JP5177238B2 - Content transmitting apparatus and content transmitting method - Google Patents

Description

  The present invention relates to a transmission device, a reception device, and a content transmission method suitable for protecting the copyright of content to be transmitted when content such as video and audio is transmitted and received via a network.

With the development of processing capability such as the calculation speed and storage capacity of personal computers (hereinafter referred to as PCs), the capacity of hard disk drives (hereinafter referred to as HDDs) incorporated in PCs is also increasing. Under these circumstances, it is now possible to record TV broadcast programs using a HDD and view them on a PC display even on a PC with a rank that is used in general homes. I came.
On the other hand, due to the low price of large-capacity HDDs, HDD recording devices that incorporate HDDs and record video and audio information digitally as home recording devices have also appeared, and discs are used as recording media. Ease of use due to the use is attracting attention.
In a recording device or PC using the HDD as described above, since the audio / video information is recorded in the HDD fixed in the device, the user tries to view a program recorded in another room in the house. In such a case, it is difficult to carry the video / audio information at the medium level so that the apparatus itself can only be carried and a plurality of recording / playback apparatuses using a replaceable medium such as a VTR can be provided.

Therefore, by installing a wired or wireless LAN (Local Area Network) interface in such a recording device, and transmitting it to other PCs or receiving devices via the network, video / audio information recorded anywhere in the house can be obtained. It is considered to be able to watch.
On the other hand, in order to protect the copyright of information such as content, as an example of a copy protection method incorporated in a digital AV device, for example, there is a Digital Transmission Content Protection (DTCP) method that defines a copy protection method on the IEEE1394 bus ( Non-patent document 1).
Several techniques for realizing copy protection for copyright protection between devices or between networks are disclosed. For example, it is disclosed in Patent Document 1 and Patent Document 2.

JP 2000-287192 A JP 2001-358706 A

Hitachi, Ltd. Others, 5C Digital Transmission Content Protection White Paper

  With the above-described conventional technology, a home recording device is equipped with a wired or wireless LAN (Local Area Network) interface, and the content is transmitted to another PC or receiving device via the network, and recorded anywhere in the house. In the past, video / audio information that should be protected for copyright (hereinafter described as content) is not considered, and is recorded on the HDD. The video / audio information can be further stored in the HDD in another PC received via the LAN, and the video / audio information that can be handled has to be “unrestricted copy” content that can be freely copied.

  In general, when digitally recorded content is recorded by being transmitted from one device to another device via a network or the like as described above, there is little deterioration in data quality at the time of transmission, and there is in the device on the transmission side. Because the receiver can create a copy (duplicate) of the same quality as the content, the video and audio data (hereinafter referred to as “content”) that should be protected by copyright is illegal for content that deviates from the scope of personal use. Care must be taken to prevent copying. For example, when content is transmitted between digital AV devices, encryption is performed on the content transmitting device side, and information for decryption is shared with the content receiving device side, so that the transmission destination can Copy protection is implemented to prevent the creation of an unlimited copy so that the content is not correctly received and decrypted by a device other than a content receiving device.

  As an example of such a copy protection method, there is a DTCP method described in Non-Patent Document 1, for example, which is incorporated in a digital AV device. In the DTCP method, content is classified and managed as “no copy restriction”, “one-time copy allowed”, and “copy prohibited”, and the recording device records only the content of “no copy restriction” and “one-time copy allowed”, The content of “one-time copy allowed” is treated as “copy not possible” after recording once, and on the bus except for the content of “no copy restriction”, the transmission side performs encryption processing and performs transmission, Unlimited content copying is prohibited.

In content transmission by wired or wireless LAN, several techniques for realizing copy protection for copyright protection have been disclosed based on the same concept as the DTCP method. For example, Patent Document 1 discloses a technique for applying a technique similar to DTCP to a copy protection method for distributing digital contents on a network, and Patent Document 2 similarly protects the copyright of content. Therefore, a technique for configuring devices that communicate with each other after encryption is disclosed.
These do not consider whether the transmitting side and the receiving side are in the same house when transmitting content via a wired or wireless LAN. Rather, when downloading from a distribution server, the sending side is usually at the provider's site and the receiving side is usually in a general home.

Therefore, even if the above technology is applied to the case where the content is recorded by the HDD of the PC or the recording device with the built-in HDD and transmitted from here to another device in the home via the LAN, When connected to the Internet, the content can be received and displayed by a receiving device placed in another home connected via the Internet, and if the range is connected to the Internet, It will spread everywhere.
In such a situation, even if copy protection is to be performed using the above-described technology, the recording device user can make the recording device accessible from the Internet, so that the reception with the copy protection described above can be performed. The device can freely receive and display the content, and will deviate greatly from the scope of personal use, which is the original purpose of copyright protection.

  An object of the present invention is to enable copy protection to prevent unauthorized duplication of content during content transmission using a wired or wireless LAN in a home, and to make legitimate viewing and duplication of content. Is to provide a content or information transmitting device, receiving device, and content transmission method that can be limited to the range of personal use.

The object can be achieved by the configuration described in the claims as an example.

  According to the present invention, it is possible to improve the reliability of a content transmission device, a reception device, and content transmission using a home wired or wireless LAN.

