Distribution system, semiconductor memory card, receiving apparatus, computer-readable recording medium and receiving method
A distribution server 103 distributes a content via a network, and a KIOSK terminal 105 receives the content via the network and records the content in an SD memory card 100. A customer device 111 receives a content via the SD memory card 100, checks out the content and records a copy on a recording medium. SD-Audio players 122 to 124 receive a copy of the content and play back the copy. Here, the KIOSK terminal 105 records a Usage Rule that certifies the right to control recording of content on the SD memory card 100. Move Control Information showing the number of times that moving of rights is permitted is set in the Usage Rule.
Latest Panasonic Patents:
- METHOD FOR MANUFACTURING SUBSTRATE WITH CONDUCTIVE PATTERN ATTACHED THERETO
- CYLINDRICAL BATTERY AND MANUFACTURING METHOD FOR SAME
- NEGATIVE ELECTRODE ACTIVE MATERIAL COMPOSITE PARTICLE, METHOD FOR MANUFACTURING NEGATIVE ELECTRODE ACTIVE MATERIAL COMPOSITE PARTICLE, AND NONAQUEOUS ELECTROLYTE SECONDARY BATTERY
- METHOD FOR MANUFACTURING STRETCHABLE CIRCUIT BOARD, METAL-CLAD LAMINATED SHEET, METAL FOIL WITH RESIN, STRETCHABLE CIRCUIT BOARD, AND STRETCHABLE CIRCUIT MOUNTED ARTICLE
- ANTENNA DEVICE AND ELECTRONIC EQUIPMENT
This is a reissue application of U.S. application Ser. No. 09/653,416 filed Aug. 31, 2000 and issued as U.S. Pat. No. 7,096,504. Additionally, U.S. application Ser. No. 12/197,033 filed on Aug. 22, 2008 is also a reissue of U.S. application Ser. No. 09/653,416.
BACKGROUND OF THE INVENTION1. Field of the Invention
The present invention relates to a distribution system realized by a service for distributing copyrighted digital material such as Electronic Music Distribution (EMD), a semiconductor memory card, a receiving apparatus, a computer-readable recording medium and a receiving method.
2. Description of the Background Art
A distribution system includes a distribution server, a device for purchasing contents, and a playback apparatus for playing back contents, and gives people living around the world the opportunity to purchase copyrighted material via various global networks. If a personal computer owned by a user is used as the purchasing device, contents are purchased in the following way. The user operates the personal computer, and transmits a purchase request to the distribution server. Upon receiving the purchase request, the distribution server bills the user, and then transmits the copyrighted digital material. The personal computer operated by the user receives the transmitted copyrighted material, and writes it onto the hard disk (HD). If writing is performed correctly, the purchase of the copyrighted material is completed.
The purchasing device performs processing called check-out and check-in. Check-out refers to the process of recording copyrighted material (a first-generation copy) onto a portable recording medium such as a semiconductor memory card or a mini disc. The number of times check-out is performed by the purchasing device can also be limited to a predetermined number, such as three or four. If copyrighted material is recorded onto a portable recording medium using check-out, this copyrighted material can be played back using the playback apparatus. However, once check-out has been performed the predetermined number of times, the copyrighted material can be set in a state in which check-out is not permitted. Check-in, on the other hand, is the process of returning copyrighted material recorded on a portable recording medium to the personal computer. If check-in is performed on a copyrighted material that has been set so that check-out is not permitted, check-out of the copyrighted material becomes possible once more. Check-out and check-in are prerequisites for copyright protection, which prevents reduction in the copyright owner's profits.
The following is a brief explanation of how copyright is protected when check-out and check-in are being performed. A unique identifier, called a Media-ID, is recorded in an area of the recording medium onto which a copy of the copyrighted material is to be recorded, the area being one that cannot be read by a normal user operation. When check-out is performed, contents are encrypted using the media ID unique to the recording medium. Thus, even if an ill-intentioned user copies contents that have been checked out onto one recording medium onto another recording medium, the media ID of the recording medium onto which the contents are copied differs from the media ID that was used to encrypt the contents (the media ID of the original disc). As a result, decryption cannot be properly performed, and copyright is protected.
SUMMARY OF THE INVENTIONThe object of the invention is to provide a distribution system that provides a high level of convenience for the user, while protecting copyright, when a device manages the recording of copyrighted material using check-out, check-in and the like.
Current distribution systems pose various obstacles to user convenience. Such distribution systems include the user's personal computer, as well as devices used as KIOSK terminals in convenience stores, record stores, and stations.
If the device used is a KIOSK terminal, copyrighted material is purchased in the following way. First the KIOSK terminal prompts the user to provide a portable recording medium on which the copyrighted material is to be recorded, such as a semiconductor memory card or a mini disc. Once this portable recording medium has been connected to the KIOSK terminal, and the necessary charge paid, the copyrighted material is downloaded from the distribution server and recorded onto the portable recording medium. Users of KIOSK terminals can thus easily acquire their favorite music while shopping or on the way to work or school.
If copyrighted material is recorded onto a semiconductor memory card by a KIOSK terminal, however, a device other than the KIOSK terminal is not allowed to check-in the copyrighted material recorded onto the semiconductor memory card by the KIOSK terminal. The reason for this is as follows. Were check-in to be performed by another device, the copyrighted material on which check-in had been performed could be checked out three or four more times. If check-in by another device and check-out by the same device were to be repeated, a large number of first generation copies would be made, and copyright protection made ineffective. Thus, check-in by other devices is completely prohibited in order to prevent this kind of proliferation of first generation copies.
As a result, a user who has purchased copyrighted material from a KIOSK terminal will not be able to enjoy the ability to perform check-out and check-in at home using a personal computer. The fact that a user who has paid the required charge is not able to perform check-out and check-in shows a lack of consideration of the user and may reduce their desire to use KIOSK terminals.
In order to overcome the above problems and achieve the above object, the inventors of the present invention suggest that a Usage Rule, showing the right to manage the recording of copies of copyrighted material, be moved. In the Secure Digital Music Initiative (SDMI), this Usage Rule is called Digital Rights Management Information (DRMI). Management of the number of copy generations and number of times copies can be made during check-out and copying is performed based on this Usage Rule. A distribution system that moves the Usage Rule, thereby achieving the above object, includes a distribution server for distributing a content via a network, and first and second receiving apparatuses for receiving the content via the network, and records a copy of the content onto a recording medium in order to supply the content to a playback apparatus. Here, the first receiving apparatus may include a first receiving unit and a recording unit. The first receiving unit receives, via the network, a data set including the content and control information controlling copying of the content onto the recording medium, and holds the received data set. The recording unit generates authorization information showing whether moving the data set to another receiving apparatus is permitted. Then the recording unit records the content onto a distribution medium together with corresponding usage rule information including (1) the authorization information, and (2) the control information included in the data set. Here, the second receiving apparatus may include a second receiving unit, a data set moving unit, and a check-out unit. The second receiving unit receives the data set from the distribution server via the network, and holds the received data set. The data set moving unit reads authorization information from the distribution medium, and only when the read authorization information shows that moving the data set is permitted, (a) moves the data set from the distribution medium to the inside of the second receiving apparatus, and (b) holds the data set. The check-out unit performs check-out when the data set is held by one of the second receiving unit and the data set moving unit. Check-out is performed based on the control information in the held data set by generating a copy of the content included in the held data set and recording the copy onto the recording medium, the copy recorded onto the recording medium being supplied to the playback apparatus.
A single device moves a content and a corresponding Usage Rule to two receiving devices, so that control of recording of a content and corresponding Usage Rule recorded onto a semiconductor memory card by a first receiving apparatus (in the above example the KIOSK terminal) can be performed by a second receiving apparatus (here, a personal computer). Recording of copies of copyrighted materials recorded by the KIOSK terminal can be performed by the personal computer, so a user who has paid the appropriate charge to purchase a copyrighted material from the KIOSK terminal can perform check-out and check-in of the copyrighted material on their own personal computer.
Here, the control information may indicate a number of remaining check-outs. The check-out unit may include a connecting unit for connecting to a recording medium, and recording a copy of the content included in the data set held by the data set moving unit onto the recording medium when a copy of the held content is not already recorded on the connected recording medium, and the number of remaining check-outs shown by the control information held by one of the second receiving unit and the data set moving unit is at least one. Furthermore, the second receiving apparatus may include a check-in unit and an updating unit. When a copy of the content is already recorded on the connected recording medium, the check-in unit deletes the copy of the content recorded on the connected recording medium. The updating unit updates the control information by decrementing the number of remaining check-outs when a copy of the held content is newly recorded on the recording medium, and incrementing the number of remaining check-outs when the copy of the held content is deleted from the recording medium. In this distribution system, check-out performed by the second receiving apparatus can only be performed for the number of times shown by the control information, so that check-out cannot be performed beyond the limit set by the copyright owner. This ensures that the profits of the copyright owner will not be unfairly reduced.
Here, the recording medium may have an assigned unique identifier. The check-out unit may include an allocation unit and a storage unit. The allocation unit allocates a unique identifier to the held content. The unique identifier is recorded onto the recording medium with the content when check-out is performed. The storage unit reads the unique identifier for the recording medium connected to the connecting unit from the recording medium, and stores the read recording medium identifier as a pair with the allocated content identifier. Furthermore, the check-in unit may include a read unit, a comparing unit, and a holding unit. When a copy of the content has already been recorded on a recording medium connected to the connecting unit, the read unit reads the unique identifiers for the connected recording medium and the content. The comparing unit compares the pair of identifiers read by the read unit with the pair of identifiers stored by the storage unit to determine whether the copy recorded on the connected recording medium was previously produced by the second recording apparatus. When the copy was previously produced by the second recording apparatus, the holding unit reads the copy from the connected recording medium, holds the read copy, and then deletes the copy from the recording medium. When the second receiving apparatus in this distribution system performs check-in, it determines whether the copy to be checked-in is one that was previously checked out by itself, by comparing two pairs of identifiers, each including a recording medium identifier and content identifier. The second recording apparatus only performs check-in if the copy has been previously checked out by itself, so there is no danger of the principle that a device should not check-in a copy that has been checked out by another device being ignored.
These and other objects, advantages and features of the invention will become apparent from the following description thereof taken in conjunction with the accompanying drawings which illustrate a specific embodiment of the invention. In the drawings:
The following embodiment describes a distribution system operated in accordance with the SDMI, SD-Audio Ver1.0 standard, and SD-Audio Ver1.1 standard. Note that devices compliant with the SDMI, the SD-Audio Ver1.0 standard, and the SD-Audio Ver1.1 standard are known as compatible devices, and devices not compliant with any one of these standards as incompatible devices. The SD-Audio Ver1.0 standard enables copyrighted material to be recorded onto a recording medium so that special playback and editing of songs can be performed. In contrast, the SD-Audio Ver1.1 standard enables copyrighted material to be moved and previewed.
Next, a distribution medium that can store copyrighted materials securely is explained. In the embodiments, an example of such a distribution medium is a semiconductor memory card (hereafter referred to as a Secure Digital (SD) memory card). An SD memory card 100 shown in
The system area 1 is a read-only area storing a media key block (MKB) and a media ID. The MKB and media ID stored in this area cannot be overwritten. Suppose that the SD memory card 100 is connected to a device, and the MKB and media ID is read by that device. If the connected device correctly performs a specified calculation using a device key Kd held internally, it can obtain a correct encryption key Kmu.
The hidden area 2 stores the encryption key Kmu having the correct value, in other words the encryption key Kmu that should be obtained if the connected device performs correct calculation using the correct device key Kd.
The protected area 3 stores an encryption key and a Usage Rule.
