expiration date.
- the license server 2 manages the expiration date of the license authentication authority, and the expiration date has passed.
- the license authentication authority transfer certificate is reissued and sent to the authentication node lx.
- the license authentication authority The delegation certificate is configured to include the expiration date of the license authentication authority.
- FIG. 12 is a flowchart showing a license certificate purchase process in the control unit 11 of the user node la.
- FIG. 13 is a flowchart showing a license certificate issue process in the control unit 31 of the license server 2.
- the process shown in FIG. 12 is performed by executing the license certificate purchase processing program by the control unit 11 of the user node la in accordance with, for example, a license certificate purchase instruction from the user via the input unit 22, and step S21.
- a predetermined contract form for example, downloaded from the license server 2
- the content name of the content data input from the user via the input unit 22 is input to the contract form
- control unit 11 of the user node la transmits the data of the contract form in which necessary items are input to the license server 2 according to the IP address of the license server 2 (step S22). .
- the control unit 31 performs the process shown in FIG. 13 by executing the license certificate issuance processing program, and the control unit 31 is transmitted from the user node 1a.
- Step S31 a license certificate is generated according to the contract form, and the signature data (that is, the hash value of the license certificate with the private key of the license server 2) is generated.
- the license certificate is issued (step S32).
- FIG. 14 is a conceptual diagram showing an example of contents described in the license certificate.
- the license certificate describes the user ID, the content name, the expiration date, the number of reproductions, and the number of duplications.
- the user ID is information for identifying the user, and may be information other than the user ID as long as the user can be identified.
- the content name, the expiration date, the reproducible number of times, and the duplicatable number of times are information acquired from the protected content management database, for example. Then, the control unit 31 of the license server 2 transmits the issued license certificate to the user node la according to the IP address of the user node la (step S33).
- control unit 31 of the license server 2 registers the issued license certificate and the information related to the user node that has given the license certificate in association with each other in the license certificate issuance destination management database (step S34). Then, the process ends.
- the control unit 11 of the user node la receives the license certificate transmitted from the license server 2 (step S23), and stores it in the nonvolatile memory 254 in the IC card 25. (Step S24), the process ends.
- FIG. 15 is a flowchart showing DRM processing 1 (processing for requesting a content protection key) in the control unit 11 of the user node la
- FIG. 16 shows license authentication in the control unit 11 of the authentication node lx
- FIG. 17 is a flowchart showing the protection key issuing process in the control unit 11 of the root node ly.
- the process shown in FIG. 15 is performed by the DRM processing program controlling the user node la (the node requesting the content protection key) in accordance with, for example, a content protection key acquisition (request) instruction from the user via the input unit 22.
- the control unit 11 obtains a license certificate that proves the right to acquire the content protection key corresponding to the protected content data to be acquired (stored in step S24 above).
- Authentication certificate information to which the license certificate, authentication ID, user node la IP address, etc. are added as the means for transmitting the acquisition authority certificate.
- Sent to node lx that is, license server 2 sends the authentication request information to other node 1.
- the sent authentication request information is sent to the authentication node lx having the node ID closest to the authentication ID (for example, the higher digit matches more) via the relay node by DHT routing. Will arrive).
- the control unit 11 executes the license authentication processing program.
- the control unit 11 receives the authentication request information transmitted from the user node la as the acquisition authority receiving means (step S51)
- the control unit 11 Validate the validity of the license certificate added to the authentication request information.
- the control unit 11 of the authentication node lx first determines whether the signature of the license certificate is correct using the public key of the license server 2 (step S52), that is, the license server 2
- the hash value (signature data) of the license certificate encrypted with the private key is decrypted with the public key of the license server 2, and it is checked whether or not it matches the hash value calculated by the own node.
- the signature of the license certificate is correct (that is, the hash values match) (step S52: Y)
- the control unit 11 confirms that there is no contradiction in the contents described in the decrypted license certificate.
- step S53 If it is discriminated (step S53) and there is no contradiction (for example, the license ID correctly describes the user ID, content name, expiration date, number of times allowed for reproduction, and number of times allowed for reproduction) If the permitted number of times and the permitted number of times of replication are within the reference range (step S53: Y), it is determined that the license certificate is valid (step S54), and the process proceeds to step S56.
- step S52 determines that the hash values do not match
- step S53 determines that the license certificate is not valid (step S57), and proceeds to step S58.
