WO2015004978A1

WO2015004978A1 - Content transmission apparatus, content transmission method, and computer program

Info

Publication number: WO2015004978A1
Application number: PCT/JP2014/062207
Authority: WO
Inventors: 中野　雄彦
Original assignee: ソニー株式会社
Priority date: 2013-07-08
Filing date: 2014-05-06
Publication date: 2015-01-15

Abstract

While limiting the extent of the spread of content by limiting the number of movable generations to a prescribed number, said content is moved to another device. Content-movement control information consisting of movement-count information (move-count) is conveyed between a source device and a sink device, and the sink device manages the received content with move-count decremented by 1. If move-count is still greater than or equal to 1, the content can be moved again with the sink device using the decremented move-count as the control information for the next move, but when move-count becomes 0, further movement is not possible.

Description

Content transmission apparatus, content transmission method, and computer program

The technology disclosed in this specification relates to a content transmission apparatus and a content transmission method for transmitting content to another apparatus, and a computer program, and is shared according to a predetermined mutual authentication and key exchange (AKE) algorithm such as DTCP, for example. The present invention relates to a content transmission apparatus, a content transmission method, and a computer program for encrypting and transmitting content to be protected such as copyrights using a key.

• Digitized content is relatively easy to perform illegal operations such as copying and falsification. As an industry standard technique for digital content transmission protection, DTCP (Digital Transmission Content Protection) developed by DTLA (Digital Transmission Licensing Administrator) can be cited.

In DTCP, an authentication protocol between devices at the time of content transmission and a transmission protocol for encrypted content are negotiated. To summarize, the DTCP compliant device does not send out compressed content that is easy to handle in an unencrypted state outside the device, and the key exchange required to decrypt the encrypted content is a predetermined mutual authentication. And the key exchange (Authentication and Key Exchange: AKE) algorithm, and limiting the range of devices that perform key exchange using the AKE command.

DTCP was originally defined for content transmission on a home network using IEEE 1394 or the like as a transmission path. Recently, as typified by DLNA (Digital Living Network Alliance), a movement to distribute digital contents through an IP network in the home has become serious. Accordingly, development of DTCP + (hereinafter referred to as DTCP +) that incorporates a remote access function based on DTCP-IP (DTCP mapping to IP), in which the DTCP technology is ported to an IP network, is in progress.

For example, commercial content such as broadcast content and movies stored on a home server can be used not only at home but also remotely (remote access) from outside the home. It is desired to prevent excessive use by appropriately controlling DTCP or DTCP-IP.

A method of playing content by remote access (for example, when playing content such as moving images stored on a home server on a playback device in the home or a multi-function terminal (smartphone) carried outside the home ) Include two types of streaming and download reproduction. Since the content body of the sink device does not remain after streaming, the possibility that the content is distributed indefinitely is extremely low. On the other hand, in the case of download reproduction, it is necessary to control the distribution of content after downloading. For example, a measure of prohibiting all download playback by remote access can be considered. However, in order to play back high-quality content in an environment where communication is not possible (such as in an airplane) or in an environment where the communication bandwidth cannot be secured sufficiently (such as when moving on a train) Download playback is necessary.

Here, there are two methods for downloading and reproducing content in the DTCP specification: “copy” and “move”.

If you repeat copying, the number of usable contents will increase. For this reason, DTCP defines copy control such as limiting the number of generations that can be copied. The source device does not execute copying of the content set to copy prohibition, and also indicates the copy attribute (one generation copy is possible, re-copy is not possible, copy is free, etc.) when transmitting content that is permitted to be copied Copy control information is embedded in the header and payload of the transmission packet. On the sink device side, the downloaded content is copied according to the designated copy attribute.

On the other hand, “Move” is a mechanism in which, when content is transmitted from the source device to the sink device, the transmitted content is deleted on the source device side (see, for example, Patent Document 1). That is, the movement prohibits the simultaneous existence of contents at the movement source and the movement destination, and the number of usable contents does not increase even if the movement of the contents is repeated between devices.

However, as long as the user of the device is not limited, there is a possibility that the content moves from device to device of various owners one after another. In addition, the distribution range of contents becomes infinite due to the movement by remote access. The possibility increases as the spread of devices that support the content transfer function increases. Therefore, there is a concern that there are more opportunities for unauthorized use of content under the situation where there is no restriction on content movement as described above. For these reasons, it is conceivable that a content provider will hesitate to suppress provision of content to a method that does not impose restrictions on content movement in the future.

An object of the technology disclosed in the present specification is to provide an excellent content transmission apparatus, content transmission method, and computer program capable of suitably moving content to another apparatus while limiting the distribution range of the content There is to do.

A further object of the technology disclosed in the present specification is to use a key shared in accordance with the DTCP standard, and to appropriately move content that should protect rights such as copyrights while limiting the distribution range. Another object of the present invention is to provide a content transmission apparatus, a content transmission method, and a computer program.

The present application has been made in consideration of the above problems, and the technology according to claim 1
A content recording unit for recording content;
A content moving unit that transmits the content recorded in the content recording unit to a content receiving device with control information related to the movement, deletes the transmitted content from the content recording unit, and moves the content;
It is the content transmission apparatus which comprises.

According to the technique described in claim 2 of the present application, in the content transmission device according to claim 1, the control information related to the movement includes information related to generation limitation of the movement of the content.

According to the technology described in claim 3 of the present application, in the content transmission device according to claim 1, the control information regarding the movement includes information regarding whether or not the content can be moved with generation restriction.

According to the technique described in claim 4 of the present application, in the content transmission device according to claim 3, the control information regarding the movement further includes information regarding the number of generations that can be transferred.

According to the technology described in claim 5 of the present application, the content transmitting device according to claim 1 includes an authentication / key sharing unit that performs mutual authentication and exchange of a shared key with the content receiving device according to a predetermined transmission standard. It has more. The content moving unit is configured to move content encrypted using an encryption key calculated from the shared key.

According to the technology described in claim 6 of the present application, in the content transmission device according to claim 5, the predetermined transmission standard is DTCP (Digital Transmission Content Protection) or DTCP-IP (DTCP mapping to IP). .

According to the technology described in claim 7 of the present application, the content moving unit of the content transmitting device according to claim 2 transmits the content to the content receiving device by an HTTP (Hyper Text Transfer Protocol) message according to the DTCP-IP standard. At the time of transmission, it is configured to add a value meaning “Movement with restricted generation” to E-EMI (Extended Encryption Mode Indicator) and notify the information about whether the content can be moved with restricted generation. Yes.

According to the technology described in claim 8 of the present application, the content moving unit of the content transmitting device according to claim 7 describes the number of generations that can be moved in the Move_count field of the DTCP_descriptor, and relates to the number of generations that can be moved. It is configured to further notify information.

According to the technology described in claim 9 of the present application, the content moving unit of the content transmitting device according to claim 7 sets the number of generations that can be moved to the Move_count field of PCP-UR (Protected Content Packet-Usage Rule). It is configured to further notify information related to the number of generations that can be transferred.

According to the technique described in claim 10 of the present application, the content moving unit of the content transmitting device according to claim 7 describes the number of generations that can be moved in the Move_count field of the CMI descriptor, and the number of generations that can be moved It is configured to further notify information regarding.

According to the technology described in claim 11 of the present application, the content moving unit of the content transmitting device according to claim 1 is configured so that the content receiving device that requested the content transfer corresponds to the content transfer with generation restriction. After confirming whether or not the content is present, it is configured to perform content-limited movement.

According to the technology described in claim 12 of the present application, the content moving unit of the content transmitting device according to claim 11 is configured to transfer content by an HTTP request according to the DTCP-IP standard from the content receiving device. In addition, BLKMove2. dtcp. Based on whether or not a com header field is used, it is configured to check whether or not the content receiving device supports content transfer with generation restriction.

According to the technology described in claim 13 of the present application, the content moving unit of the content transmission device according to claim 12 performs BLK Move2. dtcp. com header field is used to confirm that the content receiving apparatus supports content transfer with generation restrictions. However, the BLK Move2. dtcp. When there is no moving shared key having the shared key label specified in the com header field, the HTTP session is terminated with an error.

According to the technique described in claim 14 of the present application, the content moving unit of the content transmission device according to claim 11 is configured so that the content reception device generates a start command of the MOVE-AKE procedure from MV_INITIATE according to the DTCP-IP standard. Based on the fact that it is replaced with MV_INITIATE2 indicating that it is possible to move with restrictions, it is configured to check whether or not the content receiving apparatus supports content movement with generation restrictions.

According to the technique described in claim 15 of the present application, the content moving unit of the content transmission device according to claim 14 uses MV_INITIATE2 as a start command of the MOVE-AKE procedure from the content reception device. Although it has been confirmed that the content receiving apparatus supports content transfer with generation restrictions, a BLK Move. dtcp. When there is no moving shared key having the shared key label specified in the com header field, the HTTP session is terminated with an error.

According to the technique described in claim 16 of the present application, the content moving unit of the content transmitting device according to any one of claims 11 to 15 is configured such that the content receiving device supports content transfer with generation restriction. If there is a shared key used for moving content with generation restrictions, but the content requested to be moved has no generation restrictions on movement and normal movement is possible, the normal movement processing is performed. Configured to do.

According to the technique described in claim 17 of the present application, the content moving unit of the content transmitting apparatus according to claim 6, when moving the content by remote access, the encryption key calculated from the shared key for movement Instead, it is configured to perform encrypted transmission using an encryption key obtained by a calculation method dedicated to content movement processing by remote access.

According to the technique described in claim 18 of the present application, the content transmission device according to claim 1 transmits the content to be transmitted to the content reception device or a content acquisition unit that transmits the content to the content reception device. A playback unit for playing back content for recording from the recording medium.

Moreover, the technology described in claim 19 of the present application is:
A transmission step of transmitting the content recorded in the content recording unit for recording the content to the content receiving device with control information relating to movement;
A content movement step of deleting the transmitted content from the content recording unit and performing the movement of the content;
Is a content transmission method.

In addition, the technique described in claim 20 of the present application is:
A content recording unit for recording content,
A content moving unit that transmits the content recorded in the content recording unit to a content receiving device with control information related to movement, deletes the transmitted content from the content recording unit, and moves the content;
As a computer program written in a computer-readable format to make the computer function.

The computer program according to claim 20 of the present application defines a computer program described in a computer-readable format so as to realize predetermined processing on a computer. In other words, by installing the computer program according to claim 20 of the present application on a computer, a cooperative operation is exhibited on the computer, and the same effect as the content transmission device according to claim 1 of the present application is obtained. be able to.

According to the technology disclosed in this specification, excellent content that can suitably move content to another device while restricting the distribution range of content by limiting the number of generations that can be moved to a predetermined number A transmission apparatus, a content transmission method, and a computer program can be provided.