1 is a block diagram illustrating a configuration of a content transmission device and a content reception device according to Embodiment 1. FIG. 1 is a block diagram of a LAN configured by a content transmission device and a content reception device according to Embodiment 1. FIG. FIG. 3 is a sequence diagram of a procedure when content is transmitted between the content transmission device and the content reception device according to the first embodiment. FIG. 10 is a sequence diagram of a procedure for transmitting content between a content transmission device and a content reception device according to the second embodiment. FIG. 10 is a block diagram of a LAN configured by a content transmission device and a content reception device according to a third embodiment. FIG. 10 is a sequence diagram of a procedure for transmitting content between a content transmission device and a content reception device according to the third embodiment. FIG. 10 is a block diagram of a LAN configured by a content transmission device and a content reception device according to Embodiment 4. FIG. 10 is a block diagram of a LAN configured by a content transmission device and a content reception device according to Embodiment 4. FIG. 6 is a block diagram of a LAN configured by a content transmission device and a content reception device according to a third embodiment and a fourth embodiment.

  Embodiments of the present invention will be described below with reference to the drawings.

Embodiment 1 of the present invention will be described below.
FIG. 1 shows a configuration of a content transmission device 100 and a content reception device 200 according to the first embodiment. The content transmission device 100 and the content reception device 200 are connected to each other via a LAN.
The content transmission apparatus 100 includes a content transmission circuit 101 that transmits content to be transmitted to the content reception apparatus 200 via a LAN, an encryption circuit 102 that encrypts content output from the content transmission circuit 101, an output of the encryption circuit 102, and an authentication circuit A network communication processing circuit 103 that exchanges input / output of 104 with other devices via the LAN, and an authentication circuit 104 that exchanges information with other devices connected on the LAN and performs mutual authentication between the devices. A non-volatile memory 105 that stores information necessary for processing in the authentication circuit 104; a key generation circuit 106 that generates key information necessary for content encryption in the encryption circuit 102 based on information output from the authentication circuit 104; A counter circuit 107 that measures and holds the number of successful mutual authentications in the authentication circuit 104; Information such as an authentication response request testimony circuit 104 is generated from the transmission to another device consisting of the timer circuit 108 that measures the time until the response information for the information arrives. The content transmitted by the content transmission circuit 101 is not limited to a specific kind of thing. For example, video and audio data of a program received from a TV broadcast, a recording medium such as a disk or tape such as an HDD or DVD, etc. Applicable to video and audio data playing from In FIG. 1, a tuner for receiving a broadcast, a means for recording / reproducing, a data compression processing circuit required prior to transmission over a network, and the like are omitted in the drawing. These means may be appropriately added to the configuration according to the type of content to be transmitted. The content transmitted from the content transmission circuit 101 is transmitted to the content receiving apparatus with identification codes of “no copy restriction”, “one-time copy permitted”, “copy prohibited” and “copy prohibited” indicating how to handle the content. .

  The content receiving apparatus 200 receives the content received from the network communication processing circuit 203 by receiving the content encrypted by the content receiving circuit 201 for receiving the content sent via the LAN and the encryption circuit 102 of the content transmitting apparatus 100, and receiving the content. Between the decryption circuit 202 that outputs to the circuit 201 and the network communication processing circuit 203 that exchanges the input to the decryption circuit 202 and the input and output of the authentication circuit 204 with other devices via the network Authentication circuit 204 for exchanging information with each other to perform mutual authentication between devices, nonvolatile memory 205 for storing information necessary for processing in authentication circuit 204, content decryption in decryption circuit 202 based on information output from authentication circuit 204 It comprises a key generation circuit 206 that generates a key necessary for conversion. The video and audio data that are output from the content receiving circuit 201 are displayed on a display device or recorded on a recording medium such as a disk or a tape, and their use forms are various. The present invention is limited to specific forms. Never happen. In FIG. 1, the display, the recording means, and the decompression / restoration means for the received data compression processed content are omitted, but may be added to the configuration as appropriate according to the usage form of the received content. The received content is processed according to the identification codes of “no copy restriction”, “one-time copy allowed”, “copy prohibited”, “no copy” sent with the content, and “no copy restriction” “one-time copy allowed” "Can be recorded on the content recording medium, and when the content of" copy only once "is recorded, the content is treated as" copy not possible "thereafter.

  FIG. 2 shows a configuration example of a LAN including the content transmission device 100 and the content reception device 200. One content transmitting apparatus 100 and two content receiving apparatuses 200a and 200b are connected to the network hub apparatus 400 by a wired LAN cable, and the network hub apparatus 400 is further connected to the router 300. The router 300 is connected to the Internet via a modem or photoelectric converter (not shown) or by a modem or photoelectric converter built in the router. The type of connection to the Internet may be any type such as a high-speed access line such as an ADSL (Asymmetric Digital Subscriber line) or an optical fiber, a mobile communication network such as an ISDN (Integrated Services Digital Network), an analog telephone line, or a mobile phone. A dotted line in FIG. 2 indicates a device that transmits and receives content and its direction.

  The LAN configuration in FIG. 2 is merely an example, and three or more content receiving apparatuses 200 may be connected. Two or more content transmission apparatuses may be connected. In this case, different contents can be transmitted simultaneously from the respective content transmission apparatuses to the content reception apparatus as long as the LAN bandwidth permits. Note that the minimum necessary configuration in the present invention is a state in which one content transmitting device and one content receiving device are connected to the LAN.

  In the LAN shown in FIG. 2, standard IP (Internet Protocol) is used as a network protocol, and TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) are used as upper transport protocols. A higher-level application protocol such as RTP (Real-time Transport Protocol) or HTTP (Hyper Text Transfer Protocol) is used for content transmission. Note that there are IPv4 and IPv6 as IP versions, but the present invention is not limited to either.