- step 56 the control unit 11 of the authentication node lx generates a content ID by hashing the content name described in the license certificate, and further obtains the license authentication authority transfer certificate from the IC card 25.
- the protection key issuance permission information to which the license authentication authority delegation, content ID, user ID, IP address of the user node la, etc. are added is sent to the root node ly by DHT routing. (That is, the authentication node lx sends the protection key issuance permission information to the other node 1, and the sent protection key issuance permission information is transmitted via the relay node by DHT routing.
- step S58 the control unit 11 of the authentication node lx reads the license certificate invalid information describing that the license certificate is invalid (invalid) according to the IP address of the user node la. Transmit to the user node la and end the process.
- the processing shown in FIG. 17 is performed by the control unit 11 executing the protection key issuance processing program, and the control unit 11 serves as an authentication permission information lx as the issue permission information receiving unit.
- the authenticating process is performed to verify the validity of the license authentication authority delegation added to the protection key issuance permission information.
- control unit 11 of the root node ly first determines whether or not the signature of the license authentication authority delegation is correct using the public key of the license server 2 (step S62), that is, Whether or not the hash value (signature data) of the license authorization authority certificate encrypted with the private key of license server 2 is decrypted with the public key of license server 2 and matches the hash value calculated by the local node Check out.
- step S62: Y the control unit 11 uses the decrypted license authentication authority delegation certificate. Using the public key of the included authentication node lx, it is determined whether or not the authentication node lx is a correct authentication node (step S63).
- the control unit 11 of the root node ly generates a random value (original random number value) and transmits it to the authentication node lx.
- the authentication node lx receives the random number value, encrypts it with the private key of itself (authentication node lx), and returns the encrypted random number value to the root node ly.
- the root node ly control unit 11 receives the encrypted random number value, decrypts it with the public key of the authentication node lx, and the original random value matches the decrypted random value. In this case, it is determined that the authentication node lx is a correct authentication node.
- the license authentication authority delegation includes the expiration date of the license authentication authority, whether or not the expiration date has passed is also determined.
- step S63: Y If it is determined that the authentication node is correct (step S63: Y), the control unit 11 of the root node ly registers the user ID added to the protection key issuance permission information on the black list. Whether or not it is recorded (step S64), and if it is registered (step S64: N), it is determined that the license authorization right is valid (step S64). Go to step S66).
- step S62: N if the signature of the license authorization right delegation is correct in step S62 (that is, the hash values do not match) (step S62: N), or correct in step S63. If it is not an authentication node (or if the license authorization right has expired) (step S63: N), or if the user ID is blacklisted (step S63: N) At step S64: Y), the control unit 11 of the root node ly determines that the license authorization authority delegation is not valid (step S69), and proceeds to step S70.
- step S66 the control unit 11 of the root node ly selects one content protection key managed in the content protection key management table from the IC card 25, for example, as a release data issuing means. Issue.
- control unit 11 of the root node ly adds the issued content protection key and the location information of the protected content data encrypted by the content protection key (for example, the IP address of the replica node).
- the protected key transmission information is transmitted to the user node la according to the IP address of the user node la as a release data transmission means (step S67).
- control unit 11 of the root node ly registers the user ID of the user node la that is the content protection key issuance destination in the content protection key issuance destination list (step S68), and ends the processing.
- step S70 the control unit 11 of the root node ly protects the content because the license authentication authority delegation is not valid (or the authentication node lx has no authentication authority).
- the content protection key issuance information in which the key cannot be issued is described to the user node la according to the IP address of the user node la, and the processing is terminated.
- the control unit 11 of the user node la receives the information transmitted from the authentication node lx or the root node ly (if the information is protection key transmission information, the release data (Step S42), and the information is sent as a protection key. It is determined whether or not it is information, that is, whether or not a content protection key has been issued (step S43).
- the control unit 11 of the user node la transmits the content protection key added to the protection key transmission information and the protected content data.
- the location information is stored in the non-volatile memory 254 in the IC card 25 (step S44).
- control unit 11 of the user node la transmits the request information of the protected content data to the replica node in accordance with the location information of the protected content data, and serves as the distribution information acquisition unit.
- the protected content data transmitted from the prica node is received (that is, downloaded and acquired) (step S45), stored in the storage unit 12, and the process ends.