In addition, according to the technology disclosed in this specification, content that should be protected for copyrights and other rights according to the DTCP standard while restricting the distribution range of content by limiting the number of movable generations to a predetermined number. An object of the present invention is to provide an excellent content transmission apparatus, content transmission method, and computer program that can be suitably moved to another apparatus.

The content transmission device to which the technology disclosed in this specification is applied can limit the number of generations that can be moved with respect to content that is moved to another device. Therefore, the content provider is expected to provide content without hesitation even to a device that moves the content. As a result of allowing the content to move, there are more opportunities to use the content even in an environment where communication is not possible, and high-quality content reproduction can be performed even in an environment where a sufficient communication bandwidth cannot be secured.

In addition, the effect described in this specification is an illustration to the last, and the effect of this invention is not limited to this. In addition to the above effects, the present invention may have additional effects.

Other objects, features, and advantages of the technology disclosed in the present specification will become apparent from a more detailed description based on embodiments to be described later and the accompanying drawings.

FIG. 1 is a diagram illustrating a configuration example of a content transmission system 100 to which the technology disclosed in this specification is applied. FIG. 2 is a diagram schematically illustrating another configuration example of the content transmission system 200 to which the technology disclosed in this specification is applied. FIG. 3 is a diagram schematically illustrating a functional configuration of the content transmission apparatus 300 that operates as a source device. FIG. 4 is a diagram schematically illustrating a functional configuration of the content receiving apparatus 400 that operates as a sink device. FIG. 5 is a diagram schematically showing a mechanism for managing content movement control information in association with a content body. FIG. 6 is a diagram schematically showing a mechanism for managing content movement control information as part of the content body. FIG. 7 is a diagram schematically showing an overall procedure when content is transferred by remote access between a source device and a sink device. FIG. 8 is a diagram schematically showing the contents of the content list browsing phase (SEQ 701). FIG. 9 is a diagram showing details of the contents of the RA-AKE procedure phase (SEQ 702). FIG. 10 shows the contents of the MOVE-AKE procedure phase (SEQ703). FIG. 11 is a diagram schematically showing the contents of the content transmission phase (SEQ704). FIG. 12 is a diagram schematically showing the data structure of a packet PCP used for content transmission in DTCP-IP. FIG. 13 is a diagram showing E-EMI according to the DTCP-IP standard. FIG. 14 is a diagram showing E-EMI in which “0111 ₂ ” is additionally defined as “Moveable with generation restriction”. FIG. 15 is a diagram illustrating an example in which an unused area of DTCP_descriptor is defined as a Move_count field and the number of movable generations is described. FIG. 16 is a diagram showing the structure of the nonce _Nc field in the PCP header. FIG. 17 is a diagram illustrating an example in which the unused area 1701 of the PCP-UR is defined as a Move_count field. FIG. 18 is a diagram showing a CMI packet format. FIG. 19 is a diagram illustrating an example in which an unused area in the CMI descriptor 1 format is defined as a Move_count field. FIG. 20 is a diagram illustrating an example in which an unused area in the CMI descriptor 2 format is defined as a Move_count field. FIG. 21 is a flowchart showing a processing procedure for controlling the number of mobile generations of content received in the sink device. FIG. 22 is a flowchart illustrating a processing procedure for moving content that can be moved by the source device with generation restrictions. FIG. 23 is a flowchart illustrating a processing procedure for the source device to move content that can be moved with generation restrictions. FIG. 24 is a diagram showing a configuration of a computer program distribution system 2400. FIG. 25 is a diagram illustrating a configuration example of a personal computer 2500 that can operate as the server 201 or the DTCP Source device. FIG. 26 is a diagram illustrating a configuration example of a recorder 2600 that can operate as the server 201 or the DTCP Source device. FIG. 27 is a diagram illustrating a configuration example of a network access server (NAS) 2700 that can operate as the server 201 or a DTCP Source device.

If the content is moved indefinitely, its distribution range becomes unlimited, and there is a risk that the content will be used beyond the range of private use. As of June 2013, DTCP (http://www.dcp.com) does not limit the number of generations that can be moved with respect to the movement of content. Therefore, in the technology disclosed in this specification, an increase in the distribution range of content is suppressed by providing a restriction on the number of generations to which content can be moved. Hereinafter, embodiments of the technology disclosed in this specification will be described in detail with reference to the drawings.

FIG. 1 schematically shows a configuration example of a content transmission system 100 to which the technology disclosed in this specification is applied. The illustrated content transmission system 100 includes a server 101, a terminal 102, and a terminal 103 connected on a home network 110 laid in a home. In the figure, for simplicity, only one server and two terminals are depicted, but it is also assumed that two or more servers and three or more terminals are installed on the home network. .

The server 101 is a device that provides content to the terminal 102. The server 101 is, for example, a set top box, a recorder, a television receiver, a personal computer, a network access server (NAS), or the like. The server 101 obtains broadcast content received or recorded by terrestrial digital broadcasting, commercial content such as a movie read from a recording medium (not shown) such as a Blu-ray disc, and a content server (not shown) on the Internet. The content is provided to the terminal 102. Examples of forms for providing content include streaming and content movement (MOVE). The terminal 102 is a device that requests content from the server 101 via the home network 110, and corresponds to a multifunctional mobile terminal such as a mobile phone, a smartphone, or a tablet.

In the present embodiment, different types of devices such as the server 101 and the terminal 102 are interconnected via the home network 110 according to a protocol defined by, for example, DLNA. In addition, the communication procedure at the time of mutual connection between the server 101 and the terminal 102 is based on, for example, UPnP (Universal Plug and Play), and processing such as device discovery is performed. In this embodiment, when compressed content is transmitted between the interconnected server 101 and the terminal 102, for example, an encryption process according to DTCP is used to prevent unauthorized use. That is, the terminal 102 that wants to use the content performs mutual authentication with the server 101 according to a predetermined mutual authentication and key exchange (Authentication and Key Exchange: AKE) algorithm and shares the key, and then stores the content stored in the server 101. You can request a download. The server 101 encrypts and transmits the requested content using the shared key. The server 101 that provides content corresponds to a DTCP source device, and the terminal 102 that uses the content corresponds to a DTCP sink device. Similarly, when content is downloaded from the terminal 102 to the terminal 103, mutual authentication and key sharing are performed according to the AKE algorithm, and then the content is encrypted and transmitted. In this case, the terminal 102 is a DTCP source device, and the terminal 103 is a DTCP sink device. In addition, when the

terminals

102 and 103 want to access the server 101 from outside the home network 110 such as where they are away (remote access), it is necessary to register the

terminals

102 and 103 in the server 101 in advance in the home network 110. (See below).

FIG. 2 schematically shows another configuration example of the content transmission system 200 to which the technology disclosed in this specification is applied. The illustrated content transmission system 200 includes a server 201 and a terminal 202 connected to a home network 210 installed in a home, and a terminal 203 connected to an external network 220 such as the Internet. The home network 210 and the external network 220 are interconnected via a router 230 according to an IP (Internet Protocol) protocol. In the figure, for simplification, only one server and one terminal are depicted on the home network 210, but two or more servers are installed, and there are terminals on the home network 210. It is also assumed that two or more terminals are connected on the external network 220.

The server 201 is a set-top box, a recorder, a television receiver, a personal computer, a network access server (NAS), or the like. The server 201 provides broadcast content, commercial content, and the like to the terminal 202 that is remotely accessed from the external network 220. Examples of forms for providing content include streaming and content movement (MOVE). The terminal 202 is a multi-function mobile terminal such as a mobile phone, a smartphone, or a tablet, and requests content from the server 201 via the IP network including the home network 210 and the external network 220.

In this embodiment, different types of devices such as the server 201 and the

terminals

202 and 203 are interconnected via the home network 210 and the external network 220 according to a protocol defined by, for example, DLNA. In addition, the communication procedure at the time of mutual connection between the server 201 and the terminal 202 is based on UPnP, for example, and processing such as device discovery is performed. In this embodiment, when transmitting compressed content between the server 201 and the terminal 203 interconnected via the home network 210 and the external network 220, and between the terminal 202 and the terminal 203, for example, DTCP To prevent unauthorized use. That is, after the terminal 203 performs mutual authentication with the server 201 or the terminal 202 and shares the exchange key over the IP network including the home network 210 and the external network 220, the content stored in the server 201 or the terminal 202 is stored. Request. The server 201 encrypts and transmits the content requested from the registered terminal 203 using the shared exchange key. Further, the terminal 203 needs to be registered in advance in the server 201 or the terminal 202 in the home network 210 (described later). The server 201 or the terminal 202 that provides the content corresponds to a source device, and the terminal 203 that uses the content corresponds to a sink device.

FIG. 3 schematically shows a functional configuration of the content transmission apparatus 300 that operates as a source device of DTCP. For example, in the content transmission system 100 shown in FIG. 1, the server 101 that downloads content to the terminal 102, the terminal 102 that downloads content to the terminal 103, or the

terminals

102 and 103 in the content transmission system shown in FIG. The server 201 for downloading content, the terminal 102 for downloading content to the terminal 103, and the like correspond to the source device shown in the figure.

The communication / control unit 301 controls the communication operation via the home network and the external network, and controls the overall operation of the content transmission apparatus 300. In the present embodiment, the communication / control unit 301 interconnects different types of devices such as terminals via a home network and an external network in accordance with a protocol defined by DLNA. Further, the communication procedure at the time of mutual connection is based on UPnP, for example, and the communication / control unit 301 executes processing such as device discovery (discovery), for example. In addition, the communication / control unit 301 is used for external device connection such as HDMI (registered trademark) (High Definition Multimedia Interface), MHL (registered trademark) (Mobile High-Definition Link), USB (Universal Serial Bus), or the like. Interface for digital output) and recording / playback equipment such as a hard disk device or a Blu-ray disk device can be connected externally.

The content recording unit 302 records content to be provided to the terminal via the home network and the external network. The content recording unit 302 includes a recording medium for recording content such as a hard disk, a Blu-ray disk, and a DVD (Digital Versatile Disc), for example, and a general file system such as FAT (File Allocation Table). Each content recorded under the management of is managed.

The content acquisition unit 303 acquires content to be provided to the terminal. The content acquisition unit 303 includes a terrestrial digital broadcast tuner, for example, and acquires broadcast content. In this case, the content acquisition unit 303 is based on specifications defined by, for example, ARIB (Association of Radio Industries and Businesses). The content acquisition unit 303 can receive, for example, all or part of a broadcast channel segment, EPG (Electronic Program Guide) functions (program search, program information display, program reservation), HDCP (High-bandwidth Digital Content) A copy control function based on the (Protection) specification, a content protection function for performing limited reception of broadcast content, or encrypting received broadcast content when it is externally output, and the like.