The AKE (authentication and key exchange) processing units 4 and 5 perform mutual authentication between a connected device and the SD memory card 100 using the challenge-response method, verify the authenticity of the opposing device, and if the opposing device is invalid, stop processing. If the opposing device is valid, however, an encryption key (session key Ks) is shared by the device and the SD memory card 100. Authentication performed by the device connected to the SD memory card 100 has three phases. First, in a first challenge phase, the device generates a random number, encrypts the random number using the encryption key Kmu, and transmits the encrypted random number to the SD memory card 100 as a challenge value A. Then, in a first response phase, the SD memory card 100 uses the encryption key Kmu stored internally to decrypt the challenge value A, and transmits the decrypted value to the connected device as a response value B. Following this, in a first verify phase, the connected device decrypts the challenge value A held internally using its encryption key Kmu, and compares the decrypted value with the response value B transmitted from the SD memory card 100.
Authentication performed by the SD memory card 100 also has three phases. First, in a second challenge phase, the SD memory card 100 generates a random number, encrypts the random number using the encryption key Kmu, and transmits the encrypted random number to the connected device as a challenge value C. Then, in a second response phase, the connected device uses the encryption key Kmu stored internally to decrypt the challenge value C, and transmits the decrypted value to the SD memory card 100 as a response value D. Following this, in a second verify phase, the SD memory card 100 decrypts the challenge value C held internally using its encryption key Kmu, and compares the decrypted value with the response value D transmitted from the connected device.
If the connected device uses an improper encryption key Kmu to perform mutual authentication, challenge value A and response value B in the first verify phase and challenge value C and response value D in the second verify phase will be judged to be non-matching values, and mutual authentication will be stopped. If the authenticity of the opposing devices is verified, however, the AKE processing units 4 and 5 calculate an exclusive OR of challenge value A and challenge value C and obtain the session key Ks by decrypting the exclusive OR using the encryption key Kmu.
The Ks decrypting unit 6 uses the session key Ks to decrypt an encryption key and Usage Rule which has already been encrypted by session key Ks and output from the connected device. The encryption key and Usage Rule obtained by this decryption are written into the protected area 3.
The Ks encrypting unit 7 receives a command from another device connected to the SD memory card 100 instructing it to read the encryption key and the Usage Rule, encrypts the encryption key and the Usage Rule stored in the protected area 3 using the session key Ks, and then outputs the encrypted encryption key and the Usage Rule to the device that issued the command.
The user data area 8 can be accessed by a connected device regardless of whether the authenticity of that device has been verified, and stores encrypted data and plain text data. If the encryption key read from the protected area 3 has a correct value, the encrypted data stored in the user data area 8 can be correctly decrypted. Reading of data from the protected area 3 is performed together with decryption performed by the Ks decrypting unit 6 and encryption performed by the Ks encrypting unit 7. Therefore, the protected area 3 can usually only be accessed by a connected device when that device has successfully performed AKE processing.
The following is an explanation of data obtained by a device connected to the SD memory card 100, the SD memory card 100 having a data set that constitutes a copyrighted material.
In a second example shown in
In a third example shown in
In a fourth example shown in
This completes the explanation of the structure of the SD memory card 100. Next, a device used in EMD is explained. Such devices may be divided into four types: distribution servers, digital terminals (first receiving apparatuses), customer devices (second receiving apparatuses) and SD-Audio players (playback apparatuses) 122 to 124. These types of device are explained in turn. A representative distribution server and digital terminals for this embodiment are shown in
A distribution server 103 in
Digital terminals 104 to 110 in
The digital terminals shown in the drawings access the distribution server 103 to present a plurality of copyrighted materials stored on a recording medium in the distribution server 103 to a user, and receive a purchase request for one of the copyrighted materials from the user. Once a purchase request for one of the copyrighted materials has been made by the user, a signal requesting transmission of the data set forming this copyrighted material is transmitted to the distribution server 103. The digital terminal receives the transmitted data set forming the copyrighted material from the distribution server 103, and saves it, before recording it on the SD memory card 100.
Customer devices 111 to 121 have an internalized recording medium known as local storage, and manage a home music library formed from copyrighted materials obtained via a network route and an SD memory route (a route that obtains copyrighted materials via the SD memory card 100), as well as performing playback and check-out of copyrighted materials recorded on the SD memory card 100 or local storage.
First, the method by which customer devices obtain copyrighted materials using the network route is explained.
A home music library can be constructed in local storage by repeatedly obtaining copyrighted materials via the network, and check-out and check-in of each copyrighted material can be managed based on the corresponding Usage Rule.
Here, performing check-out enables a data set forming a copyrighted material to be recorded on the SD memory card 100, thereby enabling a compatible device to play back the copyrighted material when connected to the SD memory card 100, but not to copy it to another recording medium. The reason for this is that the compatible device does not have a Usage Rule, and so cannot read the encryption key from the SD memory card 100 and record it onto its own internalized recording medium or another recording medium. If an incompatible device attempts to read and record a data set from the SD memory card 100, such a device cannot access the protected area 3 (see FIG. 4A), and so is unable to obtain the encryption key and the Usage Rule. Therefore, in actual fact, the copyrighted material recorded on the SD memory card 100 cannot be recorded onto another recording medium without the Usage Rule. This means that a first generation copy from the customer device onto the SD memory card 100 is permitted, but a second generation copy from the SD memory card 100 onto another recording medium is not permitted. By preventing second generation copies, unlimited copying is prohibited.
Next, the method by which customer devices obtain copyrighted material via the SD memory card route is explained.
When the permitted number of moves in the Move Control Information has been set at 1 by the distribution server 103 in
When the permitted number of moves in the Move Control Information has been set at 2 by the distribution server 103, the Usage Rule is moved between recording media with the permitted number of moves in the Move Control Information being reduced in the following way.
When a customer device obtains, via a network, a Usage Rule with a permitted number of moves set at 2 by the distribution server 103, the Usage Rule is moved between recording media (SD memory card 100, local storage) with the permitted number of moves in the Move Control Information being reduced in the following way.
When a Usage Rule is obtained via a network with the number of permitted moves set at 3, the Usage Rule can be moved from the customer device to other local storage. Copyrighted material can be moved via the SD memory card 100, but note that moving copyrighted material directly from one local storage location to another is not permitted.
SD-Audio players 122 to 124 perform check-out to play back, using an encryption key, encrypted data recorded on a portable recording medium. SD-Audio player 122 is a set of headphones, SD-Audio player 123 is a portable device, and SD-Audio player 124 is a wristband device. Users can use such devices to play back the encrypted data on the way to work or school. In one example in
This completes the explanation of the devices used in EMD. Next, the data set forming the copyrighted material will be explained in detail. First, the format in which copyrighted materials are transferred from the distribution server 103 to a digital terminal, in other words the data structure of the copyrighted material at distribution, is explained. Copyrighted materials in units such as songs are distributed in units called packages, and collections of copyrighted materials such as music albums in units called titles. The data structure of packages and titles is explained with reference to the example shown in FIG. 10. In the drawing, a title is formed from one or more packages #1 to #N. Each package is a distributable file, and includes a header, a Navigation Structure, a plurality of Content Elements (CEL#1, #2, #3 and so on) and a Default Offer.
The Navigation Structure is data showing the playback control procedure, indicating how each Content Element is to be played back. In the example in
Content Elements (CELs) are information elements which form the copyrighted material, allocated in terms of media type. In this case the copyrighted material is a song, and includes audio, a promotion picture that is to be displayed when the song is played back and the like. A package stores such data as different CELs according to media type. The third level in
The ‘Default Offer’ is information showing commercial requirements to be applied when the copyrighted material is sold, and includes a retail price and an encryption key for decrypting encrypted data included in the copyrighted material.
The internal structure of the DRM is shown within the broken lines Df2. The DRM includes ‘Move Control Information’ (MVCNTI), ‘Check-Out Control Information’ (COCNTI), ‘Permitted Playback Count’ (PB COUNT), and contents distributer IDs ‘PPDRM FR ID1’ to ‘PPDRM FR ID4’. Move Control Information indicates whether a move from the SD memory card 100 to local storage is permitted when the copyrighted material is already recorded on the SD memory card 100. The Check-Out Control Information indicates the number of times check-out by the customer device is permitted when the copyrighted material is moved to local storage.
The Permitted Playback Count indicates the conditions under which playback of the copyrighted material is permitted.
The detailed setting of the Move Control Information is shown between broken lines py1. A setting of 00h indicates that a move from the SD memory card 100 to local storage is not permitted, while a setting of 01h indicates that one move from the SD memory card 100 to local storage is permitted. The digital terminal that received the package decrements the number of permitted moves shown by the Move Control Information by 1, and then records the decremented information on the SD memory card 100 by the digital terminal.
The detailed setting of the Check-Out Control Information is shown between the broken lines py2. A setting of 001 indicates that check-out of the copyrighted material is permitted only once (to only one recording medium), a setting of 002 indicates that check-out of the copyrighted material is permitted twice (to two recording media), and settings of 3 and 4 indicate that check-out is permitted to three and four recording media respectively.
The detailed setting of PB_COUNT is shown between the broken lines py3. PB_COUNT includes a Playback Time indicating the number of seconds counted during one playback of the copyrighted material, and a Playback Counter indicating the number of times that playback of the copyrighted material is permitted.
Next, the data structure into which the data set forming the copyrighted material is converted when the copyrighted material is recorded onto the SD memory card 100 is explained. When the copyrighted material is recorded onto the SD memory card 100, units such as songs are converted to a track format. A track includes an audio object (AOB) formed from encrypted audio data, a picture object (POB) formed from encrypted picture data, and Track Information (TKI) for controlling track playback. All data forming the copyrighted material is managed in track units, regardless of type.
Collections of copyrighted materials such as music albums are converted into a format known as a track sequence when recorded onto the SD memory card 100. A track sequence includes a plurality of tracks and a Playlist defining the order in which the tracks are to be played. A data structure for managing the copyrighted material on the SD memory card 100 as tracks and a track sequence is shown in FIG. 12.
The user data area 8 in
The following explanation describes each of the files in the SD_AUDIO directory in turn. As shown in
‘AOB***.SA1’ are files storing the AAC stream data from the plurality of cells included in a package as AOBs. The extension ‘SA’ is an abbreviation of Secure Audio, and indicates that the contents of a file require copyright protection.
The following is an explanation of the internal structure of an AOB file.
The ‘AOB_FRAME’ in the fifth level of
The ‘AOB_ELEMENT’ in the fourth level is a piece of variable-length data with a playback time of approximately 2 seconds, whose length is shown in the time search table.
The ‘AOB_BLOCK’ in the third level is the valid data of the AOB excluding any invalid areas which may exist at the start and end of the AOB, and is specified by BIT in the TKI.
The AOB in the second level is a piece of data with a playback-time of no more than 8.4 mins. The reason for limiting the playback time of an AOB to 8.4 mins is that the time search table is restricted to a size of no more than 504 bytes, due to the fact that the number of AOB_ELEMENTs included in an AOB is limited. The following describes in detail why limiting the playback period restricts the size of the time search table.
When a playback apparatus performs a forward or backward search, the playback apparatus skips the reading of two seconds of audio data and then plays back 240 milliseconds. When skipping two seconds of data, the read addresses of data at two second intervals can be written into the time search table, and referred to by the playback apparatus when a forward or backward search is requested. The data size of audio data with a playback time of two seconds depends on the bitrate used when playing back the audio data. As stated above, a bitrate in the range of 16 kbps to 144 kbps is used, so that the amount of data played back in two seconds will be between 4 KB (=16 kbps×2/8) and 36 KB (=144 kbps×2/8).