- the IP addresses of a plurality of replica nodes are described (that is, a plurality of content protection keys acquired (purchased) are used for a plurality of IP addresses.
- the control unit 11 of the user node la can select the IP address of one replica node at random, for example, or either It is also possible to have the user select the IP address of the replica node and obtain the protected content data from the selected replica node.
- the received information is not protection key transmission information (step S43: N), that is, the received information is the license certificate fraud information transmitted from the authentication node lx or the root node ly.
- the received information is the license certificate fraud information transmitted from the authentication node lx or the root node ly.
- information indicating that the license certificate authentication has failed or the content protection key has failed is displayed on the display unit 17 or the speaker 19 The user is notified by making a voice output (step S46), and the process ends.
- the user node la is configured to send the authentication request information to the authentication node by DHT notification in the operation when the license certificate is authenticated and the content protection key is issued.
- the user node la transmits authentication request information to the root node ly by DHT routing using the content ID as a key, and the root node ly receives the received authentication request information.
- the authentication ID that is, the content name of the content data + the hash value of the suffix
- the subsequent processing is the same as in the above embodiment.
- the root node ly is configured to transmit the protection key transmission information to the user node la.
- the root node ly transmits the protection key transmission information to the replica node based on the location information of the protected content, and the replica node includes the content protection key included in the protection key transmission information. May be transmitted to the user need la together with the protected content data.
- FIG. 18 is a flowchart showing DRM processing 2 (processing when the content protection key is used) in the control unit 11 of the user node la.
- step S81 the control unit 11 obtains a license certificate of protected content data to be reproduced from the IC mode 25 in step S81.
- control unit 11 of the user node la decrypts the acquired signature data of the license certificate with the public key of the license server 2 (step S82).
- the control unit 11 of the user node la calculates the hash value of the license certificate based on the acquired license certificate (step S83), and as the identity determination means, the calculated hash value of the license certificate. And the hash value of the license certificate obtained by decryption are compared with each other to determine whether or not there is an identity (the power of which the contents match) (step S84). In this way, by determining the identity of the hash value of the license certificate, the user node 1a can verify that the content protection key has been issued through the correct authentication path.
- step S84 If it is determined that the hash values of both license certificates are identical (steps S84: Y), the content protection key corresponding to the license certificate is obtained from the IC card 25, and the protected content data to be reproduced is decrypted using the content protection key and the decryption accelerator 14 ( In other words, the playback restriction is released) (step S85), and the decoded content data is played back through the decoder unit 15, the video processing unit 16 and the audio processing unit 18 as a playback means (step S86), and the display unit 17 and Output through the speaker 19 (that is, output video and audio related to the content data), and the process ends.
- the control unit 11 (DRM processing program) of the user node la refers to the reproducible number or the reproducible number described in the license certificate, and reproduces or reproduces the decrypted content data. Will do.
- the user node la stores and manages the number of reproductions (or the number of duplications) that is counted up (or incremented) every time the content data is reproduced (or duplicated) in the storage unit 12 and manages the content data.
- reproducing (or duplicating) data the number of reproductions (or the number of duplications) managed as described above is compared with the number of reproductions (or the number of duplications possible) described in the license certificate. Is controlled so that the content data is played back (or copied) when the number of times of copying is less than or equal to the number of times of reproduction (or the number of times of copying).
- the control unit 11 of the user node la deletes the license certificate and the corresponding content protection key from the nonvolatile memory 254 of the IC card 25. (Delete) and reissue the license certificate from the license server 2 to acquire (purchase) it. Then, the control unit 11 of the user node la transmits the authentication request information added with the reissued license certificate to the authentication node lx by DHT routing, and is reissued by the root node ly. The location information of the protected content data and the protected content data is acquired (similar to the processing in FIGS. 15 to 17). This can reduce the damage when the content protection key is leaked to a third party.
- step S84: N when it is determined that the hash values of the license certificate are not identical (step S84: N), the control unit 11 of the user node la uses, for example, information indicating that the license certificate is not correct. By displaying on the display unit 17 or by outputting sound to the speaker 19, (Step S87), and the process ends without decryption and playback of the protected content data.
- FIG. 19 is a flowchart showing blacklist registration processing in the control unit 11 of the root node ly.
- FIG. 20 is a flowchart showing protection key issue destination detection processing in the control unit 31 of the license server 2. .