The content acquisition unit 303 includes a media playback device such as a Blu-ray disc, and reads commercial content such as movies from the media. The content acquisition unit 303 includes a browser and downloads paid or free content from a content server (not shown) on the Internet. The content acquisition unit 303 may record the acquired content in the content recording unit 302 as necessary. In addition, the content acquisition unit 303 may acquire content to be provided to the sink device from the content recording unit 302.

Some content (broadcast content and commercial content) acquired by the content acquisition unit 303 has a limited number of generations that can be moved. Content copy restrictions and movement restrictions are generally set by a content provider, and the content acquisition unit 303 relates to copy restrictions and movement restrictions when receiving broadcast content or playing from a media playback device. Control information can be received. When the acquired content is recorded in the content recording unit 302, the content recording unit 302 or the content acquisition unit 303 (or other function module may be used) controls information related to copy restriction and movement restriction in association with the content. Shall be managed.

In the present embodiment, the content recording unit 302 displays information on the number of generations to which content can be moved (hereinafter referred to as “Move_count”) and movement control information such as whether or not movement with restricted generation is possible, as shown in FIG. It is assumed that it can be managed in association with each other, or can be managed as a part of the data of the content main body as shown in FIG. However, in the case where only one generation is always possible, the management of the number of movable generations Move_count is unnecessary.

The content providing unit 304 provides the content acquired by the content acquisition unit 303 in response to a request from a content receiving apparatus (described later) operating as a sink device. The content providing unit 304 transmits the content to the sink device through the communication / control unit 301 using, for example, an HTTP (Hyper Text Transfer Protocol) protocol. The content providing unit 304 has a compression function or a content compression processing unit (not shown in FIG. 3). In this embodiment, the DTCP standard is applied in order to prevent the transmission content from being safe, that is, illegal use. That is, the content providing unit 304 encrypts the compressed content using the encryption key K _C calculated from the shared key shared with the sink device by the authentication / key sharing unit 306 (K _{XM in} the case of content transfer). Then transmit to the terminal. However, when a sink device requests content by remote access from an external network, the sink device must be pre-registered in the terminal management unit 307 (described later).

Streaming and downloading can be cited as a method for the content providing unit 304 to provide content to the sink device, and there are two types of downloading: content copying and moving. When moving the content in the content recording unit 302, the content providing unit 304 transmits the content to the sink device, and then deletes the transmitted content from the content recording unit 302, thereby prohibiting the simultaneous existence. In the case of copying, such content erasing operation is unnecessary. Hereinafter, a case where content is provided in the form of movement will be mainly described, and description of streaming and copying will be omitted.

In addition, when the content providing unit 304 tries to move content whose number of movable generations is limited to a sink device, the content providing unit 304 determines in advance whether the partner sink device supports content transfer with generation limitation. Check and set the information Move_count of the number of generations that can be moved to the content to be moved, the details of which will be described later.

The content list providing unit 305 provides the terminal with a list of contents that can be provided to the terminal and detailed information in response to a request from the terminal, for example. As can be seen from the above, the content that the

servers

101 and 201 can provide to the terminal includes broadcast content received by the content acquisition unit 303, commercial content read from the media, and content already recorded in the content recording unit 302. . For providing the content list, for example, a content directory service and a CDS (Content Directory Service) function developed by UPnP, which is the base of DLNA, that distributes the content list in a hierarchical manner are applied. For example, a sink device is used. CDS: Generates CDS information for the Browse action and returns it as a CDS Result.

The authentication / key sharing unit 306 shares a shared key for mutual authentication and content encryption with a sink device as a content request source according to an authentication and key exchange (AKE) algorithm defined by DTCP-IP. To do. The authentication / key sharing unit 306 shares a remote access shared key K _R with a sink device that requests content from an external network by remote access. Further, the sink device that requests the movement of the content further shares the shared key K _XM for movement.

The terminal management unit 307 manages the information of the sink device that requests the content. In the current DTCP-IP (DTCP-IP Volume 1 Supplement E Revision 1.4), remote access to a server in the home is restricted to that server with the intention of restricting the use of content by a third party. Limited to registered Sink devices only. In the present embodiment, it is assumed that content requests are permitted only for sink devices pre-registered in the terminal management unit 307. The terminal management unit 307 performs pre-registration processing on a sink device that uses content by remote access from an external network, and information on the sink device is “remote sink registry” or “RAC (Remote Access Connection) registry”. To manage. Pre-registration is also defined in the current DTCP-IP (DTCP-IP Volume 1 Supplement E Revision 1.4), but is not directly related to the technology disclosed in this specification, so detailed description is omitted. .

The content reproduction output unit 308 decodes the content recorded in the content recording unit 302 and reproduces and outputs it.

Note that the above functional blocks 303 to 307 can also be realized as application programs executed by the communication / control unit 301 on top of the operating system or the TCP / IP protocol. In addition, this kind of application program can be distributed at a predetermined download site on a wide area network such as the Internet, and is a multi-function such as a CE (Consumer Electronics) device such as a digital broadcast tuner and a TV receiver, and a smartphone. It is downloaded to the terminal for use.

Such a download site includes, for example, a server 2410 having a storage device 2411 for storing a computer program and a communication device 2412 that accepts the download in response to receiving a download request for the computer program ( The computer program distribution system 2400 is configured together with a client device (DTCP Source device or DTCP Sink device) that installs the downloaded computer program. This type of server further includes an information notification device 2413 for notifying information indicating the name of the computer program in response to a download request for the computer program from the client. The information notification device 2413 notifies the computer program name and information indicating, for example, an application that provides commercial content recorded in the home to a remote terminal.

FIG. 4 schematically shows a functional configuration of the content receiving apparatus 400 that operates as a DTCP sink device. For example, in the content transmission system 100 shown in FIG. 1, the terminal 102 that requests content from the server 101, the terminal 103 that requests content from the server 101 or the terminal 102, and the content transmission system 200 shown in FIG. The terminal 202 that requests content from the server 201, the terminal 203 that requests content from the server 201 or the terminal 202, and the like correspond to the illustrated sink device.

The communication / control unit 401 controls the communication operation via the home network and the external network, and also comprehensively controls the operation of the content receiving apparatus 400 as a whole. In the present embodiment, the communication / control unit 401 interconnects different types of devices such as terminals via a home network and an external network according to a protocol defined in DLNA. Further, the communication procedure at the time of mutual connection is based on UPnP, for example, and the communication / control unit 401 executes a response process for device discovery from a control point, for example.

The content list browsing unit 402 makes a content list acquisition request to the content transmission apparatus 300 (described above) operating as a source device, and displays the acquired content list browsing screen. For browsing the content list, for example, the CDS function formulated in UPnP which is a DLNA base is applied (described above), and a CDS: Browse action is issued to a source device, for example. When the CDS information describing the list of contents that can be provided by the source device is received as, for example, CDS Result, the contents list browsing unit 402 displays a contents list screen. The user can select content to be reproduced and output on the list screen via the input unit 407 or the like. The input unit 407 corresponds to a keyboard in a personal computer, a touch panel in a multifunction terminal such as a mouse and a smartphone, a cross key arrangement determination button in a remote controller, and the like.

The content acquisition unit 403 transmits a content acquisition request to the source device, and acquires the content in the source device. For example, the content acquisition unit 403 requests acquisition of content selected by the user via the input unit 407 in the content list screen displayed by the content / list browsing unit 402. The input unit 407 corresponds to a keyboard in a personal computer, a touch panel in a multifunction terminal such as a mouse and a smartphone, a cross key arrangement determination button in a remote controller, and the like.

Streaming and downloading can be cited as a method by which the content acquisition unit 403 acquires content from the source device, and there are two types of downloading: content copying and movement. In the following, the case of acquiring content in the form of movement will be mainly described, and description of streaming and copying will be omitted. Note that, for example, an HTTP protocol is used for content acquisition requests to the source device and content acquisition (described later).

The content acquired by the content acquisition unit 403 from the source device is an encryption key K calculated from a shared key (K _{XM in} the case of content transfer) shared with the source device by the authentication / key sharing unit 406 described later. It is encrypted using _C. The content decryption unit 404 can decrypt the encrypted content acquired from the source device using the encryption key K _C. Then, the content reproduction output unit 405 reproduces and outputs the decrypted content.

The content recording unit 408 records the content acquired by the content acquisition unit 403 in the form of download (that is, movement or copy). The content to be recorded may be separately subjected to a recording encryption process. The content recording unit 302 includes a recording medium for recording content, such as a hard disk, Blu-ray, or DVD, and manages each content recorded under the management of a general file system such as FAT. Yes.

Some content acquired by moving from a source device has a limited number of generations that can be moved. In the present embodiment, the content recording unit 408 displays information on the number of generations to which content can be moved (hereinafter referred to as “Move_count”) and movement control information such as whether or not generation restricted movement is possible, as shown in FIG. It is assumed that it can be managed in association with each other, or can be managed as a part of the data of the content main body as shown in FIG. When the content acquisition unit 403 acquires content whose number of generations that can be moved is limited and records the content in the content recording unit 408, it performs update processing of the movement control information such as decrementing Move_count. Details will be given later.

The authentication / key sharing unit 406 shares a cryptographic key for mutual authentication and content encryption with a source device as a content request destination according to an authentication and key exchange (AKE) algorithm defined by DTCP-IP. To do. Authentication and key sharing unit 406, between the Source device requesting content by remote access from the external network, and share the shared key K _R for remote access. When requesting the movement of content, the authentication / key sharing unit 406 further shares a shared key K _XM for movement with the source device. The authentication / key sharing unit 406 performs pre-registration for remote access to the source device when the home network 210 is connected (described above).

As a modification of the content transmission system 100 shown in FIG. 1, the content recording unit 408 of the terminal 102 as the content receiving device 400 (or sink device) is built in the content transmitting device 300 (or source device) (for example, A configuration in which content transmission (for example, movement) is performed from the content recording unit 302 to the content recording unit 408 in a single device 300 is also conceivable. For example, a hard disk drive and a memory card incorporated in an information device such as a personal computer correspond to the content recording unit 302 and the content recording unit 408, respectively.

The above functional blocks 402 to 406 can also be realized as application programs executed on the upper level of the operating system or TCP / IP protocol in the communication / control unit 401. This type of application program can be distributed on a predetermined download site over a wide area network such as the Internet, and downloaded to a multifunction terminal that plays back content in a home server such as a smartphone. The

Such a download site includes, for example, a server 2410 having a storage device 2411 for storing a computer program and a communication device 2412 that accepts the download in response to receiving a download request for the computer program ( The computer program distribution system 2400 is configured together with a client device (DTCP Source device or DTCP Sink device) that installs the downloaded computer program. This type of server further includes an information notification device 2413 for notifying information indicating the name of the computer program in response to a download request for the computer program from the client. The information notification device 2413 notifies information indicating that, for example, the commercial content recorded in the home is an application that is permitted to be viewed at a remote location, together with the name of the computer program.