  The content transmission device 100, the content reception devices 200a and 200b, and the router 300 each have an IP address that identifies itself on the LAN. In addition, a 48-bit MAC (Media Access Control) address is given in advance to the interface unit of each network communication processing circuit at the time of manufacture. For example, the router 300 is operated as a DHCP server by DHCP (Dynamic Host Configuration Protocol) widely used for automatic address setting in the conventional network, and the IP address of each device is set from here. Allocate it. When IPv6 is used, each device can determine its own IP address from the upper 64 bits of the IP address of the router 300 and the MAC address by a method called stateless automatic setting.

FIG. 3 shows an example of a procedure when content is transmitted / received by the content transmitting apparatus 100 and the content receiving apparatus 200. The left side represents the content transmitting apparatus 100 and the right side represents the content receiving apparatus 200, and the timing and direction of information transmission / reception between the two are indicated by arrows.
Prior to content transmission, the content transmission device 100 and the content reception device 200 mutually authenticate each other's device, and confirm that the other device is a device that is correctly manufactured in accordance with the copyright protection rules. The content will be transmitted afterwards. Transmission and reception of information for authentication uses TCP as a communication protocol. When various information such as an authentication request to the other device and an authentication response to the other device is transmitted, a reception confirmation is sent back from the other device. Thus, a communication path capable of detecting a transmission error is secured. In FIG. 3, transmission / reception of data for establishing and discarding a connection by TCP is omitted.
First, an authentication request is created from the content receiving device 200 side. The authentication request is sent to the content transmitting apparatus 100 with a public key unique to the apparatus generated by a specific authentication authority and held in the nonvolatile memory 205 of the content receiving apparatus 200 and a certificate for the public key.
The public key and the certificate are stored in advance in the nonvolatile memory 205 when the content receiving device 200 is manufactured. When the content transmission apparatus 100 receives the authentication request and sends the reception confirmation to the content reception apparatus 200, the content transmission apparatus 100 creates an authentication request from its own side, and the content transmission apparatus 100 issued by the authentication authority as in the case of the content reception apparatus. A unique public key and its certificate are attached and sent to the content receiving apparatus side 200.

On the other hand, the content transmitting apparatus 100 authenticates the content receiving apparatus 200 based on a predetermined public key signature algorithm. When the validity of the content receiving device 200 is confirmed by the public key signature algorithm, a pre-authentication response request is transmitted to the content receiving device 200, and a corresponding pre-authentication response is awaited.
The content receiving apparatus 200 also receives an authentication request from the content transmitting apparatus 100, authenticates the content transmitting apparatus 100 based on the public key signature algorithm, and transmits a pre-authentication response request from the content transmitting apparatus 100 in parallel. Wait for. The content receiving apparatus 200 that has received the pre-authentication response request sends the pre-authentication response to the content transmitting apparatus 100 when the processing for confirming the validity of the content transmitting apparatus 100 is completed and an authentication response can be issued.

Upon receiving the pre-authentication response, content transmitting apparatus 100 sends an authentication response request to content receiving apparatus 200 and starts timer circuit 108. Then, a time T1 until the authentication response transmitted from the content receiving device 200 is received in response to the authentication response request is measured. If the measured value T1 exceeds a predetermined value, the authentication is determined to be unsuccessful. The time T1 is greatly affected by the state of the network, and when the network load is large, the measurement time T1 may temporarily exceed a predetermined value. Considering this, the time measurement process P1 may be executed a plurality of times, and for example, T1 may be calculated by a statistical process such as an average value excluding the maximum value and the minimum value to determine the success of authentication.
Further, the numerical value of the counter 107 is checked, and if the current value exceeds a predetermined value, the authentication is unsuccessful, and if the authentication is successful, the value of the counter 107 is increased by 1. If the authentication is successful, an authentication response is issued and transmitted to the content receiving apparatus 200.
As described above, when authentication is successful, a common authentication key is generated and shared. A well-known key exchange algorithm such as Diffie-Hellman may be used to generate the authentication key.

  When the sharing of the authentication key is completed, the content transmitting apparatus 100 generates an exchange key and a random number, encrypts the exchange key and the random number with the authentication key, and sends the encrypted key and the random number to the content receiving apparatus 200. In FIG. 3, the exchange key and the random number are separately transmitted from the content transmitting apparatus 100 to the content receiving apparatus 200, but they may be transmitted together. The content receiving device 200 decrypts the exchange key transmitted from the content transmitting device 100 using the authentication key, and holds it together with the random number received and decrypted. Subsequently, a common key is generated according to a predetermined calculation algorithm using an exchange key and a random number on each side of the content transmission device 100 and the content reception device 200. The content transmitting apparatus 100 encrypts and transmits the content using the common key thus obtained, and the content receiving apparatus 200 can receive the decrypted content.

  When actually starting the content transmission, for example, as shown in FIG. 3, a content transmission request is sent from the content receiving apparatus 200, and the content is transmitted as a trigger. When the content transmission is completed, the content transmission device 100 may notify the completion of the transmission, or conversely, the content reception device 200 may request the end of the transmission. Further, when the data amount of the content to be transmitted is known in advance, it is not particularly necessary to notify or request transmission completion from either side. After all necessary content transmissions are completed, the content transmission apparatus 100 discards the authentication key, exchange key, random number, and common key. When the content reception apparatus 200 completes the reception of the content, the authentication key, the exchange key, the random number, and the common key are discarded, and when trying to receive the content again, a new authentication request may be performed. When the transmitting device 100 is transmitting content to another content receiving device and the previous key can be used again, the content receiving device 200 inquires the content transmitting device 100 about the current key information and then the previous key. May be reused.