- the process shown in FIG. 19 is performed by executing a blacklist registration process by the control unit 11 of the root node ly, for example, at a predetermined period (for example, one day period).
- control unit 11 of the root node ly acquires the content protection key issue destination list from the IC card 25 and transmits it to the license server 2 according to the IP address of the license server 2 (step S 91).
- the control unit 31 executes the protection key issuance destination inspection processing program to perform the processing shown in FIG. 20, and the control unit 31 transmits from the root node ly.
- the received content protection key issuer list is received (step S101)
- the contents of the content protection key issuer list and the contents of the license certificate issuer management database are collated (step S102) and registered in the content protection key issuer list
- Step S103: Y the user ID is specified (Step S104). In other words, the user ID of the user who has issued the content protection key corresponding to the license certificate even though the license certificate has not been issued is specified.
- control unit 31 of the license server 2 returns (reports) the invalid entry information including the specified user ID to the root node ly (step S105), and ends the processing. .
- control unit 11 of the root node ly has been transmitted from the license server 2
- the unauthorized entry information is received (step S92), the user ID included in the unauthorized entry information is registered in the blacklist as the user ID of the copyright infringing user (step S93), and the process is terminated.
- a user node having a user ID registered in the blacklist when the content protection key expires sends authentication request information to the authentication node lx in order to request reissuance of the content protection key. Even if it is sent (by the process in FIG. 15), the re-issuance of this content protection key can be appropriately rejected at the root node ly.
- step S103 when the content protection key corresponding to the license certificate is issued even though the license certificate is not issued, the license server 2 In the next delegation process of license authentication authority (for example, when the license authentication authority has an expiration date), it is determined that an illegal collusion has been performed somewhere in the authentication node and the authentication path of the root node. It may be configured so that the license authentication authority is not delegated to the node (for example, the license authentication authority transfer certificate is not reissued).
- the authentication processing related to the permission for issuing the content protection key is distributed among the plurality of nodes 1 so that the content name is performed for each content data having the same content name. Therefore, it is possible to prevent imposing an excessive processing burden on a specific device such as a server that performs a conventional authentication process. Also, the content protection key issuance process is configured to be performed for each content data with the same content name, so that it is possible to prevent imposing an excessive processing burden on a specific device. S can. In addition, since the content protection key is distributed and managed by different nodes for each content, even if the content protection key leaks, the damage can be reduced, and the safety and reliability of copyright protection can be reduced. Can be secured
- the authentication node to which the authentication authority is delegated by the license server 2 performs the authentication process for each content, and the user node directly transmits the authentication request information to the authentication node. Since it is configured to transmit by DHT notifying, it is extremely difficult to illegally collaborate between the authentication node and the user node, and the reliability of the authentication node can be improved. Furthermore, if the license authentication authority transfer certificate is configured to have an expiration date, the reliability of the authentication node can be further improved.
- the authentication node lx updates the reproducible number of times described in the license certificate. This operation will be described with reference to FIG. 21 and FIG.
- FIG. 21 is a flowchart showing the DRM process 3 in the control unit 11 of the user node la when the license certificate is updated.
- FIG. 22 shows the license in the control unit 11 of the authentication node lx.
- 5 is a flowchart showing authentication / update processing.
- step S111 the control unit 11 obtains a license certificate of protected content data to be reproduced from the IC card 25, and the license certificate, the authentication ID, the IP address of the user node la, and the like are added.
- Authentication request information is sent to the above authentication node lx by DHT notification.
- the control unit 11 executes the license authentication / update processing program to perform the process shown in FIG. 22, and the control unit 11 is transmitted from the user node la.
- step S121 the process of authenticating the validity of the license certificate added to the authentication request information is performed.
- the control unit 11 of the authentication node lx first determines whether or not the signature of the license certificate is correct using the public key of the license server 2 (step S52). (Step S122) If the signature of the license certificate is correct (Step S122: Y), it is determined whether or not there is a contradiction in the contents described in the license certificate (decrypted license certificate) (Step S123). If there is no contradiction (same as step S53 above) (step S123: Y), the license certificate is authenticated (step S124), and the process proceeds to step S125.
- step S122 if the license certificate is not correctly signed in step S122 (step S122:
- Step S129 the process proceeds to Step S130.
- step S125 the control unit 11 of the authentication node lx updates the license certificate by decrementing the reproducible number of times described in the license certificate by one (one decrement).