Subsequently, a processing operation for moving content from the source device to the sink device will be described.

The source device here refers to the server 101 that downloads content to the

terminals

102 and 103 in the content transmission system 100 shown in FIG. 1, the terminal 102 that downloads content to the terminal 103, and the content transmission system shown in FIG. The server 201 that downloads content to the

terminals

202 and 203 and the terminal 202 that downloads content to the terminal 203. In the content transmission system 100 shown in FIG. 1, the sink device is a terminal 102 that requests content from the server 101, a terminal 103 that requests content from the server 101 or the terminal 102, and the content transmission shown in FIG. In the system 200, a terminal 202 that requests content from the server 201 and a terminal 203 that requests content from the server 201 or the terminal 202.

The technology disclosed in this specification is mainly characterized in that when content is moved from the source device to the sink device, content movement is controlled with generation restrictions. Limiting the number of generations that can be moved has the effect of restricting the opportunity for unauthorized use of content by limiting the distribution range of content by movement. Limiting the number of generations that can be moved is particularly effective when moving content by remote access via an IP network in accordance with the DTCP-IP standard. Of course, moving content on a home network in accordance with the old DTCP standard It can also be applied when performing.

FIG. 7 schematically shows an overall procedure when content is transferred by remote access between the source device and the sink device. It is assumed that pre-registration (described above) has been completed between the source device and sink device.

In the illustrated content movement procedure, the content list browsing phase (SEQ 701) for designating the content that the sink device requests to move, and mutual authentication and key exchange procedures are performed between the source device and the sink device to share for remote access. and RA-AKE procedure phase that share a key K _R (SEQ702), and RA-AKE procedure phase that share the movement shared key K _XM (SEQ703) between Source device and Sink devices, specified in the content list browsing phase The content transmission phase (SEQ704) in which the encrypted content is encrypted and transmitted using the movement shared key K _XM .

FIG. 8 schematically shows the contents of the content list browsing phase (SEQ 701). This processing procedure is mainly performed between the content list providing unit 305 on the source device side and the content list browsing unit 402 on the sink device side.

From the sink device, a content list browsing request is issued from the content list browsing unit 402 (SEQ801). For browsing the content list, the CDS function, which is developed by UPnP, which is a DLNA base, and distributes the content list and the detailed information of the content in a hierarchy (described above) is applied. Therefore, in SEQ801, a CDS: Browse action is issued from the sink device.

On the source device side, content that can be provided by the content providing unit 304 (for example, broadcast content or commercial content that can be acquired by the content acquisition unit 303, or content that is already recorded in the content recording unit 302 that is its own storage) Since the CDS: Browse action has been issued, the content list providing unit 305 obtains all obtainable content information regarding the corresponding content (SEQ802), and generates CDS information having a sufficient amount of information. (SEQ803). Then, the Source device returns a CDS Result to the Sink device (SEQ804).

On the sink device side, the content list browsing unit 402 analyzes the received CDS Result and displays the content information including the content title and more detailed information (SEQ805).

The user of the sink device can select content to be reproduced from the displayed content list. When the content is selected, transmission of the content from the source device to the sink device is started. Before the content transmission, mutual authentication and key exchange for remote access between the sink device and the source device, that is, The RA-AKE process (SEQ 702) and the move AKE process (SEQ 703) are performed.

FIG. 9 shows details of the contents of the RA-AKE procedure phase (SEQ702). This processing procedure is mainly performed between the authentication / key sharing unit 306 on the source device side and the authentication / key sharing unit 406 on the sink device side. Regarding the RA-AKE procedure phase, the V1SE. Also described in Section 10.7.2.

The sink device transmits a CHALLENGE command including a shared key field in which a bit for a remote access exchange K _R (Remote Exchange Key) is set, and requests the source device to perform AKE processing (SEQ901). Then, the challenge / response part of the authentication procedure is executed between the source device and the sink device (SEQ902 to 904).

However, when the bit for K _R of CHALLENGE command is not set, Source device aborts the RA-AKE procedure, it is possible to continue the AKE procedure other than RA-AKE.

When the source device receives a device ID or IDu as a sink-ID from the sink device in a challenge / response procedure (SEQ905), the remote device manages the remote sink registry (described above) that is managed in the terminal management unit 307 of the source device. ) Is registered (SEQ906).

If the sink-ID is not listed in the remote sink registry (NO in SEQ906), the Source device sends an AKE_CANCEL command to the sink device (SEQ914), and cancels the RA-AKE procedure (SEQ915).

On the other hand, when the sink-ID is already registered in the remote sink registry (YES in SEQ 906), the source device determines whether or not the RAC record corresponding to the sink-ID already exists. The contents in the registry (described later) are checked (SEQ907).

If there is a RAC record corresponding to the sink-ID (YES in SEQ 907), the source device uses the remote access shared key K _R and the shared key label K _R _label stored in the RAC record. Decide on. Alternatively, if the source device does not transmit content using the remote access shared key K _R , the source device refers to the inside of the RAC record and updates the stored values of K _R and K _R _label. You may make it like (SEQ913).

If the sink-ID has already been registered in the remote sink registry, but the corresponding RAC record does not exist (No in SEQ 907), the source device determines whether the count value RACC for counting the RAC record is less than RACC _max . Is checked (SEQ908). Here, RACC _max is a counter that counts remote access connections, and is initialized to zero when there is no remote access connection.

When the RACC is not less than the RACC _max (NO in SEQ 908), the Source device transmits an AKE_CANCEL command to the sink device (SEQ 914), and cancels the RA-AKE procedure (SEQ 915).

If RACC is less than RACC _max (SEQ908 of Yes), Source device, after incrementing by 1 the value of the RACC (SEQ909), according to a predetermined calculation rule, shared key K _R and the shared key labels for remote access K and generates an _R _label (SEQ910), these in association with Sink-ID of the Sink device, and stores the RAC record in RAC registry (SEQ911). The server 201 manages the RAC record in the terminal management unit 307, for example.

The source device then uses the remote access shared key K _R extracted from the existing RAC record and its shared key label K _R _label (including the updated case) or the newly generated shared key K for remote access. _R and its shared key label K _R _label are transmitted to the sink device (SEQ916).

Source device if it supports RA_MANAGEMENT function, to initiate K _R for survival timer for maintaining the replacement K _R for remote access, for holding at least one minute K _R (SEQ912).

FIG. 10 shows the contents of the MOVE-AKE procedure phase (SEQ703). This processing procedure is mainly performed between the authentication / key sharing unit 306 on the source device side and the authentication / key sharing unit 406 on the sink device side. As for the MOVE-AKE procedure, the V1SE. It is also described in Section 10.4.1.

The sink device starts an RTT-AKE protocol for movement by transmitting an MV_INITIATE command to the source device (SEQ1001).

On the other hand, when the source device can execute the DTCP-IP Move protocol, it returns an MV_INITIATE response as a receipt confirmation (SEQ1002).

As described above, some contents that move from a source device to a sink device are limited in the number of generations that can be moved. The sink device may notify the source device that it supports content movement with generation restrictions when starting the RTT-AKE protocol for movement. For example, instead of MV_INITIATE, which is the start command of the protocol, a method of preparing MV_INITIATE2 indicating that movement can be performed with generation restrictions is considered. When the sink device starts the protocol using the MV_INITIATE2 command, the source device can recognize that the sink device supports content transfer with generation restriction. Details of this point will be described later.

In addition, when the capability information needs to be exchanged, the sink device transmits a CAPABILITY_EXCHANGE command to the source device at this time (SEQ1003). In response to this, the Source device returns a CAPABILITY_EXCHANGE response (SEQ1004).

Subsequently, the sink device and the source device perform a challenge-response port of AKE procedure (SEQ1005), a protected RTT protocol procedure (SEQ1006), and an authentication key (HK _AUTH ) calculated using K _AUTH Share

Then, the Source device generates a shared key K _XM for movement, and transmits it to the sink device with the MV_EXCHANGE_KEY command (SEQ1007). In response to this, the sink device returns an MV_EXCHANGE_KEY response (SEQ1008).

The setting method of the shared key K _XM for movement will be supplemented below.

First, Source device, allocates the shared key K _XM for moving the random number, assign a shared key labels K _XM _label this shared key K _XM.

Next, when the source device scrambles K _XM using HK _AUTH , the source device obtains K _SXM according to the function described in the DTCP specification that can be used from DTLA (Digital Transmission Licensing Administrator) under the license. Then, Source device, together with a shared key labels K _XM _label key K _SXM, sends to Sink device.

When a sink device descrambles K _SXM using HK _AUTH 'calculated from K _AUTH ', the sink device is used for sharing with the Source device according to the functions described in the DTCP specification available from DTLA under the license. The shared key K _XM is determined.

FIG. 11 schematically shows the contents of the content transmission phase (SEQ704). This processing procedure is mainly performed between the content provision unit 304 on the source device side and the content acquisition unit 403 on the sink device side. Here, the content specified in the content list browsing phase (SEQ 701) is transferred using the shared key K _XM for movement that is shared between the Source device and the Sink device through the above MOVE-AKE procedure phase (SEQ 703). It is assumed that movement is performed.

The sink device requests the source device to move the content by an HTTP request (HTTP GET request) using the HTTP GET method (SEQ1101). The HTTP GET request, along with the URL (Uniform Resource Locator) of content, including a shared key label K _XM _label for the movement obtained by the MOVE-AKE procedure phase (SEQ703). The HTTP GET request is sent to BLKMove. dtcp. contains the header information that the com <K _XM _label>.

The sink device may notify the source device that it is compatible with content transfer with generation restrictions when this content transfer request (SEQ1101) is made. For example, BLK Move. dtcp. As an extended version of the com header field, BLKMove2. dtcp. It is conceivable to prepare a com header field and inform the source device that the sink device supports content transfer with generation restrictions in this header. Details of this point will be described later. As described above, BLKMove. dtcp. com header field contains a shared key labels K _XM _label The parameter to identify the shared key K _XM the parameters.

Alternatively, as already described, the sink device may notify the source device that it supports content transfer with generation restrictions when starting the RTT-AKE protocol for transfer.

Regardless of which method is used to notify the limitation of the number of generations that the sink device can move, the source device supports the function of limiting the number of generations to which the sink device can move the content prior to the start of the content movement. Whether it is present (SEQ1102). Here, the description will be continued assuming that the sink device is compatible with content transfer with generation restrictions.

Source device, to allow content requests from Sink device encrypts the content using the shared key labels K _XM moving shared key K _XM specified in _label, Source device HTTP response (HTTP GET response) is transmitted to the sink device (SEQ1103).