  The protocol used for transmitting content from the content transmitting apparatus 100 to the content receiving apparatus 200 is not limited to a specific one, and RTP, HTTP, ftp (File Transfer Protocol), etc. are used as described above. It is possible. When transmitting content, the content encrypted by a predetermined algorithm using a common key in the payload portion of each transfer protocol may be accommodated and transmitted. As an encryption algorithm, for example, AES (Advanced Encryption Standard) can be used.

As described above, since the content encrypted using the common encryption key is transmitted and received between the content transmitting apparatus 100 and the content receiving apparatus 200 shown in FIG. Even if the content is received, it cannot be correctly decrypted, and the content can be prevented from being illegally copied under the user.
As shown in FIG. 2, it is possible to receive content by two or more content receiving devices at a time. In this case, the contents may be transmitted after mutual authentication is performed between each content receiving apparatus and the content transmitting apparatus according to the procedure shown in FIG. At this time, the number of content receiving devices authenticated by one content transmitting device is counted by the counter 107. Therefore, when the content transmitting device authenticates the content receiving device, the upper limit of the number of content receiving devices is determined. It is possible to limit the number of content copies that can be created using a plurality of content receiving apparatuses at the same time. Regarding the upper limit of the number of content receiving apparatuses, for example, the upper limit of 62 content receiving apparatuses that can be connected at once using IEEE 1394 may be set to a value smaller than that.

  Further, when the content receiving apparatus 200 is placed in another house different from the user's house via the Internet, it is limited by the measurement result of the time T1 measured in the time measurement process P1 of FIG. Is provided. Since transmission / reception is performed via the wide area network and the router 300, the time required until a response is returned is increased compared with transmission / reception in the home. Therefore, if the upper limit value for determining that authentication is successful is set to an appropriate value, for example, 10 milliseconds, for example, it is possible to keep the content transmission range within the user's home.

  The measurement of T1 is not the response time until the TCP transmission data used as a communication protocol and the reception confirmation (acknowledgement) are returned, but the time of the process P1 as a part of the authentication procedure. Another device suppresses impersonation of the content receiving device 200. Further, a procedure for transmitting a pre-command as a preliminary preparation for the time measurement process P1 is added. The calculation time does not affect the time measurement result by this procedure. Therefore, time measurement independent of the calculation performance of the apparatus can be realized.

Embodiment 2 of the present invention will be described below.
In the second embodiment, the configurations of the content transmission device 100 and the content reception device 200 are the same as those in FIG.
FIG. 4 shows an example of a procedure when content is transmitted / received by the content transmitting device 100 and the content receiving device 200. As in FIG. 3, the left side represents the content transmitting apparatus 100 and the right side represents the content receiving apparatus 200, and the timing and direction of information transmission / reception between the two are indicated by arrows. The basic processing procedure is the same as that of FIG. 3 of the first embodiment. In the example of FIG. 4, after sharing the authentication key as a result of mutual authentication processing between devices, the transmission range is confirmed securely using the authentication key. The difference is in carrying out the process.
First, the authentication process is performed.

An authentication request is created from the content receiving apparatus 200 side in the same procedure as in FIG. 3, and a public key unique to the apparatus and a certificate for the public key are attached to the content transmitting apparatus 100.
When the content transmitting apparatus 100 receives the authentication request and sends a receipt confirmation to the content receiving apparatus 200, the content transmitting apparatus 100 creates an authentication request from its own side, attaches a public key unique to the apparatus and its certificate, and sends it to the content receiving apparatus side 200. send.
On the other hand, the content transmitting apparatus 100 authenticates the content receiving apparatus 200 based on a predetermined public key signature algorithm. If the authentication is successful, an authentication response is issued and transmitted to the content receiving apparatus 200.
Similarly, the content receiving apparatus 200 also performs authentication after receiving an authentication request from the content transmitting apparatus 100, and if successful, issues an authentication response and transmits it to the content transmitting apparatus 100.
As described above, when mutual authentication is successful, a common authentication key is generated and shared.

When the mutual authentication process is successful, the transmission range confirmation process is started.
First, a transmission range confirmation request is created from the content transmission apparatus 100 side. The content transmitting apparatus 100 adds an arbitrary value N generated by internal processing and transmits it to the content receiving apparatus 200, starts the timer circuit 108 for transmission range confirmation, and receives the transmission range confirmation response from the content receiving apparatus 200 Measurement of time T3 until the start is started.
The content receiving apparatus 200 that has received the transmission range confirmation request uses the authentication key KAUTH shared in the previous mutual authentication process, and transmits the transmission range confirmation response data R using the encryption algorithm f agreed in the transmission range confirmation process. R = f (KAUTH, N) is generated, and data R is added to the transmission range confirmation response and transmitted to the content transmitting apparatus 100.

  On the other hand, the content transmitting apparatus 100 calculates data R ′ by the same procedure. The content transmitting apparatus 100 determines that the transmission range confirmation response is transmitted from the mutually authenticated content receiving apparatus 200 if the response data R is equal to the data R ′ calculated by itself. Further, it is determined whether or not the content receiving apparatus 200 is in a transmittable range based on whether or not the time T3 until the transmission range confirmation response from the content receiving apparatus 200 is received exceeds a predetermined value Tn. That is, the transmission range confirmation process is successful when R = R 'and T3 <Tn are satisfied at the same time.