- the control unit 11 of the authentication node lx signs the updated license certificate (that is, encrypts the hash value of the updated license certificate with the private key of the authentication node lx.
- the license certificate is authorized by the signature of the license server 2 S, and the updated license certificate is authorized by the signature of the authentication node lx) (step S 126).
- control unit 11 of the authentication node lx sends the updated license certificate (signed) and the updated license certificate transmission information to which the license authentication authority transfer certificate is added to the user node la.
- To send (reply) step S128, and the process ends.
- step S130 the control unit 11 of the authentication node lx transmits to the user node la license license fraud information describing that the license certificate is invalid (invalid). Then, the process ends.
- the control unit 11 of the user node la transmits from the authentication node lx.
- the received information is received (step SI 12), and it is determined whether or not the information is updated license certificate transmission information (step S113).
- the control unit 11 of the user node la displays the updated license certificate added to the updated license certificate transmission information.
- the license certificate before the update stored in the non-volatile memory 254 in the IC card 25 is replaced (step S114), and the process proceeds to step S115.
- step SI 1 3 N
- step SI 1 3 N
- step SI 1 3 N
- the received information is not the updated license certificate transmission information (step SI 1 3: N)
- information indicating that the license certificate authentication has failed is displayed on the display unit 17, for example.
- the user is notified by causing the speaker 19 to display the sound or outputting the sound to the speaker 19 (step S116), and the process ends.
- step S115 the control unit 11 decrypts the acquired signature data of the updated license certificate with the public key of the authentication node lx.
- control unit 11 of the user node la calculates the hash value of the updated license certificate acquired (step S117), and the calculated hash value of the updated license certificate and the acquired The decrypted updated license certificate hash value is compared to determine whether or not they are identical (step S118).
- step S118: Y If it is determined that the hash values of both updated license certificates are identical (step S118: Y), the content protection key corresponding to the license certificate is obtained from the IC card 25, and The protected content data to be reproduced is decrypted using the content protection key and the decryption accelerator 14 (step S119), and the decrypted content data is decoded by the decoder unit 15, the video processing unit 16 and the audio. Playback is performed through the processing unit 18 (step S120), output is performed through the display unit 17 and the speaker 19, and the processing ends. If the hash values of the updated license certificates are not identical (step S118: N), the process ends without decrypting and playing the protected content data. To do.
- the user node la can confirm the authenticity of the updated license certificate by the license authentication authority transfer certificate obtained from the authentication node lx.
- the protected content data playback instruction (for example, by the user) Each time the play button is pressed, an inquiry (license authentication and update request) from the user node la to the authentication node lx occurs, but the management of the number of times the user can play protected content data is more strictly managed, Ability to more reliably prevent fraud by users.
- a node device such as an STB (set top box) that is always connected to the Internet.
- nodes located near the root on the sub-banding tree include, for example, relay nodes on the path along which authentication request information is transferred from the user node to the authentication node, and nodes adjacent to the relay node. It is.
- each node manages its own neighboring node information as a leaf set in addition to DHT, so it is relayed near the root of the spanning tree (where the routing converges).
- Both the node on the route and its neighboring nodes may have an authentication function (the same is true for the following key issuing function).
- the authentication node sends (sends) a broadcast message that is periodically controlled by TTL (Time To Live) to the authentication nodes other than its own node to notify the existence of its own node.
- TTL Time To Live
- the total amount of authentication nodes is recognized by receiving a broadcast message transmitted from an authentication node other than its own node, and if the total amount falls below a predetermined amount, the authentication node that first detected the event.
- a configuration may be adopted in which the license server 2 is requested to appoint a neighboring general node (for example, one with a small number of hops) as an authentication node (to delegate license authentication authority). With this configuration, the licensing function in the system S can be stabilized.
- the content protection key issuing process corresponding to the content data of a certain content name is performed by one content protection key issuing node (for example, the root node).
- the content protection key issuance process can be performed by giving the content protection key issuance authority to nodes located near the root on the DHT routing sub-tree. It's okay to increase the redundancy.
- the content protection key issuing node sends (sends) a broadcast message that is periodically controlled by TTL (Time To Live) to the content protection key issuing node other than its own node.
- TTL Time To Live
- the content protection key issuing node that first detected the event may be configured to appoint a nearby general node (for example, with a small number of hops) as the content protection key issuing node. With this configuration, the content protection key issuing function in the system S can be stabilized.