The HTTP response consists of one or more PCPs. Specifically, when the nonce N _c is generated using a random number, the source device calculates the content key K _c based on the shared key K _XM , the nonce N _c, and E-EMI representing the encryption mode, and this content key encrypted using the K _c. Then, a PCP (Protected Content Packet) packet including the encrypted content is placed on the TCP stream. In the IP protocol, a TCP stream including encrypted content is divided into packet sizes as a predetermined unit, further converted into an IP packet with a header portion added, and delivered to a specified IP address.

As shown in FIG. 12, the PCP packet 1200 includes a payload 1202 made of encrypted content, and a header 1201 including nonce _Nc and E-EMI. The E-EMI (Extended Encryption Mode Indicator) is composed of a 4-bit length field describing the encryption mode, and its value corresponds to seven types of copy control information.

The source device needs to notify the sink device side of the fact that the content to be transmitted can be moved with generation restrictions and the information Move_count of the number of generations that can be moved. For example, an additional value is added to the E-EMI in the PCP header, meaning that it can be moved with generation restrictions, and a new field is added in the PCP payload (eg, DTCP_descriptor, PCP-UR, CMI, etc.). It may also be possible to carry information Move_count about the number of generations that can be moved. Details of this point will be described later.

On the sink device side, when each IP packet from the source device is received, it is assembled into a TCP stream, and the transmitted original PCP packet is reproduced. When the nonce N _c and E-EMI are extracted from the stream, the content key K _c can be calculated using these and the shared key K _XM , and the encrypted content can be decrypted. Then, processing such as reproduction from the content reproduction output unit 405 or recording into the content recording unit 408 can be performed on the decrypted plaintext content.

When content transmission using the HTTP protocol is completed in this way, the TCP connection used for content transmission is appropriately disconnected from the sink device side, for example.

The sink device corresponding to the content transfer function with generation restriction performs update processing of transfer control information related to the received content (SEQ1104). Specifically, when recording to the content recording unit 408 or the like, it is checked whether or not the received content can be moved within the limited number of generations, and information on the number of movable generations Move_count is updated. . Details of this point will be described later.

Subsequently, a mechanism for preventing the use of content exceeding the range of private use in the content transmission systems 100 and 200 as shown in FIGS. 1 and 2 will be described in more detail. The technology disclosed in this specification employs a method of restricting the distribution range of content by imposing restrictions on the number of generations that can be moved when moving content from a Source device to a Sink device.

When the content transfer mechanism with generation restrictions is realized by the content transmission systems 100 and 200 to which DTCP or DTCP-IP is applied as in the present embodiment, the distribution range of the contents is limited and private use is limited. Use of content that exceeds the range will be prevented.

Information on the number of movable generations Move_count is transmitted as content movement control information between the source device that is the source of the content and the sink device that is the destination of the transfer, and the sink device receives and decrements the Move_count by one. Manage your content. If Move_count is still 1 or more, the sink device (this time as the source device) can move the content further using it as the next control information. On the other hand, if Move_count becomes 0, the content cannot be further moved. Note that if Move_count = 1, that is, movement is performed with only one generation being permitted, it is not necessary to transmit information on the number of generations that can be moved, and only control information indicating whether movement is possible can be used.

First, a method for notifying control information indicating whether or not movement with generation restriction is possible will be described.

In DTCP-IP in which DTCP is mapped to IP transmission, an HTTP response used for content transmission is composed of one or more packets called PCP. As shown in FIG. 12, the PCP header 1201 includes E-EMI. This E-EMI is composed of a 4-bit length field describing an encryption mode (E-EMI Mode), and its value corresponds to seven types of copy control information.

In the present embodiment, a value meaning “moveable with generation restriction” is additionally defined as an undefined value in the E-EMI field. Specifically, the undefined value “0111 ₂ ” is defined as Mode C2 as “Moveable with generation restriction”. FIG. 13 shows E-EMI according to the DTCP-IP standard, and FIG. 14 shows E-EMI in which “0111 ₂ ” is additionally defined as “movable with generation restriction”.

When the source device moves the content permitted to move with generation restrictions, it writes “0111 ₂ ” in the E-EMI field in the header of the PCP packet used for the transmission. On the sink device side, it is possible to determine whether the content is “movable with generation restriction” by checking the value of E-EMI in the header of the first PCP packet of the HTTP response (of course, of course, it is possible to move with restrictions on generation) As usual, the copy control information and the corresponding encryption mode can also be identified).

Next, a method for notifying the number of movable generations will be described.

There is a method of providing a new field for carrying information on the number of generations that can be moved in the control information operated by DTCP. Examples of the control information here include DTCP_descriptor, PCP-UR, and CMI.

The DTCP_descriptor is prepared as a means for sending DTCP control information when transmitting content in the MPEG-TS format. The DTCP_descriptor is embedded in the MPEG-TS packet (in the PCP payload) and encrypted and transmitted together with the content. . FIG. 15 shows an example in which an unused area of DTCP_descriptor is defined as a Move_count field and the number of movable generations is described. In this figure, as indicated by reference numeral 1501, 1 (times) is entered as the number of generations that can be moved.

PCP-UR (Protected Content Packet-Usage Rule) is prepared as a means for sending DTCP control information when content is transmitted in a format other than MPEG-TS. As shown in FIG. Of nonce _Nc . FIG. 17 shows the format of the PCP-UR portion in the nonce _Nc field in more detail. In the illustrated example, an unused area 1701 of PCP-UR is defined as a Move_count field.

For example, when content is transmitted in the MPEG-TS format in the content transmission phase SEQ 704, information on the number of generations that can be moved in the DTCP_descriptor is carried as shown in FIG. 15, and the content is transmitted in a format other than MPEG-TS. In the case of transmission, it is conceivable to use the above method properly so as to carry information on the number of generations that can be moved in the PCP-UR as shown in FIG.

CMI (Content Management Information) is prepared as a means for sending DTCP control information by a common method regardless of the content transmission format. In the case of DTCP-IP, in the content transmission phase SEQ 704, the content is stored in the PCP2 packet, the control information is stored in the CMI packet, and is sent as data in which the PCP2 and CMI packets are mixed. FIG. 18 shows a packet format of CMI. One or more CMI Descriptors are stored in the CMI field that is a payload portion of the CMI packet. A method of defining the unused area of the CMI descriptor as a Move_count field and describing the number of generations that can be moved is conceivable. According to this method, it is possible to convey the number of generations that can be moved in common regardless of the content transmission format. FIG. 19 shows an example in which an unused area 1901 in the CMI descriptor 1 format is defined as a Move_count field. FIG. 20 shows an example in which an unused area 2001 in the CMI descriptor 2 format is defined as a Move_count field.

In the above, the DTCP-IP specification exemplifies that E-EMI, DTCP_descriptor, PCP-UR, and CMI can be used to transmit control information related to content movement. Here, according to the DTCP-IP specification, transmission of E-EMI is essential, but transmission of PCP-UR and CMI is not essential. In other words, the control information indicating whether or not movement is possible can always be transmitted, but the number of generations that can be moved may not be transmitted to the sink device.

If the sink device refers to the E-EMI value in the header of the received PCP packet and finds that it can move with generation restriction, it can be said that at least the number of generations that can be moved is one or more. Therefore, if the number of generations to which content can be transferred is unknown due to reasons such as PCP-UR and CMI not reaching, the sink device processes the received number of generations as 1 . By not giving an extra generation number of 2 or more, the distribution range of subsequent contents is limited.

FIG. 21 shows, in the form of a flowchart, a processing procedure for the sink device to control the number of mobile generations of content received in the content transmission phase SEQ704. In this processing procedure, it is determined that the content is prohibited from further movement when the moveable number Move_count becomes zero.

When the communication / control unit 401 receives, for example, the first PCP packet of the HTTP response, the content acquisition unit 403 refers to the E-EMI value in the PCP header, and the content is “movable with generation restriction”. Is checked (step S2101).

Next, the content acquisition unit 403 tries to detect the Move_count field defined in DTCP_descriptor, PCP-UR, CMI, and the like (step S2102).

Here, when the Move_count field cannot be detected due to reasons such as PCP-UR and CMI not reaching (No in step S2102), the content acquisition unit 403 indicates that Move_count = 1, that is, the received content can be moved only by one generation. Therefore, this content is set as “impossible to move further” (step S2105), and this processing routine ends.

On the other hand, when the Move_count field can be detected (Yes in Step S2102), the content acquisition unit 403 decrements the value of the Move_count field, that is, the number of movable generations by 1 (Step S2103).

Next, the content acquisition unit 403 checks whether the value of the Move_count field is greater than 0, that is, whether or not it can still be moved (step S2104).

Here, when the value of the Move_count field is 0 or less, that is, when the number of generations that can be moved has disappeared (No in step S2104), the content acquisition unit 403 sets the content as “cannot be moved further” (step S2105). ), This processing routine is terminated.

If the value of the Move_count field is greater than 0 (Yes in step S2104), the content acquisition unit 403 ends this processing routine while keeping the content movable with generations restricted by the value of the decremented Move_count field. To do.

Then, after completing the above processing routine, the content acquisition unit 403 receives the information by associating it with the information on the number of generations that can be moved and the information on whether or not generations can be restricted (see FIG. 5 or FIG. 6). The content is recorded in the content recording unit 408.

As described above, the sink device prevents further movement of the content received when the E-EMI is “Moveable with generation restriction” and the number of movable generations Move_count = 1 or Move_count is unknown. Specifically, when the sink device transmits (as a source device) by DTCP-IP next, the E-EMI of such content has a value (for example, 0100 ₂ or 1100 ₂₎ that indicates prohibition of recording. ) Is used. The next sink device that receives the content using E-EMI, which means recording prohibition, does not depend on the value of the moveable number Move_count determined from DTCP_descriptor, PCP-UR, CMI, etc. The content is handled as being unmovable (priority is given to the content of E-EMI).

As of June 2013, DTCP (http://www.dcp.com) does not limit the number of generations that can be moved with respect to the movement of content (described above). In the DTCP specification, the value of E-EMI is one parameter of the J-AES function for calculating the content encryption key (K _c ) corresponding to the copy control information. When an undefined E-EMI value is used for generation control as in the present embodiment (see FIG. 14), an old Sink device that does not support content transfer with generation restriction is E-EMI. Even if “0111 ₂ ”, which means “Moveable with generation limitation”, is received as the value of, the correct encryption key cannot be calculated, and thus the received content cannot be decrypted. Therefore, content with generation restriction can be passed only to a sink device that supports content movement with generation restriction.

Next, a method for preventing loss when moving content with generation restrictions will be described.

As described above, the content movement is a transmission method in which the source device erases the content that has already been transmitted to the sink. There is a risk that content may be lost if the transfer process is interrupted unexpectedly. Several proposals have already been made on techniques for preventing disappearance of content when moving (for example, see Patent Document 1).