Since the amount of data played back in two seconds will be between 4 KB and 36 KB, the data length of each entry in the time search table for recording the data length of audio data needs to be two bytes (=16 bits). This is because a 16 bit value is capable of expressing a number of between 0 KB and 64 KB. On the other hand, if the total data size of the time search table needs to be restricted to 504 bytes (this being the size of the TKTMSRT described later), for example, the maximum number of entries in the time search table can be calculated as 504/2=252. Since an entry is provided every two seconds, the playback time corresponding to this maximum of 252 entries is 504 seconds (=2s×252), or, in other words, 8 minutes and 24 seconds (=8.4 minutes). As a result, setting the maximum playback period for an AOB_BLOCK at 8.4 minutes limits the data size of the time search table to 504 bytes.
The fifth level shows a title made up of five packages. The five packages are the five songs Song A, Song B, Song C, Song D, and Song E. The broken lines AS1 to AS8 show the correspondence between the AOB_BLOCKs and the parts into which the album is divided, so that the fourth level in
AOB#4 has a playback time of 8.4 minutes and is the first (or ‘head’) part of the Song D that has a playback time of 30.6 minutes. The AOB_BLOCKs included in AOB#5 and AOB#6 are middle parts of the Song D and also have playback periods of 8.4 minutes. The AOB_BLOCK included in AOB#7 is the end part of the Song D and has a playback period of 5.4 minutes. In this way, a song that has a total playback period of 30.6 minutes is divided into (8.4+8.4+8.4+5.4-minute) parts that are each included in a different AOB. As can be seen from
‘POB***.JPG’ and ‘POB***.SP1’ are files storing still picture data. The difference between the two types of file lies in the area of copyright protection. While a file POB***.JPG simply stores still picture data in JPEG (Joint Photographics Experts Group) format, a file POB***.SP1 stores data that is encrypted to protect the copyright of the still picture (the extension SP1 stands for Secure Picture, indicating that copyright protection is required).
The file ‘SD_AUDIO.TKM’ contains data that has inherited the content of the package header, Navigation Structure, and time search table, and includes a Track Manager.
Referring to
The detailed structure of a TKGI is shown in FIG. 16B. As shown in the drawing, a TKGI includes ‘TKI_ID’, ‘TKIN’, ‘TKI_BLK_ATR’, ‘TKI_LNK_PTR’, ‘TKI_SZ’, ‘TKI_PB_TM’, ‘TKI_AOB_ATR’, ‘TKI_POB_ATR’, ‘TKI_TI1_ATR’, ‘TKI_TI2_ATR’, ‘TKI_TMSRT_SA’, ‘ISRC’, ‘TKI_APP_ATR’, ‘BIT’, and ‘TKI_POB_ESRP’.
An ID from which the TKI can be instantly distinguished is written in ‘TKI_ID’ (in the embodiments the ID is a 2-byte code ‘A4’).
TKI numbers in a range between 1 and 999 are written in ‘TKIN’.
An attribute for the TKI is written in ‘TKI_BLK_ATR’.
The following describes the settings of the TKI_BLK_ATR for each TKI in the example shown in FIG. 17. By referring to the TKI_BLK_ATR of each TKI, it can be seen that since the four pairs TKI#1/AOB001.SA1, TKI#2/AOB002.SA1, TKI#3/AOB003.SA1, and TKI#8/AOB008.SA1 each correspond to separate tracks, the TKI_BLK_ATR of each of TKI#1, TKI#2, TKI#3, and TKI#8 is set as ‘Track’. The TLK_BLK_ATR of TKI#4 is set at ‘Head_of_Track’, the TLK_BLK_ATR of TKI#7 is set at ‘End_of_Track’, and the TLK_BLK_ATR of TKI#5 and TKI#6 is set at ‘Midpoint_of_Track’. This means that the AOB file ‘AOB004.SA1’ corresponding to TKI#4 is the start of a track, the AOB files ‘AOB005.SA1’ and ‘AOB006.SA1’ corresponding to TKI#5 and TKI#6 are midpoints of the track, and the AOB file ‘AOB007.SA1’ corresponding to TKI#7 is the end of a track.
TKI_BLK_ATR can be set so that combine editing, in which any two of a plurality of tracks are combined to form a single track, and divide editing, in which one track is divided into a plurality of new tracks, can be easily performed. The following explains the change in TKI when two tracks are combined.
In this case, the AOBs that correspond to Track C and Track E are recorded in the AOB files AOB003.SA1 and AOB008.SA1 which correspond to TKI#3 and TKI#8, so that the TKI_BLK_ATRs of TKI#3 and TKI#8 are rewritten.
The following is an explanation of the change in TKI when a track is divided.
‘TKI_LNK_PRT’ contains TKIN for a link target TKI. As shown by arrows TL4, TL5, and TL6 in
‘TKI_SZ’ contains the data size of the TKI is written in byte units.
‘TKI_PB_TM’ contains the playback time of the track formed from an AOB in an AOB file corresponding to the TKI.
‘TKI_AOB_ATR’ contains encoding requirements that must be followed when an AOB is generated. These include the frequency at which the AOB recorded in the AOB corresponding to the TKI should be sampled, the bitrate at which it should be transferred, and the number of channels.
‘TKI_POB_ATR’ contains fields in which the POB mode (sequential mode, random mode, shuffle mode), POB display, and a mode showing whether the POB is to be synchronized with the AOB file corresponding to the TKI (slide show mode, browsable mode) are set.
‘TKI TI1 ATR’ and ‘TKI TI2 ATR’ show the types of text information to be displayed together with the copyrighted material, for example IS0646, JISX0201, IS08859, Music Shift JIS (Japan Industrial Standard) characters and the like.
‘TKI_TMSRT_SA’ contains the start address of TMSRT.
‘ISRC’ contains the ISRC (International Standard Recording Code) of the TKI.
‘TKI_APP_ATR’ contains the genre of the application stored on the SD memory card 100. This may be, for example, a music type, karaoke software, or presentation data.
The block information table (‘BIT’) manages AOB_BLOCKs. The right side of
The relative address of the start of an AOB_BLOCK from the boundary between clusters is written in the ‘DATA_Offset’ as a value given in byte units. This expresses the size of an invalid area between an AOB and the AOB_BLOCK. As one example, when a user records a radio broadcast on the SD memory card 100 as AOBs and wishes to delete an intro part of a track over which a DJ has spoken, the DATA_Offset in the BIT can be set to have the track played back without the part including the DJ's voice.
‘SZ_DATA’ contains the data length of an AOB_BLOCK expressed in byte units. By subtracting a value produced by adding the SZ_DATA to the DATA_Offset from the file size (an integer multiple of the cluster size), the size of the invalid area that follows the AOB_BLOCK can be found. In other words, when a section which does not need to be played back exists in the latter part of the AOB, the SZ_DATA can be adjusted to prevent this invalid section from being played back. Thus, sections at the start and end of the AOB can be deleted by operating DATA_Offset and SZ_DATA.
‘Fns—1st_TMSRTE’ contains the number of AOB_FRAMEs included in the AOB_ELEMENT positioned at the start of a present AOB_BLOCK.
‘Fns_Last_TMSRTE’ contains the number of AOB_FRAMEs included in the AOB_ELEMENT positioned at the end of the present AOB_BLOCK.
‘Fns_Middle_TMSRTE’ contains the number of AOB_FRAMEs included in each AOB_ELEMENT apart from those at the start and the end of the present AOB_BLOCK, which is to say AOB_ELEMENTs in the middle of the AOB_BLOCK.
The ‘TIME_LENGTH’ field contains the playback period of an AOB_ELEMENT is written correct to the nearest millisecond. The ‘TIME_LENGTH’ field is 16 bits long. When the encoding method used is MPEG-ACC or MPEG-Layer3, the playback period of an AOB_ELEMENT is two seconds, so that the value ‘2000’ is written in the ‘TIME_LENGTH’ field.
The field ‘TKI_POB_SRP’ indicates the POB to be displayed during the playback period of a specific AOB, a playback period being one of the time periods during which playback is performed according to a playback order specified in the Playlist information. In other words, the Track Manager can indicate the POB to be displayed for each tracks by setting the TKI_POB_SRP.
This completes the explanation of the TKGI. Next, the remaining files shown in
The file ‘SD_AUDIO.PLM’ contains information defining the playback order of a plurality of tracks, and includes Default_Playlist_Track_Search_Pointers (‘DPL_TK_SRP’) #1 to #m.
The file ‘POB000.POM’ contains control information for each POB, such as whether a POB is indicated by TKGI, and if it is indicated, the number of indications.
This completes the explanation of files included in the SD_AUDIO directory. Next, files included in the SD_ADEXT directory are explained. The directory name ‘SD_ADEXT’ stands for SD-AUDIO EXTENSION, indicating that the directory is an extension that has been added for data compliant with the SD-Audio Ver1.1 standard.
The file ‘STKI***.SDT’ contains Secure Track Information with an internal structure as shown in FIG. 24. From the drawing, it can be seen that the STKI includes 256 bytes of Secure Track General Information (S_TKGI), and a 256-byte Secure Track Text Information Data Area (S_TKTXTI_DA). Comparison of the STKI***.SDT file with TKI reveals that the TKTMSRT present in the TKI is not present in the STKI. In addition, comparison of the TKGI in the TKI and the STKI reveals that the TKI_TMSRT_SA, and BIT present in the TKI, have been replaced by Free ID areas 1 to 4 (S_TKI_FR_ID 1 to 4). S_TKI_FR_ID 1 to 4 are fields in which ID information such as IDs for individual KIOSK terminals, distribution formats and individual users are written.
The following explains the differences between the TKI and STKI. Unlike the TKI, the STKI is moved together with the AOB from the SD memory card 100 to local storage when the Usage Rule for the copyrighted material is moved from the SD memory card 100 to local storage. The STKI contains S_TKI_FR_ID 1 to 4, and since these record IDs for individual KIOSK terminals, distribution formats, and individual users, the STKI is used as a kind of proof of purchase for distributed contents.
S_TKI files and AOB files have a one-to-one correspondence, files with the same three numbers in the file name being corresponding files.
This completes the explanation of files contained in the user data area 8. Next, the files contained in the protected area 3 are explained. The protected area 3 in
The file ‘AOBSA1.KEY’ is an encryption key storage file recording encryption keys (Title Keys) for decrypting AOBs. These encryption keys each correspond to one of the plurality of CEL Keys included in the Default Offer area of a package. The file ‘POBSP1.KEY’ is an encryption key storage file recording encryption keys (Title Keys) for decrypting POBs. These encryption keys each correspond to one of the plurality of CEL Keys included in the Default Offer area of a package.
The file ‘AOBSA1.URM’ is a usage rule storage file recording Usage Rules corresponding to each AOB.
The file ‘POBSP1.URM’ is a usage rule storage file recording Usage Rules corresponding to each POB on a one to one basis. The corresponding data is POBs rather than AOBs, but the data structure is the same as that of the file AOBSA1.URM.
The encrypted AOB files, the encryption key storage file, and the Usage Rule storage file correspond according to the predetermined rules (1), (2), and (3) described below.
(1) The encryption key storage file and the Usage Rule storage file are arranged into a directory with the same directory name as the directory in which the encrypted file is stored. In
(2) The encryption key storage file and usage rule storage file are given a filename produced by combining the first three letters of the filename of the AOB files in the data region with one of the predetermined ‘.KEY’ or ‘.URM’ extensions.
(3) The filenames of AOB files are assigned the serial numbers ‘001’, ‘002’, ‘003’, ‘004’, and so on, showing the position of the Title Key and the Usage Rule corresponding to each audio object in the sequence of encryption keys given in the encryption key storage file, and the sequence of Usage Rules given in the usage rule storage file. As a result, the Title Key and the Usage Rule that were used to encrypt each AOB file will be present in the ‘Title Key Entry’ and the ‘Usage Rule Entry’ with the same serial number. In
The following is an explanation of the internal structure of Title Key Entries, with reference to FIG. 29. In the drawing, a Title Key Entry includes a 7-byte encryption key ‘EKEY’, an ‘Availability Flag’, and a ‘Content ID’.