- the function of the root node is not limited to this.
- the function of the content protection key issuing node may be configured to be executed on two independent nodes.
- the authentication node lx uses the DHT routing (in this case, the content ID + the protection ID issuance information, the user ID, the IP address of the user node la, etc.)
- the content protection key issuing node sends the issued content protection key and the license authorization authority delegation to the content protection key issuing node.
- the added protection key transmission information is transmitted to the user node la.
- the user node la transmits the information requesting the location information of the protected content data to the root node by DHT routing as the content ID, and acquires the location information from the root node.
- the function of the authentication node, the function of the root node, and the function of issuing the content protection key are performed at different nodes, the user node first requests the root node for the location information of protected content data by DHT registering that uses the content ID as the root node. Included). Then, the root node transmits license certification request information to the certification node. When the authentication result is transmitted to the root node and the authentication is correct, the norate node requests the content protection key issuing node to issue the content protection key, receives the content protection key from the content protection key issuing node, and You can send the location information of protected content data and the content protection key to the user node.
- the root node sends the license certificate authentication request information and the location information of the protected content data to the authentication node, and the authentication node responds to the location information of the received protected content data with the authentication result. It may be transmitted to the content protection key issuing node, the location information of the protected content data may be transmitted from the root node to the user node, and the content protection key may be transmitted from the content protection key issuing node to the user node.
- the node that performs the authentication process related to the issuance permission of the content protection key and the node that performs the content protection key issuance process are independent to prevent unauthorized collusion and copyright protection. This is desirable in terms of operation.However, if the security can be improved in some way, the authentication process for issuing the content protection key and the content protection key issuance process are combined into one. It may be configured to execute on a node (for example, the above-described authentication node or content protection key issuing node (root node)).
- the power described on the assumption of the overlay network 9 constructed by the algorithm using the DHT is not limited to this, but is applied to other computer network systems. Is possible.
- the present invention is not limited to the above embodiment.
- the above embodiment is an example, and has substantially the same configuration as the technical idea described in the claims of the present invention. Those having the same effects can be included in the technical scope of the present invention.
Abstract
Description
Claims
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/892,938 US20080010207A1 (en) | 2005-03-11 | 2007-08-28 | Information delivery system, node device, method to issue unrestricted data, and the like |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2005068390 | 2005-03-11 | ||
JP2005-068390 | 2005-03-11 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/892,938 Continuation-In-Part US20080010207A1 (en) | 2005-03-11 | 2007-08-28 | Information delivery system, node device, method to issue unrestricted data, and the like |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2006095726A1 true WO2006095726A1 (ja) | 2006-09-14 |