Content transfer with generation restrictions should also be performed only between devices that support this function so that no content is lost. For this reason, the source device needs to confirm whether or not the sink device supports content transfer with generation restriction when starting the content transfer in the content transmission phase (SEQ704).

As a first method for confirming the content transfer support with generation restrictions on the sink device, when the sink device makes a content transfer request (SEQ1101 in FIG. 11), it supports the content transfer with generation restrictions. There is a method for notifying the source device of this fact.

Specifically, the Sink device is a BLK Move. dtcp. As an extended version of the com header field, BLKMove2. dtcp. It is conceivable to prepare a com header field and inform the source device that content movement with generation restrictions is supported in this header.

On the other hand, the source device can receive BLKMove2. dtcp. If the com header field is used, content movement with generation restrictions is performed, but BLKMove2. dtcp. If the com header field is not used, content transfer with generation restriction is not performed.

FIG. 22 shows, in the form of a flowchart, a processing procedure for the source device to move content that can be moved with generation restrictions using the first method.

In the content transmission phase (SEQ704), when the communication / control unit 301 receives the HTTP GET request header from the sink device (Yes in step S2201), the content providing unit 304 adds BLKMove2. dtcp. It is checked whether or not the com header field is included (step S2202).

In the HTTP GET request header, BLKMove2. dtcp. When the com header field is not included (No in step SS2202), it is determined that an HTTP request other than content transfer with generation restriction has been received, and the content providing unit 304 executes other HTTP processing ( Step S2206).

On the other hand, in the header of the HTTP GET request, BLKMove2. dtcp. com header field is included (Yes in step SS2202), the content providing unit 304 determines that this BLKMove2. dtcp. com moving shared key K _XM with shared key labels K _XM _label for movement specified in the header field is further Checks the authentication and key in a shared unit 306 (step S2203).

When the shared key K _XM with shared key labels K _XM _label not exist (No in step S2203), can not be encrypted for moving the content with generation restriction, the content providing unit 304, an error terminates the HTTP session (Step S2207).

On the other hand, when there is a shared key K _XM with shared key labels K _XM _label (Yes in step S2203), the content providing unit 304, or can be moved with a generational restriction content that is subject or mobile request HTTP transmission Further check is made (step S2204).

For example, the content providing unit 304 refers to the information on whether or not generation restricted movement associated with the requested content in the content recording unit 302 and the information on the number of generations that can be moved are checked in step S2204. To do. If there is a discrepancy in information such as content that cannot be moved with generation restrictions and the number of movable generations is 1 or more, priority is given to the information that movement with restrictions on generation is not possible, and the distribution of inadvertent content is suppressed. To do.

If the requested content can be moved with generation restriction (Yes in step S2204), the content providing unit 304 sets the E-EMI value (0111 ₂ ) (which means “movable with generation restriction”) ( 14) is set, and the number of movable generations is set in the Move_count field provided in DTCP_descriptor, PCP-UR, CMI, etc., and the content is moved (step S2205).

If the content requested to be moved cannot be moved with generation restrictions (No in step S2204), the content providing unit 304 further checks whether the content can be moved normally (step S2208). .

If normal movement is possible (Yes in step S2208), the content providing unit 304 sets an E-EMI value (see FIG. 14) corresponding to “Move”, and moves the content. Is performed (step S2209). If normal movement is also not possible (No in step S2208), the content providing unit 304 ends this HTTP session with an error (step S2207).

In addition, as a second method for confirming that the sink device supports the content transfer with the generation restriction, the source device indicates that the sink device supports the content transfer with the generation restriction during the MOVE-AKE procedure. The method of notifying is mentioned.

Specifically, a method of preparing MV_INITIATE2 indicating that the sink device can move with generation restrictions instead of MV_INITIATE which is a start command of the MOVE-AKE procedure is conceivable.

When the sink device starts the protocol using the MV_INITIATE2 command, the source device can recognize that the sink device is compatible with content movement with a generation restriction, and in the subsequent content transmission phase (SEQ704), the generation is performed. Move restricted content. On the other hand, when the sink device starts the protocol using the MV_INITIATE command, the source device does not move the content with generation limitation. Therefore, Source device generates a shared key labels K _XM _label in the protocol, when storing, whether the protocol is stored together or initiated by either MV_INITIATE2 and MV_INITIATE, shared key or initiated either It can be discriminated by the value of the label K _XM _label. For example, a method is conceivable in which the value is an even number when starting with MV_INITIATE2 and an odd number in other cases.

FIG. 23 shows a processing procedure in the form of a flowchart for the source device to move the content that can be moved with generation limitation using the second method.

In the content transmission phase (SEQ 704), when the communication / control unit 301 receives the HTTP GET request header from the sink device (Yes in step S2301), the content providing unit 304 adds BLK Move. dtcp. It is checked whether or not a com header field is included (step S2302).

In the HTTP GET request header, BLKMove. dtcp. If the com header field is not included (No in step SS2302), it is determined that an HTTP request other than content transfer has been received, and the content providing unit 304 executes other HTTP processing (step S2307).

On the other hand, BLKMove. dtcp. com header field is included (Yes in step SS2302), the content providing unit 304 determines that this BLKMove. dtcp. com moving shared key K _XM with shared key labels K _XM _label for movement specified in the header field is further Checks the authentication and key in a shared unit 306 (step S2303).

When the shared key K _XM with shared key labels K _XM _label not exist (No in step S2303), can not be encrypted for moving the content with generation restriction, the content providing unit 304, an error terminates the HTTP session (Step S2308).

On the other hand, when there is a shared key K _XM with shared key labels K _XM _label (Yes in step S2303), the content providing unit 304, whether or not this shared key labels K _XM _label was obtained by treatment with MV_INITIATE2 Further checking is performed (step S2304). If the shared key label K _{XM —} label is for MV_INITIATE2 processing (Yes in step S2304), the content providing unit 304 determines whether the HTTP transmission target, that is, the content requested to be moved can be moved with generation restrictions. Is checked (step S2305).

If the content requested to be moved can be moved with a generation restriction (Yes in step S2305), the content providing unit 304 sets the E-EMI value (0111 ₂ ) (which means “movable with generation restriction”) ( 14) is set, and the number of generations that can be moved is set in the Move_count field provided in DTCP_descriptor, PCP-UR, CMI, etc., and this content is moved (step S2306).

Further, when the shared key label K _{XM —} label is not the one processed by MV_INITIATE2 (No in Step S2304), or when the content requested to be moved cannot be moved with generation restriction (No in Step S2305), The content providing unit 304 further checks whether the content can be moved normally (step S2309).

If normal movement is possible (Yes in step S2309), the content providing unit 304 sets an E-EMI value (see FIG. 14) corresponding to “Move”, and moves the content. Is performed (step S2310). If normal movement is also not possible (No in step S2208), the content providing unit 304 ends the HTTP session with an error (step S2308).

In the case of content with a limited number of generations that can be moved, in order to increase the effect of preventing usage beyond the range of private use, it may be possible to limit the transmission range of content after moving.

For example, the DTCP-IP specification defines a function called Remote Access that uses content from an outdoor device (Sink device) to a home device (Source device). For content in which the number of generations that can be moved is limited, an operation of prohibiting remote access to the content after moving is one specific example of limiting the transmittable range.

Here, for example, the following two methods are conceivable as a method for realizing the prohibition of transmission by Remote Access.

(1) As a result of decrementing the moveable number Move_count of the content received by the sink device with the generation restriction by 1, when the value becomes zero, the transmission by Remote Access is disabled. Note that even when the sink device cannot detect Move_count, transmission by Remote Access is disabled.
(2) When the sink device decrements the number of generations Move_count to which the content can be moved by 1, the fact that the content has been moved is stored in association with the content. In subsequent transmissions, the moved content is disabled from being transmitted by Remote Access.

In addition, it is possible to increase the effect of preventing the use beyond the private use range by restricting the transferable range by moving the content by always allowing the content to be moved in the remote access. Such a restriction on the number of generations that can be moved can be realized more simply. For example, when moving content by Remote Access, the Source device encrypts and transmits using an encryption key obtained by a calculation method dedicated to content movement processing by Remote Access instead of the encryption key calculated from the shared key K _XM for movement. Similarly, the sink device also decrypts the received content using the encryption key obtained by the calculation method dedicated to this processing. Then, the sink device voluntarily prohibits further movement of the content received at the remote access.

As a method of calculating a dedicated encryption key when moving content by Remote Access, the shared key K _R obtained by the RTT-AKE procedure for Remote Access is encrypted instead of the shared key K _XM for movement obtained by the MOVE-AKE procedure. A method used for calculating the key K _C can be mentioned. Furthermore, the shared key K _XM for movement is processed by a hash function and used for calculating the encryption key, or the XOR (exclusive OR) of the shared key K _XM for movement and the shared key K _R for Remote Access is used. A method of using the result of rights calculation such as for calculating the encryption key is also conceivable.

In the above method, a value meaning “Movement with limited generation” is added to the undefined value of the E-EMI field, or the number of generations that can be moved is transmitted using DTCP_descriptor, PCP-UR, CMI, etc. There is no need to do anything. For the E-EMI, the current Mode C1 (see FIG. 13) may be used as it is.

In the content transmission system 200 shown in FIG. 2, as a specific example of a content transmission apparatus that operates as a server 201 or a DTCP source device, a set top box, a recorder, a television receiver, a personal computer, a network access network, Server (NAS).

FIG. 25 shows a configuration example of a personal computer 2500 that can operate as the server 201 or a DTCP Source device. It is assumed that the personal computer 2500 also supports a remote access function (described above). The illustrated personal computer 2500 includes a CPU (Central Processing Unit) 2501, a RAM (Random Access Memory) 2502, an EEPROM (Electrically Erasable and Programmable ROM) 2503, a display 2504, a speaker 2505, for example, an HDD (HardDr). Circuit components such as a high-capacity information storage device 2506 such as a Super Density Disc) and an I / O interface 2507 are provided, and these circuit components are interconnected via a bus 2508.

The CPU 2501 reads and executes a program loaded in the RAM 2502 as the main memory.

The RAM 2502 is loaded with functions related to content encryption and decryption. For example, a program for executing the DTCP + function and a program for executing the RA-AKE process are loaded into the RAM 2502.

The EEPROM 2503 is a rewritable nonvolatile storage device that stores setting information and the like. When the personal computer 2500 operates as a source device, that is, a content transmission apparatus, a RAC record including the sink device ID of the sink device is stored in the EEPROM 2503.