The ‘Availability Flag’ is set at 1 when a copyrighted material exists on the SD memory card 100, and the corresponding Title Key Entry contains a valid encryption key, and at 0 when the copyrighted material is moved from the SD memory card 100 to local storage.
The ‘Content ID’ is information assigned uniquely to each content. The Availability Flag is used in combination with the Content ID in the following way. The Content ID for an empty Title Key Entry is 0, and the Content ID for a Title Key Entry that is not empty, that is one that has a corresponding AOB file, is set at between 1 and 999. When a track and TKIs (AOBs) exist in a one to many correspondence, the Content IDs in the Title Key Entries corresponding to the AOBs all have the same value. Meanwhile, when the track and TKI have a one to one correspondence the Availability Flag is set at 1, and when the track and TKI have a one to many correspondence, the Availability Flag for one of the plurality of Title Key Entries is set at 1, and that for the remaining Title Key Entries at 0. If the Content ID is not 0, and the Availability Flag set at 0, a plurality of TKIs (AOBs) having the same Content ID exist, so all Title Key Entries having the same Content ID are detected. This means that it is possible to perform a search specifying a plurality of TKIs (AOBs) corresponding to one Content ID.
Next, Usage Rules are explained. The right half of
The lower 64 bits of a calculation result obtained by applying a Secure Hash Algorithm (SHA-1) to a concatenated (linked) Enc-STKI, Enc-STI_KEY, Enc_AOB (‘Enc’ indicates that the data has been encrypted) is written in ‘C_HASH field’. A hash function is a one-way function, characterized by the fact that changing even one part of the input value causes the output value to differ markedly. Furthermore, it is extremely difficult to deduce the output value (hash value) from the input value. The value written in the C_HASH field is used when the customer device accesses the SD memory card 100, to verify whether the Enc-STKI, the Enc-STI_KEY, and the Enc_AOB have been replaced by other data.
In other words, when the SD memory card 100 is connected to the customer device, the customer device concatenates the Enc-STKI, Enc-STI_KEY, Enc_AOB together, and applies the SHA-1 algorithm to obtain a 64-bit C_HASH-Ref value, as below. The C_HASH-Ref value and the C_HASH written in the C_HASH field of the Usage Rule are compared. If the Enc-STKI, the Enc-STI_KEY, and the Enc_AOB are the same as when recorded on the SD memory card 100, the C_HASH-Ref value will be the same as the value written in the Usage Rule, but if the Enc-STKI, the Enc-STI_KEY, and Enc_AOB have been tampered with, or replaced by other data, the C_HASH-Ref value calculated will differ markedly from the C_HASH in the Usage Rule. The C_HASH field is included in the Usage Rule with the object of having the customer device perform such a check.
The ‘Check-Out Control Information’ shows the number of recording media on which the paired AOB and Title Key corresponding to a Usage Rule may be recorded, when the SD memory card 100 is connected to a customer device and the Usage Rule moved from the SD memory card 100 to local storage.
The ‘Move Control Information’ shows whether the movement of the right to control recording from the SD memory card 100 to local storage is permitted. If 1 is set, only one move is permitted, while if 0 is set, the movement of rights is not permitted. The number of permitted moves shown in the Move Control Information is decremented by 1 by the customer device connected to the SD memory card 100 having the Usage Rule. Following this, the decremented number is stored in local storage by the customer device.
If the ‘Trigger Bit’ is set at 0, movement of rights can be judged by referring to the Move Control Information alone, while if it is set at 1, movement of rights is judged by referring to other information together with the Move Control Information. The Trigger Bit is provided in order to prepare for future feature expansions of the Usage Rule. In other words, judgement of whether a copyrighted material can be moved may need to be performed in future by referring to other conditions in combination with the Move Control Information. If such a requirement exists, the Trigger Bit is set at 1, and the copyrighted material can be moved provided that the conditions are satisfied and that the Move Control Information is set at 1.
This completes the explanation of the application layer of the data. The following explanation focuses on how each of the files described above is moved when a copyrighted material is moved from the SD memory card 100 to local storage.
Next, the internal structure of the SD-Audio players 122 to 124 is explained with reference to FIG. 34B. In
Furthermore, user operations may be received by a digital terminal or customer device by using, instead of a touch panel, a keyboard, a trackball, a trackpad, or any combination of these. Contents may be viewed on the released contents browser 21 and the home music library browser 35 via, for example, a CRT (cathode ray tube), a plasma display, or an LCD (liquid crystal display).
The following is an explanation of the secure processing unit 26 inside the digital terminal. As shown in
The MKB processing unit 41 reads an MKB stored in the system area 1 of the SD memory card 100, and a device key Kd attached by the manufacturer of the digital terminal, and obtains a 56-bit encryption key Km by performing a specific calculation using the MKB and the device key Kd, then outputs the encryption key Km to the ID processing unit 42.
Upon receiving the encryption key Km from the MKB processing unit 41, the ID processing unit 42 reads a Media-ID from the system area 1 of the SD memory card 100, and performs a specific calculation to obtain a 64-bit calculation result, the lower 56-bits of which are output to the AKE processing unit 43 and the Kmu encrypting unit 44 as the encryption key Kmu.
The AKE processing unit 43 performs AKE processing using the encryption key Kmu calculated by the ID processing unit 42, and the encryption key Kmu on the SD memory card 100. The AKE processing unit then outputs the 56-bit session key Ks resulting from this calculation to the Ks encrypting unit 46.
The Kmu encrypting unit 44 randomly selects an STI_KEY (in the drawing KSTI is indicated), encrypts this STI_KEY using the encryption key Kmu output from the ID processing unit 42, and outputs it to the Ks encrypting unit 46. The Kmu encrypting unit 44 also concatenates the Enc-STKI, the Enc-STKI_KEY, and the Enc_AOB and calculates a C_HASH value by applying the algorithm SHA-1. Upon obtaining the encrypted STI_KEY and C_HASH value, the Kmu encrypting unit 44 writes the C_HASH value in a Usage Rule, encrypts this Usage Rule using the encryption key Kmu and outputs it to the Ks encrypting unit 46.
The STI encrypting unit 45 encrypts an STKI using the STI_KEY, outputs the encrypted STKI to the SD memory card 100 and writes it in the user data area 8.
The Ks encrypting unit 46 encrypts a paired STKI and Usage Rule using the 56-bit session key Ks output from the AKE processing unit 43, outputs the encrypted pair and writes it in the protected data area 3.
This completes the explanation of the structure of the secure processing unit 26 in the digital terminal. The following explanation deals with the structure of the secure processing unit 38 in the customer device. The internal structure of the secure processing unit 38, as shown in
Once the customer device is connected to the SD memory card 100, the MKB processing unit 51 reads an MKB from the system area 1, and performs a specific calculation on the read MKB using a device key Kd, thereby obtaining a 56-byte encryption key Km.
The ID processing unit 52 reads a Media-ID from the system area 1 of the connected SD memory card 100, performs a specific calculation using the encryption key Km calculated by the MKB processing unit 51 and the read Media-ID, obtaining a 64-bit calculation result, the lower 56 bits of which it outputs to the AKE processing unit 53 and the Kmu decrypting unit 55 as an encryption key Kmu.
The AKE processing unit 53 performs AKE processing with the AKE processing unit 43 of the SD memory card 100, using the encryption key Kmu output from the Ks decrypting unit 54, and outputs the 56-bit calculation result to the Ks decrypting unit 54 as a session key Ks.
The Ks decrypting unit 54 reads an encrypted pair of Enc_STKI and Enc-Usage Rule stored in the protected area 3 of the SD memory card 100, and decrypts the encrypted pair using the 56-bit session key Ks output from the AKE processing unit 53. Then the Ks decrypting unit 54 outputs the decryption result to the Kmu decrypting unit 55.
The Kmu decrypting unit 55 performs decrypting using the 56-bit encryption key Kmu calculated by the ID processing unit 52, thereby obtaining an STKI and Usage Rule pair.
The STI decrypting unit 56 reads the Enc-STI_KEY from the user data area and decrypts the read Enc-STKI using the STI_KEY, thereby obtaining an STKI.
The encryption and decryption performed by the secure processing units 26 and 38 is performed in Converted Cipher Block Chaining Mode (C_CBC mode). Suppose that the encrypted data is 512 bytes. In C_CBC mode, each 8-byte section of this data is treated as one block, and the first 8-byte block is decrypted using a 7-byte encryption key Mk. The 8-byte calculation result is held as a section key, and used to decrypt the next 8-byte block, and so on. The 512 bytes of data is decrypted in 8-byte units in this way.
Furthermore, the processing sequence in which the session key Ks is shared via the AKE processing, encrypted data read from the SD memory card 100, encrypted data decrypted using the session key Ks, and then further decrypted using the encryption key Kmu is referred to as a secure read. This processing sequence is performed when a specified read command (the secure read command) is issued to the SD memory card 100 by a connected device.
In addition, the processing sequence in which data is encrypted using the encryption key Kmu, and then encrypted again using the session key Ks obtained via the AKE processing, and the encrypted data transmitted is referred to as a secure write. This processing sequence is performed when a specified write command (the secure write command) is issued to the SD memory card 100 by a connected device. This completes the explanation of the secure processing units 26 and 38.
The following is an explanation of the sales service control unit 27 and the library control unit 37, which are control units performing combined processing control for the digital terminal and the customer device respectively.
The sales service control unit 27 includes ROM (read-only memory) storing an executable program written so as to perform combined control of the digital terminal, RAM (random access memory), and a CPU (central processing unit). The flowcharts of
If a purchase request is made by the user, step S2 is Yes, and processing moves to step S7, where the sales service control unit 27 waits for cash payment to be made to the billing-unit 25. If money is inserted into the coin vender, the sales service control unit 27, at step S8, has a transmission request for a package corresponding to a selected copyrighted material transmitted by the communication unit 23. Next, at step S9, the sales service control unit 27 waits for the package to be received, and at step S10, determines whether the package has been properly received. If the package has not been properly received, processing moves to step S8, and the sales service control unit 27 has the communication unit 23 issue another transmission request. If the communication unit 23 receives the package properly, the sales service control unit 27, at step S11, converts the package to data compliant with the SD-Audio Ver1.1 standard and records it on the SD memory card 100. At step S12, the sales service control unit 27 determines whether data has been properly recorded on the SD memory card 100, and if not, gives a cash refund, at step S14. If data has been properly recorded, the sales service control unit 27, at step S13, has the billing unit 25 finalize payment. Then processing moves to step S1, the sales service control unit 27 has an initial screen displayed by the released contents browser 21, and moves to the loop processing of steps S2 and S3.
The following is a detailed explanation of how data is converted into data compliant with the SD-Audio Ver1.1 standard at step S11, with reference to the flowchart in FIG. 38. When recording a copyrighted material onto the SD memory card 100, the sales service control unit 27 accesses the SD_AUDIO directory in the user data area 8 of the SD memory card 100, reads the AOB***.SA1 files, and performs a search to determine whether an unused file number exists. If 999 AOB***.SA1 files already exist, the sales service control unit 27 displays a message indicating that no more contents can be recorded, and processing ends. If the number of AOB***.SA1 files is less than 999, the sales service control unit 27, at step S21, divides AAC stream data included in the CELs of the package into a plurality of AOB files, and records the AOB files in the SD_AUDIO directory. Next, at step S22, the sales service control unit 27 opens the Track Manager stored in the user data area 8 of the SD memory card 100 and generates TKI corresponding to each AOB inside the Track Manager. At step S23, the sales service control unit 27 sets data based on the header and Navigation Structure included in the package in the plurality of TKIs inside the Track Manager. Next, at step S24, it converts still picture data into POB files and a POM file, and records these converted files onto the SD memory card 100. At step S25, the sales service control unit 27 divides-up a time search table, and sets it as the TKTMSRT of corresponding TKIs, and at step S26, it sets DPL_TK_SRPs in the Playlist based on the Navigation Structure. This completes the setting of the data set to be arranged in the SD_AUDIO directory in the user data area 8 of the SD memory card 100.