Family
ID=36953320
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2006/304356 WO2006095726A1 (ja) | 2005-03-11 | 2006-03-07 | 情報配信システム、ノード装置、及び解除データ発行方法等 |
Country Status (2)
Country | Link |
---|---|
US (1) | US20080010207A1 (ja) |
WO (1) | WO2006095726A1 (ja) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2006285974A (ja) * | 2005-03-11 | 2006-10-19 | Brother Ind Ltd | 情報配信システム、ノード装置、及び解除データ発行方法等 |
JP2008084089A (ja) * | 2006-09-28 | 2008-04-10 | Brother Ind Ltd | ノード装置、情報分割保存システム、情報処理プログラム及び情報利用方法 |
JP2008175648A (ja) * | 2007-01-17 | 2008-07-31 | Aisin Aw Co Ltd | ナビゲーション装置、ナビゲーション方法、情報配信システム及び情報配信方法 |
Families Citing this family (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4816306B2 (ja) * | 2006-07-28 | 2011-11-16 | 富士ゼロックス株式会社 | 情報処理システム、情報処理装置およびプログラム |
US8132020B2 (en) * | 2007-03-26 | 2012-03-06 | Zhu Yunzhou | System and method for user authentication with exposed and hidden keys |
US20090228715A1 (en) * | 2008-03-05 | 2009-09-10 | Research In Motion Limited | Media security system and method |
CN102318257B (zh) * | 2008-12-15 | 2016-02-24 | 瑞典爱立信有限公司 | 用于信息网络的密钥分发方案 |
US10135831B2 (en) | 2011-01-28 | 2018-11-20 | F5 Networks, Inc. | System and method for combining an access control system with a traffic management system |
US9614678B2 (en) * | 2011-06-10 | 2017-04-04 | Dell Products, Lp | System and method for extracting device uniqueness to assign a license to the device |
US20140222873A1 (en) * | 2011-09-27 | 2014-08-07 | Nec Corporation | Information system, management apparatus, method for processing data, data structure, program, and recording medium |
US8844001B2 (en) * | 2011-10-14 | 2014-09-23 | Verizon Patent And Licensing Inc. | IP-based mobile device authentication for content delivery |
KR101907529B1 (ko) * | 2012-09-25 | 2018-12-07 | 삼성전자 주식회사 | 사용자 디바이스에서 어플리케이션 관리 방법 및 장치 |
US9589116B2 (en) * | 2012-09-26 | 2017-03-07 | Dell Products, Lp | Managing heterogeneous product features using a unified license manager |
FR3018125B1 (fr) * | 2014-03-02 | 2017-07-21 | Viaccess Sa | Procede de fourniture, a un terminal, de contenus multimedias proteges |
US10015143B1 (en) * | 2014-06-05 | 2018-07-03 | F5 Networks, Inc. | Methods for securing one or more license entitlement grants and devices thereof |
US9952744B2 (en) | 2014-11-19 | 2018-04-24 | Imprivata, Inc. | Crowdsourced determination of movable device location |
US10205598B2 (en) * | 2015-05-03 | 2019-02-12 | Ronald Francis Sulpizio, JR. | Temporal key generation and PKI gateway |
US10129277B1 (en) | 2015-05-05 | 2018-11-13 | F5 Networks, Inc. | Methods for detecting malicious network traffic and devices thereof |
US10528707B2 (en) * | 2015-06-15 | 2020-01-07 | Samsung Electronics Co., Ltd. | Enabling content protection over broadcast channels |
US11310212B2 (en) * | 2016-07-27 | 2022-04-19 | Comcast Cable Communications, Llc | Segmented encryption for content delivery |
US10972453B1 (en) | 2017-05-03 | 2021-04-06 | F5 Networks, Inc. | Methods for token refreshment based on single sign-on (SSO) for federated identity environments and devices thereof |
US11038869B1 (en) | 2017-05-12 | 2021-06-15 | F5 Networks, Inc. | Methods for managing a federated identity environment based on application availability and devices thereof |
US20210392123A1 (en) * | 2018-10-25 | 2021-12-16 | Sony Corporation | Communication device, communication method, and data structure |
US11347830B2 (en) * | 2018-12-31 | 2022-05-31 | Comcast Cable Communications, Llc | Content recording and group encryption |
US11349981B1 (en) | 2019-10-30 | 2022-05-31 | F5, Inc. | Methods for optimizing multimedia communication and devices thereof |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1996027155A2 (en) * | 1995-02-13 | 1996-09-06 | Electronic Publishing Resources, Inc. | Systems and methods for secure transaction management and electronic rights protection |
US7065787B2 (en) * | 2002-06-12 | 2006-06-20 | Microsoft Corporation | Publishing content in connection with digital rights management (DRM) architecture |