On the personal computer 2500, when receiving a request from the sink device to register as a terminal capable of remote access, the CPU 2501 reads a program in which DTCP + AKE processing is described from the RAM 2502, and exchanges with the sink device. Execute the AKE procedure. If this procedure is successful, the CPU 2501 generates the exchange key K _R and its label K _R — label according to the program stored in the RAM 2502, and stores them in the EEPROM 2503 as a RAC record associated with the sink ID.

Thereafter, on the personal computer 2500, when the CPU 2501 receives a request for the RA-AKE processing, the CPU 2501 compares the sink-ID of the sink device making the request with the sink-ID stored in the EEPROM 2503; A process for determining whether or not to complete the RA-AKE process is executed.

When the RA-AKE process is completed, a common exchange key is generated between the personal computer 2500 and the sink device that has requested the RA-AKE process. On the personal computer 2500 side, the content key generated based on the exchange key is temporarily stored, and when the content is read from the large-capacity information storage device 2506, this content is encrypted with the temporarily stored content key. Turn into. The encrypted content is output to the outside via the I / O interface 2508. When the I / O interface 2508 has a wireless LAN function, the encrypted content is transmitted to the sink device that has requested the RA-AKE process via the wireless LAN.

FIG. 26 shows a configuration example of a recorder 2600 that can operate as the server 201 or a DTCP Source device. It is assumed that the recorder 2600 also supports a remote access function (described above). The illustrated recorder 2600 includes a system chip 2601, a mass storage device 2602, a RAM 2603, an EEPROM 2604, a wireless LAN chip 2605 or a LAN port 2609, a tuner 2606, a display 2607, and a speaker 2608.

The system chip 2601 includes circuit modules such as a CPU 2601a, a coprocessor 2601b, and an interface function unit 2601c, and these circuit modules are interconnected by a bus 2601d in the chip.

The CPU 2601a can execute a program stored in a storage device connected via the interface function unit 2601c.

The coprocessor 2601b is an auxiliary arithmetic device, and mainly executes moving image compression or decoding processing. For example, an algorithm such as H264, VC1, MPEG2, or JPEG is executed. The coprocessor 2601b converts the image size according to the communication environment such as the communication speed when transmitting the moving image content (stored in the mass storage device 2602) to the content receiving device such as a sink device. Then, processing for enabling transmission at a size optimum for the communication environment, that is, transcoding of the codec is performed. Due to transcoding of the codec, it is possible to reduce a delay in reproduction at a content transmission destination such as a sink device. However, transcoding of the codec can be performed by the CPU 2601a instead of the dedicated hardware such as the coprocessor 2601b. Also, the compression rate for transcoding content can be specified by the user for each content.

The large-capacity storage device 2602 is, for example, an HDD or an SDD, and stores content to be provided to a sink device or a content reception device.

Tuner 2606 selects and receives a broadcast signal such as terrestrial digital broadcast. In the present embodiment, for example, according to a function such as EPG (Electronic Program Guide), the program is recorded or reserved for recording, and the broadcast content is stored in the mass storage device 2602.

Broadcast programs received by the tuner 2606 and contents stored in the mass storage device 2602 can be viewed using the displays 2607 and 2608.

The wireless LAN chip 2605 performs processing of a physical layer and a MAC (Media Access Control) layer in a wireless LAN standard such as Wi-Fi (Wireless Fidelity) or IEEE802.11, for example, via a predetermined access point or as a sink device. Direct wireless connection with other content receivers. In addition, the LAN port 2609 is connected to a wired LAN (not shown) such as Ethernet (registered trademark) via the inserted LAN cable 2609A, and for example, a physical layer and a MAC layer in a wired LAN standard such as IEEE 802.3. To communicate with a content receiving apparatus as a sink device.

A program to be executed by the CPU 2601a is loaded into the RAM 2603 as the main memory. The main program loaded into the RAM 2603 is a program that realizes functions related to content encryption and decryption. For example, a program for executing the DTCP + function and a program for executing the RA-AKE processing are stored in the RAM 2603. Loaded.

The EEPROM 2604 is a rewritable nonvolatile storage device and stores setting information and the like. When the recorder 2600 operates as a source device, that is, a content transmission device, a RAC record including the sink-ID of the sink device is stored in the EEPROM 2604.

On the recorder 2600, when receiving a request from the sink device to register as a terminal capable of remote access, the CPU 2601a reads out a program describing the DTCP-IP AKE process from the RAM 2603, and exchanges with the sink device. Execute the AKE procedure. If this procedure is successful, the CPU 2601a generates the exchange key K _R and its label K _R — label according to the program stored in the RAM 2603, and stores them in the EEPROM 2604 as a RAC record associated with the Sink-ID.

Thereafter, on the recorder 2600, when the CPU 2601a receives the RA-AKE processing request, it compares the sink device ID of the sink device making the request with the sink ID of the sink device stored in the EEPROM 2604, and determines the RA. -Perform a process to determine whether to complete the AKE process.

When the RA-AKE process is completed, a common content key is generated between the recorder 2600 and the sink device that has requested the RA-AKE process. On the recorder 2600 side, the generated content key is temporarily stored, and when the content is read from the large-capacity information storage device 2602, the content is encrypted with the temporarily stored content key. The encrypted content is transmitted via the interface function unit 2601c and the wireless LAN chip 2605 to the terminal that has requested the RA-AKE process.

FIG. 27 shows a configuration example of a network access server (NAS) 2700 that can operate as the server 201 or a DTCP Source device.

The network access server 2700 includes a mass storage device, is installed in the home networks 110 and 210, and transmits information in the mass storage device according to the IP protocol. For example, the broadcast content recorded by the recorder 2600 is dubbed to the network access server 2700, or the content stored in the network access server 2700 is transmitted to a sink device such as a personal computer 2500 or a smartphone for viewing. can do. The network access server 2700 also supports a remote access function.

The illustrated network access server 2700 includes at least one of a system chip 2701, a mass storage device 2702, a RAM 2703, an EEPROM 2704, a wireless LAN chip 2705, or a LAN port 2706.

The system chip 2701 includes circuit modules such as a CPU 2701a, a coprocessor 2701b, and an interface function unit 2701c, and these circuit modules are interconnected by a bus 2701d in the chip.

The CPU 2701a can execute a program stored in a storage device connected via the interface function unit 2701c.

The coprocessor 2701b is an auxiliary arithmetic device, and mainly executes moving image compression or decoding processing. For example, an algorithm such as H264, VC1, MPEG2, or JPEG is executed. The coprocessor 2701b converts the image size according to the communication environment such as the communication speed when transmitting the moving image content (stored in the mass storage device 2702) to the content receiving device such as a sink device. Then, processing for enabling transmission at a size optimum for the communication environment, that is, transcoding of the codec is performed. Due to transcoding of the codec, it is possible to reduce a delay in reproduction at a content transmission destination such as a sink device. However, the transcoding of the codec can be performed by the CPU 2701a instead of the dedicated hardware such as the coprocessor 2701b. Also, the compression rate for transcoding content can be specified by the user for each content.

The large-capacity storage device 2702 is, for example, an HDD or an SDD, and stores content to be provided to a sink device or a content reception device. For example, broadcast content recorded by the network access server 2700 can be dubbed to the mass storage device 2702 (received via the wireless LAN chip 2705).

The wireless LAN chip 2705 performs processing of a physical layer and a MAC (Media Access Control) layer in a wireless LAN standard such as Wi-Fi (Wireless Fidelity) or IEEE802.11, for example, via a predetermined access point or as a sink device. Direct wireless connection with other content receivers. The LAN port 2706 is connected to a wired LAN (not shown) such as Ethernet (registered trademark) via a plugged-in LAN cable 2706A, and for example, a physical layer and a MAC layer in a wired LAN standard such as IEEE 802.3. To communicate with a content receiving apparatus as a sink device.

A program to be executed by the CPU 2701a is loaded into the RAM 2703 as the main memory. The main programs loaded in the RAM 2703 are programs that realize functions related to content encryption and decryption. For example, programs for executing the DTCP-IP function and programs for executing the RA-AKE process are provided. It is loaded into the RAM 2703.

The EEPROM 2704 is a rewritable nonvolatile storage device and stores setting information and the like. When the network access server 2700 operates as a source device, that is, a content transmission apparatus, a RAC record including a sink-ID of the sink device is stored in the EEPROM 2704.

On the network access server 2700, when receiving a request from the sink device to register as a terminal capable of remote access, the CPU 2701a reads out a program describing the DTCP + AKE process from the RAM 2703, and communicates with the sink device. AKE procedure is executed between. If this procedure is successful, the CPU 2701a assigns the exchange key K _R and its label K _R _label according to the program stored in the RAM 2703, and stores it in the EEPROM 2704 as a pair with the Sink-ID.

After that, on the network access server 2700, when the CPU 2701a receives the RA-AKE processing request, the Sink device ID of the sink device making the request and the sink ID of the sink device stored in the EEPROM 2704 are displayed. A process of comparing and determining whether or not to complete the RA-AKE process is executed.

When the RA-AKE process ends, a common content key is generated between the network access server 2700 and the sink device that has requested the RA-AKE process. On the network access server 2700 side, the generated content key is temporarily stored, and when the content is read from the mass information storage device 2702, this content is encrypted with the temporarily stored content key. . The encrypted content is transmitted through the interface function unit 2701c and the wireless LAN chip 2705 to the terminal that has requested the RA-AKE process.

JP 2010-231787 A

As described above, the technology disclosed in this specification has been described in detail with reference to specific embodiments. However, it is obvious that those skilled in the art can make modifications and substitutions of the embodiments without departing from the scope of the technology disclosed in this specification.

In the present specification, the technology disclosed in the present specification has been described mainly with respect to an embodiment in which the technology disclosed in this specification is applied to a network of DTCP and DTCP-IP specifications. However, the gist of the technology disclosed in this specification is limited to this. is not. Similarly, to the content transmission system that moves content between devices on the network based on technical specifications other than DTCP or DTCP-IP, the technology disclosed in the technology disclosed in this specification is applied, and generations that can be moved The distribution range of contents can be limited by the number control.

Further, in this specification, the embodiment has been described focusing on an embodiment in which content is moved according to the DTCP or DTCP-IP standard between a Source device and a Sink device each configured as an independent device. This also applies to the case where content is moved between two recording units (for example, a hard disk drive and a memory card incorporated in an information device such as a personal computer) in the apparatus. Technology can be applied.

In short, the technology disclosed in the present specification has been described in the form of examples, and the description content of the present specification should not be interpreted in a limited manner. In order to determine the gist of the technology disclosed in this specification, the claims should be taken into consideration.