In this processing procedure, encryption with a low calculation load such as SHA-1 (Secure Hash Algorithm, revision 1) or AES (Advanced Encryption Standard) is used in order to minimize the influence of the difference in the calculation capability of the apparatus on the measurement result. An algorithm will be used. Moreover, since SHA-1 and AES are mounted in the DTCP compatible device, it is preferable in that additional mounting is not necessary.
Also, the numerical value of the counter 107 is checked in the same way as in the first embodiment, and even when the current value exceeds a predetermined value, the transmission range confirmation process is unsuccessful and the transmission range confirmation process is successful. In this case, the value of the counter 107 is increased by 1.
Since the key exchange process for content transmission is the same as that of the first embodiment after the transmission range confirmation process is completed, the description is omitted here.
As described above, the same effects as in the first embodiment can be obtained in the second embodiment. Furthermore, since the transmission source of the transmission range confirmation response can be confirmed, the transmission range confirmation process can be performed more securely than in the first embodiment, and impersonation of the content receiving device 200 by other devices can be eliminated.

Embodiment 3 of the present invention will be described below.
FIG. 5 shows a configuration of the content transmission device 500 and the content reception device 600 according to the third embodiment. The content transmission device 500 and the content reception device 600 shown in FIG. 5 are different from the content transmission device 100 and the content reception device 200 in FIG. 1 in that the content reception device 600 also includes other information such as an authentication request generated by the authentication circuit 604. A timer circuit 608 that measures the time from when the information is transmitted to the device until response information for the information arrives is provided.

  FIG. 6 shows an example of a procedure when content is transmitted / received by the content transmitting device 500 and the content receiving device 600. Similar to FIG. 3, the left side represents the content transmitting apparatus 500 and the right side represents the content receiving apparatus 600, and the timing and direction of information transmission / reception between the two are indicated by arrows. The basic processing procedure is the same as that in FIG. 4 of the second embodiment, but in the example of FIG. 6, the time measurement for confirming the transmission range is performed by both the content transmitting device 500 and the content receiving device 600 in the authentication process procedure. The difference is that the success of the transmission range confirmation process is determined based on the time measurement results performed in both.

First, the authentication process is performed.
An authentication request is created from the content receiving device 600 in the same procedure as in FIG. 3, and a public key unique to the device and a certificate for the public key are attached to the content transmitting device 500.
When the content transmitting apparatus 500 receives the authentication request and sends the reception confirmation to the content receiving apparatus 600, the content transmitting apparatus 500 creates an authentication request from its own side, attaches a public key unique to the apparatus and its certificate, and sends it to the content receiving apparatus side 200. The timer circuit 508 is started, and measurement of the time T5 until the authentication response from the content receiving device 600 is received is started.
On the other hand, the content transmission apparatus 500 authenticates the content reception apparatus 600 based on a predetermined public key signature algorithm. If the authentication is successful, an authentication response is issued and transmitted to the content receiving device 600.

When receiving the authentication request from the content transmitting device 500, the content receiving device 600 starts the timer circuit 608, performs the authentication processing of the content transmitting device 500, and if successful, generates an authentication response and transmits it at time T6. Start measurement.
As described above, when mutual authentication is successful, a common authentication key is generated and shared. Furthermore, the content transmission device 500 receives the authentication request from the content transmission device 500 at the time T5 from when the authentication request is transmitted until the authentication response from the content reception device 600 is received. The measurement result of the time T6 from when the authentication response is transmitted to the content transmitting apparatus 500 is obtained.
When the mutual authentication process is successful, the transmission range confirmation process is started.

First, the content transmission device 500 creates a transmission range confirmation request, adds the measurement low time T5 measured by the mutual authentication process, and transmits the request to the content reception device 600.
The content receiving device 600 also creates a transmission range confirmation request, adds the measurement low time T6 and transmits it to the content transmission device 500, and exchanges the measurement low time with each other.
Next, ΔT = T5−T6 (ΔT ′ = T5−T6) is calculated as an actual transmission time, mutually encrypted with an authentication key, and exchanged as a transmission range confirmation response.
Then, the content transmission device 500 compares the actual transmission time ΔT ′ calculated by itself with ΔT acquired from the content receiving device 600, and if they are equal, it is determined that the content is transmitted from the content receiving device 600. Further, it is determined whether or not the content receiving apparatus 600 is in a transmittable range based on whether or not the actual transmission time ΔT ′ exceeds a predetermined value Tn. That is, when ΔT = ΔT ′ and ΔT ′ <Tn are satisfied at the same time, the transmission range confirmation process on the content transmitting apparatus 500 side is successful.

The same processing is performed on the content receiving device 600 side, and the transmission range confirmation process is successful when ΔT ′ acquired from the content transmitting device 500 is equal to ΔT calculated by itself and Δ ′ <Tn is satisfied.
Since the processing of checking the numerical value of the counter 507 by the content transmitting apparatus 500 and the key exchange processing after the completion of the process for confirming the transmittable range are the same processing as in the first embodiment, description thereof is omitted here.
As described above, the same effects as in the first embodiment can be obtained in the third embodiment. Furthermore, since the transmission source of the transmission range confirmation response can be confirmed on both the content transmission side and the content reception side, the transmission range confirmation process can be performed more securely than in the second embodiment. Since the content receiving apparatus 600 also performs the transmission range confirmation process, it is possible to reject the reception of content exceeding the transmittable range.

Embodiment 4 of the present invention will be described below.
FIG. 7 shows a configuration of a content transmission device 700 and a content reception device 800 according to the fourth embodiment. The content transmitting apparatus 700 and the content receiving apparatus 800 shown in FIG. 7 are different from the content transmitting apparatus 500 and the content receiving apparatus 600 in FIG. 5 in that content is transmitted using a wireless LAN. Wireless network communication processing circuits 703 and 803 are used, and WEP (Wired Equivalent Privacy) encryption processing circuits 709 and 809 are provided. WEP is a well-known encryption method that is used as a standard for the purpose of security protection in a wireless LAN, and communication with security protection between a transmission device and a reception device can be realized under the control of a user. .