Next, the sales service control unit 27 moves to step S90, and determines whether the number of permitted moves shown in the Move Control Information of the DRM is 0. If the number is 0, the processing of steps S27 to S33 and S91 is skipped, and the processing moves to step S35. If the number is 1 or more, processing moves to step S27. Next, at step S27, the sales service control unit 27 generates a plurality of STKIs based on the plurality of TKIs generated in the Track Manager. At step S28, the sales service control unit 27 generates a plurality of STI_KEYs and uses the generated keys to encrypt each STKI, storing the encrypted STKIs in the SD_ADEXT directory. At step S29, the sales service control unit 27 performs a secure read of the Usage Rule Manager from the SD memory card 100, and at step S30, generates a Usage Rule corresponding to each AOB in the Usage Rule Manager. At step S91, the sales service control unit 27 decrements the number of permitted moves, and at step S31, sets the decremented number of permitted moves, with the Check-Out Control Information, in each Usage Rule. At step S32, the sales service control unit 27 sets the STI KEYs used to encrypt the STKIs in step S32 in the STI_KEY field of the Usage Rules. At step S33, it performs a secure write of the Usage Rule Manager onto the SD memory card 100. The STKIs and the Usage Rule Manager are recorded by the above processing, so that data compliant with the SD-Audio Ver1.1 standard is set on the SD memory card 100.
Next, at step S35, the sales service control unit 27 performs a secure read of the Title Key Manager from the SD memory card 100, and at step S36, writes CEL Keys included in the CEL Keychain of the Default Offer in the Title Key Entry corresponding to each AOB in AOBSA1.KEY. At step S37, the sales service control unit 27 performs a secure write of the Title Key Manager, into which the CEL Keys have been written, onto the SD memory card 100.
This completes the explanation of the sales service control unit 27 in the digital terminal. Next, the library control unit 37 in the customer device is explained in detail.
The library control unit 37 includes ROM (read-only memory) storing an executable program written so as to perform combined control of the digital terminal, RAM (random access memory) and a CPU (central processing unit). The flowcharts of
If a request to move a track from the SD memory card 100 to the local storage 32 is made, step S42 is Yes, processing moves to step S71 shown in
At step S75, the library control unit 37 concatenates Enc-STKI#x, Enc-STI_KEY#x, Enc_AOB#x, and obtains C_HASH-Ref value #x. Then, at step S76, the library control unit 37 determines whether the value #x of the C_HASH-Ref is identical to C_HASH#x in the Usage Rule#x. If the two are not identical, processing moves to step S79, but if they are identical, at step S80, the library control unit 37 decrements the number of permitted moves shown in the Move Control Information of the Usage Rule#x, and at step S81, performs a secure write of the Usage Rule#x including the decremented number of permitted moves, and the Check-Out Control Information to the local storage 32. Next, at step S77, the library control unit 37 performs a secure write of 0 into the Availability Flag in Usage Rule#x on the SD memory card 100 and into the Content ID, and performs a secure write of random numbers into the other fields of the Usage Rule#x, including STI_KEY, thereby deleting Usage Rule#x from the SD memory card 100. In addition, the library control unit 37 makes the TKI#x in the SD_AUDIO.TKM file invalid, and deletes all information relating to TKI#x from the default Playlist in the SD_AUDIO.PLM file. Then, the library control unit 37 subtracts 1 from a POB file reference counter included in the file POB000.POM referenced by TKI#x. If the reference counter is 0 when data is moved, the library control unit 37 deletes the POB file.
Following this, at step S82, the library control unit 37 reads an AOB#x and an STKI#x forming a track#x from the user data area 8 on the SD memory card 100, and records the read data in the user data area of the local storage 32. At step S83, the library control unit 37 performs a secure read of a Title Key Entry for AOB#x from the protected area 3 of the SD memory card 100, and then performs a secure write of the read Title Key Entry into the protected area of the local storage 32. Thus, the data set forming the track#x is stored into the local storage 32.
Following this, at step S78, the library control unit 37 determines whether the variable #x is the last number in the Usage Rule Manager, and if it is not the last number, at step S79, increments #x. Then processing moves to step S73.
Once this processing has been repeated for all of the Usage Rules in the Usage Rule Manager, the library control unit 37 moves all of the tracks on the SD memory card 100 for which a move is permitted to the local storage 32. A large number of copyrighted materials are accumulated in the local storage 32 in the customer device when the user purchases copyrighted materials from the distribution server 103 or moves copyrighted materials from the SD memory card 100. These accumulated copyrighted materials form a home music library.
If a track check-out is requested, step S43 is Yes, and processing moves to step S66 in FIG. 40. At step S66, the library control unit 37 waits for the user to select a track to be recorded onto a recording medium other than the SD memory card 100. Once a track is selected (the selected track is called track #x), at step S100, the library control unit 37 reads a unique Media-ID from the SD memory card 100 connected to the customer device, searches for an unused Content ID, which it then assigns to the content and stores the Media-ID and Content ID for the Title Key Entry as a pair as check-out history information. Then, at step S49, the library control unit 37 performs a secure read of the Usage Rule#x corresponding to the track#x. At step S50, the library control unit 37 determines whether the number of times check-out is permitted (the number of check-outs) shown in the Check-Out Information of the Usage Rule#x is 0. If the number is 0, the library control unit 37 skips the processing of steps S51 to S57, and moves to the steps S42 to S45. If the number is not 0, however, at step S51, the library control unit 37 records the data set forming the track #x (apart from the Usage Rule) onto another recording medium. When check-out is performed, data from the directory and file structure shown in
Next, the library control unit 37 decrements the number of check-outs, and at step S53, determines whether the number of check-outs is 0, or 1 or more. If the number of check-outs is 0, the library control unit 37, at step S54 sets the track as ‘check-out not permitted’ and then moves to step S55. If the number of check-outs is 1 or more, the library control unit 37, at step S55, performs a secure write of the decremented number of check-outs to a Usage Rule in the local storage 32. Then, at step S56, the library control unit 37 verifies the number of check-outs in the Usage Rule, and at step S57 determines whether the number of check-outs has been properly written in the Usage Rule. If the number of check-outs has been properly written, processing moves to the loop processing of steps S42 to S45.
If the user requests check-in, step S44 is Yes, and at step S101, the library control unit 37 reads a Media-ID unique to the SD memory card 100, and a Content ID unique to a track from the SD memory card 100, tracks already having been recorded on the SD memory card 100. At step S102, the library control unit 37 compares the paired Media-ID and Content ID, and the Media-ID and Content ID in the Check-Out history information, and at step S103 determines whether the tracks recorded on the SD memory card 100 are identical to tracks that have already been checked out. If a track is identical, in other words the same as a track that has been checked out, processing moves to step S58, but if the track is not identical, in other words not the same as a track that has been checked out, the library control unit 37 moves to steps S42 to S45 without performing check-in processing.
As step S58, the library control unit 37 performs a secure read of a Usage Rule from the protected area of the local storage 32, and, at step S59, determines whether the number of check-outs in the Usage Rule is 0. If the number of check-outs is 0, at step S60, the library control unit 37 reads the data set forming the track, apart from the Usage Rule, to a recording medium to perform check-in, and, once the data set has been accumulated in the local storage 32, moves to step S92. If the number of check-outs is 1 or more, processing moves to step S92. At step S92, the library control unit 37 deletes the data set forming the track from the other recording medium. As step S61, the library control unit 37 increments the number of check-outs, and at step S62, determines whether the number of check-outs has reached a maximum number Max. If the number of check-outs is Max, processing moves to the loop of steps S42 to S45, but if the number of check-outs is not Max, at step S63, it performs a secure write of the number of check-outs and, at step S64, verifies the number of check-outs. At step S65, the library control unit 37 determines whether the secure write of the number of check-outs was properly performed, and if so moves to the processing loop of steps S42 to S45.
In the first embodiment, management of recording of copies of copyrighted materials recorded in a KIOSK terminal can be performed using a personal computer, so a user who has paid the correct charge to purchase a copyrighted material from a KIOSK terminal can perform check-out and check-in of the copyrighted material using their own personal computer.
SECOND EMBODIMENTA second embodiment relates to an improvement in the SD memory card 100 that securely stores copyrighted materials, which allows copyrighted materials to be previewed.
Files ‘P_AOBSA1.KEY’ and ‘P_POBSP1.KEY’ are arranged in the directory SD_ADPRV in the protected area 3. The file ‘P_AOBSA1.KEY’ includes a plurality of Extended Title Key Entries. The data structure of these Extended Title Key Entries is shown in FIG. 43. Part of the data structure in the drawing is the same as that for Title Key Entries, but it differs in having an additional preview fields. In the format for the Extended Title Key Entries shown in
The ‘Trigger Bit’ field is a flag having the same purpose as the Trigger Bit in the Usage Rules. When this flag is set at 0, this indicates that judgement of whether to preview a copyrighted material should be performed by referring to the pair of Preview Counter and Preview Threshold, while if the flag is set at 1, this indicates that judgement should be performed by referring to other information in addition to the pair of Preview Counter and Preview Threshold.
The ‘Preview Counter’ field shows a number of permitted previews in a range of between 1 and 255, and is set based on the Playback Counter in DRM of the Default Offer shown in FIG. 11.
The ‘Preview Threshold’ field indicates that a number of previews should be increased by 1 once the copyrighted material has been played back for a certain number of seconds, and is set based on the Playback Time in the DRM of the Default Offer shown in FIG. 11.
The ‘Check-Value Field’ records a character string pattern for checking. If decryption of the Extended Title Key Entries is properly obtained in C_CBC mode, the device can obtain the character string pattern properly from this field, but if the Extended Title Key Entries have been tampered with while still encrypted, the device cannot obtain the character string pattern from the field. The reason for this is described below.
The decryption performed in C_CBC mode is performed in 8-byte units using a 7-byte Media-ID and a section key. Here, suppose an ill-intentioned user tampers with the Preview Counter and Preview Threshold while they are still encrypted, changing them to a different value. In this case, the section key obtained by using the section key of the 8-bit block including the Preview Counter and Preview Threshold will differ markedly from that which should be used. If decryption of a following block is performed using this section key, the calculation result finally obtained by decrypting the block including the character string pattern differs markedly from the character string pattern described above. In this way, a proper character string pattern can only be decrypted when the encrypted Preview Counter and Preview Threshold are in a normal state. If the Preview Counter and Preview Threshold have been tampered with, a tampered AOB file will be received, and the character string pattern in the Check-Value Field will be completely different. Thus, the characteristics of the character string pattern can be used to check whether the Preview Counter and Preview Threshold have been tampered with.