Note that the technology disclosed in the present specification can also be configured as follows.
(1) a content recording unit for recording content;
A content moving unit that transmits the content recorded in the content recording unit to a content receiving device with control information related to the movement, deletes the transmitted content from the content recording unit, and moves the content;
A content transmission apparatus comprising:
(2) The control information related to the movement includes information related to generation restrictions on the movement of content.
The content transmission device according to (1) above.
(3) The control information related to the movement includes information related to whether or not content-limited movement is possible.
The content transmission device according to (1) above.
(4) The control information related to the movement further includes information related to the number of generations that can be moved.
The content transmission device according to (3) above.
(5) An authentication / key sharing unit that performs mutual authentication and exchange of a shared key with the content receiving device according to a predetermined transmission standard,
The content moving unit performs movement of content encrypted using an encryption key calculated from the shared key.
The content transmission device according to (1) above.
(6) The predetermined transmission standard is DTCP (Digital Transmission Content Protection) or DTCP-IP (DTCP mapping to IP).
The content transmission device according to (5) above.
(7) When the content moving unit transmits content to the content receiving device using an HTTP (Hyper Text Transfer Protocol) message in accordance with the DTCP-IP standard, the content moving unit moves to the E-EMI (Extended Encryption Mode Indicator). Add a value that means “possible” to notify the information on whether the content can be moved with generation restrictions,
The content transmission device according to (2) above.
(8) The content moving unit describes the number of generations that can be moved in the Move_count field of the DTCP_descriptor, and further notifies information about the number of generations that can be moved.
The content transmission device according to (7) above.
(9) The content moving unit describes the number of movable generations in a Move_count field of PCP-UR (Protected Content Packet-Usage Rule), and further notifies information on the number of movable generations.
The content transmission device according to (7) above.
(10) The content moving unit describes the number of movable generations in the Move_count field of the CMI descriptor, and further notifies information on the number of movable generations.
The content transmission device according to (7) above.
(11) The content moving unit performs the content-restricted movement after confirming whether or not the content receiving apparatus that has requested the content move is compatible with the content-restricted content move.
The content transmission device according to (1) above.
(12) When the content movement unit is requested to move the content by an HTTP request according to the DTCP-IP standard from the content receiving device, the content moving unit performs BLKMove2. dtcp. based on whether or not a com header field is used, whether or not the content receiving device supports content transfer with generation restrictions;
The content transmission device according to (11) above.
(13) The content moving unit may perform BLK Move2. dtcp. com header field is used to confirm that the content receiving apparatus supports content transfer with generation restrictions. However, the BLK Move2. dtcp. When there is no moving shared key having the shared key label specified in the com header field, the HTTP session is terminated with an error.
The content transmission device according to (12) above.
(14) Based on the fact that the content receiving unit replaces the start command of the MOVE-AKE procedure from MV_INITIATE with generation limitation according to the DTCP-IP standard, to MV_INITIATE2 indicating that the content receiving device can move To see if is compatible with content transfer with generation restrictions,
The content transmission device according to (11) above.
(15) The content moving unit confirms that the content receiving device supports content transfer with generation limitation by using MV_INITIATE2 as a start command of the MOVE-AKE procedure from the content receiving device. Is an HTTP request BLKMove. dtcp. When there is no moving shared key having the shared key label specified in the com header field, the HTTP session is terminated with an error.
The content transmission device according to (14) above.
(16) The content moving unit confirms that the content receiving apparatus supports content transfer with generation restriction, and there is a shared key used for content transfer with generation restriction. If the generated content has no generation restrictions on movement and normal movement is possible, normal movement processing is performed.
The content transmission device according to any one of (11 to 15) above.
(17) When moving the content by remote access, the content moving unit uses an encryption method obtained by a dedicated calculation method for content movement processing by remote access, instead of the encryption key calculated from the shared key for movement. Encrypted transmission using a key,
The content transmission device according to (6) above.
(18) A content acquisition unit that acquires content to be transmitted to the content reception device, or a reproduction unit that reproduces content to be transmitted to the content reception device from a recording medium,
The content transmission device according to (1) above.
(19) The content acquisition unit further includes a reception unit that selectively receives all or some of the segments of a desired broadcast channel.
The content transmission device according to (1) above.
(20) a transmission step of transmitting the content recorded in the content recording unit for recording the content to the content receiving device with control information relating to movement;
A content movement step of deleting the transmitted content from the content recording unit and performing the movement of the content;
A content transmission method comprising:
(21) a content recording unit for recording content;
A content moving unit that transmits the content recorded in the content recording unit to a content receiving device with control information related to movement, deletes the transmitted content from the content recording unit, and moves the content;
A computer program written in a computer-readable format to make a computer function as

DESCRIPTION OF SYMBOLS 100 ... Content transmission system 101 ... Server, 102, 103 ... Terminal, 110 ... Home network 200 ... Content transmission system 201 ... Server, 202, 203 ... Terminal 210 ... Home network, 220 ... External network 230 ... Router 300 ... Content Transmission device (Source device)
DESCRIPTION OF SYMBOLS 301 ... Communication / control part, 302 ... Content recording part 303 ... Content acquisition part, 304 ... Content provision part 305 ... Content list provision part, 306 ... Authentication and key sharing part 307 ... Terminal management part, 308 ... Content reproduction output part 400: Content receiving device 401 ... Communication / control unit 402 ... Content / list browsing unit 403 ... Content acquisition unit 404 ... Content decryption unit 405 ... Content reproduction output unit 406 ... Authentication / key sharing unit 407 ... Input unit 408 ... Content recording unit 2400 ... Computer program distribution system 2410 ... Server, 2411 ... Storage device 2412 ... Communication device, 2413 ... Information notification device 2500 ... Personal computer, 2501 ... CPU
2502 ... RAM, 2503 ... EEPROM, 2504 ... Display 2505 ... Speaker, 2506 ... Mass storage device 2507 ... I / O interface, 2508 ... Bus 2600 ... Recorder, 2601 ... System chip, 2601a ... CPU,
2601b ... Coprocessor, 2601c ... Interface function unit 2601d ... Bus, 2602 ... Mass storage device, 2603 ... RAM
2604 ... EEPROM, 2605 ... Wireless LAN chip 2606 ... Tuner, 2607 ... Display, 2608 ... Speaker 2609 ... LAN port, 2609A ... LAN cable 2700 ... Network access server 2701 ... System chip, 2701a ... CPU,
2701b: Coprocessor, 2701c: Interface function unit 2701d: Bus, 2702 ... Mass storage device, 2703 ... RAM
2704 ... EEPROM, 2705 ... Wireless LAN chip 2706 ... LAN port, 2706A ... LAN cable

Claims

A content recording unit for recording content;
A content moving unit that transmits the content recorded in the content recording unit to a content receiving device with control information related to the movement, deletes the transmitted content from the content recording unit, and moves the content;
A content transmission apparatus comprising:
The control information related to the movement includes information related to generation restrictions on the movement of content.
The content transmission apparatus according to claim 1.
The control information related to the movement includes information related to whether or not content-limited movement is possible.
The content transmission apparatus according to claim 1.
The control information regarding the movement further includes information regarding the number of generations that can be moved,
The content transmission device according to claim 3.
An authentication / key sharing unit that performs mutual authentication and exchange of a shared key with the content receiving device according to a predetermined transmission standard;
The content moving unit performs movement of content encrypted using an encryption key calculated from the shared key.
The content transmission apparatus according to claim 1.
The predetermined transmission standard is DTCP (Digital Transmission Content Protection) or DTCP-IP (DTCP mapping to IP).
The content transmission apparatus according to claim 5.
When the content moving unit transmits the content to the content receiving device using an HTTP (Hyper Text Transfer Protocol) message in accordance with the DTCP-IP standard, the content moving unit sets “Generated Restricted Mode Indicator (E-EMI)” to “Movement with generation restriction”. Add a meaning value to notify information about whether or not the content can be moved with generation restrictions.
The content transmission apparatus according to claim 2.
The content moving unit describes the number of generations that can be moved in the Move_count field of the DTCP_descriptor, and further notifies information on the number of generations that can be moved.
The content transmission device according to claim 7.
The content moving unit describes the number of generations that can be moved in the Move_count field of PCP-UR (Protected Content Packet-Usage Rule), and further notifies information on the number of generations that can be moved.
The content transmission device according to claim 7.
The content moving unit describes the number of generations that can be moved in the Move_count field of the CMI descriptor, and further notifies information on the number of generations that can be moved.
The content transmission device according to claim 7.
The content moving unit confirms whether or not the content receiving device that has requested the movement of content is compatible with content movement with generation restriction, and then performs movement with content generation restriction.
The content transmission apparatus according to claim 1.
When the content movement unit is requested to move the content by an HTTP request in accordance with the DTCP-IP standard from the content receiving device, the content moving unit performs BLK Move2. dtcp. based on whether or not a com header field is used, whether or not the content receiving device supports content transfer with generation restrictions;
The content transmission apparatus according to claim 11.
The content moving unit receives BLKMove2. dtcp. com header field is used to confirm that the content receiving apparatus supports content transfer with generation restrictions. However, the BLK Move2. dtcp. When there is no moving shared key having the shared key label specified in the com header field, the HTTP session is terminated with an error.
The content transmission device according to claim 12.
The content moving unit replaces the content receiving device with the generation restriction based on the fact that the content receiving device has replaced the MOV_INITIATE 2 with MOV_INITIATE indicating that the start command of the MOVE-AKE procedure can be moved with the generation restriction according to the DTCP-IP standard. Check if it supports content transfer with
The content transmission apparatus according to claim 11.
The content moving unit has confirmed that the content receiving device supports content transfer with generation limitation by using MV_INITIATE2 as a start command of the MOVE-AKE procedure from the content receiving device. HTTP request BLKMove. dtcp. When there is no moving shared key having the shared key label specified in the com header field, the HTTP session is terminated with an error.
The content transmission apparatus according to claim 14.
The content moving unit confirms that the content receiving apparatus supports content transfer with generation restriction, and there is a shared key used for content transfer with generation restriction, but the content requested to be moved If there is no generation limit of movement and normal movement is possible, normal movement processing is performed.
The content transmission device according to claim 11.
When moving the content by remote access, the content moving unit uses an encryption key obtained by a calculation method dedicated to content movement processing by remote access, instead of the encryption key calculated from the shared key for movement. Encrypted transmission,
The content transmission apparatus according to claim 6.
A content acquisition unit that acquires content to be transmitted to the content reception device, or a reproduction unit that reproduces content to be transmitted to the content reception device from a recording medium;
The content transmission apparatus according to claim 1.
A transmission step of transmitting the content recorded in the content recording unit for recording the content to the content receiving device with control information relating to movement;
A content movement step of deleting the transmitted content from the content recording unit and performing the movement of the content;
A content transmission method comprising:
A content recording unit for recording content,
A content moving unit that transmits the content recorded in the content recording unit to a content receiving device with control information related to movement, deletes the transmitted content from the content recording unit, and moves the content;
A computer program written in a computer-readable format to make a computer function as