  FIG. 8 shows an example of the configuration of a home network using the content transmitting apparatus 700 and the content receiving apparatus 800 shown in FIG. In FIG. 8, a data transmission device 700 and two data reception devices 800a and 800b are connected by a wireless access point 900 via a wireless LAN. The wireless LAN access point 900 is further connected to the router 300, and the router 300 is connected to the Internet in the same manner as the router 300 shown in FIG.

  When mutual authentication and subsequent content transmission are to be performed between the content transmitting apparatus 700 and the content receiving apparatus 800 shown in FIG. 7, the WEP encryption processing circuits 709 and 809 perform WEP processing by the authentication circuits 704 and 804. Check whether it has been applied. If the WEP process is not used, mutual authentication and subsequent content transmission are not performed, or a necessary process such as a display prompting the user to start the WEP process is performed. To do. As described above, when content is transmitted using a wireless LAN, the WEP process is always performed. As a result, it is possible to prevent unauthorized copying of content by connecting another data receiving device via a wireless LAN where the user of the content transmitting device 700 and the content receiving device 800 is not conscious.

  Regarding the points other than those described above, unauthorized duplication of content is performed in exactly the same manner as the content transmission method implemented by the content transmission apparatus and content reception apparatus according to the third embodiment of the present invention shown in FIGS. The copyright can be protected by preventing the creation of the content, and the content can be prevented from being transmitted outside the range of personal use. In addition, although it demonstrated by the same method as Example 3 here, if an authentication procedure is used for the same circuit structure as Example 1 and Example 2 except the structure which concerns on wireless LAN, it will be equivalent to Example 1 and Example 2. The effect of.

  In the embodiment of the present invention described above, the case of using a wired LAN and the case of using a wireless LAN have been described separately. However, it is also possible to construct a home LAN using these simultaneously. In particular, the present invention can be applied. FIG. 9 shows a configuration when the content transmitting apparatus and the content receiving apparatus according to the embodiment of the present invention are used in a LAN configured by using both wired and wireless.

  In FIG. 9, the content transmitting device 500 and the content receiving devices 600a and 600b are connected to each other via the network hub device 400, and the wireless access point 900 is also connected to the network hub device 400. The wireless access point 900 is connected to a content transmission device 700 and content reception devices 800a and 800b by a wireless LAN. Further, the network hub device 400 is connected to the router 300, whereby the home LAN is connected to the Internet.

  In FIG. 9, the dotted line of the thin arrow indicates the content transmission direction, and each content transmission device and content reception device indicates whether the other party is connected by a wired LAN or a wireless LAN. Content can be transmitted between each other without being conscious. The transmission procedure at that time may be exactly the same as that described with reference to FIG. Further, in the content transmitting apparatus 700 and the content receiving apparatuses 800a and 800b using a wireless LAN, it is only necessary to check the operation of WEP and perform mutual authentication and content transmission in the same manner as described above. Even in this case, as in the case where a wired or wireless LAN is configured alone, it is possible to prevent the creation of unauthorized duplication during content transmission, and to limit content transmission to the range of personal use.

  In the above description, the content to be transmitted through the network is the content such as video information, and the content transmitting device and the receiving device for transmitting / receiving the content are described. However, the same applies to other types of information other than the video information. The present invention can also be implemented for an information processing apparatus that inputs and outputs information.

  The authentication circuit, the key generation circuit, the encryption circuit, the decryption circuit, the counter circuit, the timer circuit, etc. in the embodiment of the present invention described above are not limited to realization by hardware, but one of these is provided. All or part may be realized by a microprocessor and software processing executed on the microprocessor, and there is no difference in achieving the effect of the present invention.