Next, the processing performed by SD-Audio players 122 to 124 in the second embodiment is explained. The flowchart of
At step S81, the control unit 64 determines whether the SD memory card 100 is connected to the card connecter 34 and, if the answer is Yes, at step S82, displays a list of the tracks in the SD_ADPRV directory of the SD memory card 100. At step S83, the control unit 64 waits for the user to select a track to be previewed. Here, the track selected by the user is a track #x, and at step S84, the control unit 64 performs a secure read of an Extended Title Key Entry#x for the track #x from the protected area 3. Following this, the control unit 64, at step S85, checks Trigger Bit#x, and if Trigger Bit#x is 1, ends processing without performing steps S86 to S96. If the Trigger Bit#x is 0, at step S86, the control unit 64 obtains a character string pattern by performing C_CBC mode decryption on the Extended Title Key Entry#x. At step S87, the control unit 64 determines whether the character string pattern is normal. If it is abnormal, processing ends, but if it is normal, at step S88, the control unit 64 determines whether the Preview Counter is 0. If the Preview Counter is 0, processing ends, but if it is not, the control unit 64, at step S89, sets the Title Key of the Extended Title Key Entry#x in the descrambler 61 of the SD memory card 100. Following this, the control unit 64, at step S90, plays back track#x. At step S92, the control unit 64 waits until the playback time has reached the time shown by the Preview Threshold#x, and once the time has been reached, at step S92, decrements the Preview Counter. Next, at step S93, the control unit 64 determines whether the Preview Counter is 1 or more, or 0. If it is 1 or more, the control unit 64, at step S94, performs a secure write of the Preview Counter, and then, at step S95, verifies the Preview Counter. If the Preview Counter is 0, however, at step S96, the control unit 64 deletes the Extended Title Key Entry, and at step S97, sets the Availability Flag at 0.
In the second embodiment, the Preview Counter and Preview Threshold are recorded in the protected area 3, making it difficult to tamper with them. This allows users to preview copyrighted materials, while ensuring that those same copyrighted materials remain properly protected.
These embodiments describe the maximum effects that can be expected under current conditions, but the invention need not be limited to the structure described herein. The following alternatives are also possible.
(a) The SD memory card in the first and second embodiments has a user data area 8 and a protected area 3, but the invention need not be limited to this, and the entire memory area of the SD memory card 100 may be a protected area. The SD memory card 100 is used as a recording medium, but the recording medium need not be limited to semiconductor memory such as this, and an optical disc, HD or the like may be used provided that it has a protected area.
(b) In the first and second embodiments, a single copyrighted material corresponds to a package and a collection of copyrighted materials such as an album corresponds to a title, but a collection of copyrighted materials may be transmitted as a single package.
(c) The following may be used as requirements when previewing tracks: date (preview can be performed until a certain date), number of preview days (preview can be performed for a certain time or a certain number of days), preview range (preview can be performed on a specified section of the track), or any combination of the above.
(d) The data described as being recorded and played back in the first and second embodiments is limited to music and still picture data, but such limitations need not apply. The data may be any kind of reproduceable digital data, such as moving picture data, text data or any combination of the two.
(e) The digital terminal in the first embodiment refers to the Move Control Information in the DRM and sets the Move Control Information in the Usage Rule based on the DRM, but the digital terminal may refer to other information, and set the Move Control Information in the Usage Rule according to other criteria. For example, the Move Control Information may be set by considering information such as the hit chart ranking of copyrighted materials, whether the copyrighted material is a new release, and the sales figures for the copyrighted material.
(f) The encrypted data, plain text data, encryption key, and Usage Rule written in local storage may be read, and determination of whether the number of permitted moves in the Usage Rule is 0, or 1 or more performed, and if the number of permitted moves is 1 or more, the data may be stored on the SD memory card 100.
(g) In the first embodiment, the setting of the permitted number of moves on the SD memory card 100 is assumed to be either 1 or 0, but other settings are also possible. If the permitted number of moves in the Move Control Information is set at 6 by the distribution server 103, the permitted number of moves shown in the Move Control Information is changed and the Usage Rule is moved between each of the recording media, as shown in FIG. 45.
Although the present invention has been fully described by way of examples with reference to accompanying drawings, it is to be noted that various changes and modifications will be apparent to those skilled in the art. Therefore, unless such changes and modifications depart from the scope of the present invention, they should be construed as being included therein.
Claims
1. A distribution system for recording a copy of compressed audio content using variable-length encoding onto a recording medium and supplying the content to a playback apparatus, said distribution system comprising:
- a distribution server operable to distribute the content via a network;
- a first receiving apparatus operable to receive the content via the network, said first receiving apparatus comprising a first receiving unit operable to receive, via the network, a data set including the content and control information controlling copying of the content onto the recording medium, and to hold the received data set, and a recording unit operable to generate authorization information showing whether moving the data set to another receiving apparatus is permitted, and to record the content onto a distribution medium together with corresponding usage rule information including (1) the authorization information, and (2) the control information included in the data set; and
- a second receiving apparatus operable to receive the content via the network, said second receiving apparatus comprising a second receiving unit operable to receive the data set from said distribution server via the network, and to hold the received data set, a data set moving unit operable to read authorization information from the distribution medium, and (a) to move the data set from the distribution medium to the inside of said second receiving apparatus by removing the data set from the distribution medium, and (b) to hold the data set, only when the read authorization information shows that moving the data set is permitted, and a check-out unit operable to perform check-out when the data set is held by one of said second receiving unit and said data set moving unit, to perform the check-out based on the control information in the held data set by generating a copy of the content included in the held data set and recording the copy onto the recording medium, the copy recorded onto the recording medium being supplied to the playback apparatus,
- wherein said recording unit is further operable to record, into a rule management file provided in the distribution medium, the content as a plurality of contents together with corresponding usage rule information,
- wherein the entirety of at least one of the plurality of contents is contained in a single object file, and at least one of the plurality of contents is divided to be contained in a plurality of object files,
- wherein each object file has an assigned serial number that uniquely identifies the object file,
- wherein the rule management file contains a plurality of rule entries that are in one-to-one correspondence with the object files,
- wherein each rule entry has a same serial number as a serial number of a corresponding object file,
- wherein a rule entry that corresponds to the object file containing the entirety of the content includes corresponding usage rule information and a content identifier for the content,
- wherein each of a plurality of rule entries that corresponds to an object file containing a part of the at least one of the plurality of contents, which is divided, includes a content identifier for the at least one of the plurality of contents, which is divided, and one of the plurality of the rule entries includes corresponding usage rule information,
- wherein the distribution medium has recorded thereon pieces of track information that are in one-to-one correspondence with the object files,
- wherein the track information includes a time search table that shows a plurality of read addresses specifying data located in a corresponding object file at predetermined time intervals, and
- wherein each part of the divided content has such a length that a corresponding time search table includes at most a predetermined number of read addresses.
2. The distribution system of claim 1,
- wherein the control information indicates a number of remaining check-outs,
- wherein said check-out unit includes a connecting unit operable to connect to a recording medium, and is operable to record a copy of the content included in the data set held by said data set moving unit onto the recording medium when a copy of the held content is not already recorded on the connected recording medium, and the number of remaining check-outs shown by the control information held by one of said second receiving unit and said data set moving unit is at least one, and
- wherein said second receiving apparatus further comprises a check-in unit operable to delete, when a copy of the content is already recorded on the connected recording medium, the copy of the content recorded on the connected recording medium, and an updating unit operable to update the control information of the held content by decrementing the number of remaining check-outs when a copy of the held content is newly recorded on the recording medium, and incrementing the number of remaining check-outs when the copy of the held content is deleted from the recording medium.
3. The distribution system of claim 2,
- wherein the recording medium has an assigned unique recording medium identifier,
- wherein said check-out unit includes an allocation unit operable to allocate a unique content identifier to the held content, the unique content identifier being recorded onto the recording medium with the content when check-out is performed, and a storage unit operable to read the unique recording medium identifier for the recording medium connected to said connecting unit from the recording medium, and to store the read unique recording medium identifier as a pair with the allocated unique content identifier, and
- wherein said check-in unit includes a read unit operable to read, when a copy of the content has already been recorded on a recording medium connected to said connecting unit, the unique identifiers for the connected recording medium and the content, a comparing unit operable to compare the pair of identifiers read by said read unit with the pair of identifiers stored by said storage unit to determine whether the copy recorded on the connected recording medium was previously produced by said second recording apparatus, and a holding unit operable to read, when the copy was previously produced by said second recording apparatus, the copy from the connected recording medium, to hold the read copy, and then to delete the copy from the recording medium.
4. The distribution system of claim 3, wherein, when the authorization information recorded on the distribution medium shows that moving a corresponding data set is not permitted, said reading unit is not operable to read the content and the usage rule information, and
- wherein the playback apparatus is operable to play back the corresponding content directly from the distribution medium, when the authorization information indicates that moving a corresponding data set is not permitted.
5. A semiconductor memory card used as a distribution medium in a distribution system, the distribution system including a distribution server for distributing a compressed audio content using variable-length coding via a network, a first receiving apparatus for receiving the content via the network and recording the content onto a distribution medium, a second receiving apparatus for receiving the content via the distribution medium and recording a copy of the content onto a recording medium by removing the content from the distribution medium, and a playback apparatus for receiving the copy of the content via the recording medium and playing back the received content, said semiconductor memory card comprising:
- a volume area in which the content and usage rule information are recorded, the usage rule information including control information controlling copying of the content recorded onto the recording medium, and authorization information showing whether moving the control information and the content to the second receiving apparatus is permitted,
- wherein the content comprises a plurality of contents that are recorded onto the semiconductor memory card together with corresponding usage rule information, the usage rule information being contained in a rule management file that is provided in the semiconductor memory card,
- wherein the entirety of at least one of the plurality of contents is contained in a single object file, and at least one of the plurality of contents is divided so as to be contained in a plurality of object files,
- wherein each object file has an assigned serial number that uniquely identifies the object file,
- wherein the rule management file contains a plurality of rule entries that are in one-to-one correspondence with the object files,
- wherein each rule entry has a same serial number as a serial number of a corresponding object file,
- wherein a rule entry that corresponds to the object file containing the entirety of the content includes corresponding usage rule information and a content identifier for the content,
- wherein each of a plurality of rule entries that corresponds to an object file containing a part of the at least one of the plurality of contents, which is divided, includes a content identifier for the at least one of the plurality of contents, which is divided, and one of the plurality of the rule entries includes corresponding usage rule information,
- wherein the semiconductor memory card has recorded thereon pieces of track information that are in one-to-one correspondence with the object files,
- wherein the track information includes a time search table that shows a plurality of read addresses specifying data located in a corresponding object file at predetermined time intervals, and
- wherein each part of the divided content has such a length that a corresponding time search table includes at most a predetermined number of read addresses.
6. The semiconductor memory card of claim 5,
- wherein each of the plurality of contents includes encrypted audio data and a corresponding encryption key used to encrypt the encrypted audio data,
- wherein said volume area includes a user data area that stores (1) the object file containing the entirety of encrypted audio data included in a corresponding content and (2) the plurality of object files each containing a part of encrypted audio data, the part of encrypted audio data together constituting the entirety of encrypted audio data included in a corresponding content, and that can be accessed by a device connected to the semiconductor memory card regardless of whether the authenticity of the device has been recognized, and a protected area that stores the rule management file containing the usage rule information and the encryption keys and that can only be accessed by a device connected to the semiconductor memory card when the authenticity of the device has been recognized, and
- wherein the track information shows an attribute indicating whether the encrypted audio data in a corresponding object file constitutes an entire track, a start part of a track, a middle part of a track, or an end part of a track.
7. The semiconductor card of claim 5, wherein the authorization information shows that moving a corresponding content and control information is permitted by indicating a number of permitted moves.