US20040009815A1 (en) * | 2002-06-26 | 2004-01-15 | Zotto Banjamin O. | Managing access to content |
US7353402B2 (en) * | 2002-06-28 | 2008-04-01 | Microsoft Corporation | Obtaining a signed rights label (SRL) for digital content and obtaining a digital license corresponding to the content based on the SRL in a digital rights management system |
JP3791499B2 (ja) * | 2003-01-23 | 2006-06-28 | ソニー株式会社 | コンテンツ配信システム、情報処理装置又は情報処理方法、並びにコンピュータ・プログラム |
-
2006
- 2006-03-07 WO PCT/JP2006/304356 patent/WO2006095726A1/ja active Application Filing
-
2007
- 2007-08-28 US US11/892,938 patent/US20080010207A1/en not_active Abandoned
Non-Patent Citations (2)
Title |
---|
IWATA T. ET AL.: "A DRM system suitable for P2P content delivery and the study on its implementation", COMMUNICATIONS, 2003.APCC203. THE 9TH ASIA-PACIFIC CONFERENCE, IEEE, vol. 2, 21 September 2003 (2003-09-21), pages 806 - 811, XP010688298 * |
IWATA T. ET AL.: "P2P Content Ryutsu ni Okeru Chosakuken Hogo", 2004 NEN THE INSTITUTE OF ELECTRONICS, INFORMATION AND COMMUNICATION ENGINEERS SOGO TAIKAI KOEN RONBUNSHU (COMMUNICATIONS 2), THE INSTITUTE OF ELECTRONICS, INFORMATION AND COMMUNICATION ENGINEERS, 27 March 2002 (2002-03-27), pages 163, XP003002233 * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2006285974A (ja) * | 2005-03-11 | 2006-10-19 | Brother Ind Ltd | 情報配信システム、ノード装置、及び解除データ発行方法等 |
JP2008084089A (ja) * | 2006-09-28 | 2008-04-10 | Brother Ind Ltd | ノード装置、情報分割保存システム、情報処理プログラム及び情報利用方法 |
JP2008175648A (ja) * | 2007-01-17 | 2008-07-31 | Aisin Aw Co Ltd | ナビゲーション装置、ナビゲーション方法、情報配信システム及び情報配信方法 |
US8261083B2 (en) | 2007-01-17 | 2012-09-04 | Aisin Aw Co., Ltd. | Navigation apparatus and information distribution system |
Also Published As
Publication number | Publication date |
---|---|
US20080010207A1 (en) | 2008-01-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2006095726A1 (ja) | 情報配信システム、ノード装置、及び解除データ発行方法等 | |
RU2352985C2 (ru) | Способ и устройство для санкционирования операций с контентом | |
US8108362B2 (en) | Secure content descriptions | |
CN107770115B (zh) | 在对等网络中分发数字内容的方法和系统 | |
US7971261B2 (en) | Domain management for digital media | |
EP1455479B1 (en) | Enrolling/sub-enrolling a digital rights management (DRM) server into a DRM architecture | |
US6550011B1 (en) | Media content protection utilizing public key cryptography | |
US7987368B2 (en) | Peer-to-peer networks with protections | |
JP4884535B2 (ja) | 装置間でのデータオブジェクトの転送 | |
JP4797709B2 (ja) | 情報配信システム、ノード装置、及び解除データ発行方法等 | |
KR20180112027A (ko) | 저작권 관리 방법 및 시스템 | |
US20090208007A1 (en) | Encryption device, a decrypting device, a secret key generation device, a copyright protection system and a cipher communication device | |
US20090292922A1 (en) | System and method for exchanging secure information between secure removable media (srm) devices | |
JP4168679B2 (ja) | コンテンツ利用管理システム、コンテンツを利用し又は提供する情報処理装置又は情報処理方法、並びにコンピュータ・プログラム | |
KR101452708B1 (ko) | Ce 장치 관리 서버, ce 장치 관리 서버를 이용한drm 키 발급 방법, 및 그 방법을 실행하기 위한프로그램 기록매체 | |
JP5204553B2 (ja) | グループ従属端末、グループ管理端末、サーバ、鍵更新システム及びその鍵更新方法 | |
JP2004072721A (ja) | 認証システム、鍵登録装置及び方法 | |
KR20080085846A (ko) | 콘텐츠 배포 제어 방법, 콘텐츠 수신 방법, 콘텐츠 발행방법 및 컴퓨터 프로그램 | |
JP4283699B2 (ja) | コンテンツ転送制御装置、コンテンツ配信装置およびコンテンツ受信装置 | |
JP2003529253A (ja) | マルチレベル・コンテンツ配信システムにおいて信任を承認及び失効にする方法及び装置 | |
CN103380589A (zh) | 终端装置、服务器装置、内容记录控制系统、记录方法以及记录许可与否控制方法 | |
JP2004248220A (ja) | 公開鍵証明書発行装置、公開鍵証明書記録媒体、認証端末装置、公開鍵証明書発行方法、及びプログラム | |
JP2004302835A (ja) | デジタルコンテンツ管理システム、利用者端末装置、ライツマネジメント方法 | |
JP4782752B2 (ja) | デジタル著作権管理方法および装置 | |
CN116167017A (zh) | 一种基于区块链技术的鞋类原创设计ai数字版权管理系统 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 11892938 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
NENP | Non-entry into the national phase |
Ref country code: RU |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 06715326 Country of ref document: EP Kind code of ref document: A1 |
|
WWP | Wipo information: published in national office |
Ref document number: 11892938 Country of ref document: US |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 06715326 Country of ref document: EP Kind code of ref document: A1 |