For the convenience of the description so far, the content transmission device and the content reception device are separated, but in a device that records and reproduces content on a recording medium such as a disk or a tape, the content transmission device and the content reception device In this case, an authentication circuit, a non-volatile memory, or the like can be shared.
In order to solve the above problems, in the present invention, content is transmitted via a network.
In the content transmission apparatus, network communication processing means for transmitting and receiving data, and network communication processing means.
Content to be transmitted to a content receiving apparatus connected via a network
The transmission content generation means to be supplied to the communication means and the authentication request from the content reception device
And receiving the authentication request for the authentication request, and
Authentication means for issuing its own authentication request, and information obtained by executing authentication processing by the authentication means
Key information is generated based on the content of the content to be transmitted to the content receiving device using the key information.
Encryption means for performing encoding processing, and transmission of a predetermined command request to the content receiving device
Until the response transmitted from the content receiving apparatus in response to the transmission of the command request
Timer means (time measuring means) for measuring the time of the measurement, the measurement result in the timer means
Do not send content to the content receiving device when it exceeds a predetermined value
To do.
In addition, a predetermined command request in the content transmission device described above is transmitted as predetermined authentication information.
As a command request that accompanies, the authentication means determines whether to authenticate the response with the predetermined authentication information
If it is not authenticated, or the measurement result by the timer means exceeds the predetermined value
The content is not sent to the content receiving apparatus.
In the content transmission device described above, the response from the content reception device is not reached.
Measure the time at least at least twice, and the result of the predetermined statistical processing is the predetermined value
If it exceeds the limit, content transmission to the content receiving apparatus is not performed.
Furthermore, in order to solve the above problems, the present invention receives content via a network.
And receiving the authentication request from the content transmission device.
Determines authentication for authentication request and authenticates itself to the content transmission device
Key information based on authentication means that issues a request and information obtained by executing authentication processing by the authentication means
And encrypting / decrypting the content transmitted by the content transmitting apparatus using the key information
From the transmission of a predetermined command request to the content transmission device
Corresponding to the transmission of the request to send a response sent from the content transmission device.
A timer means for measuring, and when the measurement result of the timer means exceeds a predetermined value
Does not receive the content transmitted from the content transmission device.
That is, in the present invention, the content transmission device and the content reception device transmit content.
Prior to performing authentication, determination of authentication information in a command request with predetermined authentication information, or
Judgment of authentication based on the time until the response corresponding to the command request with predetermined authentication information arrives
If it is not authenticated, do not send the content to the content receiver.
To.
As a result, when transmitting content using a wired or wireless LAN in the home,
You can implement copy protection to prevent unauthorized duplication of content and
The legitimate viewing and reproduction of the content can be restricted to personal use.
The above-described embodiments disclose at least the following.
(1)
Network communication processing means for transmitting and receiving data via a network;
Content to be transmitted to a content receiver connected via the network is transmitted to the network.
Transmission content generation means to be supplied to the network communication means;
Upon receipt of an authentication request from the content receiving device, authentication for the authentication request is determined.
And authentication means for issuing an authentication request to the content receiving device;
Key information is generated based on information obtained by executing authentication processing by the authentication means, and the key information
Encryption means for encrypting content to be transmitted to the content receiving device;
From the transmission of a predetermined command request to the content receiving device, the transmission of the command request
In response, a timer that measures the time to reach the response transmitted from the content receiving device.
Having a step,
If the measurement result of the timer means exceeds a predetermined value, the content receiving device
A content transmission apparatus characterized by not performing content transmission.
(2)
Network communication processing means for transmitting and receiving data via a network;
Content to be transmitted to a content receiving apparatus connected via the network
Transmission content generation means to be supplied to the work communication means;
Upon receipt of an authentication request from the content receiving device, authentication for the authentication request is determined.
And authentication means for issuing an authentication request to the content receiving device;
Key information is generated based on information obtained by executing authentication processing by the authentication means, and the key information
Encryption means for encrypting content to be transmitted to the content receiving device;
From transmission of a command request with predetermined authentication information to the content receiving device, the authentication information
In response to transmission of a command request accompanied by
Timer means for measuring the time at
When the authentication means determines authentication of the response with the predetermined authentication information and is not authenticated
Or if the measurement result by the timer means exceeds a predetermined value, the content reception
A content transmitting apparatus characterized by not transmitting content to the apparatus.
(3)
By the timer means, a predetermined command request to the content receiving device or a place
A response from the content receiving device from the transmission of a command request with a predetermined authentication information
The measurement of the time until is performed at least twice and the result of the predetermined statistical processing is the predetermined
When the value is exceeded, content is not sent to the content receiving device.
The content transmission device according to any one of (1) and (2).
(4)
Network communication processing means for transmitting and receiving data via a network;
Content transmitted by a content transmission apparatus connected via the network is transmitted to the network.
Content reception processing means for receiving via network communication means;
Upon receipt of an authentication request from the content transmission device, an authentication decision is made for the authentication request.
And authentication means for issuing an authentication request to the content transmission device;
Key information is generated based on information obtained by executing authentication processing by the authentication means, and the key information
Decryption means for performing encryption / decryption processing of content transmitted by the content transmission device;
From transmission of a predetermined command request to the content transmission device, transmission of the command request
In response, a timer that measures the time until the response transmitted from the content transmission device arrives.
Having a step,
When the measurement result by the timer means exceeds a predetermined value, the content transmission device
A content receiving apparatus characterized by not receiving received content.
(5)
Network communication processing means for transmitting and receiving data via a network;
Content transmitted by a content transmission apparatus connected via the network is transmitted to the network.
Content reception processing means for receiving via network communication means;
Upon receipt of an authentication request from the content transmission device, an authentication decision is made for the authentication request.
And authentication means for issuing an authentication request to the content transmission device;
Key information is generated based on information obtained by executing authentication processing by the authentication means, and the key information
Decryption means for performing encryption / decryption processing of content transmitted by the content transmission device;
From transmission of a command request with predetermined authentication information to the content transmission device, the authentication information
In response to the transmission of a command request accompanied by
Timer means for measuring the time at
When the authentication means determines the authentication of the response with the predetermined authentication information and is not authenticated,
Alternatively, if the measurement result by the timer means exceeds a predetermined value, the content transmission device
A content receiving apparatus characterized in that it does not receive content sent from a device.
(6)
By the timer means, a predetermined command request or place to the content transmission device
A response from the content transmission device from the transmission of a command request with predetermined authentication information
The measurement of the time until is performed at least twice and the result of the predetermined statistical processing is the predetermined
When the value is exceeded, the content transmitted from the content transmission device is not received.
The content receiving device according to any one of (4) and (5).
(7)
When transmitting content to a content receiver connected via a network,
When an authentication request is received from the content receiving apparatus and authentication is determined for the authentication request
Both authentication means for issuing its own authentication request to the content receiving device;
From the transmission of a predetermined command request to the content receiving device, the transmission of the command request
In response, a timer that measures the time to reach the response transmitted from the content receiving device.
Having a step,
If the measurement result of the timer means exceeds a predetermined value, the content receiving device
A content transmission apparatus characterized by not performing content transmission.
(8)
Receives content transmitted by a content transmission device connected via a network
Upon receiving an authentication request from the content transmission device and determining authentication for the authentication request.
And authentication means for issuing an authentication request to the content transmission device,
From transmission of a predetermined command request to the content transmission device, transmission of the command request
In response, a timer that measures the time until the response transmitted from the content transmission device arrives.
Having a step,
When the measurement result by the timer means exceeds a predetermined value, the content transmission device
A content receiving apparatus characterized by not receiving received content.
(9)
A link between a content transmission device and a content reception device connected via a network
Content transmission method,
The content transmitting apparatus
Network communication processing means for transmitting and receiving data via a network;
Transmission for supplying content to be transmitted to the content receiving device to the network communication means
Content generation means;
Upon receipt of an authentication request from the content receiving device, authentication for the authentication request is determined.
And authentication means for issuing an authentication request to the content receiving device;
Key information is generated based on information obtained by executing authentication processing by the authentication means, and the key information
Encryption means for encrypting content to be transmitted to the content receiving device;
From the transmission of a predetermined command request to the content receiving device, the transmission of the command request
In response, a timer that measures the time to reach the response transmitted from the content receiving device.
Having a step,
The content receiving apparatus
Network communication processing means for transmitting and receiving data via a network;
The content received from the content transmission device is received from the network communication means.
Content reception processing means;
Issue and send an authentication request to the content transmission device, and from the content transmission device
An authentication means for performing authentication judgment on the received authentication request;
Key information is generated based on information obtained by executing authentication processing by the authentication means, and the key information
And decryption means for performing decryption processing of the content received from the content transmission device.
And
When the measurement result by the timer means of the content transmission device exceeds a predetermined value
Does not send content from the content transmitting device to the content receiving device.
A content transmission method characterized by the above.
(10)
A link between a content transmission device and a content reception device connected via a network
Content transmission method,
The content transmitting device
Network communication processing means for transmitting and receiving data via a network;
Transmission for supplying content to be transmitted to the content receiving device to the network communication means
Content generation means;
Upon receipt of an authentication request from the content receiving device, authentication for the authentication request is determined.
And authentication means for issuing an authentication request to the content receiving device;
Key information is generated based on information obtained by executing authentication processing by the authentication means, and the key information
Encryption means for encrypting content to be transmitted to the content receiving device;
From transmission of a command request with predetermined authentication information to the content receiving device, the authentication information
In response to transmission of a command request accompanied by
Timer means for measuring the time at
The content receiving apparatus
Network communication processing means for transmitting and receiving data via a network;
The content received from the content transmission device is received from the network communication means.
Content reception processing means;
Issue and send an authentication request to the content transmission device, and from the content transmission device
An authentication means for performing authentication judgment on the received authentication request;
Key information is generated based on information obtained by executing authentication processing by the authentication means, and the key information
Decryption means for performing encryption / decryption processing of content received from the content transmission device;
From transmission of a command request with predetermined authentication information to the content transmission device, the authentication information
In response to the transmission of a command request accompanied by
Timer means for measuring the time at
If the measurement result by the timer means of the content transmission device exceeds a predetermined value,
Alternatively, the authentication unit of the content transmission apparatus determines whether to authenticate a response with predetermined authentication information.
If the content transmission device is not authenticated, the content is transmitted from the content transmission device to the content reception device.
A content transmission method, wherein content transmission is not performed.
(11)
When outputting information to other information processing devices connected via a network, the other information
Receiving an authentication request from the processing device and making an authentication decision for the authentication request;
An authentication means for issuing its own authentication request to another information processing apparatus;
Corresponding to the output of a command request from the output of a predetermined command request to the other information processing apparatus
And a time measuring means for measuring the time until the response output from the other information processing apparatus arrives.
Have
When the measurement result by the time measuring means exceeds a predetermined value, information to the other information processing apparatus is
An information processing apparatus that does not perform report output.