8. A first receiving apparatus in a distribution system, the distribution system including a distribution server for distributing a compressed audio content using variable-length coding via a network, said first receiving apparatus for receiving the content via the network and recording the content onto a distribution medium, a second receiving apparatus for receiving the content via the distribution medium and recording a copy of the content onto a recording medium by removing the content from the distribution medium, and a playback apparatus for receiving the copy of the content via the recording medium and playing back the received content, said first receiving apparatus comprising:
- a first receiving unit operable to receive via the network a data set including the content and control information controlling copying of the content onto the recording medium, and to hold the received data set; and
- a recording unit operable to generate authorization information showing whether moving the data set to another receiving apparatus is permitted, and to record the content onto a distribution medium together with corresponding usage rule information including (1) the authorization information, and (2) the control information included in the data set,
- wherein the content comprises a plurality of contents that are recorded onto the distribution medium together with corresponding usage rule information, the usage rule information being contained in a rule management file that is provided in the distribution medium,
- wherein the entirety of at least one of the plurality of contents is contained in a single object file, and at least one of the plurality of contents is divided so as to be contained in a plurality of object files,
- wherein each object file has an assigned serial number that uniquely identifies the object file,
- wherein the rule management file contains a plurality of rule entries that are in one-to-one correspondence with the object files,
- wherein each rule entry has a same serial number as a serial number of a corresponding object file,
- wherein a rule entry that corresponds to the object file containing the entirety of the content includes corresponding usage rule information and a content identifier for the content,
- wherein each of a plurality of rule entries that corresponds to an object file containing a part of the at least one of the plurality of contents, which is divided, includes a content identifier for the at least one of the plurality of contents, which is divided, and one of the plurality of the rule entries includes corresponding usage rule information,
- wherein the distribution medium has recorded thereon pieces of track information that are in one-to-one correspondence with the object files,
- wherein the track information includes a time search table that shows a plurality of read addresses specifying data located in a corresponding object file at predetermined time intervals, and
- wherein each part of the divided content has such a length that a corresponding time search table includes at most a predetermined number of read addresses.
9. A receiving apparatus for receiving contents from a distribution server via a network, as well as receiving contents via a distribution medium, and recording copies of a received content onto a recording medium, the distribution medium storing contents and corresponding usage rule information, and the usage rule information including control information controlling copying of a recorded content onto the recording medium, and authorization information showing whether moving a data set including a paired content and control information to said receiving apparatus is permitted, said receiving apparatus comprising:
- a receiving unit operable to receive the data set from the distribution server via the network, and to hold the received data set;
- a data set moving unit operable to read authorization information from the distribution medium, and (a) to move the data set from the distribution medium to the inside of said receiving apparatus by removing the data set from the distribution medium, and (b) to hold the data set, only when the read authorization information shows that moving the data set is permitted; and
- a check-out unit operable to perform check-out when the data set is held by one of said receiving unit and said data set moving unit, the performed check-out being based on the control information in the held data set by generating a copy of the content included in the held data set and recording the copy onto the recording medium, the copy recorded onto the recording medium being supplied to the playback apparatus,
- wherein the content comprises a plurality of contents that are recorded onto the distribution medium together with corresponding usage rule information, the usage rule information being contained in a rule management file that is provided in the distribution medium,
- wherein the entirety of at least one of the plurality of contents is contained in a single object file, and at least one of the plurality of contents is divided so as to be contained in a plurality of object files,
- wherein each object file has an assigned serial number that uniquely identifies the object file,
- wherein the rule management file contains a plurality of rule entries that are in one-to-one correspondence with the object files,
- wherein each rule entry has a same serial number as a serial number of a corresponding object file,
- wherein a rule entry that corresponds to the object file containing the entirety of the content includes corresponding usage rule information and a content identifier for the content,
- wherein each of a plurality of rule entries that corresponds to an object file containing a part of the at least one of the plurality of contents, which is divided, includes a content identifier for the at least one of the plurality of contents, which is divided, and one of the plurality of the rule entries includes corresponding usage rule information,
- wherein the distribution medium has recorded thereon pieces of track information that are in one-to-one correspondence with the object files,
- wherein the track information includes a time search table that shows a plurality of read addresses specifying data located in a corresponding object file at predetermined time intervals,
- wherein each part of the divided content has such a length that a corresponding time search table includes at most a predetermined number of read addresses, and
- wherein the contents are compressed audio contents using variable-length coding.
10. A recording medium having recorded thereon, a computer-readable program capable of instructing a computer to perform processing as a first receiving apparatus in a distribution system, the distribution system including a distribution server for distributing a compressed audio content using variable-length coding via a network, a first receiving apparatus for receiving the content via the network and recording the content onto a distribution medium, a second receiving apparatus for receiving the content via the distribution medium and recording a copy of the content onto a recording medium by removing the content from the distribution medium, and a playback apparatus for receiving the copy of the content via the recording medium and playing back the received content, said computer-readable program being capable of instructing a computer to:
- receive via the network a data set including the content and control information controlling copying of the content onto the recording medium, and hold the received data set; and
- generate authorization information showing whether moving the data set to another receiving apparatus is permitted, and record the content onto a distribution medium together with corresponding usage rule information including (1) the authorization information, and (2) the control information included in the data set,
- wherein the content comprises a plurality of contents that are recorded onto the distribution medium together with corresponding usage rule information, the usage rule information being contained in a rule management file that is provided in the distribution medium,
- wherein the entirety of at least one of the plurality of contents is contained in a single object file, and at least one of the plurality of contents is divided so as to be contained in a plurality of object files,
- wherein each object file has an assigned serial number that uniquely identifies the object file,
- wherein the rule management file contains a plurality of rule entries that are in one-to-one correspondence with the object files,
- wherein each rule entry has a same serial number as a serial number of a corresponding object file,
- wherein a rule entry that corresponds to the object file containing the entirety of the content includes corresponding usage rule information and a content identifier for the content,
- wherein each of a plurality of rule entries that corresponds to an object file containing a part of the at least one of the plurality of contents, which is divided, includes a content identifier for the at least one of the plurality of contents, which is divided, and one of the plurality of i the rule entries includes corresponding usage rule information,
- wherein the distribution medium has recorded thereon pieces of track information that are in one-to-one correspondence with the object files,
- wherein the track information includes a time search table that shows a plurality of read addresses specifying data located in a corresponding object file at predetermined time intervals, and
- wherein each part of the divided content has such a length that a corresponding time search table includes at most a predetermined number of read addresses.
11. A recording medium having recorded thereon, a computer-readable program capable of instructing a computer to perform processing as a receiving apparatus for receiving contents from a distribution server via the network, as well as receiving contents via a distribution medium, and recording copies of a received content onto a recording medium, the distribution medium storing contents and corresponding usage rule information, the usage rule information including control information controlling copying of a recorded content onto the recording medium, and authorization information showing whether moving a data set including a paired content and control information to the receiving apparatus is permitted, said computer-readable program being capable of instructing the computer to:
- receive the data set from the distribution server via the network, and hold the received data set;
- read authorization information from the distribution medium, and (a) move the data set from the distribution medium to the inside of said computer by removing the data set from the distribution medium, and (b) hold the data set, only when the read authorization information shows that moving the data set is permitted; and
- perform check-out when the data set is held by one of said receiving and said reading, moving and holding, the check-out being performed based on the control information in the held data set by generating a copy of the content included in the held data set and recording the copy onto the recording medium, the copy recorded onto the recording medium being supplied to a playback apparatus,
- wherein the content comprises a plurality of contents that are recorded onto the distribution medium together with corresponding usage rule information, the usage rule information being contained in a rule management file that is provided in the distribution medium,
- wherein the entirety of at least one of the plurality of contents is contained in a single object file, and at least one of the plurality of contents is divided so as to be contained in a plurality of object files,
- wherein each object file has an assigned serial number that uniquely identifies the object file,
- wherein the rule management file contains a plurality of rule entries that are in one-to-one correspondence with the object files,
- wherein each rule entry has a same serial number as a serial number of a corresponding object file,
- wherein a rule entry that corresponds to the object file containing the entirety of the content includes corresponding usage rule information and a content identifier for the content,
- wherein each of a plurality of rule entries that corresponds to an object file containing a part of the at least one of the plurality of contents, which is divided, includes a content identifier for the at least one of the plurality of contents, which is divided, and one of the plurality of the rule entries includes corresponding usage rule information,
- wherein the distribution medium has recorded thereon pieces of track information that are in one-to-one correspondence with the object files,
- wherein the track information includes a time search table that shows a plurality of read addresses specifying data located in a corresponding object file at predetermined time intervals,
- wherein each part of the divided content has such a length that a corresponding time search table includes at most a predetermined number of read addresses, and
- wherein the contents are compressed audio contents using variable-length coding.
12. A receiving method performed by a first receiving apparatus in a distribution system, the distribution system including a distribution server for distributing a compressed audio content using variable-length coding via a network, the first receiving apparatus for receiving the content via the network and recording the content onto a distribution medium, a second receiving apparatus for receiving the content via the distribution medium and recording a copy of the content onto a recording medium by removing the content from the recording medium, and a playback apparatus for receiving the copy of the content via the recording medium and playing back the received content, said receiving method comprising:
- receiving, via network, a data set including the content and control information controlling copying of the content onto the recording medium, and holding the received data set; and
- generating authorization information showing whether moving the data set to another receiving apparatus is permitted, and recording the content onto a distribution medium together with corresponding usage rule information including (1) the authorization information, and (2) the control information included in the data set,
- wherein the content comprises a plurality of contents that are recorded onto the distribution medium together with corresponding usage rule information, the usage rule information being contained in a rule management file that is provided in the distribution medium,
- wherein the entirety of at least one of the plurality of contents is contained in a single object file, and at least one of the plurality of contents is divided so as to be contained in a plurality of object files,
- wherein each object file has an assigned serial number that uniquely identifies the object file,
- wherein the rule management file contains a plurality of rule entries that are in one-to-one correspondence with the object files,
- wherein each rule entry has a same serial number as a serial number of a corresponding object file,
- wherein a rule entry that corresponds to the object file containing the entirety of the content includes corresponding usage rule information and a content identifier for the content,
- wherein each of a plurality of rule entries that corresponds to an object file containing a part of the at least one of the plurality of contents, which is divided, includes a content identifier for the at least one of the plurality of contents, which is divided, and one of the plurality of the rule entries includes corresponding usage rule information,
- wherein the distribution medium has recorded thereon pieces of track information that are in one-to-one correspondence with the object files,
- wherein the track information includes a time search table that shows a plurality of read addresses specifying data located in a corresponding object file at predetermined time intervals, and
- wherein each part of the divided content has such a length that a corresponding time search table includes at most a predetermined number of read addresses.
13. A receiving method performed by a receiving apparatus for receiving contents from a distribution server via the network, as well as receiving contents via a distribution medium, and recording copies of a received content onto a recording medium, the distribution medium storing contents and corresponding usage rule information, the usage rule information including control information controlling copying of a recorded content onto the recording medium, and authorization information showing whether moving a data set including a paired content and control information to the receiving apparatus is permitted, said receiving method comprising:
- receiving the data set from the distribution server via the network, and holding the received data set;
- reading authorization information from the distribution medium, and (a) moving the data set from the distribution medium to the inside of the receiving apparatus by removing the data set from the distribution medium, and (b) holding the data set, only when the read authorization information shows that moving the data set is permitted; and
- performing check-out when the data set is held by one of said receiving and said reading, moving and holding, the check-out being performed based on the control information in the held data set by generating a copy of the content included in the held data set and recording the copy onto the recording medium, the copy recorded onto the recording medium being supplied to a playback apparatus,
- wherein the content comprises a plurality of contents that are recorded onto the distribution medium together with corresponding usage rule information, the usage rule information being contained in a rule management file that is provided in the distribution medium,
- wherein the entirety of at least one of the plurality of contents is contained in a single object file, and at least one of the plurality of contents is divided so as to be contained in a plurality of object files,
- wherein each object file has an assigned serial number that uniquely identifies the object file,
- wherein the rule management file contains a plurality of rule entries that are in one-to-one correspondence with the object files,
- wherein each rule entry has a same serial number as a serial number of a corresponding object file,
- wherein a rule entry that corresponds to the object file containing the entirety of the content includes corresponding usage rule information and a content identifier for the content,
- wherein each of a plurality of rule entries that corresponds to an object file containing a part of the at least one of the plurality of contents, which is divided, includes a content identifier for the at least one of the plurality of contents, which is divided, and one of the plurality of the rule entries includes corresponding usage rule information,
- wherein the distribution medium has recorded thereon pieces of track information that are in one-to-one correspondence with the object files,
- wherein the track information includes a time search table that shows a plurality of read addresses specifying data located in a corresponding object file at predetermined time intervals, and
- wherein each part of the divided content has such a length that a corresponding time search table includes at most a predetermined number of read addresses, and
- wherein the contents are compressed audio contents using variable-length coding.
14. A data moving method for moving data from a source device to a destination device, the source device having:
- a protected area that is a memory area protected against an unauthorized access and stores first data therein, the first data being set to a state in which moving of the first data is permitted or a state in which the moving of the first data is prohibited; and
- a recording unit operable to record second data in association with the first data, the second data being set to a state in which moving of the second data is permitted or a state in which the moving of the second data is prohibited,
- the data moving method comprising: an authentication step of performing mutual authentication between the source and destination devices; a permitting step of permitting the destination device to access the protected area, when the source and the destination devices are mutually authenticated; a judging step of judging whether moving of the second data from the source device is permitted or prohibited; a moving step of moving the second data to the destination device, when moving of the second data is judged to be permitted; and a recording step of recording the second data to the destination device and setting the second data to a state in which further moving of the second data from the destination device is prohibited.
15. The data moving method of claim 14, wherein
- the second data is recorded in association with permission/prohibition information indicating whether moving of the second data is permitted or prohibited, and
- the judgment in the judging step is made based on the permission/prohibition information.
16. The data moving method of claim 14, wherein
- the destination device has stored therein an ID that is unique to the destination device, and
- in the recording step, the second data is encrypted with the unique ID and then the second data in encrypted form is recorded.
17. The data moving method of claim 14, wherein
- the moving of the second data to the destination device is performed by the source device via an intermediate device,
- the judging step and the moving step are performed by the intermediate device,
- the intermediate device has stored therein an ID that is unique to the destination device, and
- the data moving method further comprises:
- a temporally storage step of encrypting the second data with the unique ID and temporarily storing the second data in encrypted form in the intermediate device.
18. A data moving system having a source device, an intermediate device, and a destination device,
- the source device comprising: a protected area storing therein first data that is set to a state in which moving of the first data is permitted or a state in which the moving of the first data is prohibited; and a recording unit operable to record second data in association with the first data, the second data being set to a state in which moving of the second data is permitted or a state in which the moving of the second data is prohibited; a first authentication unit operable to perform mutual authentication with the intermediate device; and a moving unit operable to move the second data to the intermediate device, when the source device and the intermediate device are mutually authenticated,
- the intermediate device comprising: a second authentication unit operable to perform mutual authentication with the source device and also with the destination device; a receiving unit operable to receive the second data from the source device, when the intermediate device and the source device are mutually authenticated; a judging unit operable to judge whether moving of the second data is permitted or prohibited; and a moving unit operable to move the second data to the destination device, when the intermediate device and the destination device are mutually authenticated and moving of the second data is judged to be permitted, and
- the destination device comprising: a third authentication unit operable to perform mutual authentication with the intermediate device; a receiving unit operable to receive the second data from the intermediate device, when the destination device and the intermediate device are mutually authenticated; and a managing unit operable to manage, upon receipt of the second data from the intermediate device, the second data in a state in which further moving of the second data from the destination device is prohibited.
19. A data moving system having a source device and a destination device,
- the source device comprising: a protected area storing therein first data that is set to a state in which moving of the first data is permitted or a state in which the moving of the first data is prohibited; a recording unit operable to record second data in association with the first data, the second data being set to a state in which moving of the second data is permitted or a state in which the moving of the second data is prohibited; a first authentication unit operable to perform mutual authentication with the destination device; a judging unit operable to judge whether moving of the second data from the source device is permitted or prohibited; and a moving unit operable to move the second data to the destination device, when the source device and the destination device are mutually authenticated and moving of the second data is judged to be permitted, and
- the destination device comprising: a second authentication unit operable to perform mutual authentication with the source device; a receiving unit operable to receive the second data from the source device, when the destination device and the source device are mutually authenticated; and a managing unit operable to manage, upon receipt of the second data from the source device, the second data in a state in which further moving of the second data from the destination device is prohibited.
20. A data moving system having a source device and a destination device,
- the source device comprising: a protected area storing therein first data that is set to a state in which moving of the first data is permitted or a state in which the moving of the first data is prohibited; and a recording unit operable to record second data in association with the first data, the second data being set to a state in which moving of the second data is permitted or a state in which the moving of the second data is prohibited, a first authentication unit operable to perform mutual authentication with the destination device; and a permitting unit operable to permit the destination device to access the protected area, when the source device and the destination device are mutually authenticated,
- the destination device comprising: a second authentication unit operable to perform mutual authentication with the source device; a judging unit operable to judge whether moving of the second data is permitted or prohibited; and a moving unit operable to move the second data to the destination device, when the destination device and the source device are mutually authenticated and moving of the second data is judged to be permitted, and a managing unit operable to manage, upon receipt of the second data from the source device, the second data in a state in which further moving of the second data from the destination device is prohibited.
21. A destination device for receiving data being set to a state in which moving of the data is permitted or a state in the which the moving of the data is prohibited, the destination device comprising:
- an authentication unit operable to perform mutual authentication with a source device external to the destination device;
- a receiving unit operable to receive data that is moved from the source device, when the destination device and the source device are mutually authenticated;
- a memory having stored therein an ID unique to the destination device, in a manner that the unique ID is not readable by any device that is external to the destination device;
- a normal memory that is readable and writable; and
- a management unit operable to (i) set the data received by the receiving unit to a state in which further moving of the data from the destination device is prohibited and (ii) encrypt the received data with the unique ID and record the data in encrypted form into the normal memory.
22. A data moving method for moving data from a source device to a destination device via an intermediate device,
- the source device having: a protected area that is a memory area protected against an unauthorized access and stores first data therein, the first data being set to a state in which moving of the first data is permitted or a state in which the moving of the first data is prohibited; and a recording unit operable to record second data in association with the first data, the second data being set to a state in which moving of the second data is permitted or a state in which the moving of the second data is prohibited,
- the data moving method comprising: an authentication step of performing mutual authentication between the source device and the intermediate device; a permitting step of permitting the intermediate device to access the protected area, when the source device and the intermediate device are mutually authenticated; a judging step of judging by the intermediate device whether moving of the second data from the source device is permitted or prohibited; a moving step of moving the second data to the destination device via the intermediate device, performed by the source device and the intermediate device when moving of the second data is judged to be permitted; and a recording step of recording the second data to the destination device and setting the second data to a state in which further moving of the second data from the destination device is prohibited.
| 5515532 | May 7, 1996 | Iijima |
| 5608902 | March 4, 1997 | Iijima |
| 5715403 | February 3, 1998 | Stefik |
| 5761678 | June 2, 1998 | Bendert et al. |
| 5790664 | August 4, 1998 | Coley et al. |
| 5845069 | December 1, 1998 | Tanaka |
| 5884298 | March 16, 1999 | Smith et al. |
| 5920861 | July 6, 1999 | Hall et al. |
| 5925127 | July 20, 1999 | Ahmad |
| 6092112 | July 18, 2000 | Fukushige |
| 6208802 | March 27, 2001 | Mori et al. |
| 6219488 | April 17, 2001 | Mori et al. |
| 6222805 | April 24, 2001 | Mori et al. |
| 6330670 | December 11, 2001 | England et al. |
| 6345256 | February 5, 2002 | Milsted et al. |
| 6377518 | April 23, 2002 | Auwens et al. |
| 6418421 | July 9, 2002 | Hurtado et al. |
| 6421685 | July 16, 2002 | Nishikawa |
| 6519700 | February 11, 2003 | Ram et al. |
| 6539167 | March 25, 2003 | Mori et al. |
| 6549723 | April 15, 2003 | Mori et al. |
| 6567609 | May 20, 2003 | Mori et al. |
| 6567915 | May 20, 2003 | Guthery |
| 6636474 | October 21, 2003 | Tanaka et al. |
| 6640306 | October 28, 2003 | Tone et al. |
| 6810003 | October 26, 2004 | Tanaka et al. |
| 6980501 | December 27, 2005 | Tanaka et al. |
| 6999947 | February 14, 2006 | Utsumi et al. |
| 7006422 | February 28, 2006 | Tanaka et al. |
| 7096504 | August 22, 2006 | Tagawa et al. |
| 7123575 | October 17, 2006 | Tanaka et al. |
| 7200073 | April 3, 2007 | Auwens et al. |
| 7239706 | July 3, 2007 | Wilhelm et al. |
| 7379413 | May 27, 2008 | Tanaka et al. |
| 7379658 | May 27, 2008 | Mori et al. |
| 7398011 | July 8, 2008 | Tanaka et al. |
| 20010010757 | August 2, 2001 | Mori et al. |
| 20010042043 | November 15, 2001 | Shear et al. |
| 20020127002 | September 12, 2002 | Mori et al. |
| 20020127003 | September 12, 2002 | Mori et al. |
| 20020131767 | September 19, 2002 | Auwens et al. |
| 20030175016 | September 18, 2003 | Mori et al. |
| 20040037180 | February 26, 2004 | Tanaka et al. |
| 20040037209 | February 26, 2004 | Tanaka et al. |
| 20040037210 | February 26, 2004 | Tanaka et al. |
| 20040047609 | March 11, 2004 | Tanaka et al. |
| 20040047610 | March 11, 2004 | Tanaka et al. |
| 20040208095 | October 21, 2004 | Tanaka et al. |
| 1174354 | February 1998 | CN |
| 0 715 247 | June 1996 | EP |
| 0 809 221 | November 1997 | EP |
| 0 878 796 | November 1998 | EP |
| 3-74981 | March 1991 | JP |
| 08-263440 | October 1996 | JP |
| 09-160899 | June 1997 | JP |
| 11-66754 | March 1999 | JP |
| 11-86455 | March 1999 | JP |
| 11-120747 | April 1999 | JP |
| 11-234259 | August 1999 | JP |
| 11-249670 | September 1999 | JP |
| 11-259964 | September 1999 | JP |
| 11-328033 | November 1999 | JP |
| 95/34857 | December 1995 | WO |
| 97/14087 | April 1997 | WO |
| 99/08446 | February 1999 | WO |
| 99/09718 | February 1999 | WO |
| 00/08909 | February 2000 | WO |
| 00/30112 | May 2000 | WO |
- Chinese Office Action issued Jan. 20, 2006 in Patent Application No. 00802336.0.
- International Search Report issued Feb. 11, 2003 in the International (PCT) Application No. PCT/JP00/05852.
- “SD Card: Next-Generation Medium Ready for Network Distribution”, Jun Homma, Nikkei NetBusiness No. 52, Nov. 1999.
- “SDMI Secure Digital Music Initiative” SDMI Portable Device Specification, Part 1, Version 1.0, Los Angeles, Jul. 8, 1999, Document No. pdwg99070802, pp. 1-35.
- U.S. Notice of Allowance issued Sep. 9, 2009 in U.S. Appl. No. 12/197,033.
Type: Grant
Filed: Aug 22, 2008
Date of Patent: Dec 28, 2010
Assignee: Panasonic Corporation (Osaka)
Inventors: Kenji Tagawa (Osaka), Teruto Hirota (Osaka), Hideki Matsushima (Osaka), Masayuki Kozuka (Osaka), Mitsuhiro Inoue (Osaka), Yasushi Uesaka (Osaka), Shunji Harada (Osaka), Taihei Yugawa (Osaka), Masaya Miyazaki (Osaka), Masanori Nakanishi (Osaka)
Primary Examiner: Christian LaForgia
Attorney: Wenderoth, Lind & Ponack, L.L.P.
Application Number: 12/197,023
International Classification: G06F 7/04 (20060101); G06F 17/30 (20060101); H04K 1/00 (20060101);