  The present invention is effective in a system in which copyright-protected content is distributed or received using a wired or wireless LAN, and the range of distribution is limited to the home.

DESCRIPTION OF SYMBOLS 100, 500 ... Content transmission apparatus 101, 501 ... Content transmission circuit 102, 502 ... Encryption circuit 103, 503 ... Network communication processing circuit 104, 504 ... Authentication circuit 105, 505 ... Non-volatile memory 106, 506 ... Key generation circuit 107, 507... Counter circuit 108, 508 timer circuit 200, 600 content receiver 201, 601 content receiver circuit 202, 602 decryption circuit 203, 603 network communication processing circuit 204, 604 authentication circuit 205, 605 non-volatile Memory 206, 606 ... key generation circuit

Claims (2)

  A content transmission device,
  An authentication unit that performs authentication with a content receiving apparatus connected via a network and shares authentication key information;
  From the transmission of a predetermined command request to the content receiving device to the arrival of a response with authentication information generated based on the authentication key information transmitted from the content receiving device in response to the transmission of the command request Timer means for measuring time;
  Encryption means for sharing exchange key information with the content receiving apparatus and performing encryption processing of content to be transmitted to the content receiving apparatus using common key information generated based on the exchange key information;
With
  When the time measured by the timer means exceeds a predetermined value, the exchange key information is not shared with the content receiving device.
The content transmission apparatus characterized by the above-mentioned.   A content transmission method,
  Authenticate with content receivers connected via a network, share authentication key information,
  From the transmission of a predetermined command request to the content receiving device to the arrival of a response with authentication information generated based on the authentication key information transmitted from the content receiving device in response to the transmission of the command request Measure time,
  Sharing the exchange key information with the content receiving device, performing encryption processing of the content to be transmitted to the content receiving device with the common key information generated based on the exchange key information,
  When the measured time exceeds a predetermined value, the exchange key information is not shared with the content receiving device.
The content transmission method characterized by the above-mentioned.

Images